Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lQvOr536LYtczNBSBvufNoN6BWU.roa
File:                     lQvOr536LYtczNBSBvufNoN6BWU.roa (raw, json)
Hash identifier:          tPf0jakWUlaxOaEz4cxzpYHf6A3t6S3PiVkCEyQo4cM=
Subject key identifier:   95:0B:CE:AF:9D:FA:2D:8B:5C:CC:D0:52:06:FB:9F:36:83:7A:05:65
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FA80D70B5FB09322BA3D4026C1BC148
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lQvOr536LYtczNBSBvufNoN6BWU.roa
Signing time:             Tue 06 Feb 2024 18:22:16 +0000
ROA not before:           Tue 06 Feb 2024 18:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199688
IP address blocks:        2a0f:b241:89::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:a8:0d:70:b5:fb:09:32:2b:a3:d4:02:6c:1b:c1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=950bceaf9dfa2d8b5cccd05206fb9f36837a0565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:10:a9:9e:2a:5c:ac:d6:d8:4a:06:d7:73:35:
                    aa:fe:fd:54:65:e5:5a:d5:27:78:53:cf:b2:7f:43:
                    2e:c9:a6:b4:51:04:7f:c6:2a:12:58:73:06:07:34:
                    c0:1a:dc:83:b8:6f:30:43:3f:03:07:b8:f8:da:99:
                    e5:5a:51:d1:7f:c1:6d:dd:8e:1f:b3:be:ff:1d:8a:
                    44:27:25:66:42:05:e3:7f:73:0a:a4:22:c1:0b:a7:
                    bf:7f:70:6c:b9:4c:da:4e:26:61:8a:e3:8b:0d:5f:
                    0a:13:89:a1:dc:35:99:98:3d:27:15:e8:c1:c3:ae:
                    90:67:06:2a:d7:95:fb:39:0f:61:a4:85:5f:71:ca:
                    b2:ec:23:26:0b:5d:7b:49:e6:04:3c:e5:df:2f:ce:
                    1e:ea:bd:e1:bc:30:3a:67:81:01:9b:83:8f:d3:8e:
                    c5:c4:e3:f7:d2:54:96:eb:57:fa:fd:fe:8c:46:e4:
                    dd:04:8f:30:17:21:e1:ee:b0:72:94:cc:95:62:cb:
                    68:32:cc:56:b2:10:5d:47:59:69:40:28:90:e7:9e:
                    82:8e:b8:0d:da:77:e8:9d:32:03:d5:8b:5d:d9:10:
                    f3:98:57:80:72:46:45:9e:05:7a:94:03:f4:b9:14:
                    c6:17:d5:62:3e:be:a0:9f:91:07:4e:eb:32:36:ae:
                    7e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0B:CE:AF:9D:FA:2D:8B:5C:CC:D0:52:06:FB:9F:36:83:7A:05:65
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lQvOr536LYtczNBSBvufNoN6BWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:89::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:c4:fe:7f:ea:13:dc:e1:e2:11:3a:76:d8:23:fb:7d:96:3d:
         b9:10:8e:34:36:e5:8a:4d:1a:d0:9e:93:66:62:0b:f6:5b:8a:
         9f:49:10:92:9a:de:f6:fe:a5:fc:3f:43:19:ae:ff:ef:d0:af:
         13:2a:c9:a8:f1:37:70:5c:ce:b5:38:a1:bf:d3:51:05:f8:f9:
         db:73:4b:b8:62:58:b8:67:77:cb:1a:51:57:2b:5f:2d:4b:41:
         26:70:6f:02:00:62:2a:42:62:82:bf:c9:0b:89:bd:08:68:3d:
         ac:54:3d:33:67:d9:59:dd:33:95:66:21:8a:1d:7b:e7:78:49:
         6b:fd:ce:4f:01:17:2d:91:d9:1c:9b:3f:26:26:64:13:aa:3d:
         05:e3:b9:22:21:c6:d4:12:71:cb:3b:1a:cf:27:e2:db:16:23:
         c5:9a:70:57:de:9f:49:6e:c8:ac:c0:0f:7f:41:d3:75:0f:f5:
         81:56:98:2e:fc:60:79:79:75:92:f8:58:a2:f8:e6:f6:8e:d2:
         01:c0:01:30:a1:4b:de:4a:57:b5:a7:eb:ab:19:7e:4b:99:96:
         f5:bd:4f:64:47:fc:39:a8:b0:0d:5c:2c:4e:90:c9:41:00:50:
         0b:c6:27:80:b1:9c:9c:66:d0:da:58:94:c7:39:86:d5:8b:ef:
         0f:47:d1:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/qA1wtfsJMiuj1AJsG8FIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBiY2VhZjlkZmEyZDhiNWNjY2QwNTIwNmZiOWYzNjgzN2EwNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBCpnipcrNbYSgbXczWq/v1UZeVa
1Sd4U8+yf0Muyaa0UQR/xioSWHMGBzTAGtyDuG8wQz8DB7j42pnlWlHRf8Ft3Y4f
s77/HYpEJyVmQgXjf3MKpCLBC6e/f3BsuUzaTiZhiuOLDV8KE4mh3DWZmD0nFejB
w66QZwYq15X7OQ9hpIVfccqy7CMmC117SeYEPOXfL84e6r3hvDA6Z4EBm4OP047F
xOP30lSW61f6/f6MRuTdBI8wFyHh7rBylMyVYstoMsxWshBdR1lpQCiQ556CjrgN
2nfonTID1Ytd2RDzmFeAckZFngV6lAP0uRTGF9ViPr6gn5EHTusyNq5+bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJULzq+d+i2LXMzQUgb7nzaDegVlMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbFF2T3I1MzZMWXRjek5CU0J2dWZOb042QldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQCJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBzxP5/6hPc4eIROnbYI/t9lj25EI40NuWKTRrQ
npNmYgv2W4qfSRCSmt72/qX8P0MZrv/v0K8TKsmo8TdwXM61OKG/01EF+Pnbc0u4
Yli4Z3fLGlFXK18tS0EmcG8CAGIqQmKCv8kLib0IaD2sVD0zZ9lZ3TOVZiGKHXvn
eElr/c5PARctkdkcmz8mJmQTqj0F47kiIcbUEnHLOxrPJ+LbFiPFmnBX3p9Jbsis
wA9/QdN1D/WBVpgu/GB5eXWS+Fii+Ob2jtIBwAEwoUveSle1p+urGX5LmZb1vU9k
R/w5qLANXCxOkMlBAFALxieAsZycZtDaWJTHOYbVi+8PR9G7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:12 2024 by rpki-client on console-fra.rpki-client.org