Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/bu1xn3bEkKSsnyb3BZcx6RWE340.roa
File:                     bu1xn3bEkKSsnyb3BZcx6RWE340.roa (raw, json)
Hash identifier:          DWYKchPBsAMbJP25NxnJGiGrakVhY26+sx/yFrsOtqg=
Subject key identifier:   6E:ED:71:9F:76:C4:90:A4:AC:9F:26:F7:05:97:31:E9:15:84:DF:8D
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0195B9799C4D8AA7CEC53A10665CD04B1B55
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/bu1xn3bEkKSsnyb3BZcx6RWE340.roa
Signing time:             Fri 21 Mar 2025 16:11:49 +0000
ROA not before:           Fri 21 Mar 2025 16:11:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        144.56.0.0/24 maxlen: 24
                          144.56.11.0/24 maxlen: 24
                          144.56.13.0/24 maxlen: 24
                          144.56.20.0/24 maxlen: 24
                          144.56.21.0/24 maxlen: 24
                          144.56.22.0/24 maxlen: 24
                          144.56.23.0/24 maxlen: 24
                          144.56.24.0/24 maxlen: 24
                          144.56.25.0/24 maxlen: 24
                          144.56.27.0/24 maxlen: 24
                          144.56.28.0/24 maxlen: 24
                          144.56.31.0/24 maxlen: 24
                          144.56.33.0/24 maxlen: 24
                          144.56.34.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 21 Mar 2025 17:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:79:9c:4d:8a:a7:ce:c5:3a:10:66:5c:d0:4b:1b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Mar 21 16:11:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6eed719f76c490a4ac9f26f7059731e91584df8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bd:44:f5:ab:f6:69:1a:f7:7c:b3:4d:19:2d:
                    f7:e8:53:b1:cf:ef:26:dc:09:f0:df:6f:48:39:6f:
                    53:58:b0:44:81:41:54:95:0c:ea:31:d5:3b:54:0e:
                    57:c3:d4:54:47:ca:47:b4:37:86:62:21:56:cd:cf:
                    38:76:aa:b9:dc:85:62:d5:13:66:b4:1f:6d:45:20:
                    df:b0:58:eb:b2:dc:30:30:91:e6:3f:ae:d5:30:47:
                    cc:b5:4c:36:a5:c2:e3:21:76:a5:2f:ea:43:1f:96:
                    57:72:55:52:8f:c8:26:de:a1:46:52:19:78:a8:02:
                    04:e3:e0:6f:b7:d7:81:ce:c8:b6:0d:03:4f:d5:d6:
                    6f:2e:76:2a:5b:48:20:c3:5c:cd:7d:8b:3e:64:58:
                    db:2d:fb:9a:6c:26:23:21:6d:7a:a0:7f:07:88:86:
                    92:ad:29:c4:5e:bc:a8:18:48:38:c7:a4:c2:74:88:
                    b2:5d:50:73:19:d1:e1:d0:ff:7b:fa:68:0e:b1:7b:
                    d0:6b:ba:f3:56:36:b3:36:0a:e2:1a:f2:47:c0:cc:
                    63:45:53:20:5c:e5:5a:fd:f4:7d:84:98:d4:69:71:
                    a9:81:6d:d1:6d:48:38:cd:a4:2e:93:0a:4e:28:3e:
                    6f:58:1a:ce:0f:86:dc:5d:94:8c:4c:fe:76:24:47:
