Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/YaLF0LZVnhZVXEeAYGj_1C0fdak.roa
File:                     YaLF0LZVnhZVXEeAYGj_1C0fdak.roa (raw, json)
Hash identifier:          2/y8VDNrfS1akPIztVgs+NN+TZQzpOK9QzldeMxgxBA=
Subject key identifier:   61:A2:C5:D0:B6:55:9E:16:55:5C:47:80:60:68:FF:D4:2D:1F:75:A9
Certificate issuer:       /CN=2f3136ed10998580a517d9598abca33d9ba66599
Certificate serial:       0196E8A7C1FFA7947BB2F22AFA104058B663
Authority key identifier: 2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/YaLF0LZVnhZVXEeAYGj_1C0fdak.roa
Signing time:             Mon 19 May 2025 13:07:10 +0000
ROA not before:           Mon 19 May 2025 13:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14340
IP address blocks:        85.222.128.0/19 maxlen: 24
                          151.106.128.0/20 maxlen: 24
                          151.106.144.0/20 maxlen: 24
                          151.106.216.0/22 maxlen: 24
                          151.106.220.0/22 maxlen: 24
                          159.92.0.0/16 maxlen: 24
                          160.8.0.0/16 maxlen: 24
                          161.71.0.0/17 maxlen: 24
                          161.71.128.0/17 maxlen: 24
                          163.76.128.0/17 maxlen: 24
                          163.79.128.0/17 maxlen: 24
                          185.79.140.0/22 maxlen: 24
                          194.145.0.0/20 maxlen: 24
                          194.145.16.0/21 maxlen: 24
                          2a03:5d60::/29 maxlen: 29
                          2a03:5d60::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 22 May 2025 14:17:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:a7:c1:ff:a7:94:7b:b2:f2:2a:fa:10:40:58:b6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f3136ed10998580a517d9598abca33d9ba66599
        Validity
            Not Before: May 19 13:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a2c5d0b6559e16555c47806068ffd42d1f75a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:d1:0a:10:28:d8:92:7a:fc:bf:51:14:ec:
                    49:0b:4c:28:d7:25:03:90:31:06:9b:1d:dc:4e:f5:
                    db:8f:b4:02:55:30:ee:76:79:39:9a:07:3a:c7:26:
                    89:b2:e4:a9:6b:b7:5b:45:1a:27:42:81:0c:9f:c0:
                    87:d2:4b:17:19:59:55:9e:9f:ca:b5:c6:bf:dd:33:
                    3f:79:93:3c:e4:59:a0:be:2c:fb:50:5d:e5:49:a3:
                    37:12:b3:58:39:6a:a2:8e:b8:cd:b0:79:f6:4f:0d:
                    41:71:65:6d:ad:21:eb:5e:21:47:e8:94:77:71:e6:
                    c5:bf:60:ed:e1:1c:70:f3:0e:3f:2d:4f:40:d1:3c:
                    6e:b7:95:b8:64:7d:a2:b7:3a:a1:52:e6:c2:b3:d1:
                    a8:14:9e:33:e2:4a:ce:f0:1a:73:4c:8f:94:f7:46:
                    56:f9:74:a8:32:7b:23:51:5a:0e:2f:21:30:63:4f:
                    9c:88:64:0f:c5:8e:00:92:4f:4a:49:c3:14:a5:dd:
                    dc:72:81:03:94:e6:c3:dd:5f:0d:db:ce:02:ef:f3:
                    30:80:05:4a:be:bc:e4:9c:3c:c0:58:74:89:8b:0f:
                    3e:c8:20:6c:1a:58:0b:58:d3:e5:a6:8b:15:2f:1e:
                    43:ce:21:a8:98:ac:e9:03:96:ee:46:d7:60:a9:c0:
                    a0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A2:C5:D0:B6:55:9E:16:55:5C:47:80:60:68:FF:D4:2D:1F:75:A9
