Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Pv-qhrgJv8gsSGJR2jvpTlyunYE.roa
File:                     Pv-qhrgJv8gsSGJR2jvpTlyunYE.roa (raw, json)
Hash identifier:          q0TnGT0X9iqoMq/uJsdUdyDxejSmfm51shGOsD5EaIw=
Subject key identifier:   3E:FF:AA:86:B8:09:BF:C8:2C:48:62:51:DA:3B:E9:4E:5C:AE:9D:81
Certificate issuer:       /CN=5ebba0735a07e40ca32026278b2678678f8bacd9
Certificate serial:       018CF68DDABC8DBD68965398F4E45F1D714A
Authority key identifier: 5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Pv-qhrgJv8gsSGJR2jvpTlyunYE.roa
Signing time:             Thu 11 Jan 2024 03:25:40 +0000
ROA not before:           Thu 11 Jan 2024 03:25:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48503
IP address blocks:        2a03:32c0:6::/48 maxlen: 48
                          2a03:32c0:6001::/48 maxlen: 48
                          2a03:32c0:5001::/48 maxlen: 48
                          2a03:32c0:7001::/48 maxlen: 48
                          2a03:32c0:3004::/48 maxlen: 48
                          2a03:32c0:7::/48 maxlen: 48
                          2a03:32c0:5002::/48 maxlen: 48
                          2a03:32c0:3005::/48 maxlen: 48
                          2a03:32c0:6000::/48 maxlen: 48
                          2a03:32c0:5000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 12 Jan 2024 03:27:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f6:8d:da:bc:8d:bd:68:96:53:98:f4:e4:5f:1d:71:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ebba0735a07e40ca32026278b2678678f8bacd9
        Validity
            Not Before: Jan 11 03:25:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3effaa86b809bfc82c486251da3be94e5cae9d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ff:b6:b8:16:5e:a3:db:7d:05:70:78:39:50:
                    9a:1f:19:44:e6:71:e4:8d:4e:f0:e6:8e:00:15:52:
                    33:c2:3f:d9:52:f5:3b:9d:ee:b3:35:b9:af:83:e0:
                    57:25:fb:03:79:3e:03:d2:af:70:7f:79:0a:8e:e3:
                    34:9e:4e:0b:a9:55:83:b5:19:69:e0:67:f7:bf:ff:
                    2c:6a:68:82:20:a9:39:0f:4d:a2:c0:4f:a8:b5:24:
                    8b:9c:c3:52:35:09:c7:21:2c:30:cc:81:ba:05:b5:
                    ff:a0:c7:cd:4b:a1:b3:da:02:29:c9:3e:ac:24:a3:
                    54:d4:aa:ba:12:4b:ba:09:fa:a7:f2:f6:12:b7:a0:
                    9e:c7:30:9f:97:9f:0a:97:ed:c1:a9:65:ec:b7:92:
                    98:2b:c3:33:43:35:e8:7b:c2:b6:31:07:5c:97:6d:
                    02:0a:6e:b6:a8:bb:0f:fd:55:98:ff:f3:04:c8:29:
                    bd:3b:78:e5:13:0b:64:f3:c5:59:5f:39:ac:b6:22:
                    27:71:e9:ae:66:40:af:0f:c8:8b:85:09:44:a3:80:
                    6d:e5:f0:fd:db:f6:c7:17:45:ae:af:80:2d:9b:d8:
                    b4:71:bd:0f:82:aa:e9:bd:06:2c:88:af:c1:33:ba:
                    49:98:5b:46:0c:6a:a3:e7:02:56:c9:2a:1a:87:89:
                    d6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:FF:AA:86:B8:09:BF:C8:2C:48:62:51:DA:3B:E9:4E:5C:AE:9D:81
            X509v3 Authority Key Identifier:
