Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Y3VN-U5lmrp1BEcYT488IUscDuw.roa
File:                     Y3VN-U5lmrp1BEcYT488IUscDuw.roa (raw, json)
Hash identifier:          jltfAoOBMSx5l272Bxh1+ofpmsLXir2vfwGGmWR6SmU=
Subject key identifier:   63:75:4D:F9:4E:65:9A:BA:75:04:47:18:4F:8F:3C:21:4B:1C:0E:EC
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01873664E4CEC8BF91E9B30AB901B7F7E333
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Y3VN-U5lmrp1BEcYT488IUscDuw.roa
Signing time:             Fri 31 Mar 2023 06:39:54 +0000
ROA not before:           Fri 31 Mar 2023 06:39:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16125
IP address blocks:        84.32.176.0/24 maxlen: 24
                          84.32.215.0/24 maxlen: 24
                          84.32.214.0/24 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          88.216.236.0/22 maxlen: 24
                          88.216.134.0/23 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          84.32.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 24 Apr 2023 05:43:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:64:e4:ce:c8:bf:91:e9:b3:0a:b9:01:b7:f7:e3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 31 06:39:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=63754df94e659aba750447184f8f3c214b1c0eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:84:ca:b9:7d:d2:36:1d:28:f8:d6:f1:04:87:
                    b9:a7:e8:1c:72:e8:2c:70:69:bf:a6:e7:e5:34:5a:
                    6f:14:07:4d:16:d7:43:fd:60:b4:01:c4:f3:4d:a6:
                    b0:17:7b:16:f1:99:69:60:26:81:e1:0f:ec:f9:7d:
                    b1:8a:76:7c:f1:49:f6:6f:1c:fd:92:ed:fd:52:51:
                    cb:16:96:74:05:dd:fa:7e:e9:ee:63:82:40:9a:45:
                    53:58:a2:87:0f:03:b3:be:49:da:fa:c4:36:7c:ae:
                    2b:45:ac:fd:13:dd:f8:fe:25:bd:32:4f:b3:7a:00:
                    9c:40:0f:d1:89:d4:3e:16:78:08:c7:06:aa:1b:a7:
                    c2:29:d6:3b:59:6a:40:34:82:f2:64:d4:31:18:99:
                    f3:24:78:1a:99:2d:76:b0:c9:b4:3f:53:53:5f:5d:
                    91:0a:37:29:0e:93:b1:ab:c8:41:97:e5:e9:43:ec:
                    3d:a4:11:8c:63:53:b9:f2:23:cf:ae:0a:76:bc:55:
                    6a:d5:f7:06:dd:8b:57:8a:c8:5e:db:3f:ce:38:02:
                    a1:09:8d:8d:21:fa:0a:a6:a1:d3:18:73:53:4f:e9:
                    62:70:4a:03:96:c4:ae:08:5f:a1:d0:a5:60:a5:60:
                    06:9a:d4:87:c5:ff:a9:7e:57:2e:a5:24:2b:14:02:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:75:4D:F9:4E:65:9A:BA:75:04:47:18:4F:8F:3C:21:4B:1C:0E:EC
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Y3VN-U5lmrp1BEcYT488IUscDuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.176.0/24
                  84.32.214.0/23
                  84.32.248.0/24
                  88.216.32.0/24
                  88.216.129.0/24
                  88.216.134.0/23
                  88.216.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:d0:c9:0f:54:c8:42:ad:b7:e7:fc:4b:e6:2a:db:6d:05:10:
         fa:37:e3:c9:eb:68:fc:a0:86:5c:e6:cd:36:9e:91:29:df:10:
         52:b8:12:83:d3:42:0e:79:4a:96:95:8a:5d:1c:49:3a:92:57:
         74:5f:81:58:fe:80:a7:38:4e:33:4b:1b:30:f2:7e:31:22:06:
         37:6b:9e:91:dc:d2:21:63:fc:2e:6b:a5:73:d4:00:ce:09:2a:
         d3:37:d8:86:bf:de:69:fa:d6:90:10:3a:31:2c:10:ab:cc:43:
         c5:53:1d:a7:03:d5:b8:23:d7:0c:3c:0f:9e:56:aa:3d:bc:19:
         56:56:cf:48:dc:41:79:0a:f2:b9:85:4e:03:95:e7:13:87:54:
         96:e8:9c:81:84:20:cf:23:c6:9f:23:35:10:94:a5:3f:b6:b5:
         47:e6:de:e2:2e:80:de:34:5d:df:e2:d6:c7:4f:6c:25:c6:46:
         33:2d:bd:47:74:87:71:00:a7:66:55:47:ef:dd:ae:63:fd:21:
         96:dd:87:44:c7:ee:36:0f:dd:22:73:06:cc:11:a4:1c:c3:6b:
         7e:f9:fa:b0:aa:ad:ef:37:90:59:49:46:5b:e8:b7:88:ea:a3:
         bd:a8:5c:fc:90:88:69:8e:63:42:36:20:75:4f:6c:83:7e:56:
         44:8e:81:17
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYc2ZOTOyL+R6bMKuQG39+MzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMzMxMDYzOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzc1NGRmOTRlNjU5YWJhNzUwNDQ3MTg0ZjhmM2MyMTRiMWMwZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhITKuX3SNh0o+NbxBIe5p+gccugs
cGm/puflNFpvFAdNFtdD/WC0AcTzTaawF3sW8ZlpYCaB4Q/s+X2xinZ88Un2bxz9
ku39UlHLFpZ0Bd36funuY4JAmkVTWKKHDwOzvkna+sQ2fK4rRaz9E934/iW9Mk+z
egCcQA/RidQ+FngIxwaqG6fCKdY7WWpANILyZNQxGJnzJHgamS12sMm0P1NTX12R
CjcpDpOxq8hBl+XpQ+w9pBGMY1O58iPPrgp2vFVq1fcG3YtXishe2z/OOAKhCY2N
IfoKpqHTGHNTT+licEoDlsSuCF+h0KVgpWAGmtSHxf+pflcupSQrFAL8WwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGN1TflOZZq6dQRHGE+PPCFLHA7sMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWTNWTi1VNWxtcnAxQkVjWVQ0ODhJVXNjRHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVCCwAwQB
VCDWAwQAVCD4AwQAWNggAwQAWNiBAwQBWNiGAwQCWNjsMA0GCSqGSIb3DQEBCwUA
A4IBAQBw0MkPVMhCrbfn/EvmKtttBRD6N+PJ62j8oIZc5s02npEp3xBSuBKD00IO
eUqWlYpdHEk6kld0X4FY/oCnOE4zSxsw8n4xIgY3a56R3NIhY/wua6Vz1ADOCSrT
N9iGv95p+taQEDoxLBCrzEPFUx2nA9W4I9cMPA+eVqo9vBlWVs9I3EF5CvK5hU4D
lecTh1SW6JyBhCDPI8afIzUQlKU/trVH5t7iLoDeNF3f4tbHT2wlxkYzLb1HdIdx
AKdmVUfv3a5j/SGW3YdEx+42D90icwbMEaQcw2t++fqwqq3vN5BZSUZb6LeI6qO9
qFz8kIhpjmNCNiB1T2yDflZEjoEX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:33 2024 by rpki-client on console-fra.rpki-client.org