Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/J7g_melZmx9g_UbOZue_C8Lm0rk.roa
File:                     J7g_melZmx9g_UbOZue_C8Lm0rk.roa (raw, json)
Hash identifier:          i/Jfqad0RySS4j/+UwnnJS5H7idoHr0zxvQSQBCPk8M=
Subject key identifier:   27:B8:3F:99:E9:59:9B:1F:60:FD:46:CE:66:E7:BF:0B:C2:E6:D2:B9
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0198313AFAFF3DD31C1CA974FA7B331BA644
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/J7g_melZmx9g_UbOZue_C8Lm0rk.roa
Signing time:             Tue 22 Jul 2025 08:23:25 +0000
ROA not before:           Tue 22 Jul 2025 08:23:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.253.0/24 maxlen: 24
                          45.155.254.0/24 maxlen: 24
                          45.157.208.0/23 maxlen: 23
                          45.157.211.0/24 maxlen: 24
                          79.98.244.0/24 maxlen: 24
                          176.125.251.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          185.221.25.0/24 maxlen: 24
                          185.221.26.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 25 Jul 2025 07:43:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:31:3a:fa:ff:3d:d3:1c:1c:a9:74:fa:7b:33:1b:a6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 22 08:23:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27b83f99e9599b1f60fd46ce66e7bf0bc2e6d2b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8b:e4:a1:6c:71:f7:f0:22:91:59:4d:03:8a:
                    05:97:8a:d7:6f:e3:33:5b:1f:ba:25:ec:b5:c1:95:
                    74:4c:5b:7e:4b:38:a7:ce:c2:9d:2c:b5:06:0e:3a:
                    f0:47:78:f5:f3:e0:0d:6f:9b:90:c4:12:15:fe:01:
                    3e:5b:01:35:5f:e4:ce:9a:ea:0f:58:4b:c3:33:00:
                    a2:db:30:23:80:b2:17:2a:50:27:f2:56:38:cf:9b:
                    0a:36:74:af:82:76:3f:7e:e6:15:9a:6d:60:e4:a6:
                    8f:eb:b2:bb:e4:ba:fd:d9:14:df:d3:1c:b3:e6:f8:
                    bc:f1:dc:ca:76:71:2f:c9:91:1c:d7:ac:eb:7f:cf:
                    ca:4d:40:ce:29:7a:6b:ac:72:2e:61:ac:f3:ee:f7:
                    8c:47:14:ac:c5:99:fd:1b:66:44:c1:3b:cb:10:ca:
                    39:1d:9c:a0:e3:87:45:3a:fe:3f:e7:ba:c7:47:90:
                    3b:a5:19:1f:f9:e8:52:ee:3c:46:7b:fc:83:2b:20:
                    71:68:6d:93:f7:98:d0:78:b5:dd:56:fd:8c:9f:00:
                    7c:b3:80:59:79:41:55:61:da:98:42:45:bf:0e:02:
                    9d:3a:02:22:27:b8:f8:3e:5a:bc:70:2b:8e:10:af:
                    0b:80:8b:4f:24:67:dd:9d:f2:c1:73:1a:52:a5:54:
                    88:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B8:3F:99:E9:59:9B:1F:60:FD:46:CE:66:E7:BF:0B:C2:E6:D2:B9