                keyid:5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Pv-qhrgJv8gsSGJR2jvpTlyunYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Xrugc1oH5AyjICYniyZ4Z4-LrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:32c0:6::/47
                  2a03:32c0:3004::/47
                  2a03:32c0:5000::-2a03:32c0:5002:ffff:ffff:ffff:ffff:ffff
                  2a03:32c0:6000::/47
                  2a03:32c0:7001::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:b8:ef:a8:a6:06:b9:ad:d0:42:cb:cd:bd:93:b8:79:08:c8:
         59:33:35:75:cd:53:33:1c:29:c2:66:10:ec:2b:87:63:63:a8:
         8d:0f:c8:76:e7:1d:09:8b:89:cb:f9:da:30:6d:d6:3b:45:11:
         4d:70:1b:d4:dd:f5:fc:4d:73:e1:9c:06:b8:ef:9f:fc:04:59:
         c9:a0:2f:5c:16:dd:8e:f3:ea:0d:c2:98:15:12:5a:08:8a:fa:
         c9:48:dc:50:42:73:aa:97:bf:7d:60:77:3c:a7:62:72:56:ce:
         25:b7:f1:f7:82:04:11:b3:83:04:aa:36:97:0b:2c:8c:4c:ac:
         d8:5c:f2:c3:46:7b:44:7d:cd:06:d8:3f:d9:8b:36:17:ed:d1:
         f2:bc:ed:51:53:d8:e7:f0:0a:02:62:79:d5:ee:bd:9a:6e:f4:
         21:ca:33:42:fa:4c:ba:63:ce:a6:59:7e:77:2b:d5:bf:c7:1f:
         fc:80:cb:b7:98:0c:d1:eb:b8:a9:3f:ae:7f:42:52:42:2e:a5:
         ce:51:ff:b2:36:3d:da:8d:6f:a1:ac:d9:fa:99:37:d6:12:b9:
         9c:3d:6f:2d:11:f6:ab:0b:2d:12:70:b5:63:a7:14:b9:f4:b9:
         ec:47:bc:60:0e:66:9b:7f:6b:b2:9e:df:45:5c:67:1a:99:e1:
         18:b9:af:58
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYz2jdq8jb1ollOY9ORfHXFKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYmJhMDczNWEwN2U0MGNhMzIwMjYyNzhiMjY3ODY3OGY4
YmFjZDkwHhcNMjQwMTExMDMyNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWZmYWE4NmI4MDliZmM4MmM0ODYyNTFkYTNiZTk0ZTVjYWU5ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+2uBZeo9t9BXB4OVCaHxlE5nHk
jU7w5o4AFVIzwj/ZUvU7ne6zNbmvg+BXJfsDeT4D0q9wf3kKjuM0nk4LqVWDtRlp
4Gf3v/8samiCIKk5D02iwE+otSSLnMNSNQnHISwwzIG6BbX/oMfNS6Gz2gIpyT6s
JKNU1Kq6Eku6Cfqn8vYSt6CexzCfl58Kl+3BqWXst5KYK8MzQzXoe8K2MQdcl20C
Cm62qLsP/VWY//MEyCm9O3jlEwtk88VZXzmstiIncemuZkCvD8iLhQlEo4Bt5fD9
2/bHF0Wur4Atm9i0cb0PgqrpvQYsiK/BM7pJmFtGDGqj5wJWySoah4nWIQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFD7/qoa4Cb/ILEhiUdo76U5crp2BMB8GA1UdIwQY
MBaAFF67oHNaB+QMoyAmJ4smeGePi6zZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAt
MzIxMmI2ODU4NGU5LzEvUHYtcWhyZ0p2OGdzU0dKUjJqdnBUbHl1bllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAtMzIxMmI2ODU4NGU5
LzEvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzA9BAIAAjA3AwcBKgMywAAG
AwcBKgMywDAEMBEDBgQqAzLAUAMHACoDMsBQAgMHASoDMsBgAAMHACoDMsBwATAN
BgkqhkiG9w0BAQsFAAOCAQEAaLjvqKYGua3QQsvNvZO4eQjIWTM1dc1TMxwpwmYQ
7CuHY2OojQ/IducdCYuJy/naMG3WO0URTXAb1N31/E1z4ZwGuO+f/ARZyaAvXBbd
jvPqDcKYFRJaCIr6yUjcUEJzqpe/fWB3PKdiclbOJbfx94IEEbODBKo2lwssjEys
2Fzyw0Z7RH3NBtg/2Ys2F+3R8rztUVPY5/AKAmJ51e69mm70IcozQvpMumPOpll+
dyvVv8cf/IDLt5gM0eu4qT+uf0JSQi6lzlH/sjY92o1voazZ+pk31hK5nD1vLRH2
qwstEnC1Y6cUufS57Ee8YA5mm39rsp7fRVxnGpnhGLmvWA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:08 2024 by rpki-client on console-fra.rpki-client.org