Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/yPnT9lF_MwYP0nfVUGoLm4xpaSE.roa
File:                     yPnT9lF_MwYP0nfVUGoLm4xpaSE.roa (raw, json)
Hash identifier:          ewdzwLTNjoaPN3ITWhi1/0MtS+Cmub6Ln9uohWcMWf4=
Subject key identifier:   C8:F9:D3:F6:51:7F:33:06:0F:D2:77:D5:50:6A:0B:9B:8C:69:69:21
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CABFC75C9F40ABA1FEB1B3CF676D35922
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/yPnT9lF_MwYP0nfVUGoLm4xpaSE.roa
Signing time:             Wed 27 Dec 2023 15:54:58 +0000
ROA not before:           Wed 27 Dec 2023 15:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61432
IP address blocks:        185.156.72.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:31:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ab:fc:75:c9:f4:0a:ba:1f:eb:1b:3c:f6:76:d3:59:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Dec 27 15:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8f9d3f6517f33060fd277d5506a0b9b8c696921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:94:70:53:34:a5:e4:8b:77:d4:ee:a1:e8:9d:
                    2f:f9:21:dd:4f:a9:71:48:32:af:f0:be:57:a0:4d:
                    8c:21:a2:7e:99:b9:79:ca:13:01:68:90:31:8d:d6:
                    b1:4e:02:e8:62:d0:9b:a8:62:d9:82:53:da:b9:63:
                    45:ed:e9:8e:69:32:b2:da:60:b8:8f:93:9d:b4:aa:
                    56:27:7f:da:e1:53:94:25:b8:62:c4:2b:fc:c6:b5:
                    a5:1c:a4:78:65:5e:cd:e9:3a:09:65:38:e5:49:7d:
                    b1:4a:3c:44:aa:78:7d:95:aa:82:68:15:d1:3d:f6:
                    00:9c:ed:1c:31:93:ac:8d:fa:7b:4b:1c:cb:58:3e:
                    00:f6:1a:a1:32:30:a6:d2:04:cd:34:49:9b:8a:30:
                    05:03:2b:2e:2e:9a:64:c4:50:55:d3:21:a9:ab:07:
                    6f:9a:13:89:f7:37:15:35:79:25:8c:2c:81:fd:13:
                    fb:0d:67:53:8d:d2:8e:d4:1d:96:a8:dc:ab:ca:76:
                    8f:bf:59:9d:df:03:eb:4c:20:00:21:ab:f0:e4:19:
                    28:a7:4a:61:2e:38:b7:a8:a4:f3:d9:9e:d7:ae:00:
                    6c:db:be:11:56:69:e7:91:74:3e:b3:d6:f0:c1:7b:
                    3c:0b:95:2a:53:51:8f:99:dd:c0:06:da:3b:6f:7d:
                    5d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F9:D3:F6:51:7F:33:06:0F:D2:77:D5:50:6A:0B:9B:8C:69:69:21
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/yPnT9lF_MwYP0nfVUGoLm4xpaSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f1:3a:91:84:3c:b7:c2:86:d9:27:56:58:77:e9:bc:3c:47:
         c3:31:1a:fd:35:f5:db:e4:73:1a:83:8d:e4:96:09:bb:f6:a6:
         51:80:71:fa:9c:f0:ec:d0:c8:ff:c4:74:3b:a6:cd:a0:a2:db:
         9e:61:72:94:a6:2c:b6:d6:74:a1:45:59:3c:ef:86:d6:1d:a5:
         00:9f:a5:8d:da:bf:69:df:26:62:08:05:d4:59:3f:bd:33:80:
         74:fb:eb:6b:2e:35:6f:2a:f6:9d:3b:76:68:37:31:49:5b:c1:
         d5:0c:03:80:11:6b:66:4f:f1:f5:83:ae:eb:b4:69:6f:db:de:
         d7:1c:0a:bf:c5:4e:9b:69:7f:40:dd:0f:07:7d:07:59:1e:33:
         c6:5b:30:2c:6d:cd:ea:fc:c5:d7:47:83:61:9c:8d:1d:d0:a7:
         59:d6:b6:bc:47:6e:4d:ce:8c:bd:e7:6c:8b:2b:ce:5a:9d:c1:
         47:da:8f:75:40:c7:dd:0c:a3:cf:c4:b4:a6:91:55:0e:a5:eb:
         e2:2a:c0:18:47:8c:e0:f6:9b:2c:e0:32:c6:de:ec:e5:f5:f3:
         ec:34:ac:f5:72:46:ff:cf:98:a7:5a:68:02:53:e1:23:77:c0:
         0d:f2:f9:10:d6:88:70:cf:ab:84:2b:9b:0e:77:14:bc:5d:a4:
         9f:00:0d:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyr/HXJ9Aq6H+sbPPZ201kiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjMxMjI3MTU1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY5ZDNmNjUxN2YzMzA2MGZkMjc3ZDU1MDZhMGI5YjhjNjk2OTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZRwUzSl5It31O6h6J0v+SHdT6lx
SDKv8L5XoE2MIaJ+mbl5yhMBaJAxjdaxTgLoYtCbqGLZglPauWNF7emOaTKy2mC4
j5OdtKpWJ3/a4VOUJbhixCv8xrWlHKR4ZV7N6ToJZTjlSX2xSjxEqnh9laqCaBXR
PfYAnO0cMZOsjfp7SxzLWD4A9hqhMjCm0gTNNEmbijAFAysuLppkxFBV0yGpqwdv
mhOJ9zcVNXkljCyB/RP7DWdTjdKO1B2WqNyrynaPv1md3wPrTCAAIavw5Bkop0ph
Lji3qKTz2Z7XrgBs274RVmnnkXQ+s9bwwXs8C5UqU1GPmd3ABto7b31d9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMj50/ZRfzMGD9J31VBqC5uMaWkhMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEveVBuVDlsRl9Nd1lQMG5mVlVHb0xtNHhwYVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZxIMA0G
CSqGSIb3DQEBCwUAA4IBAQBv8TqRhDy3wobZJ1ZYd+m8PEfDMRr9NfXb5HMag43k
lgm79qZRgHH6nPDs0Mj/xHQ7ps2gotueYXKUpiy21nShRVk874bWHaUAn6WN2r9p
3yZiCAXUWT+9M4B0++trLjVvKvadO3ZoNzFJW8HVDAOAEWtmT/H1g67rtGlv297X
HAq/xU6baX9A3Q8HfQdZHjPGWzAsbc3q/MXXR4NhnI0d0KdZ1ra8R25Nzoy952yL
K85ancFH2o91QMfdDKPPxLSmkVUOpeviKsAYR4zg9pss4DLG3uzl9fPsNKz1ckb/
z5inWmgCU+Ejd8AN8vkQ1ohwz6uEK5sOdxS8XaSfAA02
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:29 2024 by rpki-client on console-ams.rpki-client.org