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/J7g_melZmx9g_UbOZue_C8Lm0rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.253.0-45.155.254.255
                  45.157.208.0/23
                  45.157.211.0/24
                  79.98.244.0/24
                  176.125.251.0/24
                  185.199.151.0/24
                  185.199.213.0/24
                  185.221.25.0-185.221.26.255
                  185.225.168.0/23
                  185.250.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9d:36:96:b1:fc:04:49:c0:e4:6d:53:2f:a4:58:ab:48:33:
         0d:9e:42:3b:b4:e4:64:a9:6d:34:61:e3:e2:a0:e6:4e:1c:d7:
         10:df:83:e3:be:c3:85:2c:cb:e4:fa:c1:3b:c5:ee:6e:bc:3e:
         d2:19:e7:73:05:49:43:a4:9f:03:d3:a6:37:71:fe:2d:27:f4:
         7a:58:ca:59:bb:23:9e:ef:58:f1:88:aa:c7:18:a9:7e:c8:2b:
         36:2a:33:ae:27:3c:aa:da:7a:2e:e9:0a:7c:0f:35:e2:5d:d3:
         16:6c:45:aa:03:94:ec:ab:1a:7f:2d:f8:b9:1a:80:1f:23:a7:
         a6:8a:9d:5d:c1:19:74:76:f9:da:a6:e5:46:d2:2b:7f:b3:6a:
         ca:ae:43:2e:7d:89:08:90:c4:70:f4:d4:34:15:cb:c6:36:03:
         e0:3f:80:07:65:3f:0d:0b:78:a7:44:c3:a3:31:19:a7:7c:93:
         93:87:37:33:72:f0:21:87:a6:1f:73:24:46:b7:37:ab:f5:ec:
         4e:88:79:19:0b:11:a8:e4:3a:3b:4b:58:82:dd:14:2c:dc:c3:
         c1:2b:d7:b7:89:d4:12:32:b8:73:ce:f4:1d:34:f8:89:fa:e3:
         c0:96:50:92:80:7b:e7:7e:d9:81:a0:87:8c:91:31:62:e9:61:
         6e:8b:9e:3b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZgxOvr/PdMcHKl0+nszG6ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwNzIyMDgyMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2I4M2Y5OWU5NTk5YjFmNjBmZDQ2Y2U2NmU3YmYwYmMyZTZkMmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtovkoWxx9/AikVlNA4oFl4rXb+Mz
Wx+6Jey1wZV0TFt+SzinzsKdLLUGDjrwR3j18+ANb5uQxBIV/gE+WwE1X+TOmuoP
WEvDMwCi2zAjgLIXKlAn8lY4z5sKNnSvgnY/fuYVmm1g5KaP67K75Lr92RTf0xyz
5vi88dzKdnEvyZEc16zrf8/KTUDOKXprrHIuYazz7veMRxSsxZn9G2ZEwTvLEMo5
HZyg44dFOv4/57rHR5A7pRkf+ehS7jxGe/yDKyBxaG2T95jQeLXdVv2MnwB8s4BZ
eUFVYdqYQkW/DgKdOgIiJ7j4Plq8cCuOEK8LgItPJGfdnfLBcxpSpVSIPwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCe4P5npWZsfYP1GzmbnvwvC5tK5MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvSjdnX21lbFpteDlnX1ViT1p1ZV9DOExtMHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAAtm/0D
BAAtm/4DBAEtndADBAAtndMDBABPYvQDBACwffsDBAC5x5cDBAC5x9UwDAMEALnd
GQMEALndGgMEAbnhqAMEALn6GjANBgkqhkiG9w0BAQsFAAOCAQEAm502lrH8BEnA
5G1TL6RYq0gzDZ5CO7TkZKltNGHj4qDmThzXEN+D477DhSzL5PrBO8Xubrw+0hnn
cwVJQ6SfA9OmN3H+LSf0eljKWbsjnu9Y8YiqxxipfsgrNiozric8qtp6LukKfA81
4l3TFmxFqgOU7Ksafy34uRqAHyOnpoqdXcEZdHb52qblRtIrf7Nqyq5DLn2JCJDE
cPTUNBXLxjYD4D+AB2U/DQt4p0TDozEZp3yTk4c3M3LwIYemH3MkRrc3q/XsToh5
GQsRqOQ6O0tYgt0ULNzDwSvXt4nUEjK4c870HTT4ifrjwJZQkoB7537ZgaCHjJEx
YulhboueOw==
-----END CERTIFICATE-----