Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yzDP-lw-puwOPVy6-4pIu2wLXUc.roa
File:                     yzDP-lw-puwOPVy6-4pIu2wLXUc.roa (raw, json)
Hash identifier:          SoImYAu+7mEX2j2AdhuNGgMp7WpCnHAxeXsk2baP7cU=
Subject key identifier:   CB:30:CF:FA:5C:3E:A6:EC:0E:3D:5C:BA:FB:8A:48:BB:6C:0B:5D:47
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       0187D197D571EED343AE2672298CA1446DC0
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yzDP-lw-puwOPVy6-4pIu2wLXUc.roa
Signing time:             Sun 30 Apr 2023 09:56:41 +0000
ROA not before:           Sun 30 Apr 2023 09:56:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21341
IP address blocks:        87.107.42.0/23 maxlen: 23
                          87.107.41.0/24 maxlen: 24
                          87.107.40.0/24 maxlen: 24
                          87.107.51.0/24 maxlen: 24
                          87.107.50.0/23 maxlen: 24
                          87.107.50.0/24 maxlen: 24
                          87.107.52.0/23 maxlen: 23
                          87.107.68.0/22 maxlen: 22
                          87.107.88.0/22 maxlen: 22
                          87.107.24.0/22 maxlen: 22
                          87.107.34.0/23 maxlen: 23
                          62.220.120.0/22 maxlen: 22
                          62.220.124.0/23 maxlen: 23
                          87.107.168.0/22 maxlen: 24
                          87.107.173.0/24 maxlen: 24
                          185.60.136.0/24 maxlen: 24
                          185.60.139.0/24 maxlen: 24
                          185.60.138.0/24 maxlen: 24
                          185.60.137.0/24 maxlen: 24
                          87.107.96.0/22 maxlen: 22
                          87.107.104.0/22 maxlen: 24
                          87.107.112.0/22 maxlen: 24
                          87.107.108.0/22 maxlen: 23
                          87.107.116.0/23 maxlen: 23
                          87.107.120.0/21 maxlen: 21
                          87.107.122.0/24 maxlen: 24
                          87.107.128.0/22 maxlen: 22
                          87.107.132.0/22 maxlen: 22
                          62.220.96.0/21 maxlen: 24
                          62.220.104.0/21 maxlen: 21
                          81.12.8.0/22 maxlen: 22
                          81.12.12.0/22 maxlen: 22
                          81.12.16.0/21 maxlen: 21
                          81.12.24.0/22 maxlen: 22
                          81.12.48.0/22 maxlen: 22
                          81.12.58.0/24 maxlen: 24
                          81.12.52.0/23 maxlen: 23
                          81.12.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 May 2023 09:42:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d1:97:d5:71:ee:d3:43:ae:26:72:29:8c:a1:44:6d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Apr 30 09:56:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb30cffa5c3ea6ec0e3d5cbafb8a48bb6c0b5d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:42:6b:c2:cc:73:f4:b0:28:d8:55:8a:ae:
                    62:3b:30:ef:5b:9d:15:a1:d0:8b:98:84:eb:d8:0a:
                    14:9d:08:a5:af:53:35:89:26:98:16:d5:b7:53:71:
                    f6:f0:48:a5:b6:dc:b7:cf:bc:81:18:e2:35:78:1f:
                    c5:d9:57:83:6e:62:9d:b1:61:bd:4f:69:96:5c:3d:
                    9b:b4:1f:05:33:7d:38:fe:7a:bc:4a:72:0e:c8:6f:
                    81:ed:08:fe:0c:e5:13:96:18:17:18:b9:24:0d:af:
                    5d:67:a6:af:2a:28:b1:7b:d2:56:c7:6b:7b:1e:c2:
                    a0:f7:61:e3:d5:3a:2a:48:1c:bd:b4:18:ff:d2:5d:
                    cf:e1:95:20:8d:f9:bd:32:de:5f:f6:d9:4f:ce:68:
                    c0:60:c1:5a:f9:71:ee:65:3a:47:31:c2:f0:e5:50:
                    b5:e5:ca:73:58:60:82:81:93:15:cc:f2:f3:76:ef:
