Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/Yk38ZI9VwhkvboweMFs_55wQM1g.roa
File:                     Yk38ZI9VwhkvboweMFs_55wQM1g.roa (raw, json)
Hash identifier:          OuyOCRXjO3lBeqEDTuqug8Krpkbdq6RlZDuigo45ix0=
Subject key identifier:   62:4D:FC:64:8F:55:C2:19:2F:6E:8C:1E:30:5B:3F:E7:9C:10:33:58
Certificate issuer:       /CN=cd394757e1416202a4022956dbf48d707458520c
Certificate serial:       01856E38C1A01D8ACCB254A9682D87A916E9
Authority key identifier: CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/Yk38ZI9VwhkvboweMFs_55wQM1g.roa
Signing time:             Sun 01 Jan 2023 16:44:51 +0000
ROA not before:           Sun 01 Jan 2023 16:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        185.39.10.0/24 maxlen: 24
                          2a12:1b80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:38:c1:a0:1d:8a:cc:b2:54:a9:68:2d:87:a9:16:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd394757e1416202a4022956dbf48d707458520c
        Validity
            Not Before: Jan  1 16:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=624dfc648f55c2192f6e8c1e305b3fe79c103358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ca:68:b4:9b:86:58:ca:1a:3d:b2:14:3c:72:
                    b7:a6:bb:d1:e2:08:1b:19:f3:0b:35:d7:06:63:40:
                    47:ab:e8:c1:17:a4:39:1b:f5:77:e3:29:58:a8:86:
                    c1:db:93:09:4c:73:e6:b2:54:96:a1:8e:6a:56:f5:
                    37:47:ee:2d:86:f0:ef:af:ba:03:bd:fc:bd:35:a5:
                    75:b1:1c:67:1d:e3:71:4e:91:e6:d7:77:4c:2c:7c:
                    ef:3a:f6:b4:0d:60:4c:4c:2b:ca:a7:e5:bc:a0:27:
                    69:ce:8d:00:79:0f:53:ed:e7:13:c5:65:64:d2:e4:
                    f1:e6:19:b8:c5:5c:5d:34:6a:ef:fd:be:ee:25:dc:
                    fb:75:da:5a:38:b7:9b:1a:08:44:95:59:25:9c:9a:
                    a5:41:bf:cb:ee:64:4a:f9:e8:42:0c:54:e0:50:a6:
                    8f:c3:ce:8a:f2:d8:7f:98:99:1d:0a:1e:d4:63:95:
                    58:06:bc:25:a7:ab:01:f7:4d:29:05:06:75:60:6d:
                    4e:67:71:da:ed:ab:bc:46:f5:33:76:d7:9e:7c:34:
                    fb:2d:05:0b:73:94:64:71:d1:69:1e:46:44:72:cd:
                    6d:f9:f1:5f:1f:77:cf:ce:4f:2e:76:45:2f:bf:80:
                    bb:19:c3:e5:1b:20:68:a8:e1:f6:65:d2:28:8a:cc:
                    b1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4D:FC:64:8F:55:C2:19:2F:6E:8C:1E:30:5B:3F:E7:9C:10:33:58
            X509v3 Authority Key Identifier:
                keyid:CD:39:47:57:E1:41:62:02:A4:02:29:56:DB:F4:8D:70:74:58:52:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTlHV-FBYgKkAilW2_SNcHRYUgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/Yk38ZI9VwhkvboweMFs_55wQM1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/975e4f-6c26-44bb-9ada-2fc6d17f8b58/1/zTlHV-FBYgKkAilW2_SNcHRYUgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.10.0/24
