Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ypB7xdAYOJA3XATfoNLgWSk514s.roa
File:                     ypB7xdAYOJA3XATfoNLgWSk514s.roa (raw, json)
Hash identifier:          HFVxH4fb+nF5JGve67BUSO/VUn3qN1Lkkiftds++yG4=
Subject key identifier:   CA:90:7B:C5:D0:18:38:90:37:5C:04:DF:A0:D2:E0:59:29:39:D7:8B
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0188B508F652BEDB40D4B8B0869AFC0C0156
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ypB7xdAYOJA3XATfoNLgWSk514s.roa
Signing time:             Tue 13 Jun 2023 13:54:03 +0000
ROA not before:           Tue 13 Jun 2023 13:54:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        45.66.224.0/22 maxlen: 22
                          81.29.149.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 19 Jun 2023 08:40:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b5:08:f6:52:be:db:40:d4:b8:b0:86:9a:fc:0c:01:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jun 13 13:54:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca907bc5d0183890375c04dfa0d2e0592939d78b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fb:5b:ab:01:93:12:2b:51:b2:5e:a4:68:5e:
                    47:09:1e:93:67:d6:5c:bf:8b:3c:d5:a5:0c:42:88:
                    41:22:36:dd:62:7a:cf:1c:36:17:1a:8f:47:ee:3f:
                    67:a5:03:9f:85:6e:36:6e:91:cb:e3:ff:d0:d9:c7:
                    04:c1:62:6b:0e:21:ec:64:f3:2b:c7:07:31:17:36:
                    2e:74:69:8d:62:b7:15:5c:3c:d1:37:54:dc:43:88:
                    1d:5f:13:fb:2f:35:2d:8c:2c:b0:9d:95:4a:dc:cf:
                    34:5f:87:cb:ad:b4:96:48:cb:95:12:ae:c8:71:d9:
                    0e:5b:6c:b4:4a:c1:14:ca:6e:ad:70:51:55:be:56:
                    e7:ae:e3:0a:e7:5c:9e:4a:c8:4f:38:7e:25:06:0a:
                    5f:0d:e1:bc:08:07:1a:7f:b0:c8:e1:1e:75:37:ce:
                    c2:1d:c0:1c:3c:b7:49:7c:1d:e9:99:b2:24:35:67:
                    fe:38:26:ad:ed:48:fa:10:9c:2d:1e:1e:40:e5:ba:
                    92:5e:d4:df:d9:bf:de:2d:92:e9:1b:14:8a:47:91:
                    11:39:e5:e0:09:d4:b8:62:2d:5f:46:49:9c:91:de:
                    fb:29:8f:c6:bb:ea:25:d4:88:6e:ac:a2:69:97:05:
                    15:c9:d7:3a:44:62:ae:42:67:fa:12:e7:82:01:28:
                    67:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:90:7B:C5:D0:18:38:90:37:5C:04:DF:A0:D2:E0:59:29:39:D7:8B
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ypB7xdAYOJA3XATfoNLgWSk514s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  81.29.149.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:6b:89:fa:1c:ab:d3:b6:cd:09:79:c6:27:ef:8b:86:3c:ba:
         1b:a8:8e:15:e8:28:6f:2a:41:d0:85:df:9d:0a:68:2a:a2:38:
         dc:20:41:8e:bb:b8:08:57:28:16:36:03:35:00:13:b9:39:63:
         97:58:18:38:4c:6f:48:c7:d6:f4:72:e8:64:46:ae:d0:9b:25:
         40:b8:05:85:92:c5:9e:0d:6d:2f:2d:90:79:f6:48:6d:87:28:
         80:97:19:b3:5e:09:a1:ee:d1:22:88:6f:c4:a4:4a:fd:9c:d6:
         1e:0e:c6:ba:8b:fc:62:ec:02:48:8c:2e:0e:aa:9d:ac:22:41:
         1b:c0:64:1f:41:15:bf:f8:21:4e:8d:9a:bf:43:c8:fa:c7:ec:
         57:01:88:bf:61:f5:d4:76:e7:c3:b5:bc:46:46:2b:bd:90:f3:
         48:7e:95:a6:bd:1d:3d:6e:bc:7b:ec:5e:d5:0c:23:f6:d8:33:
         3e:a3:00:c7:69:a4:e3:9e:2b:22:d3:23:fc:8f:10:48:1e:bc:
         58:d9:cf:5e:0f:d5:a7:17:a2:4a:25:00:9a:51:ef:77:4d:ea:
         24:c0:13:6f:86:fb:a3:62:d8:66:73:49:d6:a0:56:50:df:fa:
         1b:a8:9f:dc:7d:c5:d8:48:0d:38:6c:c0:73:a6:ff:59:46:f5:
         a4:fe:43:ba
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYi1CPZSvttA1Liwhpr8DAFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwNjEzMTM1NDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTkwN2JjNWQwMTgzODkwMzc1YzA0ZGZhMGQyZTA1OTI5MzlkNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlftbqwGTEitRsl6kaF5HCR6TZ9Zc
v4s81aUMQohBIjbdYnrPHDYXGo9H7j9npQOfhW42bpHL4//Q2ccEwWJrDiHsZPMr
xwcxFzYudGmNYrcVXDzRN1TcQ4gdXxP7LzUtjCywnZVK3M80X4fLrbSWSMuVEq7I
cdkOW2y0SsEUym6tcFFVvlbnruMK51yeSshPOH4lBgpfDeG8CAcaf7DI4R51N87C
HcAcPLdJfB3pmbIkNWf+OCat7Uj6EJwtHh5A5bqSXtTf2b/eLZLpGxSKR5EROeXg
CdS4Yi1fRkmckd77KY/Gu+ol1IhurKJplwUVydc6RGKuQmf6EueCAShnVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMqQe8XQGDiQN1wE36DS4FkpOdeLMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEveXBCN3hkQVlPSkEzWEFUZm9OTGdXU2s1MTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLULgAwQA
UR2VMA0EAgACMAcDBQMqCWxAMA0GCSqGSIb3DQEBCwUAA4IBAQANa4n6HKvTts0J
ecYn74uGPLobqI4V6ChvKkHQhd+dCmgqojjcIEGOu7gIVygWNgM1ABO5OWOXWBg4
TG9Ix9b0cuhkRq7QmyVAuAWFksWeDW0vLZB59khthyiAlxmzXgmh7tEiiG/EpEr9
nNYeDsa6i/xi7AJIjC4Oqp2sIkEbwGQfQRW/+CFOjZq/Q8j6x+xXAYi/YfXUdufD
tbxGRiu9kPNIfpWmvR09brx77F7VDCP22DM+owDHaaTjnisi0yP8jxBIHrxY2c9e
D9WnF6JKJQCaUe93TeokwBNvhvujYthmc0nWoFZQ3/obqJ/cfcXYSA04bMBzpv9Z
RvWk/kO6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:36 2024 by rpki-client on console-ams.rpki-client.org