Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/YyhvLbPrcvUgWMdAJ__dYIOVscs.roa
File:                     YyhvLbPrcvUgWMdAJ__dYIOVscs.roa (raw, json)
Hash identifier:          sZR1wWRTljZIlzZntqWDzKRoaLie7pkiM51dR6Zsdog=
Subject key identifier:   63:28:6F:2D:B3:EB:72:F5:20:58:C7:40:27:FF:DD:60:83:95:B1:CB
Certificate issuer:       /CN=7d2ea3ecad5a402b8fe5a2a6138af66aac257ff9
Certificate serial:       0194035C7752A8F570BC7C78DF64EA6CDB80
Authority key identifier: 7D:2E:A3:EC:AD:5A:40:2B:8F:E5:A2:A6:13:8A:F6:6A:AC:25:7F:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fS6j7K1aQCuP5aKmE4r2aqwlf_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/YyhvLbPrcvUgWMdAJ__dYIOVscs.roa
Signing time:             Thu 26 Dec 2024 14:26:18 +0000
ROA not before:           Thu 26 Dec 2024 14:26:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        5.42.199.0/24 maxlen: 24
                          5.253.63.0/24 maxlen: 24
                          45.129.78.0/24 maxlen: 24
                          45.159.181.0/24 maxlen: 24
                          77.83.85.0/24 maxlen: 24
                          77.83.86.0/24 maxlen: 24
                          77.83.87.0/24 maxlen: 24
                          79.133.180.0/24 maxlen: 24
                          89.191.234.0/24 maxlen: 24
                          176.119.141.0/24 maxlen: 24
                          194.113.153.0/24 maxlen: 24
                          194.147.215.0/24 maxlen: 24
                          195.226.194.0/24 maxlen: 24
                          195.245.239.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 11:47:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:03:5c:77:52:a8:f5:70:bc:7c:78:df:64:ea:6c:db:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2ea3ecad5a402b8fe5a2a6138af66aac257ff9
        Validity
            Not Before: Dec 26 14:26:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63286f2db3eb72f52058c74027ffdd608395b1cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7f:94:d8:1f:b7:f3:cb:88:6a:0c:e6:1d:04:
                    9e:0b:c2:9d:aa:c5:a8:5a:20:b9:78:ff:07:9f:7d:
                    58:18:ea:2b:c1:0e:ce:2e:e5:45:88:8e:d4:e1:37:
                    a6:e1:bf:7c:0b:d0:e8:25:a0:df:6a:26:3a:de:06:
                    53:d7:7b:00:67:19:e1:80:d3:16:e4:fa:36:01:e3:
                    5f:6d:d7:aa:59:fe:46:10:26:03:37:29:7e:21:39:
                    40:81:64:e3:09:70:31:18:14:33:66:85:4d:58:6a:
                    1d:2a:aa:aa:93:e9:58:2a:9b:9c:8b:56:48:f7:e9:
                    1f:f4:ff:f3:26:75:dc:a7:b4:77:97:f8:53:6b:5d:
                    8a:5f:ff:22:dd:ff:0e:7c:a8:5c:d9:ff:c9:0b:54:
                    f2:db:10:6f:c6:4d:bd:76:54:df:d5:5c:72:f9:e8:
                    eb:8d:1a:79:23:3c:aa:0b:d3:7d:2a:06:56:b6:45:
                    9c:e3:3b:27:11:2a:8f:62:04:05:89:98:8a:2b:8d:
                    6d:b0:f0:ad:88:fd:23:7f:1a:64:4d:e3:11:d8:4c:
                    f0:30:24:7c:6c:50:30:46:b9:90:49:d2:32:3e:57:
                    1c:76:11:86:91:35:1a:d9:cd:09:86:04:0d:33:a9:
                    a8:93:aa:b6:0c:ef:67:4b:53:b3:a8:2a:6f:b3:4e:
                    af:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:28:6F:2D:B3:EB:72:F5:20:58:C7:40:27:FF:DD:60:83:95:B1:CB
            X509v3 Authority Key Identifier:
