Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/NdVHakDjq1kX49g0Ha24Pe0Ep6g.roa
File:                     NdVHakDjq1kX49g0Ha24Pe0Ep6g.roa (raw, json)
Hash identifier:          wnrmfvlXsQuYswbTMvitGgV/0LL8svmIvwkAcYx4/mk=
Subject key identifier:   35:D5:47:6A:40:E3:AB:59:17:E3:D8:34:1D:AD:B8:3D:ED:04:A7:A8
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       0189F347D551D2AF72DA72F20E754DE87F61
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/NdVHakDjq1kX49g0Ha24Pe0Ep6g.roa
Signing time:             Mon 14 Aug 2023 09:01:58 +0000
ROA not before:           Mon 14 Aug 2023 09:01:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43641
IP address blocks:        2a13:7e00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f3:47:d5:51:d2:af:72:da:72:f2:0e:75:4d:e8:7f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Aug 14 09:01:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35d5476a40e3ab5917e3d8341dadb83ded04a7a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c8:51:9a:58:2f:24:fc:ea:2d:21:e2:77:37:
                    fa:84:f4:46:d4:35:41:cf:66:df:73:72:d8:63:e4:
                    2b:54:ec:75:d0:d3:3c:11:6b:df:e1:50:25:94:1e:
                    e5:61:de:0d:f6:8f:af:45:9c:28:fe:bd:5c:ac:7e:
                    73:33:2e:ce:1c:23:b3:66:1a:69:0f:d5:8d:1b:f7:
                    b5:f3:18:1a:3b:d0:7c:47:57:12:01:aa:fc:f1:dd:
                    ee:1e:e6:af:1c:77:37:84:87:8d:fc:4a:78:82:be:
                    83:a7:d2:7e:30:0d:b5:cb:08:7b:1a:98:42:f7:ec:
                    27:be:7b:06:42:9e:bd:ef:3a:39:eb:a6:8b:63:07:
                    1b:77:e7:9c:09:df:a9:44:b1:11:3a:9e:2f:cc:e6:
                    20:99:16:3e:47:44:7c:4f:49:82:07:d3:5f:8e:a3:
                    70:5d:87:35:a2:3d:1f:b1:71:ba:1e:3f:70:21:71:
                    15:85:25:36:5a:71:1f:74:e8:08:f5:58:f9:67:1b:
                    25:c0:d6:ca:11:14:ca:a3:b7:18:ac:a7:88:b7:52:
                    a5:b6:b1:ec:bd:ed:68:06:21:b6:48:1b:5b:ed:94:
                    29:61:49:aa:77:78:cc:b1:eb:3f:cb:fd:0b:50:b4:
                    e0:d9:6b:fd:d4:e4:2e:c4:52:e7:72:e5:93:93:70:
                    9f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D5:47:6A:40:E3:AB:59:17:E3:D8:34:1D:AD:B8:3D:ED:04:A7:A8
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/NdVHakDjq1kX49g0Ha24Pe0Ep6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:1c:d5:4a:c6:5f:bf:6b:71:56:c4:68:f0:ee:e3:95:ae:55:
         71:9c:5f:90:81:52:30:ea:b3:59:1e:ba:26:8b:92:0d:de:58:
         ef:19:80:fc:d3:9b:68:1e:d0:f5:6a:f0:e7:dd:85:da:c9:81:
         32:11:dd:89:23:f2:ec:42:1e:89:f3:10:fd:f7:ca:ea:65:2b:
         6b:ee:c1:54:34:0a:7f:2c:2b:b7:46:19:dd:49:6a:fa:53:17:
         91:c7:58:49:61:7b:81:38:4c:f0:ab:69:e3:11:f1:a5:90:a1:
         b6:9f:5e:67:59:52:d7:df:5c:f6:6c:35:c2:64:01:28:ff:46:
         8c:78:8a:e2:50:f9:bb:28:95:bd:e1:fe:d0:55:ec:57:1f:f2:
         b9:68:ed:7d:cd:e9:1b:b5:7e:ff:4b:3b:6f:b1:90:b3:a3:18:
         05:b1:32:f4:c4:46:2a:b7:9c:a6:e5:c0:ed:53:01:89:9a:0c:
         dc:0e:c9:ff:2a:01:76:29:98:c5:e5:7d:89:4a:06:42:61:cc:
         81:4c:84:a4:33:fc:a7:06:32:7c:35:81:2a:c9:ea:3d:5f:e6:
         e6:f4:b1:92:29:45:2c:02:57:71:f0:8a:f1:d0:94:8d:d5:a3:
         68:05:04:2e:4b:19:70:58:55:e3:e4:16:55:76:e9:4c:13:08:
         16:b0:a6:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYnzR9VR0q9y2nLyDnVN6H9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjMwODE0MDkwMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ1NDc2YTQwZTNhYjU5MTdlM2Q4MzQxZGFkYjgzZGVkMDRhN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMhRmlgvJPzqLSHidzf6hPRG1DVB
z2bfc3LYY+QrVOx10NM8EWvf4VAllB7lYd4N9o+vRZwo/r1crH5zMy7OHCOzZhpp
D9WNG/e18xgaO9B8R1cSAar88d3uHuavHHc3hIeN/Ep4gr6Dp9J+MA21ywh7GphC
9+wnvnsGQp697zo566aLYwcbd+ecCd+pRLEROp4vzOYgmRY+R0R8T0mCB9NfjqNw
XYc1oj0fsXG6Hj9wIXEVhSU2WnEfdOgI9Vj5ZxslwNbKERTKo7cYrKeIt1KltrHs
ve1oBiG2SBtb7ZQpYUmqd3jMses/y/0LULTg2Wv91OQuxFLncuWTk3CfRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDXVR2pA46tZF+PYNB2tuD3tBKeoMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvTmRWSGFrRGpxMWtYNDlnMEhhMjRQZTBFcDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhN+ADAN
BgkqhkiG9w0BAQsFAAOCAQEAKxzVSsZfv2txVsRo8O7jla5VcZxfkIFSMOqzWR66
JouSDd5Y7xmA/NObaB7Q9Wrw592F2smBMhHdiSPy7EIeifMQ/ffK6mUra+7BVDQK
fywrt0YZ3Ulq+lMXkcdYSWF7gThM8Ktp4xHxpZChtp9eZ1lS199c9mw1wmQBKP9G
jHiK4lD5uyiVveH+0FXsVx/yuWjtfc3pG7V+/0s7b7GQs6MYBbEy9MRGKrecpuXA
7VMBiZoM3A7J/yoBdimYxeV9iUoGQmHMgUyEpDP8pwYyfDWBKsnqPV/m5vSxkilF
LAJXcfCK8dCUjdWjaAUELksZcFhV4+QWVXbpTBMIFrCmpg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:43 2024 by rpki-client on console-ams.rpki-client.org