                IPv6:
                  2a12:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:86:0b:c2:f4:89:6d:ff:31:f4:ed:ac:84:9c:db:40:b9:d1:
         ba:09:d2:9a:56:e2:f2:98:ea:e6:81:6d:f0:8d:6d:45:69:d9:
         49:64:8e:92:8a:7a:ac:44:40:85:d1:9a:28:cc:ad:ad:fa:e2:
         e8:f7:ee:54:74:ca:7a:87:8e:99:69:86:8e:38:c9:6c:6b:b8:
         3d:47:1e:3c:17:46:82:09:71:e2:0c:ca:6c:ce:80:d8:17:28:
         73:4e:6f:31:fe:05:65:bc:25:41:e1:5a:b2:f7:8e:84:1e:97:
         0c:0d:16:c4:19:3c:99:23:a0:60:fc:d4:c5:32:39:55:19:d5:
         64:6d:fd:9f:2b:4d:11:6b:84:e6:30:7b:ba:11:23:86:f0:6a:
         37:00:2d:9c:2f:c0:ec:e9:28:36:0b:8c:0b:e1:b3:6c:14:fa:
         d0:5d:c8:ab:8a:15:e9:fe:11:62:da:3a:2c:71:e9:1e:47:84:
         da:f8:30:fc:27:20:66:03:21:04:ce:c3:a1:ee:a6:61:d9:ee:
         c7:02:bb:69:1a:3a:da:c5:da:24:25:d8:a6:be:d3:80:07:e0:
         80:14:ab:35:b9:da:37:aa:65:00:cf:31:d1:40:ef:a7:26:39:
         39:31:d2:36:a0:51:d0:2c:b4:b3:3b:d4:92:c9:14:2d:e2:28:
         a4:a6:72:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuOMGgHYrMslSpaC2HqRbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMzk0NzU3ZTE0MTYyMDJhNDAyMjk1NmRiZjQ4ZDcwNzQ1
ODUyMGMwHhcNMjMwMTAxMTY0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRkZmM2NDhmNTVjMjE5MmY2ZThjMWUzMDViM2ZlNzljMTAzMzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcpotJuGWMoaPbIUPHK3prvR4ggb
GfMLNdcGY0BHq+jBF6Q5G/V34ylYqIbB25MJTHPmslSWoY5qVvU3R+4thvDvr7oD
vfy9NaV1sRxnHeNxTpHm13dMLHzvOva0DWBMTCvKp+W8oCdpzo0AeQ9T7ecTxWVk
0uTx5hm4xVxdNGrv/b7uJdz7ddpaOLebGghElVklnJqlQb/L7mRK+ehCDFTgUKaP
w86K8th/mJkdCh7UY5VYBrwlp6sB900pBQZ1YG1OZ3Ha7au8RvUzdteefDT7LQUL
c5RkcdFpHkZEcs1t+fFfH3fPzk8udkUvv4C7GcPlGyBoqOH2ZdIoisyx7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGJN/GSPVcIZL26MHjBbP+ecEDNYMB8GA1UdIwQY
MBaAFM05R1fhQWICpAIpVtv0jXB0WFIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEt
MmZjNmQxN2Y4YjU4LzEvWWszOFpJOVZ3aGt2Ym93ZU1Gc181NXdRTTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85NzVlNGYtNmMyNi00NGJiLTlhZGEtMmZjNmQxN2Y4YjU4
LzEvelRsSFYtRkJZZ0trQWlsVzJfU05jSFJZVWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuScKMA0E
AgACMAcDBQAqEhuAMA0GCSqGSIb3DQEBCwUAA4IBAQBMhgvC9Ilt/zH07ayEnNtA
udG6CdKaVuLymOrmgW3wjW1FadlJZI6SinqsRECF0ZoozK2t+uLo9+5UdMp6h46Z
aYaOOMlsa7g9Rx48F0aCCXHiDMpszoDYFyhzTm8x/gVlvCVB4Vqy946EHpcMDRbE
GTyZI6Bg/NTFMjlVGdVkbf2fK00Ra4TmMHu6ESOG8Go3AC2cL8Ds6Sg2C4wL4bNs
FPrQXcirihXp/hFi2joscekeR4Ta+DD8JyBmAyEEzsOh7qZh2e7HArtpGjraxdok
JdimvtOAB+CAFKs1udo3qmUAzzHRQO+nJjk5MdI2oFHQLLSzO9SSyRQt4iikpnKn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:51 2024 by rpki-client on console-fra.rpki-client.org