Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YBFnwSfd-eBmlgN49o7iON2uLlI.roa
File:                     YBFnwSfd-eBmlgN49o7iON2uLlI.roa (raw, json)
Hash identifier:          5xRlsdpqO4vUuHsqYnfljGsizYTjqxV9LcM4dps5bXc=
Subject key identifier:   60:11:67:C1:27:DD:F9:E0:66:96:03:78:F6:8E:E2:38:DD:AE:2E:52
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01938BF9480B5DFB7689267A397B6AEA6BD1
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YBFnwSfd-eBmlgN49o7iON2uLlI.roa
Signing time:             Tue 03 Dec 2024 10:03:10 +0000
ROA not before:           Tue 03 Dec 2024 10:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.194.177.0/24 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.209.73.0/24 maxlen: 24
                          185.210.235.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.222.29.0/24 maxlen: 24
                          185.222.30.0/24 maxlen: 24
                          185.227.144.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
                          193.58.146.0/24 maxlen: 24
                          194.76.172.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8b:f9:48:0b:5d:fb:76:89:26:7a:39:7b:6a:ea:6b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec  3 10:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=601167c127ddf9e066960378f68ee238ddae2e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:45:21:fd:58:ff:75:15:12:6c:86:99:5c:2f:
                    6c:ac:f1:74:9b:8b:fe:0d:08:b5:ed:90:15:d1:f0:
                    93:db:10:46:23:e8:d4:90:df:77:4a:90:e2:d9:cb:
                    63:8e:dc:d4:23:c3:e4:82:64:95:16:91:97:38:e8:
                    f7:b3:80:83:01:b2:e4:e2:f0:4d:b6:36:91:c3:83:
                    b0:e6:40:06:ba:0f:49:d3:ff:4c:e8:54:97:57:e6:
                    22:31:17:9f:17:c9:f2:9c:81:7a:05:26:8e:b0:7e:
                    6e:1b:e0:3a:03:e9:e9:aa:92:97:df:b3:ce:e0:87:
                    f7:84:e9:a5:1b:0d:50:20:f0:33:ac:75:e7:06:be:
                    12:9d:0e:ce:fa:21:38:4c:6f:43:4b:d5:37:c7:47:
                    a2:b2:3f:8b:85:d9:1f:ad:a6:7d:e6:28:d7:a8:24:
                    b2:e7:aa:23:72:ed:3c:5f:4e:b1:bd:d2:40:e2:51:
                    38:69:a5:e8:a1:e1:5e:c4:1d:d9:1b:ea:82:20:e2:
                    de:6f:62:0f:fb:d0:c8:a2:e1:65:f1:83:34:d5:20:
                    4c:27:27:5a:a6:76:3b:e3:8d:14:a8:9b:bf:e9:84:
                    b2:80:fe:5e:fa:78:2e:39:8e:a2:57:81:64:58:b0:
                    e9:5d:47:4b:75:18:b4:55:79:42:ff:8c:14:88:47:
                    6f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:11:67:C1:27:DD:F9:E0:66:96:03:78:F6:8E:E2:38:DD:AE:2E:52
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YBFnwSfd-eBmlgN49o7iON2uLlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.177.0/24
                  185.209.38.0/24
                  185.209.73.0/24
                  185.210.235.0/24
                  185.218.20.0/24
                  185.222.29.0-185.222.30.255
                  185.227.144.0/24
                  185.246.112.0/24
                  193.58.146.0/24
                  194.76.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ba:cc:2d:19:1e:39:ee:ad:00:98:6e:1f:72:5d:4c:36:85:
         aa:1e:ad:53:7c:d9:1b:13:a8:e5:18:22:8b:e1:06:3b:4f:50:
         67:a8:8a:2c:e6:19:2d:dd:be:08:2c:7f:fb:1f:2f:c1:1c:cb:
         75:e4:0f:b4:64:e3:a0:21:d7:5f:5f:b2:75:bf:6f:72:eb:4b:
         b9:0a:39:09:0a:b9:eb:10:19:13:63:2e:95:29:81:18:9d:2b:
         46:f2:e0:fd:8f:0c:57:c7:95:c1:a6:2f:2c:84:01:3b:30:da:
         03:f3:a6:e9:51:62:2a:e8:2f:b4:42:c4:2b:52:6a:28:08:01:
         8a:b9:f9:13:70:e8:80:a6:45:a9:0c:65:a7:eb:b2:18:89:ee:
         b0:26:4e:39:45:32:02:a8:a0:49:91:a9:cb:81:96:19:35:f6:
         a2:46:f5:22:bb:42:2b:c7:45:0c:ac:1a:43:98:05:ca:4c:c5:
         5c:92:43:36:5d:76:7e:44:90:68:13:66:4f:b9:05:43:4e:1e:
         24:fb:6a:6e:38:d6:ec:c5:9b:8c:4d:fb:ef:d9:f6:9c:e2:94:
         b6:6d:87:e1:40:01:64:c8:14:a1:13:47:fd:09:e5:63:05:12:
         54:65:a3:2a:15:81:10:a5:45:21:44:35:1c:72:68:71:2c:18:
         85:d5:3b:b3
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZOL+UgLXft2iSZ6OXtq6mvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMjAzMTAwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDExNjdjMTI3ZGRmOWUwNjY5NjAzNzhmNjhlZTIzOGRkYWUyZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kUh/Vj/dRUSbIaZXC9srPF0m4v+
DQi17ZAV0fCT2xBGI+jUkN93SpDi2ctjjtzUI8PkgmSVFpGXOOj3s4CDAbLk4vBN
tjaRw4Ow5kAGug9J0/9M6FSXV+YiMRefF8nynIF6BSaOsH5uG+A6A+npqpKX37PO
4If3hOmlGw1QIPAzrHXnBr4SnQ7O+iE4TG9DS9U3x0eisj+LhdkfraZ95ijXqCSy
56ojcu08X06xvdJA4lE4aaXooeFexB3ZG+qCIOLeb2IP+9DIouFl8YM01SBMJyda
pnY7440UqJu/6YSygP5e+nguOY6iV4FkWLDpXUdLdRi0VXlC/4wUiEdvaQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGARZ8En3fngZpYDePaO4jjdri5SMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWUJGbndTZmQtZUJtbGdONDlvN2lPTjJ1TGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAucKxAwQA
udEmAwQAudFJAwQAudLrAwQAudoUMAwDBAC53h0DBAC53h4DBAC545ADBAC59nAD
BADBOpIDBADCTKwwDQYJKoZIhvcNAQELBQADggEBAHa6zC0ZHjnurQCYbh9yXUw2
haoerVN82RsTqOUYIovhBjtPUGeoiizmGS3dvggsf/sfL8Ecy3XkD7Rk46Ah119f
snW/b3LrS7kKOQkKuesQGRNjLpUpgRidK0by4P2PDFfHlcGmLyyEATsw2gPzpulR
YiroL7RCxCtSaigIAYq5+RNw6ICmRakMZafrshiJ7rAmTjlFMgKooEmRqcuBlhk1
9qJG9SK7QivHRQysGkOYBcpMxVySQzZddn5EkGgTZk+5BUNOHiT7am441uzFm4xN
++/Z9pzilLZth+FAAWTIFKETR/0J5WMFElRloyoVgRClRSFENRxyaHEsGIXVO7M=
-----END CERTIFICATE-----