                    51:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:ED:71:9F:76:C4:90:A4:AC:9F:26:F7:05:97:31:E9:15:84:DF:8D
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/bu1xn3bEkKSsnyb3BZcx6RWE340.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.0.0/24
                  144.56.11.0/24
                  144.56.13.0/24
                  144.56.20.0-144.56.25.255
                  144.56.27.0-144.56.28.255
                  144.56.31.0/24
                  144.56.33.0-144.56.34.255

    Signature Algorithm: sha256WithRSAEncryption
         1b:95:de:2b:ce:e9:bf:9b:c8:ca:c0:cd:a6:2a:9e:e3:0d:54:
         f0:fd:d1:04:2f:74:2f:f2:16:ae:2c:f0:74:61:e4:5b:1d:94:
         d2:84:bd:b6:7f:c4:9b:f0:d9:ae:d1:d3:11:fd:e3:61:5a:53:
         cb:b1:63:9d:89:b8:bf:34:bb:be:47:85:a4:f0:5b:26:e8:68:
         0a:de:2a:24:84:e5:51:7c:36:70:df:fb:32:36:31:7d:81:24:
         be:63:c5:f2:fa:36:e8:77:c6:ab:07:a6:ef:1b:66:3c:a4:7d:
         d6:5d:66:65:8b:af:26:26:27:82:7b:01:65:f6:7b:e2:8d:72:
         62:42:c4:c6:bf:eb:b8:ab:d0:db:7c:65:56:b6:f3:8d:1c:92:
         6f:04:12:bc:bc:a6:25:7e:5c:9b:f7:7d:2a:18:0b:4f:46:60:
         fc:29:bf:ff:29:eb:fa:d7:b0:be:ce:24:46:27:12:26:84:bd:
         99:4c:0e:fd:c5:9c:6e:db:f7:c2:17:4c:b9:52:d0:48:3a:34:
         ed:90:31:ec:5b:5e:48:22:7c:0b:b6:d8:73:70:84:c5:86:7f:
         b7:53:5c:ac:87:c7:f9:dc:29:54:32:78:bd:f1:55:ca:ee:d6:
         db:1d:36:3f:9c:75:d7:bb:04:1e:93:e5:25:49:24:4d:f9:68:
         de:c5:61:16
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZW5eZxNiqfOxToQZlzQSxtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwMzIxMTYxMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWVkNzE5Zjc2YzQ5MGE0YWM5ZjI2ZjcwNTk3MzFlOTE1ODRkZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L1E9av2aRr3fLNNGS336FOxz+8m
3Anw329IOW9TWLBEgUFUlQzqMdU7VA5Xw9RUR8pHtDeGYiFWzc84dqq53IVi1RNm
tB9tRSDfsFjrstwwMJHmP67VMEfMtUw2pcLjIXalL+pDH5ZXclVSj8gm3qFGUhl4
qAIE4+Bvt9eBzsi2DQNP1dZvLnYqW0ggw1zNfYs+ZFjbLfuabCYjIW16oH8HiIaS
rSnEXryoGEg4x6TCdIiyXVBzGdHh0P97+mgOsXvQa7rzVjazNgriGvJHwMxjRVMg
XOVa/fR9hJjUaXGpgW3RbUg4zaQukwpOKD5vWBrOD4bcXZSMTP52JEdR1wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFG7tcZ92xJCkrJ8m9wWXMekVhN+NMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvYnUxeG4zYkVrS1NzbnliM0JaY3g2UldFMzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAkDgAAwQA
kDgLAwQAkDgNMAwDBAKQOBQDBAGQOBgwDAMEAJA4GwMEAJA4HAMEAJA4HzAMAwQA
kDghAwQAkDgiMA0GCSqGSIb3DQEBCwUAA4IBAQAbld4rzum/m8jKwM2mKp7jDVTw
/dEEL3Qv8hauLPB0YeRbHZTShL22f8Sb8Nmu0dMR/eNhWlPLsWOdibi/NLu+R4Wk
8Fsm6GgK3iokhOVRfDZw3/syNjF9gSS+Y8Xy+jbod8arB6bvG2Y8pH3WXWZli68m
JieCewFl9nvijXJiQsTGv+u4q9DbfGVWtvONHJJvBBK8vKYlflyb930qGAtPRmD8
Kb//Kev617C+ziRGJxImhL2ZTA79xZxu2/fCF0y5UtBIOjTtkDHsW15IInwLtthz
cITFhn+3U1ysh8f53ClUMni98VXK7tbbHTY/nHXXuwQek+UlSSRN+WjexWEW
-----END CERTIFICATE-----