Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NYH35-hOLT8kTxuqF1Cg323UigY.roa
File:                     NYH35-hOLT8kTxuqF1Cg323UigY.roa (raw, json)
Hash identifier:          YI7HNGY4DQvJo1iXZ5zcHdOBrc5Fl+F7BCzocVtUuss=
Subject key identifier:   35:81:F7:E7:E8:4E:2D:3F:24:4F:1B:AA:17:50:A0:DF:6D:D4:8A:06
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       01856F021ECEF44F2C77CD44515608A2F03F
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NYH35-hOLT8kTxuqF1Cg323UigY.roa
Signing time:             Sun 01 Jan 2023 20:24:48 +0000
ROA not before:           Sun 01 Jan 2023 20:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        91.199.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 May 2023 12:27:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:1e:ce:f4:4f:2c:77:cd:44:51:56:08:a2:f0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  1 20:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3581f7e7e84e2d3f244f1baa1750a0df6dd48a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7a:04:3c:1f:33:06:fa:32:93:47:0f:7f:07:
                    79:69:72:0a:22:a4:5b:1c:15:5e:04:c2:e4:77:4c:
                    21:61:9a:23:32:d7:a9:47:fc:17:3a:b9:78:b8:7f:
                    df:20:93:f9:34:d2:21:02:dd:ec:ce:64:85:ce:5d:
                    64:2e:04:1f:d0:df:61:21:52:77:23:20:8d:87:6c:
                    f2:3c:90:c9:77:22:ad:2b:70:c9:54:8a:a3:b2:48:
                    cf:f0:7a:00:d9:b5:a6:ed:90:0a:79:a9:b3:27:49:
                    5f:8a:03:78:b8:2b:17:73:4d:66:5e:e8:54:e0:0a:
                    6f:f0:31:ea:1b:86:f0:df:57:9b:8a:a8:31:07:e0:
                    54:bd:cb:ef:9d:9c:a2:df:8c:8c:c3:0d:5c:9a:40:
                    19:e2:9b:4f:45:9e:f2:aa:eb:87:82:e9:d7:49:44:
                    50:06:62:57:4a:3d:92:ab:b9:0d:7f:45:49:10:58:
                    4b:5d:3c:f2:1c:36:2c:a7:49:3f:3b:00:91:1b:e3:
                    a5:c4:75:0e:14:d8:af:73:ab:19:a4:11:b2:04:16:
                    fb:2d:43:4d:d0:8a:b3:1a:dd:d0:14:4e:c2:42:f5:
                    7b:46:6c:f8:50:90:fb:00:f0:cf:12:66:58:9e:d8:
                    ba:29:2e:2d:68:c9:6b:31:74:c2:c7:dd:fe:47:a3:
                    26:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:81:F7:E7:E8:4E:2D:3F:24:4F:1B:AA:17:50:A0:DF:6D:D4:8A:06
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/NYH35-hOLT8kTxuqF1Cg323UigY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:d0:fc:66:21:e7:f6:7e:7b:65:c2:45:82:0f:7e:df:16:9c:
         b7:52:9f:c3:45:87:2f:9c:7a:89:86:a5:8d:4b:e1:22:5d:09:
         71:7f:40:6e:8f:24:8f:f0:a7:59:a0:5a:77:18:53:b3:47:20:
         5c:8c:79:cb:04:40:1a:b9:b4:71:cd:d0:4f:da:66:fc:77:78:
         f4:11:31:40:2c:0e:4a:13:ec:78:f5:4f:da:b8:7d:1e:e9:70:
         fd:ce:d6:67:e5:48:b0:d3:11:89:14:84:9c:a9:2a:ae:36:d9:
         17:cd:d7:73:f6:dc:c8:47:39:fb:bf:4f:dd:93:50:c0:c6:aa:
         63:4a:f7:3e:9c:96:c1:0c:bc:ed:06:39:ed:d0:c0:30:da:40:
         3c:67:41:81:71:ed:32:dd:63:8f:70:3c:22:3d:58:db:18:e4:
         f5:b4:c5:48:1e:49:b3:0e:db:4d:d5:9d:fc:f4:a8:bc:c3:70:
         e3:18:93:9a:8f:f2:9d:b8:4f:7f:31:be:7f:24:2f:32:16:cc:
         05:f8:01:b6:ec:b5:ce:aa:c8:e4:8b:d4:9b:63:db:d5:d5:51:
         3b:9d:59:d0:e4:63:8c:e6:dd:d3:6e:9c:82:7c:32:29:05:7d:
         dd:ca:6a:92:32:0b:7a:37:3a:2b:d1:08:cb:e2:42:af:3b:bf:
         4d:68:b1:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvAh7O9E8sd81EUVYIovA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjMwMTAxMjAyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgxZjdlN2U4NGUyZDNmMjQ0ZjFiYWExNzUwYTBkZjZkZDQ4YTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnoEPB8zBvoyk0cPfwd5aXIKIqRb
HBVeBMLkd0whYZojMtepR/wXOrl4uH/fIJP5NNIhAt3szmSFzl1kLgQf0N9hIVJ3
IyCNh2zyPJDJdyKtK3DJVIqjskjP8HoA2bWm7ZAKeamzJ0lfigN4uCsXc01mXuhU
4Apv8DHqG4bw31ebiqgxB+BUvcvvnZyi34yMww1cmkAZ4ptPRZ7yquuHgunXSURQ
BmJXSj2Sq7kNf0VJEFhLXTzyHDYsp0k/OwCRG+OlxHUOFNivc6sZpBGyBBb7LUNN
0IqzGt3QFE7CQvV7Rmz4UJD7APDPEmZYnti6KS4taMlrMXTCx93+R6Mm6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWB9+foTi0/JE8bqhdQoN9t1IoGMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvTllIMzUtaE9MVDhrVHh1cUYxQ2czMjNVaWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cqMA0G
CSqGSIb3DQEBCwUAA4IBAQB/0PxmIef2fntlwkWCD37fFpy3Up/DRYcvnHqJhqWN
S+EiXQlxf0BujySP8KdZoFp3GFOzRyBcjHnLBEAaubRxzdBP2mb8d3j0ETFALA5K
E+x49U/auH0e6XD9ztZn5Uiw0xGJFIScqSquNtkXzddz9tzIRzn7v0/dk1DAxqpj
Svc+nJbBDLztBjnt0MAw2kA8Z0GBce0y3WOPcDwiPVjbGOT1tMVIHkmzDttN1Z38
9Ki8w3DjGJOaj/KduE9/Mb5/JC8yFswF+AG27LXOqsjki9SbY9vV1VE7nVnQ5GOM
5t3TbpyCfDIpBX3dymqSMgt6Nzor0QjL4kKvO79NaLFy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:19 2024 by rpki-client on console-ams.rpki-client.org