Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Prs9KXaxmAlPlUq92CB3aNymw3w.roa
File:                     Prs9KXaxmAlPlUq92CB3aNymw3w.roa (raw, json)
Hash identifier:          O3qnRS8RSJ20TeCgZtlzI1R/ui+4BaLLmTDAJjhkVpg=
Subject key identifier:   3E:BB:3D:29:76:B1:98:09:4F:95:4A:BD:D8:20:77:68:DC:A6:C3:7C
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       018CC3B6A9E3520843EF752101367CD232BE
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Prs9KXaxmAlPlUq92CB3aNymw3w.roa
Signing time:             Mon 01 Jan 2024 06:29:37 +0000
ROA not before:           Mon 01 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56534
IP address blocks:        2a11:3187::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 13 Mar 2024 14:42:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a9:e3:52:08:43:ef:75:21:01:36:7c:d2:32:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jan  1 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ebb3d2976b198094f954abdd8207768dca6c37c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d4:94:29:7f:e3:b9:49:85:68:a7:a3:7a:9d:
                    68:bf:da:ee:9f:f8:28:26:91:03:f7:8b:ce:07:7e:
                    f6:00:79:89:f5:7e:78:87:0f:16:c4:05:94:d9:82:
                    15:d8:87:77:3c:d5:f1:ff:38:09:ba:34:01:39:8a:
                    ee:7d:79:94:10:98:82:14:87:ee:37:14:8e:0d:97:
                    62:2e:4b:86:89:e1:c3:6d:6d:02:8f:94:ba:62:9e:
                    22:81:1e:07:b2:8f:a1:22:f8:49:d1:3d:44:88:51:
                    6d:ab:85:9f:9e:98:00:06:0f:bf:ec:68:ca:bc:6b:
                    d2:13:f2:76:cf:58:74:7d:c3:d3:84:e8:50:9e:f0:
                    af:4f:6a:da:6e:53:3f:b6:86:4f:4b:5b:17:ae:0c:
                    9c:51:50:90:f9:dd:29:5f:d1:f3:a7:ed:ee:2e:79:
                    0c:55:6e:de:d1:3c:62:6a:4c:2d:e2:7a:7b:8d:02:
                    59:55:9b:35:1a:8a:c7:cb:31:99:02:f2:f7:02:0c:
                    f8:c2:92:3b:12:9b:c7:a0:7f:21:6b:be:4f:e2:1f:
                    9b:78:2b:c0:4d:74:7c:76:64:e9:17:b0:de:cd:71:
                    19:f8:91:57:a3:90:43:e9:d1:13:3d:8c:01:ea:1c:
                    4a:d7:c2:ef:5c:51:5e:42:df:c2:85:49:75:68:eb:
                    51:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:BB:3D:29:76:B1:98:09:4F:95:4A:BD:D8:20:77:68:DC:A6:C3:7C
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Prs9KXaxmAlPlUq92CB3aNymw3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3187::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:bc:26:8c:e4:3d:9a:33:5d:eb:65:a5:04:f2:db:05:d7:92:
         ca:27:5f:ea:45:7d:1c:2f:7b:13:eb:22:5e:fd:f6:26:36:9e:
         07:0a:62:54:be:87:a5:ed:d8:5d:01:88:99:e4:5e:4e:09:8b:
         e5:01:ea:21:ed:ac:e3:e8:b4:e0:e0:ff:fe:3c:ea:21:92:d5:
         43:7d:ca:db:bd:98:b3:55:92:fb:98:6f:39:c4:82:76:72:ab:
         c6:7e:61:1f:23:49:9d:8b:cf:14:ac:60:38:8c:77:46:39:34:
         58:33:5f:6b:8e:5c:da:97:8a:55:76:ac:35:80:21:d8:28:4e:
         3d:63:eb:19:94:49:9b:2b:23:31:e7:b1:5d:ff:87:f4:2e:80:
         20:01:6b:7f:7e:33:e0:4e:5c:fc:b1:59:04:aa:a3:6e:60:89:
         1b:78:04:15:fb:73:4d:69:02:4a:59:77:ac:84:a1:eb:d5:82:
         f1:6e:a0:68:a7:54:ab:99:fc:c2:e1:20:df:97:14:b6:e6:e0:
         ff:ee:39:48:7b:04:60:9d:41:88:34:c2:58:26:6c:6e:eb:46:
         24:d0:d5:e2:79:f8:d5:a6:a6:e7:ca:2f:7e:c1:7e:06:a5:e2:
         0f:11:83:dd:ce:4d:10:03:0e:4c:19:ec:56:d0:b6:9d:b8:90:
         37:2d:ac:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtqnjUghD73UhATZ80jK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWJiM2QyOTc2YjE5ODA5NGY5NTRhYmRkODIwNzc2OGRjYTZjMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9SUKX/juUmFaKejep1ov9run/go
JpED94vOB372AHmJ9X54hw8WxAWU2YIV2Id3PNXx/zgJujQBOYrufXmUEJiCFIfu
NxSODZdiLkuGieHDbW0Cj5S6Yp4igR4Hso+hIvhJ0T1EiFFtq4WfnpgABg+/7GjK
vGvSE/J2z1h0fcPThOhQnvCvT2rablM/toZPS1sXrgycUVCQ+d0pX9Hzp+3uLnkM
VW7e0Txiakwt4np7jQJZVZs1GorHyzGZAvL3Agz4wpI7EpvHoH8ha75P4h+beCvA
TXR8dmTpF7DezXEZ+JFXo5BD6dETPYwB6hxK18LvXFFeQt/ChUl1aOtRYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD67PSl2sZgJT5VKvdggd2jcpsN8MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvUHJzOUtYYXhtQWxQbFVxOTJDQjNhTnltdzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhExhzAN
BgkqhkiG9w0BAQsFAAOCAQEAsrwmjOQ9mjNd62WlBPLbBdeSyidf6kV9HC97E+si
Xv32JjaeBwpiVL6Hpe3YXQGImeReTgmL5QHqIe2s4+i04OD//jzqIZLVQ33K272Y
s1WS+5hvOcSCdnKrxn5hHyNJnYvPFKxgOIx3Rjk0WDNfa45c2peKVXasNYAh2ChO
PWPrGZRJmysjMeexXf+H9C6AIAFrf34z4E5c/LFZBKqjbmCJG3gEFftzTWkCSll3
rISh69WC8W6gaKdUq5n8wuEg35cUtubg/+45SHsEYJ1BiDTCWCZsbutGJNDV4nn4
1aam58ovfsF+BqXiDxGD3c5NEAMOTBnsVtC2nbiQNy2sSA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org