Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ceQfkaKhTQze9BZ-_JIajw7sFuU.roa
File:                     ceQfkaKhTQze9BZ-_JIajw7sFuU.roa (raw, json)
Hash identifier:          bWks5iB/yLEl6/3d/ENOTEgeP+5rrLdTA4bnUnfCY5U=
Subject key identifier:   71:E4:1F:91:A2:A1:4D:0C:DE:F4:16:7E:FC:92:1A:8F:0E:EC:16:E5
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FACA4B7435CDCEF6DDEDBBDA9D5B18C
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ceQfkaKhTQze9BZ-_JIajw7sFuU.roa
Signing time:             Tue 06 Feb 2024 18:27:17 +0000
ROA not before:           Tue 06 Feb 2024 18:27:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211151
IP address blocks:        2a0f:b241:fa::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:ac:a4:b7:43:5c:dc:ef:6d:de:db:bd:a9:d5:b1:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:27:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71e41f91a2a14d0cdef4167efc921a8f0eec16e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:36:29:43:51:b8:44:10:4c:08:57:ea:e3:36:
                    25:c5:be:2f:e0:25:07:4d:9e:13:62:72:f3:e0:01:
                    70:5c:70:9e:fe:74:4a:46:d7:c1:99:79:c8:68:48:
                    e5:e7:86:6f:80:70:8a:57:3e:d8:b7:cd:0b:e9:47:
                    77:79:1a:61:75:67:01:ae:2a:f5:04:b4:7c:79:ea:
                    c6:19:b6:ad:fd:37:ac:95:ed:1f:e2:d2:60:fe:39:
                    b8:a0:79:06:3f:d8:86:00:c2:af:2c:e6:c4:ed:9b:
                    88:a7:02:d4:e0:2c:0e:2c:24:9f:cb:10:18:e9:b4:
                    9f:97:1e:0a:a9:5a:65:93:5b:4b:b8:ff:9c:a3:4d:
                    03:12:ca:a0:2f:ac:3a:a3:0d:61:5c:3b:f9:43:dc:
                    2b:06:88:17:0d:7e:26:2a:05:9e:d9:2e:2d:8b:a2:
                    45:a9:2a:c1:55:dd:f1:01:65:f5:2e:0a:6f:b9:4f:
                    b7:b7:08:29:e1:ba:f9:6e:22:f9:d9:09:89:0d:fd:
                    d4:81:cc:e1:1b:48:9b:3b:14:99:4c:25:65:c5:bc:
                    48:15:a4:fb:8b:2c:2b:c9:11:ee:65:16:54:ff:1d:
                    0d:6d:94:23:d0:16:69:0b:9a:89:6d:9e:d6:0e:b7:
                    b0:db:10:fa:c2:55:7c:42:4f:5f:81:c4:ec:ee:e7:
                    db:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E4:1F:91:A2:A1:4D:0C:DE:F4:16:7E:FC:92:1A:8F:0E:EC:16:E5
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ceQfkaKhTQze9BZ-_JIajw7sFuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:3d:58:44:5c:68:35:37:f6:65:06:e7:69:38:62:51:d8:9e:
         9b:0b:1a:b4:f2:9a:c4:38:00:79:cc:71:cf:a7:2b:45:0e:2f:
         d2:5a:c9:35:1a:72:53:ab:7c:51:8f:23:6b:50:65:e8:40:39:
         ec:c8:bb:c7:ca:4c:b8:31:14:e0:8b:b7:3a:e8:c4:7d:88:2c:
         e1:93:01:4e:a2:c2:4b:5f:7f:b1:6b:e7:8e:c1:27:45:a9:d2:
         70:de:8e:40:40:a4:83:e2:7d:68:87:59:10:38:af:b3:82:59:
         37:f4:2d:51:64:fe:c4:fd:9a:06:57:3a:c3:2f:04:f3:c1:ea:
         ae:3e:e5:83:4b:62:95:5d:df:35:3c:61:9d:90:23:dc:1c:ba:
         c7:2f:c4:8b:94:85:54:e4:60:2c:56:fe:da:46:38:b8:be:8e:
         0e:a6:11:c3:00:41:88:dc:28:84:cc:fe:c7:39:ea:20:0f:5e:
         d8:d4:c7:4e:0a:e0:2e:22:d1:c3:99:2a:1a:6a:52:ac:ea:dc:
         89:e7:0c:8c:e8:72:5a:29:62:88:79:93:d1:30:83:a0:b5:1b:
         c5:83:de:c4:4b:1e:e3:26:7c:a3:a0:41:46:c5:18:87:90:00:
         63:d2:13:47:93:9d:7f:3f:fe:0c:92:25:8e:c0:f0:02:c1:77:
         52:83:e3:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/rKS3Q1zc723e272p1bGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU0MWY5MWEyYTE0ZDBjZGVmNDE2N2VmYzkyMWE4ZjBlZWMxNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDYpQ1G4RBBMCFfq4zYlxb4v4CUH
TZ4TYnLz4AFwXHCe/nRKRtfBmXnIaEjl54ZvgHCKVz7Yt80L6Ud3eRphdWcBrir1
BLR8eerGGbat/Tesle0f4tJg/jm4oHkGP9iGAMKvLObE7ZuIpwLU4CwOLCSfyxAY
6bSflx4KqVplk1tLuP+co00DEsqgL6w6ow1hXDv5Q9wrBogXDX4mKgWe2S4ti6JF
qSrBVd3xAWX1LgpvuU+3twgp4br5biL52QmJDf3UgczhG0ibOxSZTCVlxbxIFaT7
iywryRHuZRZU/x0NbZQj0BZpC5qJbZ7WDrew2xD6wlV8Qk9fgcTs7ufbiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHHkH5GioU0M3vQWfvySGo8O7BblMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvY2VRZmthS2hUUXplOUJaLV9KSWFqdzdzRnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQD6
MA0GCSqGSIb3DQEBCwUAA4IBAQBcPVhEXGg1N/ZlBudpOGJR2J6bCxq08prEOAB5
zHHPpytFDi/SWsk1GnJTq3xRjyNrUGXoQDnsyLvHyky4MRTgi7c66MR9iCzhkwFO
osJLX3+xa+eOwSdFqdJw3o5AQKSD4n1oh1kQOK+zglk39C1RZP7E/ZoGVzrDLwTz
wequPuWDS2KVXd81PGGdkCPcHLrHL8SLlIVU5GAsVv7aRji4vo4OphHDAEGI3CiE
zP7HOeogD17Y1MdOCuAuItHDmSoaalKs6tyJ5wyM6HJaKWKIeZPRMIOgtRvFg97E
Sx7jJnyjoEFGxRiHkABj0hNHk51/P/4MkiWOwPACwXdSg+PL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:09 2024 by rpki-client on console-ams.rpki-client.org