Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q-fyfq2YVVaYV8YCnagGIzYBWek.roa
File:                     Q-fyfq2YVVaYV8YCnagGIzYBWek.roa (raw, json)
Hash identifier:          szeJcXf70QWCzjE0yciKZX8S9FN3+5Id+/JIG7L3UTg=
Subject key identifier:   43:E7:F2:7E:AD:98:55:56:98:57:C6:02:9D:A8:06:23:36:01:59:E9
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FABB59C76E2D3606F5D1CA72D05F7B8
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q-fyfq2YVVaYV8YCnagGIzYBWek.roa
Signing time:             Tue 06 Feb 2024 18:26:16 +0000
ROA not before:           Tue 06 Feb 2024 18:26:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203888
IP address blocks:        2a0f:b241:e9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:ab:b5:9c:76:e2:d3:60:6f:5d:1c:a7:2d:05:f7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:26:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e7f27ead9855569857c6029da80623360159e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:de:d5:66:f1:79:42:17:d1:68:8c:e5:39:44:
                    08:4c:35:8e:d7:3f:7d:95:1b:be:c3:28:ff:da:ad:
                    e2:6f:d0:58:d7:90:3d:0d:7a:81:b0:19:c3:f2:80:
                    61:47:c1:6b:54:05:41:1a:ed:05:94:74:3a:a5:18:
                    0a:94:16:ad:2a:c8:0f:c6:f2:1b:4c:0c:e5:a4:8f:
                    ce:52:59:ee:62:54:55:bd:52:b4:3d:8b:1e:6c:46:
                    10:12:59:4e:95:b6:8d:5a:3f:b5:d4:d0:97:1a:bc:
                    66:6d:12:73:87:cd:69:00:28:62:07:68:28:82:38:
                    db:5c:de:9e:12:03:6f:83:ba:e3:55:9f:5a:64:ef:
                    dd:4e:71:41:95:8c:6c:a2:6a:2c:dd:b0:3e:1e:d5:
                    e1:27:e5:32:6d:77:6e:32:bf:ee:ba:0b:64:77:6b:
                    28:09:f3:c8:14:36:a4:8c:64:b7:a6:ec:6d:79:66:
                    b0:71:f8:9b:8d:12:18:25:23:57:9d:61:ab:fc:b1:
                    51:0d:66:f3:1f:09:18:54:65:6f:23:da:1d:ff:bc:
                    28:b6:f1:c4:f9:3f:fd:fe:67:15:3a:8f:d8:49:d0:
                    74:8d:b9:5f:85:3a:69:c0:7c:c0:6f:72:cc:62:b0:
                    84:47:b9:c9:7b:de:bb:a0:a5:77:67:0b:d9:40:36:
                    64:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E7:F2:7E:AD:98:55:56:98:57:C6:02:9D:A8:06:23:36:01:59:E9
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q-fyfq2YVVaYV8YCnagGIzYBWek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:e9::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:b0:1f:6e:4c:c2:93:ea:31:ab:d2:fa:c9:b9:7e:37:3e:5b:
         e6:2c:1f:cd:4e:cc:3c:98:19:06:cf:41:2d:e7:24:5a:10:dc:
         b3:1e:79:e6:ed:5e:34:cc:5b:8a:1c:62:bb:77:61:3c:ad:f1:
         eb:cc:2d:e0:49:fe:98:75:99:14:f3:ac:df:ec:20:85:68:79:
         2e:c8:e6:b6:82:91:b0:fd:b1:15:0b:6b:d6:3b:ed:16:55:d6:
         4b:ef:be:d8:64:eb:37:4e:a2:ff:72:ae:0a:e2:bd:89:62:ca:
         87:38:b0:3d:c6:88:f2:77:a8:71:0d:03:aa:77:cd:d9:c3:84:
         03:4b:6e:7c:21:9d:8e:6b:ba:76:46:b4:28:c7:b5:d4:6a:74:
         be:cb:77:cb:46:b6:8f:df:0c:7e:7e:5a:3a:00:b7:72:86:98:
         06:8d:e0:30:12:2d:ab:58:58:7a:09:48:8f:91:2b:ad:87:78:
         96:8f:4a:d8:e9:b9:4e:0b:99:8b:37:07:3b:05:b1:ef:06:20:
         a5:44:c5:a9:42:23:f5:07:35:7a:26:9c:d0:b3:7c:fd:1a:cb:
         15:ec:c6:ef:05:5d:f6:77:10:d3:ac:4a:75:10:c5:29:bf:ae:
         4c:17:08:75:01:ca:8b:12:8d:ed:d8:eb:c6:4c:5a:b5:86:f2:
         e2:73:7a:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/q7WcduLTYG9dHKctBfe4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U3ZjI3ZWFkOTg1NTU2OTg1N2M2MDI5ZGE4MDYyMzM2MDE1OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi97VZvF5QhfRaIzlOUQITDWO1z99
lRu+wyj/2q3ib9BY15A9DXqBsBnD8oBhR8FrVAVBGu0FlHQ6pRgKlBatKsgPxvIb
TAzlpI/OUlnuYlRVvVK0PYsebEYQEllOlbaNWj+11NCXGrxmbRJzh81pAChiB2go
gjjbXN6eEgNvg7rjVZ9aZO/dTnFBlYxsomos3bA+HtXhJ+UybXduMr/uugtkd2so
CfPIFDakjGS3puxteWawcfibjRIYJSNXnWGr/LFRDWbzHwkYVGVvI9od/7wotvHE
+T/9/mcVOo/YSdB0jblfhTppwHzAb3LMYrCER7nJe967oKV3ZwvZQDZk1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEPn8n6tmFVWmFfGAp2oBiM2AVnpMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUS1meWZxMllWVmFZVjhZQ25hZ0dJellCV2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQDp
MA0GCSqGSIb3DQEBCwUAA4IBAQAisB9uTMKT6jGr0vrJuX43PlvmLB/NTsw8mBkG
z0Et5yRaENyzHnnm7V40zFuKHGK7d2E8rfHrzC3gSf6YdZkU86zf7CCFaHkuyOa2
gpGw/bEVC2vWO+0WVdZL777YZOs3TqL/cq4K4r2JYsqHOLA9xojyd6hxDQOqd83Z
w4QDS258IZ2Oa7p2RrQox7XUanS+y3fLRraP3wx+flo6ALdyhpgGjeAwEi2rWFh6
CUiPkSuth3iWj0rY6blOC5mLNwc7BbHvBiClRMWpQiP1BzV6JpzQs3z9GssV7Mbv
BV32dxDTrEp1EMUpv65MFwh1AcqLEo3t2OvGTFq1hvLic3pz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:11 2024 by rpki-client on console-fra.rpki-client.org