Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/LYpoIjM4MmglTO3P3M5pw4iVut8.roa
File:                     LYpoIjM4MmglTO3P3M5pw4iVut8.roa (raw, json)
Hash identifier:          mAyJXuqbSrzqtCnaDel5xqHQlxQklTTG8424rZdoX5I=
Subject key identifier:   2D:8A:68:22:33:38:32:68:25:4C:ED:CF:DC:CE:69:C3:88:95:BA:DF
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       01857227EA9AD3F371983120F2CDFD527DBE
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/LYpoIjM4MmglTO3P3M5pw4iVut8.roa
Signing time:             Mon 02 Jan 2023 11:04:56 +0000
ROA not before:           Mon 02 Jan 2023 11:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34476
IP address blocks:        195.49.239.0/24 maxlen: 24
                          195.49.238.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:ea:9a:d3:f3:71:98:31:20:f2:cd:fd:52:7d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  2 11:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d8a682233383268254cedcfdcce69c38895badf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d9:cf:b5:39:2e:cd:d6:fb:40:0a:e1:e2:3f:
                    3a:2f:3d:b6:41:ac:6a:fb:ef:d3:48:d8:21:f1:9c:
                    0e:e2:c5:4b:a8:b2:f7:3d:87:03:e1:f0:9f:1f:f2:
                    09:e3:25:01:35:b0:e4:45:99:5e:b5:7a:b3:df:4b:
                    dc:4c:19:72:32:d4:5c:af:77:d5:35:18:99:5f:5e:
                    0d:57:23:24:c8:d5:f4:85:be:a5:71:c7:9c:1a:cd:
                    43:19:96:cf:72:4d:3a:ab:a7:36:31:25:1c:92:0c:
                    bd:d8:cb:0a:e6:a4:7d:4b:67:c6:cc:1e:f7:3f:14:
                    df:9b:ab:34:f3:e6:86:c4:4b:3b:5d:6c:62:6a:ee:
                    dc:8c:d2:14:70:94:0b:8b:56:78:b0:fe:4b:70:6b:
                    17:62:71:28:ad:f2:e4:66:17:79:46:cc:ae:a1:5c:
                    91:96:9b:0b:6d:32:f7:6f:88:82:cc:0a:bf:2d:f6:
                    dc:ec:8d:c7:83:38:25:18:59:2c:73:b5:80:53:7b:
                    c7:4b:f0:52:17:7a:c4:4d:bd:3b:c2:1c:8c:2e:c1:
                    64:a3:53:c8:c9:2a:2a:5c:fd:fa:77:13:57:9c:20:
                    27:c7:ff:60:d5:43:21:a9:5e:be:81:3e:bb:39:a2:
                    5c:0c:e2:d2:10:5b:99:b7:a1:61:bb:68:64:f2:5c:
                    8a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:8A:68:22:33:38:32:68:25:4C:ED:CF:DC:CE:69:C3:88:95:BA:DF
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/LYpoIjM4MmglTO3P3M5pw4iVut8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:70:ee:af:ac:e4:c2:d0:ae:4e:4a:4f:b8:af:5f:ab:dc:0d:
         4c:61:fd:63:d7:c0:ce:3c:18:d6:5d:6e:fb:9a:9f:e2:cf:3e:
         8f:68:b2:d0:29:d8:94:24:f7:6f:fa:70:95:1d:8a:2c:2e:9f:
         3b:9d:cf:ce:86:2f:1a:cf:f9:8f:5f:cb:54:ff:d0:c1:55:d8:
         af:20:74:5c:6f:4f:64:bc:d1:d3:21:be:52:f0:ff:f6:4e:1f:
         53:d8:1c:67:ae:ce:08:35:b0:ab:eb:1f:8f:70:cf:07:5f:5e:
         31:7a:74:78:de:52:a3:b0:6d:8c:42:a9:5a:f2:56:44:a5:b9:
         fb:96:87:b8:6d:03:b7:3b:81:99:99:aa:c6:b4:29:7f:49:c2:
         06:f6:3e:81:27:5d:c2:cc:50:71:96:7b:0e:e6:4a:d0:06:54:
         e7:a5:d9:b8:99:e7:96:90:03:ad:03:64:bd:68:66:1e:99:5b:
         2a:40:59:80:03:9d:fe:ea:06:a6:15:5a:b6:31:f7:e1:ad:b3:
         87:aa:15:1b:3f:af:a2:45:40:d8:2b:c6:5a:a2:2a:57:ef:72:
         c8:b3:e8:67:30:07:ad:86:ba:e7:5b:01:ab:30:d1:fd:1a:65:
         91:61:11:c6:60:1c:5a:c4:cb:93:cb:73:a5:c0:fe:a1:3c:71:
         da:6f:88:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyJ+qa0/NxmDEg8s39Un2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjMwMTAyMTEwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDhhNjgyMjMzMzgzMjY4MjU0Y2VkY2ZkY2NlNjljMzg4OTViYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdnPtTkuzdb7QArh4j86Lz22Qaxq
++/TSNgh8ZwO4sVLqLL3PYcD4fCfH/IJ4yUBNbDkRZletXqz30vcTBlyMtRcr3fV
NRiZX14NVyMkyNX0hb6lccecGs1DGZbPck06q6c2MSUckgy92MsK5qR9S2fGzB73
PxTfm6s08+aGxEs7XWxiau7cjNIUcJQLi1Z4sP5LcGsXYnEorfLkZhd5RsyuoVyR
lpsLbTL3b4iCzAq/Lfbc7I3HgzglGFksc7WAU3vHS/BSF3rETb07whyMLsFko1PI
ySoqXP36dxNXnCAnx/9g1UMhqV6+gT67OaJcDOLSEFuZt6Fhu2hk8lyKswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2KaCIzODJoJUztz9zOacOIlbrfMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvTFlwb0lqTTRNbWdsVE8zUDNNNXB3NGlWdXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzHuMA0G
CSqGSIb3DQEBCwUAA4IBAQC/cO6vrOTC0K5OSk+4r1+r3A1MYf1j18DOPBjWXW77
mp/izz6PaLLQKdiUJPdv+nCVHYosLp87nc/Ohi8az/mPX8tU/9DBVdivIHRcb09k
vNHTIb5S8P/2Th9T2Bxnrs4INbCr6x+PcM8HX14xenR43lKjsG2MQqla8lZEpbn7
loe4bQO3O4GZmarGtCl/ScIG9j6BJ13CzFBxlnsO5krQBlTnpdm4meeWkAOtA2S9
aGYemVsqQFmAA53+6gamFVq2MffhrbOHqhUbP6+iRUDYK8ZaoipX73LIs+hnMAet
hrrnWwGrMNH9GmWRYRHGYBxaxMuTy3OlwP6hPHHab4i3
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:21 2024 by rpki-client on console-ams.rpki-client.org