Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/ygzJYhmPAnrfFCDB2ZBiXlOhLBY.roa
File:                     ygzJYhmPAnrfFCDB2ZBiXlOhLBY.roa (raw, json)
Hash identifier:          w0qx6ffjI5iwc1n8lAznmILn3PAzDzDdTbxtrs/QLss=
Subject key identifier:   CA:0C:C9:62:19:8F:02:7A:DF:14:20:C1:D9:90:62:5E:53:A1:2C:16
Certificate issuer:       /CN=6107e2e2e8171d319da1bc64b36c3c985e646c2a
Certificate serial:       018CC8DEE5F8FC0CB359AA0442FDB9660A60
Authority key identifier: 61:07:E2:E2:E8:17:1D:31:9D:A1:BC:64:B3:6C:3C:98:5E:64:6C:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YQfi4ugXHTGdobxks2w8mF5kbCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/ygzJYhmPAnrfFCDB2ZBiXlOhLBY.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42868
IP address blocks:        185.87.253.0/24 maxlen: 24
                          185.87.252.0/24 maxlen: 24
                          185.87.254.0/24 maxlen: 24
                          185.87.255.0/24 maxlen: 24
                          77.245.144.0/24 maxlen: 24
                          77.245.145.0/24 maxlen: 24
                          77.245.146.0/24 maxlen: 24
                          77.245.147.0/24 maxlen: 24
                          77.245.148.0/24 maxlen: 24
                          77.245.149.0/24 maxlen: 24
                          77.245.150.0/24 maxlen: 24
                          77.245.151.0/24 maxlen: 24
                          77.245.152.0/24 maxlen: 24
                          77.245.153.0/24 maxlen: 24
                          77.245.154.0/24 maxlen: 24
                          77.245.155.0/24 maxlen: 24
                          77.245.156.0/24 maxlen: 24
                          77.245.157.0/24 maxlen: 24
                          77.245.158.0/24 maxlen: 24
                          77.245.159.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 10 May 2024 20:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e5:f8:fc:0c:b3:59:aa:04:42:fd:b9:66:0a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6107e2e2e8171d319da1bc64b36c3c985e646c2a
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca0cc962198f027adf1420c1d990625e53a12c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:70:a7:b6:e2:c5:e5:cf:59:35:ff:bf:b0:03:
                    fe:34:7a:9b:5f:96:ee:f9:ea:81:9d:38:b7:63:e9:
                    f7:b3:82:c4:c0:b7:81:ae:f4:74:9b:a3:c4:de:b4:
                    d5:0f:fb:3f:24:40:3b:22:52:3c:61:26:42:d9:50:
                    c6:44:09:bd:b5:57:ac:04:56:e6:55:d8:a6:d5:9e:
                    48:13:10:d9:ed:96:77:db:f4:98:63:b0:84:b1:35:
                    f3:a1:6b:3a:08:b4:d7:85:e5:10:c7:64:1c:6f:eb:
                    0d:7f:73:0e:6f:66:ec:a7:c9:72:d8:fd:84:66:10:
                    50:f1:03:e7:d0:ca:e4:c2:da:ab:f1:d2:f5:72:c6:
                    38:31:d5:b2:db:ce:4a:2d:69:97:be:e7:e1:6b:d2:
                    90:c9:62:95:82:3f:ae:bb:c1:77:3c:98:db:3b:17:
                    60:1b:bf:b4:3f:b2:02:b2:50:9f:ac:85:5b:c3:3f:
                    c6:2c:99:86:c0:25:04:fd:28:3b:37:a0:c7:90:8b:
                    73:3c:ed:4c:ae:08:e7:e5:87:f9:8e:c3:5f:e4:46:
                    ff:6b:7f:29:86:dd:b3:2c:66:ad:49:b9:94:7d:af:
                    bc:11:88:3d:5f:6b:59:40:f4:6e:43:95:28:2c:59:
