Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/326130663a383563313a33313a3a2f34382d3438203d3e203231393931.roa
File:                     326130663a383563313a33313a3a2f34382d3438203d3e203231393931.roa (raw, json)
Hash identifier:          mxengrg6WKrzBqyxTDG7mswyMbUEJnlN0UJEMXNJJ1Q=
Subject key identifier:   80:4F:03:E3:02:94:89:0F:46:B9:F4:D4:59:04:92:0E:5C:71:ED:5A
Certificate issuer:       /CN=5ae4437029659539f54f900b35e43be06a94b37b
Certificate serial:       3943849BD798C1E1B4A7A62534198732187CF94B
Authority key identifier: 5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/326130663a383563313a33313a3a2f34382d3438203d3e203231393931.roa
Signing time:             Wed 13 Mar 2024 04:47:29 +0000
ROA not before:           Wed 13 Mar 2024 04:42:29 +0000
ROA not after:            Wed 12 Mar 2025 04:47:29 +0000
asID:                     21991
IP address blocks:        2a0f:85c1:31::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 23 May 2024 16:49:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:43:84:9b:d7:98:c1:e1:b4:a7:a6:25:34:19:87:32:18:7c:f9:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae4437029659539f54f900b35e43be06a94b37b
        Validity
            Not Before: Mar 13 04:42:29 2024 GMT
            Not After : Mar 12 04:47:29 2025 GMT
        Subject: CN=804F03E30294890F46B9F4D45904920E5C71ED5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:da:09:6d:77:df:2c:0a:71:1c:07:09:1f:bb:
                    32:84:b9:f9:91:67:fe:1e:c3:49:b9:69:2f:f6:75:
                    f6:2f:3a:04:a3:df:c8:35:e4:33:89:78:e1:60:ff:
                    ad:82:3b:47:f3:c7:06:0d:68:82:bf:6a:ee:68:73:
                    5e:60:02:47:40:60:99:29:a0:db:18:f2:97:1b:ef:
                    88:c6:56:13:34:64:e7:da:2c:bd:1a:a7:83:ef:b9:
                    12:fc:b5:74:7c:a4:14:f1:fd:e1:1e:36:11:e5:64:
                    16:b4:17:5a:53:38:72:26:69:ac:76:1a:ae:0a:70:
                    34:15:d3:6b:45:1e:d5:54:ed:5a:e8:01:05:34:60:
                    62:aa:cb:62:5e:fa:4b:cb:97:e4:76:b4:65:60:1a:
                    af:50:30:8a:d2:50:2f:cc:34:8e:a6:2d:ab:3f:63:
                    49:f6:26:cc:23:b4:41:21:45:34:b0:4e:6a:0d:a0:
                    f4:72:2e:85:53:17:ab:bf:ee:02:1a:f3:25:97:43:
                    ec:87:16:74:f6:6b:ef:81:7c:06:d0:ec:aa:6e:62:
                    b7:31:62:ff:3b:62:f4:33:63:97:76:e3:9f:1c:4d:
                    66:2f:8c:8e:f1:d7:70:f9:9f:27:82:3f:17:9d:f4:
                    64:03:39:70:06:b1:18:8f:04:dd:67:ea:76:f7:df:
                    e2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4F:03:E3:02:94:89:0F:46:B9:F4:D4:59:04:92:0E:5C:71:ED:5A
            X509v3 Authority Key Identifier:
                keyid:5A:E4:43:70:29:65:95:39:F5:4F:90:0B:35:E4:3B:E0:6A:94:B3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/5AE4437029659539F54F900B35E43BE06A94B37B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuRDcClllTn1T5ALNeQ74GqUs3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/326130663a383563313a33313a3a2f34382d3438203d3e203231393931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:98:09:95:3f:a7:a5:55:da:56:28:e4:0b:1a:3c:a5:cb:3c:
         33:09:12:a6:4f:5f:f5:13:71:ac:ae:af:7a:c2:26:1b:27:65:
         45:c3:38:15:fc:41:64:41:d3:25:fd:56:6e:55:f9:f2:43:d2:
         52:28:54:50:b4:80:70:0c:1c:ea:be:2c:72:1b:c5:0f:7d:20:
         ef:20:d3:d2:29:fe:7b:1f:19:3c:28:3d:72:68:23:27:1f:f3:
         fd:66:e7:77:77:f6:ee:0f:c7:f4:1e:7c:58:a8:01:6b:10:97:
         cd:cb:e3:27:7e:5f:8e:3d:46:b3:36:1b:70:f5:84:bc:1b:17:
         19:2e:d9:d6:0c:d2:c7:7f:bc:70:1c:60:6a:d8:42:0a:66:8a:
         67:6f:76:72:ac:c1:88:d3:23:f0:f2:d5:05:fa:cc:c4:31:39:
         93:c9:68:ba:eb:77:14:3e:e4:fc:7a:45:43:bf:44:27:63:ce:
         7d:d0:fa:2f:e0:f6:f5:10:1f:1f:6b:a0:65:6f:34:dc:77:bc:
         97:96:d7:11:a5:7a:0b:c1:94:2c:e4:49:d2:97:06:e9:0d:46:
         ee:ad:b8:37:2b:1b:23:3e:b0:1e:70:e1:1b:57:3f:4c:0c:15:
         df:78:ff:ff:6b:69:0e:65:ed:1c:5f:3e:52:4c:16:c8:cc:eb:
         7c:21:bf:b3
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUOUOEm9eYweG0p6YlNBmHMhh8+UswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWFlNDQzNzAyOTY1OTUzOWY1NGY5MDBiMzVlNDNiZTA2
YTk0YjM3YjAeFw0yNDAzMTMwNDQyMjlaFw0yNTAzMTIwNDQ3MjlaMDMxMTAvBgNV
BAMTKDgwNEYwM0UzMDI5NDg5MEY0NkI5RjRENDU5MDQ5MjBFNUM3MUVENUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX2gltd98sCnEcBwkfuzKEufmR
Z/4ew0m5aS/2dfYvOgSj38g15DOJeOFg/62CO0fzxwYNaIK/au5oc15gAkdAYJkp
oNsY8pcb74jGVhM0ZOfaLL0ap4PvuRL8tXR8pBTx/eEeNhHlZBa0F1pTOHImaax2
Gq4KcDQV02tFHtVU7VroAQU0YGKqy2Je+kvLl+R2tGVgGq9QMIrSUC/MNI6mLas/
Y0n2JswjtEEhRTSwTmoNoPRyLoVTF6u/7gIa8yWXQ+yHFnT2a++BfAbQ7KpuYrcx
Yv87YvQzY5d2458cTWYvjI7x13D5nyeCPxed9GQDOXAGsRiPBN1n6nb33+KNAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUgE8D4wKUiQ9GufTUWQSSDlxx7VowHwYDVR0j
BBgwFoAUWuRDcClllTn1T5ALNeQ74GqUs3swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMtYTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhm
MTk2LzAvNUFFNDQzNzAyOTY1OTUzOUY1NEY5MDBCMzVFNDNCRTA2QTk0QjM3Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1d1UkRjQ2xsbFRuMVQ1QUxOZVE3NEdx
VXMzcy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmMyMGFkZDMt
YTg4ZS00YmIyLWE4NGQtNTVkYTIxMjhmMTk2LzAvMzI2MTMwNjYzYTM4MzU2MzMx
M2EzMzMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzIzMTM5MzkzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoPhcEAMTANBgkqhkiG9w0BAQsFAAOCAQEAaZgJlT+npVXaVijkCxo8pcs8
MwkSpk9f9RNxrK6vesImGydlRcM4FfxBZEHTJf1WblX58kPSUihUULSAcAwc6r4s
chvFD30g7yDT0in+ex8ZPCg9cmgjJx/z/Wbnd3f27g/H9B58WKgBaxCXzcvjJ35f
jj1GszYbcPWEvBsXGS7Z1gzSx3+8cBxgathCCmaKZ292cqzBiNMj8PLVBfrMxDE5
k8louut3FD7k/HpFQ79EJ2POfdD6L+D29RAfH2ugZW803He8l5bXEaV6C8GULORJ
0pcG6Q1G7q24NysbIz6wHnDhG1c/TAwV33j//2tpDmXtHF8+UkwWyMzrfCG/sw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:22 2024 by rpki-client on console-fra.rpki-client.org