Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653030383a3a2f34372d3437203d3e20323134363433.roa
File:                     326131343a373538313a653030383a3a2f34372d3437203d3e20323134363433.roa (raw, json)
Hash identifier:          A6VGlzA6TS46UuwBS433Zcz0GTz7dn6BjjkqS1C9iLM=
Subject key identifier:   DB:F6:7B:70:FF:25:17:52:63:9E:C8:10:67:F4:9B:70:30:BF:BF:D8
Certificate issuer:       /CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
Certificate serial:       2D722273ED1BB0DD97672735B08D9526E0484761
Authority key identifier: F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653030383a3a2f34372d3437203d3e20323134363433.roa
Signing time:             Thu 27 Jun 2024 09:09:34 +0000
ROA not before:           Thu 27 Jun 2024 09:04:34 +0000
ROA not after:            Thu 26 Jun 2025 09:09:34 +0000
asID:                     214643
IP address blocks:        2a14:7581:e008::/47 maxlen: 47

Validation:               Failed, certificate revoked on Fri 05 Jul 2024 15:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:72:22:73:ed:1b:b0:dd:97:67:27:35:b0:8d:95:26:e0:48:47:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
        Validity
            Not Before: Jun 27 09:04:34 2024 GMT
            Not After : Jun 26 09:09:34 2025 GMT
        Subject: CN=DBF67B70FF251752639EC81067F49B7030BFBFD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c1:69:55:31:89:1d:69:e9:55:dc:19:1a:2c:
                    5e:ec:8b:14:23:31:87:d5:04:3e:95:08:ea:52:62:
                    bf:49:bd:97:89:21:2f:2e:cc:95:12:78:00:14:5e:
                    f1:c0:21:ce:bf:30:09:51:76:09:3c:b8:c8:3a:85:
                    3e:e9:b2:45:41:21:4d:27:f2:39:4b:e3:24:53:13:
                    59:35:51:10:2e:a0:a0:04:1b:81:1d:9a:96:09:52:
                    c1:6c:41:8b:f5:26:38:f7:bb:65:b6:06:5c:42:95:
                    13:6d:92:9b:f7:e7:82:21:95:aa:fb:b0:f4:3b:35:
                    45:4c:76:b9:fb:0c:17:79:fc:3a:a8:8f:16:79:13:
                    d3:90:43:5c:c5:b5:79:a2:1c:1a:77:62:ef:fd:77:
                    23:b7:f4:78:0c:72:13:4c:4c:70:e4:70:11:53:88:
                    98:d8:c2:d7:32:02:71:43:7b:74:16:b9:84:ec:1e:
                    91:8e:20:fb:f8:4b:42:e1:98:58:1b:8e:a6:ef:92:
                    d4:4f:74:6c:b2:b2:80:0e:1f:0c:ad:1a:52:92:35:
                    95:dd:59:cf:ee:67:71:f7:e4:0e:88:fc:af:ab:83:
                    af:7f:f6:d7:fc:63:51:5f:47:db:fe:09:08:5c:78:
                    85:62:ce:6f:d4:5d:9c:a9:a3:eb:90:3f:89:12:ae:
                    eb:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F6:7B:70:FF:25:17:52:63:9E:C8:10:67:F4:9B:70:30:BF:BF:D8
            X509v3 Authority Key Identifier:
                keyid:F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653030383a3a2f34372d3437203d3e20323134363433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:e008::/47

