Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/S0s2jtrD35riVWBDpl_r82ZLJYo.roa
File:                     S0s2jtrD35riVWBDpl_r82ZLJYo.roa (raw, json)
Hash identifier:          8nYj6yb7NTFj3xckdMPLyNXK+ZSunocfnoDgPrShm1c=
Subject key identifier:   4B:4B:36:8E:DA:C3:DF:9A:E2:55:60:43:A6:5F:EB:F3:66:4B:25:8A
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0197EF980D5CBCCBC4B6913C5267A70A385B
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/S0s2jtrD35riVWBDpl_r82ZLJYo.roa
Signing time:             Wed 09 Jul 2025 14:30:08 +0000
ROA not before:           Wed 09 Jul 2025 14:30:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8820
IP address blocks:        46.236.208.0/20 maxlen: 24
                          78.41.48.0/22 maxlen: 24
                          81.92.0.0/20 maxlen: 24
                          82.139.196.0/22 maxlen: 24
                          82.139.222.0/23 maxlen: 24
                          82.139.252.0/22 maxlen: 24
                          195.8.224.0/19 maxlen: 24
                          195.8.253.0/24 maxlen: 24
                          195.8.254.2/31 maxlen: 32
                          212.17.224.0/19 maxlen: 24
                          212.60.128.0/19 maxlen: 24
                          213.240.128.0/18 maxlen: 24
                          2a01:170::/32 maxlen: 64
                          2a01:170:1000::/36 maxlen: 48
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 08:15:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:98:0d:5c:bc:cb:c4:b6:91:3c:52:67:a7:0a:38:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul  9 14:30:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b4b368edac3df9ae2556043a65febf3664b258a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a2:f3:c5:d4:ee:07:1c:a5:9f:c6:ae:99:f1:
                    4f:88:9a:e7:86:c3:3a:02:10:a3:d4:d3:c6:61:28:
                    3c:47:76:91:69:ed:12:9e:b6:cf:f1:6b:6d:c6:84:
                    b3:f1:ee:4d:1c:3a:23:9e:3b:4b:0b:0e:ac:0a:b7:
                    60:94:b5:01:f9:10:95:ca:8a:33:3b:8c:8f:40:ee:
                    a0:40:a9:5b:7d:f5:f2:9d:dd:a0:e7:cb:4a:64:ea:
                    3c:cd:5b:39:60:c7:97:32:67:ff:b0:a2:f7:a5:d6:
                    1e:e9:d7:11:30:2d:81:fc:a7:30:ac:f8:73:a4:a3:
                    d8:33:00:16:cf:2c:5a:62:74:31:cc:3e:2f:36:85:
                    7e:3f:d3:d2:f8:1a:97:c0:b3:96:23:68:4c:cc:d6:
                    2e:01:00:f6:51:f1:8d:da:42:c9:91:79:09:0d:54:
                    cc:a1:1b:18:b3:c2:04:43:4c:f5:23:a3:10:d3:94:
                    9d:49:67:e0:ae:71:ac:41:63:5b:d2:d5:94:29:88:
                    ee:db:11:20:a9:69:11:37:77:11:b9:3f:67:f4:2e:
                    71:6b:81:3e:23:4f:6b:3c:4e:bb:92:cd:b2:ed:f1:
                    ee:27:c8:eb:83:6b:ce:8b:9c:4b:92:20:38:f4:52:
                    59:d8:12:ca:65:15:01:ef:25:79:28:bd:a5:21:5a:
                    7f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4B:36:8E:DA:C3:DF:9A:E2:55:60:43:A6:5F:EB:F3:66:4B:25:8A
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/S0s2jtrD35riVWBDpl_r82ZLJYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.208.0/20
                  78.41.48.0/22
                  81.92.0.0/20
                  82.139.196.0/22
                  82.139.222.0/23
                  82.139.252.0/22
                  195.8.224.0/19
                  212.17.224.0/19
                  212.60.128.0/19
                  213.240.128.0/18
                IPv6:
                  2a01:170::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:93:4c:39:0b:47:c8:eb:cc:65:33:1f:c7:28:84:3a:21:82:
         07:eb:a1:a2:99:48:68:a3:9d:04:3e:e8:07:07:30:0a:58:dc:
         64:4e:82:99:ed:94:b2:b0:aa:93:32:7b:6c:80:73:8f:ee:74:
         db:34:09:f5:29:11:b4:d8:97:2a:2c:dd:1b:cc:ea:ac:1e:8d:
         5e:c1:f2:c2:bb:1a:1b:03:3b:84:84:dc:99:87:23:d2:22:cb:
         62:c2:59:48:33:5a:ac:a5:28:f6:e3:f1:1d:e4:0a:14:72:75:
         87:80:32:44:5e:db:3b:e4:4a:db:39:f8:18:da:b2:7d:68:99:
         87:bc:56:bb:d0:a1:95:c5:a1:b1:74:b5:4b:72:74:fd:20:36:
         3b:54:ed:da:51:d7:09:58:ba:07:7d:a8:b0:8f:e7:6e:58:8b:
         f6:43:7d:23:b4:8a:67:83:41:95:c4:67:16:db:cc:b7:b2:bb:
         c3:47:24:a1:f0:8c:4f:4f:dd:53:e3:2f:d9:8e:0e:21:be:17:
         c8:fa:e7:9a:64:e0:c1:68:5f:fe:9e:fc:a4:0d:f1:89:fa:aa:
         0a:bc:22:9f:30:fc:81:05:b1:1d:ab:0a:84:4e:aa:2e:b1:ed:
         07:25:30:cb:94:a0:20:3a:66:13:5e:76:62:6a:4f:e8:2f:78:
         64:46:e5:95
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZfvmA1cvMvEtpE8UmenCjhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzA5MTQzMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRiMzY4ZWRhYzNkZjlhZTI1NTYwNDNhNjVmZWJmMzY2NGIyNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6LzxdTuBxyln8aumfFPiJrnhsM6
AhCj1NPGYSg8R3aRae0SnrbP8WttxoSz8e5NHDojnjtLCw6sCrdglLUB+RCVyooz
O4yPQO6gQKlbffXynd2g58tKZOo8zVs5YMeXMmf/sKL3pdYe6dcRMC2B/KcwrPhz
pKPYMwAWzyxaYnQxzD4vNoV+P9PS+BqXwLOWI2hMzNYuAQD2UfGN2kLJkXkJDVTM
oRsYs8IEQ0z1I6MQ05SdSWfgrnGsQWNb0tWUKYju2xEgqWkRN3cRuT9n9C5xa4E+
I09rPE67ks2y7fHuJ8jrg2vOi5xLkiA49FJZ2BLKZRUB7yV5KL2lIVp/fQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFEtLNo7aw9+a4lVgQ6Zf6/NmSyWKMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvUzBzMmp0ckQzNXJpVldCRHBsX3I4MlpMSllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQELuzQAwQC
TikwAwQEUVwAAwQCUovEAwQBUoveAwQCUov8AwQFwwjgAwQF1BHgAwQF1DyAAwQG
1fCAMA0EAgACMAcDBQAqAQFwMA0GCSqGSIb3DQEBCwUAA4IBAQC0k0w5C0fI68xl
Mx/HKIQ6IYIH66GimUhoo50EPugHBzAKWNxkToKZ7ZSysKqTMntsgHOP7nTbNAn1
KRG02JcqLN0bzOqsHo1ewfLCuxobAzuEhNyZhyPSIstiwllIM1qspSj24/Ed5AoU
cnWHgDJEXts75ErbOfgY2rJ9aJmHvFa70KGVxaGxdLVLcnT9IDY7VO3aUdcJWLoH
faiwj+duWIv2Q30jtIpng0GVxGcW28y3srvDRySh8IxPT91T4y/Zjg4hvhfI+uea
ZODBaF/+nvykDfGJ+qoKvCKfMPyBBbEdqwqETqouse0HJTDLlKAgOmYTXnZiak/o
L3hkRuWV
-----END CERTIFICATE-----