                keyid:7D:2E:A3:EC:AD:5A:40:2B:8F:E5:A2:A6:13:8A:F6:6A:AC:25:7F:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fS6j7K1aQCuP5aKmE4r2aqwlf_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/YyhvLbPrcvUgWMdAJ__dYIOVscs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/fS6j7K1aQCuP5aKmE4r2aqwlf_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.199.0/24
                  5.253.63.0/24
                  45.129.78.0/24
                  45.159.181.0/24
                  77.83.85.0-77.83.87.255
                  79.133.180.0/24
                  89.191.234.0/24
                  176.119.141.0/24
                  194.113.153.0/24
                  194.147.215.0/24
                  195.226.194.0/24
                  195.245.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c1:c9:cc:34:c8:db:e0:2f:93:11:f9:b4:09:23:25:f7:bb:
         61:b7:20:45:07:6c:1f:7b:28:90:d5:6b:a3:73:85:bc:7d:57:
         a1:9c:34:c6:dc:ea:69:34:51:d0:a0:20:1e:a9:d5:2a:88:1a:
         2e:47:ef:29:fa:00:03:54:9d:7c:de:5e:df:f8:75:6b:3d:4d:
         23:6c:ad:65:36:a3:76:d3:74:57:eb:8e:ef:e4:cc:68:7c:46:
         0b:b9:c5:a6:6d:50:6a:27:ef:bc:c5:52:2b:ad:cf:1f:09:99:
         db:5d:32:48:e2:5d:a6:34:3b:94:8d:e3:29:83:75:2d:23:32:
         83:e8:71:9e:12:49:0b:c4:ab:1b:5c:da:e6:90:10:1e:df:ae:
         69:c1:51:c1:af:c3:cb:3a:b4:cc:2b:54:dd:1b:63:8a:a8:5d:
         94:ee:62:5d:fb:d6:21:c6:18:40:65:f8:06:36:37:8d:85:c9:
         f0:a4:81:c2:06:fa:f6:32:50:46:01:3f:c1:b6:ad:ab:ce:40:
         f1:b4:44:fa:c5:31:ca:57:52:35:01:e3:f4:a4:b8:ab:a7:b9:
         25:a3:f8:79:d5:63:1e:ea:0f:c8:b3:cb:75:b6:21:a1:52:fc:
         b4:8a:9e:36:99:79:82:f2:9e:61:ec:c7:38:7f:de:c4:85:04:
         e7:ea:cf:8c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZQDXHdSqPVwvHx432TqbNuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMmVhM2VjYWQ1YTQwMmI4ZmU1YTJhNjEzOGFmNjZhYWMy
NTdmZjkwHhcNMjQxMjI2MTQyNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI4NmYyZGIzZWI3MmY1MjA1OGM3NDAyN2ZmZGQ2MDgzOTViMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n+U2B+388uIagzmHQSeC8KdqsWo
WiC5eP8Hn31YGOorwQ7OLuVFiI7U4Tem4b98C9DoJaDfaiY63gZT13sAZxnhgNMW
5Po2AeNfbdeqWf5GECYDNyl+ITlAgWTjCXAxGBQzZoVNWGodKqqqk+lYKpuci1ZI
9+kf9P/zJnXcp7R3l/hTa12KX/8i3f8OfKhc2f/JC1Ty2xBvxk29dlTf1Vxy+ejr
jRp5IzyqC9N9KgZWtkWc4zsnESqPYgQFiZiKK41tsPCtiP0jfxpkTeMR2EzwMCR8
bFAwRrmQSdIyPlccdhGGkTUa2c0JhgQNM6mok6q2DO9nS1OzqCpvs06vxwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFGMoby2z63L1IFjHQCf/3WCDlbHLMB8GA1UdIwQY
MBaAFH0uo+ytWkArj+WiphOK9mqsJX/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlM2ajdLMWFRQ3VQNWFLbUU0cjJhcXdsZl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80NDc2NzctOTk3Mi00ZGY4LWI1MDgt
YjkxYjkyZDRkODAxLzEvWXlodkxiUHJjdlVnV01kQUpfX2RZSU9Wc2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80NDc2NzctOTk3Mi00ZGY4LWI1MDgtYjkxYjkyZDRkODAx
LzEvZlM2ajdLMWFRQ3VQNWFLbUU0cjJhcXdsZl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQABSrHAwQA
Bf0/AwQALYFOAwQALZ+1MAwDBABNU1UDBANNU1ADBABPhbQDBABZv+oDBACwd40D
BADCcZkDBADCk9cDBADD4sIDBADD9e8wDQYJKoZIhvcNAQELBQADggEBACLBycw0
yNvgL5MR+bQJIyX3u2G3IEUHbB97KJDVa6Nzhbx9V6GcNMbc6mk0UdCgIB6p1SqI
Gi5H7yn6AANUnXzeXt/4dWs9TSNsrWU2o3bTdFfrju/kzGh8Rgu5xaZtUGon77zF
Uiutzx8JmdtdMkjiXaY0O5SN4ymDdS0jMoPocZ4SSQvEqxtc2uaQEB7frmnBUcGv
w8s6tMwrVN0bY4qoXZTuYl371iHGGEBl+AY2N42FyfCkgcIG+vYyUEYBP8G2ravO
QPG0RPrFMcpXUjUB4/SkuKunuSWj+HnVYx7qD8izy3W2IaFS/LSKnjaZeYLynmHs
xzh/3sSFBOfqz4w=
-----END CERTIFICATE-----