Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/0df808-7473-47b1-817f-be770e1e6c13/1/YZ5LZfEgDBeZMFl6Wd2Y0x3CNVk.roa
File:                     YZ5LZfEgDBeZMFl6Wd2Y0x3CNVk.roa (raw, json)
Hash identifier:          COfmywtP11+fgb/BlYPPY36DAPumb02Xf5cai9u9kQ4=
Subject key identifier:   61:9E:4B:65:F1:20:0C:17:99:30:59:7A:59:DD:98:D3:1D:C2:35:59
Certificate issuer:       /CN=348fd977ccbe7bb96d3c0f3174c9951bf870feb0
Certificate serial:       01856B935D51FBF7C74FB80C7743F94B9A7C
Authority key identifier: 34:8F:D9:77:CC:BE:7B:B9:6D:3C:0F:31:74:C9:95:1B:F8:70:FE:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NI_Zd8y-e7ltPA8xdMmVG_hw_rA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/0df808-7473-47b1-817f-be770e1e6c13/1/YZ5LZfEgDBeZMFl6Wd2Y0x3CNVk.roa
Signing time:             Sun 01 Jan 2023 04:24:57 +0000
ROA not before:           Sun 01 Jan 2023 04:24:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204609
IP address blocks:        185.231.88.0/23 maxlen: 23
                          185.231.90.0/24 maxlen: 24
                          185.231.91.0/24 maxlen: 24
                          185.231.88.0/22 maxlen: 24
                          2a0d:a680::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:93:5d:51:fb:f7:c7:4f:b8:0c:77:43:f9:4b:9a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=348fd977ccbe7bb96d3c0f3174c9951bf870feb0
        Validity
            Not Before: Jan  1 04:24:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=619e4b65f1200c179930597a59dd98d31dc23559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:99:34:77:ba:45:80:b3:93:c3:49:1d:d4:37:
                    51:50:f6:15:4a:47:4c:7b:92:5a:cd:b7:2f:49:c6:
                    45:92:b4:ee:1a:53:d5:64:c7:74:36:27:4a:b7:ab:
                    2c:2e:d1:be:0f:c9:01:fd:4d:e3:1f:f0:d4:62:54:
                    c6:93:3c:8a:2f:0f:47:b0:7a:62:57:be:8a:e1:50:
                    b3:18:b3:34:2d:d4:4c:aa:73:78:bf:99:b5:12:8e:
                    7b:43:3f:de:34:b1:27:8e:42:a6:17:c6:ba:8d:aa:
                    ff:32:fd:3d:c8:98:04:5a:f6:ec:ff:53:6c:b4:91:
                    10:aa:71:c8:a9:8d:92:56:25:2c:be:8f:fe:3a:88:
                    92:e8:e2:94:eb:ff:ce:91:7a:34:97:b9:f2:40:9b:
                    98:61:2b:a1:92:59:41:da:c4:2e:be:06:2d:b7:f7:
                    1c:30:99:0d:95:02:8f:fd:d8:8f:77:0f:92:bc:7d:
                    c5:8a:51:cb:88:4d:fe:28:8c:12:c2:15:c8:41:1b:
                    8d:fd:74:e2:d8:37:18:66:bb:4c:ab:42:17:09:f7:
                    7a:a3:90:2e:62:0c:6e:c1:c2:5a:88:bc:05:c8:cb:
                    c6:35:74:4c:e2:73:53:1c:82:97:2d:bf:6b:b7:c8:
                    ae:86:19:5f:f9:4e:3d:9e:02:24:6e:11:69:49:bc:
                    08:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9E:4B:65:F1:20:0C:17:99:30:59:7A:59:DD:98:D3:1D:C2:35:59
            X509v3 Authority Key Identifier:
                keyid:34:8F:D9:77:CC:BE:7B:B9:6D:3C:0F:31:74:C9:95:1B:F8:70:FE:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NI_Zd8y-e7ltPA8xdMmVG_hw_rA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/0df808-7473-47b1-817f-be770e1e6c13/1/YZ5LZfEgDBeZMFl6Wd2Y0x3CNVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/0df808-7473-47b1-817f-be770e1e6c13/1/NI_Zd8y-e7ltPA8xdMmVG_hw_rA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.88.0/22
                IPv6:
                  2a0d:a680::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:3b:c5:e2:fd:3d:f1:0e:b4:32:da:8b:42:fc:1e:72:ca:9e:
         d6:19:3b:14:c9:3d:e1:a7:c3:11:27:b0:c4:22:25:0a:de:9b:
         20:f8:78:9e:a1:0f:c2:a2:2e:69:fd:aa:b8:fa:cc:99:cb:45:
         19:46:14:e3:66:4d:8f:54:c1:31:0d:36:a1:8e:f4:2d:50:3b:
         b0:0a:1c:09:cf:96:4f:06:8c:a2:25:d1:70:59:0a:7e:06:7e:
         18:6b:bc:b4:01:06:36:cd:73:40:37:63:57:99:0e:aa:b3:71:
         87:bc:39:ba:b5:e0:94:2a:f8:c8:59:09:ae:ed:80:d0:79:3d:
         a0:45:ef:44:a6:e9:10:03:40:05:a7:3b:96:68:7b:f5:13:74:
         83:f6:10:b9:7d:9b:6d:00:31:96:b7:df:48:53:d7:40:56:89:
         f9:50:d1:77:2f:d4:13:e2:61:97:62:9d:95:84:0d:cb:55:a0:
         9a:5a:0e:e8:90:48:0a:ff:6c:fa:8d:b1:e4:b7:6a:84:78:1f:
         3f:15:52:04:f2:75:36:8a:ca:d9:99:e7:ba:d4:6d:95:18:5b:
         d2:67:c4:92:71:db:91:17:42:f4:a2:81:3d:9a:58:11:91:b9:
         81:7d:96:23:7b:38:c6:ef:ca:3a:99:d0:ea:0b:17:20:60:b9:
         58:ea:be:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVrk11R+/fHT7gMd0P5S5p8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OGZkOTc3Y2NiZTdiYjk2ZDNjMGYzMTc0Yzk5NTFiZjg3
MGZlYjAwHhcNMjMwMTAxMDQyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTllNGI2NWYxMjAwYzE3OTkzMDU5N2E1OWRkOThkMzFkYzIzNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZk0d7pFgLOTw0kd1DdRUPYVSkdM
e5JazbcvScZFkrTuGlPVZMd0NidKt6ssLtG+D8kB/U3jH/DUYlTGkzyKLw9HsHpi
V76K4VCzGLM0LdRMqnN4v5m1Eo57Qz/eNLEnjkKmF8a6jar/Mv09yJgEWvbs/1Ns
tJEQqnHIqY2SViUsvo/+OoiS6OKU6//OkXo0l7nyQJuYYSuhkllB2sQuvgYtt/cc
MJkNlQKP/diPdw+SvH3FilHLiE3+KIwSwhXIQRuN/XTi2DcYZrtMq0IXCfd6o5Au
YgxuwcJaiLwFyMvGNXRM4nNTHIKXLb9rt8iuhhlf+U49ngIkbhFpSbwIXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGGeS2XxIAwXmTBZelndmNMdwjVZMB8GA1UdIwQY
MBaAFDSP2XfMvnu5bTwPMXTJlRv4cP6wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklfWmQ4eS1lN2x0UEE4eGRNbVZHX2h3X3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8wZGY4MDgtNzQ3My00N2IxLTgxN2Yt
YmU3NzBlMWU2YzEzLzEvWVo1TFpmRWdEQmVaTUZsNldkMlkweDNDTlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8wZGY4MDgtNzQ3My00N2IxLTgxN2YtYmU3NzBlMWU2YzEz
LzEvTklfWmQ4eS1lN2x0UEE4eGRNbVZHX2h3X3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuedYMA0E
AgACMAcDBQAqDaaAMA0GCSqGSIb3DQEBCwUAA4IBAQCAO8Xi/T3xDrQy2otC/B5y
yp7WGTsUyT3hp8MRJ7DEIiUK3psg+HieoQ/Coi5p/aq4+syZy0UZRhTjZk2PVMEx
DTahjvQtUDuwChwJz5ZPBoyiJdFwWQp+Bn4Ya7y0AQY2zXNAN2NXmQ6qs3GHvDm6
teCUKvjIWQmu7YDQeT2gRe9EpukQA0AFpzuWaHv1E3SD9hC5fZttADGWt99IU9dA
Von5UNF3L9QT4mGXYp2VhA3LVaCaWg7okEgK/2z6jbHkt2qEeB8/FVIE8nU2isrZ
mee61G2VGFvSZ8SScduRF0L0ooE9mlgRkbmBfZYjezjG78o6mdDqCxcgYLlY6r6p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:55 2024 by rpki-client on console-fra.rpki-client.org