Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/LYHJ-izFxUR9rVrRK1CcVrR2xk4.roa
File:                     LYHJ-izFxUR9rVrRK1CcVrR2xk4.roa (raw, json)
Hash identifier:          0AtLEkJk8cjlXu6+CUSG3xm8VPUsnqg6+yrJPYdEavk=
Subject key identifier:   2D:81:C9:FA:2C:C5:C5:44:7D:AD:5A:D1:2B:50:9C:56:B4:76:C6:4E
Certificate issuer:       /CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
Certificate serial:       018B23E13CA54F33AD533DF26254302D6AE6
Authority key identifier: 88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/LYHJ-izFxUR9rVrRK1CcVrR2xk4.roa
Signing time:             Thu 12 Oct 2023 12:34:05 +0000
ROA not before:           Thu 12 Oct 2023 12:34:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29208
IP address blocks:        194.145.156.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:23:e1:3c:a5:4f:33:ad:53:3d:f2:62:54:30:2d:6a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
        Validity
            Not Before: Oct 12 12:34:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d81c9fa2cc5c5447dad5ad12b509c56b476c64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fa:47:ad:e1:18:51:1b:71:3b:7a:3e:c5:0a:
                    bc:d9:b5:94:a3:df:7f:06:9f:81:2b:fb:a1:c9:69:
                    c6:f9:7e:9a:a0:0a:f2:93:cc:27:c8:6b:de:a4:00:
                    a1:e1:43:40:e0:be:41:4b:7d:61:ec:28:11:2c:d4:
                    88:9e:51:0e:42:22:5d:6b:0c:a5:7a:d3:56:7d:29:
                    bf:ee:18:87:8d:55:cc:2c:2c:ae:bb:0a:fc:cc:47:
                    b9:f3:f4:c2:c8:b1:ae:50:7a:27:39:dc:c5:ff:91:
                    f9:49:a9:19:a8:86:b7:53:5f:85:e1:40:f8:8f:0d:
                    be:fd:db:bc:74:de:a3:d0:f0:5a:60:37:25:55:ec:
                    49:e6:c8:82:0f:11:4b:31:3d:3d:2c:3c:76:ac:a9:
                    91:3c:c1:ca:0f:c3:96:84:43:c0:26:28:9e:5b:76:
                    00:82:34:74:d3:b5:a8:dc:ee:e2:d8:80:00:44:cd:
                    1d:5c:6b:df:97:09:06:07:94:52:3d:f7:51:3d:33:
                    d9:4b:63:7b:53:84:b3:61:0f:bf:56:67:bd:ea:e6:
                    90:9b:4d:1f:0b:4b:d3:09:a7:72:1f:21:99:73:d9:
                    16:19:c2:e0:92:e5:b1:29:07:79:71:48:66:bb:15:
                    66:0c:37:02:4b:2d:63:28:0d:6c:91:4e:52:92:33:
                    7f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:81:C9:FA:2C:C5:C5:44:7D:AD:5A:D1:2B:50:9C:56:B4:76:C6:4E
            X509v3 Authority Key Identifier:
                keyid:88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/LYHJ-izFxUR9rVrRK1CcVrR2xk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:56:00:e8:37:75:39:71:63:97:c9:92:14:00:75:fd:8d:36:
         6f:50:ca:04:fa:10:8b:10:0b:91:9b:b8:ba:27:23:fd:36:c3:
         70:95:e0:fc:05:eb:5a:d4:98:58:26:8a:22:a4:95:01:d9:0c:
         d7:b6:ae:f0:d5:ea:9d:d6:08:a1:59:ce:d6:da:24:79:96:14:
         ef:fd:70:f9:9d:e9:f2:41:c0:2d:74:83:ef:9b:37:23:39:69:
         62:f2:8a:b3:f4:41:88:2d:f3:2b:b1:9b:41:2f:34:1a:e8:c2:
         68:04:bb:51:a1:62:41:3f:e6:b2:34:9f:29:18:4f:b7:7d:4f:
         14:1f:c4:57:df:f4:1a:bc:03:2d:2d:73:eb:c1:3e:eb:3b:5f:
         84:dc:51:8e:66:8f:68:15:6b:37:36:01:ac:b8:75:c5:cf:79:
         c6:ff:9e:09:4f:d4:67:80:c9:c2:bd:d9:5f:3c:f7:9a:a0:d5:
         2f:b4:8a:5c:f2:ed:5e:f2:ba:0d:3c:d4:e2:37:54:67:43:3f:
         4a:e5:64:4a:00:99:66:20:17:06:bb:3d:a3:3c:d9:d6:2c:46:
         be:53:11:fb:0d:6a:bc:30:85:47:28:99:cb:c9:c3:ee:b3:56:
         8c:19:ea:e0:e1:5f:ed:d7:59:4f:d6:42:93:83:6d:a0:b5:06:
         5b:94:6b:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYsj4TylTzOtUz3yYlQwLWrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmY0ZWU2MjNkOGZhYjczYzkwMWQwY2JkYzkzYTMyMWU5
Y2NmYjcwHhcNMjMxMDEyMTIzNDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDgxYzlmYTJjYzVjNTQ0N2RhZDVhZDEyYjUwOWM1NmI0NzZjNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfpHreEYURtxO3o+xQq82bWUo99/
Bp+BK/uhyWnG+X6aoAryk8wnyGvepACh4UNA4L5BS31h7CgRLNSInlEOQiJdawyl
etNWfSm/7hiHjVXMLCyuuwr8zEe58/TCyLGuUHonOdzF/5H5SakZqIa3U1+F4UD4
jw2+/du8dN6j0PBaYDclVexJ5siCDxFLMT09LDx2rKmRPMHKD8OWhEPAJiieW3YA
gjR007Wo3O7i2IAARM0dXGvflwkGB5RSPfdRPTPZS2N7U4SzYQ+/Vme96uaQm00f
C0vTCadyHyGZc9kWGcLgkuWxKQd5cUhmuxVmDDcCSy1jKA1skU5SkjN/swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2ByfosxcVEfa1a0StQnFa0dsZOMB8GA1UdIwQY
MBaAFIj/TuYj2Pq3PJAdDL3JOjIenM+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgt
MjUwN2RiMzJjMWM0LzEvTFlISi1pekZ4VVI5clZyUksxQ2NWclIyeGs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgtMjUwN2RiMzJjMWM0
LzEvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGcMA0G
CSqGSIb3DQEBCwUAA4IBAQCqVgDoN3U5cWOXyZIUAHX9jTZvUMoE+hCLEAuRm7i6
JyP9NsNwleD8Beta1JhYJooipJUB2QzXtq7w1eqd1gihWc7W2iR5lhTv/XD5neny
QcAtdIPvmzcjOWli8oqz9EGILfMrsZtBLzQa6MJoBLtRoWJBP+ayNJ8pGE+3fU8U
H8RX3/QavAMtLXPrwT7rO1+E3FGOZo9oFWs3NgGsuHXFz3nG/54JT9RngMnCvdlf
PPeaoNUvtIpc8u1e8roNPNTiN1RnQz9K5WRKAJlmIBcGuz2jPNnWLEa+UxH7DWq8
MIVHKJnLycPus1aMGerg4V/t11lP1kKTg22gtQZblGt4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:15 2024 by rpki-client on console-fra.rpki-client.org