            X509v3 Authority Key Identifier:
                keyid:2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/YaLF0LZVnhZVXEeAYGj_1C0fdak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.128.0/19
                  151.106.128.0/19
                  151.106.216.0/21
                  159.92.0.0/16
                  160.8.0.0/16
                  161.71.0.0/16
                  163.76.128.0/17
                  163.79.128.0/17
                  185.79.140.0/22
                  194.145.0.0-194.145.23.255
                IPv6:
                  2a03:5d60::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:76:40:28:5a:fd:b7:62:49:be:75:1f:34:35:a5:bf:09:68:
         89:e6:74:ae:b5:8b:c2:62:d6:3d:6b:fe:f4:7b:09:d8:9e:83:
         47:47:14:e8:4e:e4:86:8b:58:61:e8:78:96:00:6c:9f:59:5b:
         c1:0d:00:93:b8:10:d6:35:2a:62:be:41:2c:b8:c7:a0:4f:ea:
         85:c3:77:9b:61:1c:d5:fe:b3:ac:61:cc:60:00:4e:cf:b8:f7:
         3e:c7:eb:75:74:0b:dc:e8:4b:89:6b:3e:78:78:2a:e6:16:da:
         76:84:75:74:eb:a3:66:b2:65:ac:8f:fc:98:d4:0a:43:d3:b8:
         c1:4e:ca:ef:16:33:92:07:33:44:f1:ca:ec:24:8d:6e:f2:0d:
         10:8b:b2:fc:df:03:ba:b2:5c:ba:b4:9c:63:13:d8:6d:cb:18:
         c3:f9:24:85:56:0e:3f:08:5c:40:8d:59:84:d9:97:0b:9e:d1:
         b3:15:35:4c:e9:fe:45:ee:9c:35:1f:c3:6b:83:f8:fa:5f:e9:
         5f:d9:4a:bc:92:0b:64:44:01:8b:8d:2e:57:1a:bf:34:c8:34:
         88:7a:ab:a1:10:d0:09:60:c7:ac:9f:f2:b1:17:45:89:4d:8d:
         01:18:77:db:9a:a7:8e:37:1e:83:c9:97:56:95:f6:08:28:15:
         33:8b:9f:b9
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZbop8H/p5R7svIq+hBAWLZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzEzNmVkMTA5OTg1ODBhNTE3ZDk1OThhYmNhMzNkOWJh
NjY1OTkwHhcNMjUwNTE5MTMwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWEyYzVkMGI2NTU5ZTE2NTU1YzQ3ODA2MDY4ZmZkNDJkMWY3NWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFPRChAo2JJ6/L9RFOxJC0wo1yUD
kDEGmx3cTvXbj7QCVTDudnk5mgc6xyaJsuSpa7dbRRonQoEMn8CH0ksXGVlVnp/K
tca/3TM/eZM85Fmgviz7UF3lSaM3ErNYOWqijrjNsHn2Tw1BcWVtrSHrXiFH6JR3
cebFv2Dt4Rxw8w4/LU9A0Txut5W4ZH2itzqhUubCs9GoFJ4z4krO8BpzTI+U90ZW
+XSoMnsjUVoOLyEwY0+ciGQPxY4Akk9KScMUpd3ccoEDlObD3V8N284C7/MwgAVK
vrzknDzAWHSJiw8+yCBsGlgLWNPlposVLx5DziGomKzpA5buRtdgqcCgPwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFGGixdC2VZ4WVVxHgGBo/9QtH3WpMB8GA1UdIwQY
MBaAFC8xNu0QmYWApRfZWYq8oz2bpmWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYt
OTI5ZjEwNjYzMGYxLzEvWWFMRjBMWlZuaFpWWEVlQVlHal8xQzBmZGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYtOTI5ZjEwNjYzMGYx
LzEvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFVd6AAwQF
l2qAAwQDl2rYAwMAn1wDAwCgCAMDAKFHAwQHo0yAAwQHo0+AAwQCuU+MMAsDAwDC
kQMEA8KREDANBAIAAjAHAwUDKgNdYDANBgkqhkiG9w0BAQsFAAOCAQEAXHZAKFr9
t2JJvnUfNDWlvwloieZ0rrWLwmLWPWv+9HsJ2J6DR0cU6E7khotYYeh4lgBsn1lb
wQ0Ak7gQ1jUqYr5BLLjHoE/qhcN3m2Ec1f6zrGHMYABOz7j3PsfrdXQL3OhLiWs+
eHgq5hbadoR1dOujZrJlrI/8mNQKQ9O4wU7K7xYzkgczRPHK7CSNbvINEIuy/N8D
urJcurScYxPYbcsYw/kkhVYOPwhcQI1ZhNmXC57RsxU1TOn+Re6cNR/Da4P4+l/p
X9lKvJILZEQBi40uVxq/NMg0iHqroRDQCWDHrJ/ysRdFiU2NARh325qnjjceg8mX
VpX2CCgVM4ufuQ==
-----END CERTIFICATE-----