    Signature Algorithm: sha256WithRSAEncryption
         28:f0:6a:09:a5:9e:a4:5c:d6:7a:32:cf:ea:c8:8e:83:ad:85:
         58:33:65:5b:29:87:e4:f6:09:99:d4:ce:54:7a:43:29:a7:11:
         7f:6c:59:0a:d7:54:79:c1:02:51:8b:dd:6f:72:7d:47:c7:f7:
         ff:a2:b9:29:f8:24:e4:fc:4f:56:e5:86:ca:06:67:c4:fe:3e:
         30:53:41:b4:29:65:26:ab:2b:75:5c:26:96:48:0c:80:2f:d8:
         bd:68:1f:75:d2:57:49:2c:61:6e:a1:86:83:ee:d2:f9:44:3c:
         d1:dd:90:3d:29:0f:bd:ea:cd:86:e7:76:9b:e9:ff:fe:9c:d4:
         21:cb:a0:a8:0a:c2:a8:5e:50:23:96:4f:58:8e:66:47:d8:d9:
         2b:94:9b:92:e7:b9:e6:a3:f4:87:0b:07:dc:2e:dd:7d:05:da:
         e9:1a:04:bb:a3:08:9b:ce:33:dd:5b:d3:42:59:db:8f:cb:ae:
         fd:36:93:63:b1:54:cc:50:2f:91:01:9f:03:54:02:9f:c6:60:
         c6:74:04:4b:92:31:48:3f:ca:21:5a:32:d0:17:dd:36:30:84:
         e7:8b:ad:b7:af:c5:2a:75:ff:90:7f:1d:a7:9f:86:fe:01:07:
         48:20:e9:56:05:ec:c8:e4:36:10:65:f6:fa:26:78:0c:25:17:
         67:0f:ca:c3
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIULXIic+0bsN2XZyc1sI2VJuBIR2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhB
RUY3QUQxQTAeFw0yNDA2MjcwOTA0MzRaFw0yNTA2MjYwOTA5MzRaMDMxMTAvBgNV
BAMTKERCRjY3QjcwRkYyNTE3NTI2MzlFQzgxMDY3RjQ5QjcwMzBCRkJGRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClwWlVMYkdaelV3BkaLF7sixQj
MYfVBD6VCOpSYr9JvZeJIS8uzJUSeAAUXvHAIc6/MAlRdgk8uMg6hT7pskVBIU0n
8jlL4yRTE1k1URAuoKAEG4EdmpYJUsFsQYv1Jjj3u2W2BlxClRNtkpv354Ihlar7
sPQ7NUVMdrn7DBd5/DqojxZ5E9OQQ1zFtXmiHBp3Yu/9dyO39HgMchNMTHDkcBFT
iJjYwtcyAnFDe3QWuYTsHpGOIPv4S0LhmFgbjqbvktRPdGyysoAOHwytGlKSNZXd
Wc/uZ3H35A6I/K+rg69/9tf8Y1FfR9v+CQhceIVizm/UXZypo+uQP4kSruulAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQU2/Z7cP8lF1JjnsgQZ/SbcDC/v9gwHwYDVR0j
BBgwFoAU+feiiFzzAS+hOQ07Mln8eK73rRowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGI4ZDhiN2QtYzQ4Ni00MjM5LTlkOWYtOGY4ZjVkY2Vk
OGQwLzEvRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhBRUY3QUQxQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC9GOUY3QTI4ODVDRjMwMTJGQTEzOTBEM0Iz
MjU5RkM3OEFFRjdBRDFBLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kYjhkOGI3ZC1jNDg2LTQyMzktOWQ5Zi04ZjhmNWRjZWQ4ZDAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY1MzAzMDM4M2EzYTJmMzQzNzJkMzQzNzIwM2QzZTIwMzIz
MTM0MzYzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcBKhR1geAIMA0GCSqGSIb3DQEBCwUAA4IBAQAo
8GoJpZ6kXNZ6Ms/qyI6DrYVYM2VbKYfk9gmZ1M5UekMppxF/bFkK11R5wQJRi91v
cn1Hx/f/orkp+CTk/E9W5YbKBmfE/j4wU0G0KWUmqyt1XCaWSAyAL9i9aB910ldJ
LGFuoYaD7tL5RDzR3ZA9KQ+96s2G53ab6f/+nNQhy6CoCsKoXlAjlk9YjmZH2Nkr
lJuS57nmo/SHCwfcLt19BdrpGgS7owibzjPdW9NCWduPy679NpNjsVTMUC+RAZ8D
VAKfxmDGdARLkjFIP8ohWjLQF902MITni623r8Uqdf+Qfx2nn4b+AQdIIOlWBezI
5DYQZfb6JngMJRdnD8rD
-----END CERTIFICATE-----
Generated at Fri Jul 5 17:25:51 2024 by rpki-client on console-fra.rpki-client.org