                    f2:69:7d:bb:fd:6f:a3:71:57:ef:21:f2:09:5e:14:
                    6e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0C:C9:62:19:8F:02:7A:DF:14:20:C1:D9:90:62:5E:53:A1:2C:16
            X509v3 Authority Key Identifier:
                keyid:61:07:E2:E2:E8:17:1D:31:9D:A1:BC:64:B3:6C:3C:98:5E:64:6C:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YQfi4ugXHTGdobxks2w8mF5kbCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/ygzJYhmPAnrfFCDB2ZBiXlOhLBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/YQfi4ugXHTGdobxks2w8mF5kbCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.245.144.0/20
                  185.87.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:3d:7a:05:d5:4f:84:34:03:a1:eb:66:9c:c4:1d:ff:d5:00:
         d6:ae:5b:e6:6f:62:07:85:5e:8f:fd:1a:df:72:a3:a0:be:88:
         3f:e1:04:54:26:27:d2:a1:02:8f:df:79:83:18:ab:8d:c0:c7:
         08:51:a0:67:8a:f0:06:45:61:80:ba:ed:56:22:a6:8f:95:58:
         a3:8a:eb:17:85:47:67:cb:f2:c3:7e:cc:b8:80:73:83:d3:97:
         8c:06:c2:69:08:ba:c0:ca:1f:16:38:71:2b:d4:a7:c2:e6:09:
         ca:db:6f:d4:f1:68:28:cb:08:52:3f:0d:50:12:9c:39:67:f8:
         de:b2:0c:2f:41:c9:be:35:70:98:65:3c:ed:e6:9c:73:08:21:
         90:cc:5d:51:61:17:54:06:78:ff:0a:8a:dc:d9:7e:df:98:25:
         cd:38:da:4e:94:cb:14:9b:7f:84:b8:f1:c5:e6:4b:eb:8b:ee:
         0e:42:1f:e6:84:ca:20:07:01:22:01:94:6c:94:8f:91:e3:86:
         e4:47:0d:6e:63:c1:fb:30:51:d8:cf:f7:b3:76:5f:f8:e2:fc:
         07:2e:8d:c8:0e:6c:79:6b:3a:8b:84:6e:c2:5b:8e:ca:f3:a6:
         81:d0:8f:7d:06:23:ee:c6:77:14:11:7e:22:de:b1:9f:d2:b9:
         47:6c:be:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3uX4/AyzWaoEQv25ZgpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMDdlMmUyZTgxNzFkMzE5ZGExYmM2NGIzNmMzYzk4NWU2
NDZjMmEwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTBjYzk2MjE5OGYwMjdhZGYxNDIwYzFkOTkwNjI1ZTUzYTEyYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXCntuLF5c9ZNf+/sAP+NHqbX5bu
+eqBnTi3Y+n3s4LEwLeBrvR0m6PE3rTVD/s/JEA7IlI8YSZC2VDGRAm9tVesBFbm
Vdim1Z5IExDZ7ZZ32/SYY7CEsTXzoWs6CLTXheUQx2Qcb+sNf3MOb2bsp8ly2P2E
ZhBQ8QPn0Mrkwtqr8dL1csY4MdWy285KLWmXvufha9KQyWKVgj+uu8F3PJjbOxdg
G7+0P7ICslCfrIVbwz/GLJmGwCUE/Sg7N6DHkItzPO1Mrgjn5Yf5jsNf5Eb/a38p
ht2zLGatSbmUfa+8EYg9X2tZQPRuQ5UoLFnyaX27/W+jcVfvIfIJXhRu0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMoMyWIZjwJ63xQgwdmQYl5ToSwWMB8GA1UdIwQY
MBaAFGEH4uLoFx0xnaG8ZLNsPJheZGwqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVFmaTR1Z1hIVEdkb2J4a3MydzhtRjVrYkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9iMDdlNTgtZjkzYS00ZDVmLWI5MmQt
NjAxNmQ1YzA1ZjMwLzEveWd6SllobVBBbnJmRkNEQjJaQmlYbE9oTEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9iMDdlNTgtZjkzYS00ZDVmLWI5MmQtNjAxNmQ1YzA1ZjMw
LzEvWVFmaTR1Z1hIVEdkb2J4a3MydzhtRjVrYkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETfWQAwQC
uVf8MA0GCSqGSIb3DQEBCwUAA4IBAQBfPXoF1U+ENAOh62acxB3/1QDWrlvmb2IH
hV6P/RrfcqOgvog/4QRUJifSoQKP33mDGKuNwMcIUaBnivAGRWGAuu1WIqaPlVij
iusXhUdny/LDfsy4gHOD05eMBsJpCLrAyh8WOHEr1KfC5gnK22/U8WgoywhSPw1Q
Epw5Z/jesgwvQcm+NXCYZTzt5pxzCCGQzF1RYRdUBnj/Corc2X7fmCXNONpOlMsU
m3+EuPHF5kvri+4OQh/mhMogBwEiAZRslI+R44bkRw1uY8H7MFHYz/ezdl/44vwH
Lo3IDmx5azqLhG7CW47K86aB0I99BiPuxncUEX4i3rGf0rlHbL4L
-----END CERTIFICATE-----