                    ac:1d:3a:7d:ee:74:e0:06:41:5c:49:30:dd:b5:6a:
                    ef:31:7b:a6:62:bb:f7:f9:09:f3:21:0f:e3:92:9e:
                    cf:9a:d8:e1:ca:ae:48:7b:cb:75:60:47:14:a7:be:
                    aa:45:a2:51:51:19:8e:e5:cc:03:84:0a:6d:44:25:
                    13:01:c0:c0:c7:a4:bd:67:bc:24:59:95:ff:88:6b:
                    e2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:30:CF:FA:5C:3E:A6:EC:0E:3D:5C:BA:FB:8A:48:BB:6C:0B:5D:47
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/yzDP-lw-puwOPVy6-4pIu2wLXUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.96.0/20
                  62.220.120.0-62.220.125.255
                  81.12.8.0-81.12.27.255
                  81.12.48.0-81.12.53.255
                  81.12.58.0/23
                  87.107.24.0/22
                  87.107.34.0/23
                  87.107.40.0/22
                  87.107.50.0-87.107.53.255
                  87.107.68.0/22
                  87.107.88.0/22
                  87.107.96.0/22
                  87.107.104.0-87.107.117.255
                  87.107.120.0-87.107.135.255
                  87.107.168.0/22
                  87.107.173.0/24
                  185.60.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:b1:5d:b8:6b:2a:cb:6c:0a:09:d6:f5:b6:8c:fd:dd:87:e8:
         3e:95:b8:4a:1f:71:3a:14:a9:9f:03:c9:f0:e1:5d:41:a2:ff:
         74:7f:64:49:fe:8b:b0:79:ea:bb:be:fe:bc:db:cb:bf:4a:0d:
         57:0f:7a:72:90:b4:d5:8b:06:73:45:2d:5e:37:0c:3e:c5:c0:
         cc:7a:0d:21:92:92:05:09:95:f7:80:17:81:ce:12:f9:26:4c:
         b7:e2:4a:2a:59:95:95:0e:3d:5b:80:5b:77:84:55:60:7c:47:
         b3:4b:e0:fe:03:18:2d:6f:ea:b7:c5:27:ca:9f:e4:10:fb:9e:
         1b:65:24:7d:8d:f6:8b:be:26:8b:6c:95:48:ac:d3:08:01:db:
         8c:ab:e4:07:a8:9b:6b:47:e5:16:11:d4:c9:af:77:03:1a:b6:
         39:76:db:cf:b4:30:e8:2d:18:7e:b6:ca:d6:de:42:3b:99:44:
         30:06:98:62:29:aa:bb:1d:27:17:8a:71:a8:7e:f2:30:ec:b0:
         c5:8d:30:31:6d:b0:60:70:9f:72:26:78:60:a8:58:b9:96:af:
         49:25:76:b0:cf:26:ac:e8:a2:77:6c:0d:74:fb:4e:4b:a8:84:
         9f:3d:ce:a1:b8:7c:9c:74:9d:72:1d:c5:3c:ae:a2:17:48:bc:
         98:8f:95:75
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAYfRl9Vx7tNDriZyKYyhRG3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjMwNDMwMDk1NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMwY2ZmYTVjM2VhNmVjMGUzZDVjYmFmYjhhNDhiYjZjMGI1ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3dCa8LMc/SwKNhViq5iOzDvW50V
odCLmITr2AoUnQilr1M1iSaYFtW3U3H28Eiltty3z7yBGOI1eB/F2VeDbmKdsWG9
T2mWXD2btB8FM304/nq8SnIOyG+B7Qj+DOUTlhgXGLkkDa9dZ6avKiixe9JWx2t7
HsKg92Hj1ToqSBy9tBj/0l3P4ZUgjfm9Mt5f9tlPzmjAYMFa+XHuZTpHMcLw5VC1
5cpzWGCCgZMVzPLzdu+sHTp97nTgBkFcSTDdtWrvMXumYrv3+QnzIQ/jkp7Pmtjh
yq5Ie8t1YEcUp76qRaJRURmO5cwDhAptRCUTAcDAx6S9Z7wkWZX/iGviEwIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFMswz/pcPqbsDj1cuvuKSLtsC11HMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEveXpEUC1sdy1wdXdPUFZ5Ni00cEl1MndMWFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYDBAQ+
3GAwDAMEAz7ceAMEAT7cfDAMAwQDUQwIAwQCUQwYMAwDBARRDDADBAFRDDQDBAFR
DDoDBAJXaxgDBAFXayIDBAJXaygwDAMEAVdrMgMEAVdrNAMEAldrRAMEAldrWAME
AldrYDAMAwQDV2toAwQBV2t0MAwDBANXa3gDBANXa4ADBAJXa6gDBABXa60DBAK5
PIgwDQYJKoZIhvcNAQELBQADggEBALCxXbhrKstsCgnW9baM/d2H6D6VuEofcToU
qZ8DyfDhXUGi/3R/ZEn+i7B56ru+/rzby79KDVcPenKQtNWLBnNFLV43DD7FwMx6
DSGSkgUJlfeAF4HOEvkmTLfiSipZlZUOPVuAW3eEVWB8R7NL4P4DGC1v6rfFJ8qf
5BD7nhtlJH2N9ou+JotslUis0wgB24yr5Aeom2tH5RYR1MmvdwMatjl228+0MOgt
GH62ytbeQjuZRDAGmGIpqrsdJxeKcah+8jDssMWNMDFtsGBwn3ImeGCoWLmWr0kl
drDPJqzoondsDXT7TkuohJ89zqG4fJx0nXIdxTyuohdIvJiPlXU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:56 2024 by rpki-client on console-fra.rpki-client.org