Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/y1uBKmFumELZspGrdfWvlopJPe0.roa
File:                     y1uBKmFumELZspGrdfWvlopJPe0.roa (raw, json)
Hash identifier:          GNaM7gHvXcbFxErZZz3PIUs3zwSHndoXQK6WQChfoag=
Subject key identifier:   CB:5B:81:2A:61:6E:98:42:D9:B2:91:AB:75:F5:AF:96:8A:49:3D:ED
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01856CE66C364DEC8207AEC60198F09B6E30
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/y1uBKmFumELZspGrdfWvlopJPe0.roa
Signing time:             Sun 01 Jan 2023 10:35:18 +0000
ROA not before:           Sun 01 Jan 2023 10:35:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202439
IP address blocks:        95.43.236.0/24 maxlen: 24
                          95.43.239.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:6c:36:4d:ec:82:07:ae:c6:01:98:f0:9b:6e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 10:35:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb5b812a616e9842d9b291ab75f5af968a493ded
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7c:c2:5b:38:e3:03:3c:d8:ce:ed:71:fb:7c:
                    e3:60:61:29:02:8c:a0:09:a0:60:a7:5f:03:84:93:
                    a3:eb:b3:19:55:64:d2:74:6c:b8:09:f7:94:b9:61:
                    5e:f4:15:d5:11:09:c2:38:6d:83:90:cb:ab:9c:c6:
                    b0:14:3a:2c:c6:d2:ff:b8:2f:21:fa:46:fb:bc:4a:
                    a0:61:96:2e:73:6e:40:67:c9:a1:1e:75:cf:89:01:
                    e6:e7:74:49:d8:8c:d9:4c:ed:c4:19:d7:91:48:aa:
                    40:65:30:8b:d2:fa:87:53:1e:5e:cc:52:bf:90:ea:
                    76:ad:a6:b5:11:53:2e:db:a9:aa:b4:4f:63:09:55:
                    b9:4d:e0:81:1a:4e:51:29:14:0c:11:bb:d2:7e:fd:
                    62:fb:05:03:dc:ca:01:a7:2f:ac:24:a6:14:be:7e:
                    10:84:3e:08:0e:80:bd:08:83:c1:36:d8:90:0c:bc:
                    51:b7:eb:4f:93:c4:b5:8a:95:e2:3b:41:6c:b3:db:
                    37:bb:53:58:5d:5e:2b:44:55:a1:8c:65:de:67:5c:
                    1b:0b:34:2a:30:d6:c2:f6:78:b5:bf:57:4a:20:d2:
                    1a:29:ce:b0:b2:fe:4b:39:45:f9:e8:ff:ab:99:98:
                    a6:de:eb:0e:f1:ff:67:58:f6:50:8c:66:b3:ff:b6:
                    df:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5B:81:2A:61:6E:98:42:D9:B2:91:AB:75:F5:AF:96:8A:49:3D:ED
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/y1uBKmFumELZspGrdfWvlopJPe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.236.0/24
                  95.43.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:9f:89:9c:ac:c9:a3:18:b6:3c:79:a9:3e:33:f2:9f:08:6d:
         6e:18:3f:f1:35:32:ac:2a:ea:bc:0d:04:cd:3b:50:38:94:43:
         f3:80:1f:7e:9d:a8:5e:68:3a:fb:03:b9:2f:b8:48:be:ed:86:
         fd:91:19:11:6c:e1:cd:d1:1b:5c:7f:5f:96:47:a0:86:d4:12:
         da:ed:3b:d2:9f:d6:eb:71:73:ab:c6:67:37:39:cd:e3:4e:5b:
         93:a2:8c:c7:1d:f2:5d:56:b8:c3:dc:17:b5:b7:cc:6b:08:18:
         ff:94:78:bd:84:0d:ad:52:8e:98:26:60:0f:21:c9:c4:b0:24:
         10:5e:43:78:0d:9e:56:11:06:1b:6c:5f:c7:9c:d2:7d:b7:98:
         7b:aa:5b:4d:3d:11:31:b5:e2:bc:1b:e6:48:93:e1:69:24:57:
         cb:b3:ad:05:97:ca:05:4c:db:f7:fe:11:cd:33:bc:0a:4e:85:
         9d:d2:5e:aa:f0:c7:fd:b9:94:8c:99:14:76:d3:42:04:c8:5c:
         74:5b:07:36:24:93:2b:2d:22:b3:c7:a8:3d:6c:9d:b5:a6:15:
         ea:83:0f:da:16:da:c5:14:3b:d8:d9:f3:38:2a:5b:3a:da:a1:
         21:06:96:67:7e:db:d1:12:12:84:bd:99:1b:1b:29:10:9b:82:
         03:77:a3:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVs5mw2TeyCB67GAZjwm24wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjMwMTAxMTAzNTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjViODEyYTYxNmU5ODQyZDliMjkxYWI3NWY1YWY5NjhhNDkzZGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3zCWzjjAzzYzu1x+3zjYGEpAoyg
CaBgp18DhJOj67MZVWTSdGy4CfeUuWFe9BXVEQnCOG2DkMurnMawFDosxtL/uC8h
+kb7vEqgYZYuc25AZ8mhHnXPiQHm53RJ2IzZTO3EGdeRSKpAZTCL0vqHUx5ezFK/
kOp2raa1EVMu26mqtE9jCVW5TeCBGk5RKRQMEbvSfv1i+wUD3MoBpy+sJKYUvn4Q
hD4IDoC9CIPBNtiQDLxRt+tPk8S1ipXiO0Fss9s3u1NYXV4rRFWhjGXeZ1wbCzQq
MNbC9ni1v1dKINIaKc6wsv5LOUX56P+rmZim3usO8f9nWPZQjGaz/7bfCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMtbgSphbphC2bKRq3X1r5aKST3tMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEveTF1QkttRnVtRUxac3BHcmRmV3Zsb3BKUGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXyvsAwQA
XyvvMA0GCSqGSIb3DQEBCwUAA4IBAQCxn4mcrMmjGLY8eak+M/KfCG1uGD/xNTKs
Kuq8DQTNO1A4lEPzgB9+naheaDr7A7kvuEi+7Yb9kRkRbOHN0Rtcf1+WR6CG1BLa
7TvSn9brcXOrxmc3Oc3jTluToozHHfJdVrjD3Be1t8xrCBj/lHi9hA2tUo6YJmAP
IcnEsCQQXkN4DZ5WEQYbbF/HnNJ9t5h7qltNPRExteK8G+ZIk+FpJFfLs60Fl8oF
TNv3/hHNM7wKToWd0l6q8Mf9uZSMmRR200IEyFx0Wwc2JJMrLSKzx6g9bJ21phXq
gw/aFtrFFDvY2fM4Kls62qEhBpZnftvREhKEvZkbGykQm4IDd6P4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:05 2024 by rpki-client on console-fra.rpki-client.org