Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa
File:                     YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa (raw, json)
Hash identifier:          KPPIkJ8OZ7Ulv3jgKeoZPA2mxLe+0qQREh05KohMteY=
Subject key identifier:   60:F5:FA:92:36:49:1D:2D:48:05:48:DF:03:CB:8F:4A:42:8D:BA:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0186B62BAC6B3CE943B328807A663945C5C5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa
Signing time:             Mon 06 Mar 2023 09:06:00 +0000
ROA not before:           Mon 06 Mar 2023 09:06:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212953
IP address blocks:        82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Mar 2023 11:27:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:2b:ac:6b:3c:e9:43:b3:28:80:7a:66:39:45:c5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  6 09:06:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60f5fa9236491d2d480548df03cb8f4a428dba2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:10:e4:ee:6b:f4:06:3a:23:ba:25:75:ad:fa:
                    61:a4:22:c1:bc:2b:e6:c7:a6:d3:02:b4:87:ce:a1:
                    f9:d2:64:ee:44:40:e2:87:d3:86:ab:27:23:57:14:
                    b7:6a:30:2c:03:b1:0c:5b:34:dc:bb:a9:28:b6:ff:
                    75:f2:53:25:81:1d:7e:f0:4f:56:c4:0d:82:04:e7:
                    c0:af:43:c9:ba:95:16:60:4f:31:86:7f:dc:f5:6c:
                    7c:6a:d0:cc:40:df:a5:7e:13:d5:96:89:69:62:5f:
                    3d:bf:21:ec:59:96:75:95:6c:49:86:8a:8b:71:4f:
                    1b:87:fc:0d:c8:d6:20:bf:0a:51:c0:c9:32:da:25:
                    f6:c9:e3:67:c1:98:2b:cf:70:59:86:90:73:bb:59:
                    a1:9e:42:d3:aa:c4:84:6a:22:e2:72:f7:4e:3a:dc:
                    29:e9:1a:18:c8:38:cf:47:d5:9d:4a:e0:56:32:bd:
                    41:bd:9d:3b:fc:48:ae:ce:2c:91:5d:cd:d9:10:ab:
                    da:3e:81:9e:39:97:5b:c9:11:b0:f9:af:1e:1c:19:
                    20:80:12:a1:2d:6d:c6:f7:22:a9:f8:fc:09:8b:89:
                    d6:39:35:48:e0:cd:6d:e7:c8:00:70:de:a6:03:ba:
                    d2:2b:31:02:f0:59:06:fb:ca:9e:ab:52:c1:44:61:
                    02:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F5:FA:92:36:49:1D:2D:48:05:48:DF:03:CB:8F:4A:42:8D:BA:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.251.0/24
                  82.152.255.0/24
                  82.153.70.0/23
                  82.153.210.0/24
                  82.153.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a9:ad:a6:ae:4f:db:f3:b7:ab:0f:be:ed:82:7e:fc:56:21:
         07:d9:02:76:32:af:70:56:dd:78:5b:aa:f5:1e:a7:2a:8a:73:
         19:7f:ed:15:10:73:0c:0f:04:74:d7:55:09:22:c6:45:30:ae:
         45:9b:b0:d4:44:6a:e3:f8:19:35:d1:b1:ba:88:3c:3f:28:6a:
         9d:8e:b5:74:1f:85:5e:94:2e:cf:98:04:ac:94:f1:db:bc:d9:
         2c:ff:6d:c1:ee:10:47:45:7c:e8:36:39:4b:72:06:2b:98:5a:
         33:54:9d:be:bb:0c:92:77:6a:35:97:1f:0a:57:38:8f:65:d2:
         49:9f:04:49:83:20:58:32:ba:63:5c:43:81:45:7f:ff:3f:2b:
         25:7d:41:1b:5f:b1:38:14:42:cb:d7:e5:8d:01:b0:f7:05:ee:
         6f:8b:2e:42:64:32:49:c2:95:53:fe:67:34:eb:c8:ef:e8:02:
         bf:6d:1f:4f:30:ac:c0:1d:6c:ce:c5:f7:ff:a3:30:b3:f9:27:
         4f:03:f6:a7:80:95:15:73:6e:46:4a:df:2e:18:7d:0c:79:45:
         e6:f9:d0:33:48:a7:2d:d6:4a:83:55:54:43:6b:a6:55:ce:c1:
         e9:13:8a:25:1e:bb:38:7e:38:f3:2a:aa:76:73:08:f0:5d:e9:
         27:39:d9:f7
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYa2K6xrPOlDsyiAemY5RcXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMzA2MDkwNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY1ZmE5MjM2NDkxZDJkNDgwNTQ4ZGYwM2NiOGY0YTQyOGRiYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhDk7mv0BjojuiV1rfphpCLBvCvm
x6bTArSHzqH50mTuREDih9OGqycjVxS3ajAsA7EMWzTcu6kotv918lMlgR1+8E9W
xA2CBOfAr0PJupUWYE8xhn/c9Wx8atDMQN+lfhPVlolpYl89vyHsWZZ1lWxJhoqL
cU8bh/wNyNYgvwpRwMky2iX2yeNnwZgrz3BZhpBzu1mhnkLTqsSEaiLicvdOOtwp
6RoYyDjPR9WdSuBWMr1BvZ07/EiuziyRXc3ZEKvaPoGeOZdbyRGw+a8eHBkggBKh
LW3G9yKp+PwJi4nWOTVI4M1t58gAcN6mA7rSKzEC8FkG+8qeq1LBRGEC1QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGD1+pI2SR0tSAVI3wPLj0pCjbosMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWVBYNmtqWkpIUzFJQlVqZkE4dVBTa0tOdWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUpj7AwQA
Upj/AwQBUplGAwQAUpnSAwQAUpneMA0GCSqGSIb3DQEBCwUAA4IBAQBVqa2mrk/b
87erD77tgn78ViEH2QJ2Mq9wVt14W6r1HqcqinMZf+0VEHMMDwR011UJIsZFMK5F
m7DURGrj+Bk10bG6iDw/KGqdjrV0H4VelC7PmASslPHbvNks/23B7hBHRXzoNjlL
cgYrmFozVJ2+uwySd2o1lx8KVziPZdJJnwRJgyBYMrpjXEOBRX//PyslfUEbX7E4
FELL1+WNAbD3Be5viy5CZDJJwpVT/mc068jv6AK/bR9PMKzAHWzOxff/ozCz+SdP
A/angJUVc25GSt8uGH0MeUXm+dAzSKct1kqDVVRDa6ZVzsHpE4olHrs4fjjzKqp2
cwjwXeknOdn3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org