Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3jk_L-Kap6izFBuJISi2VDGBM7c.roa
File:                     3jk_L-Kap6izFBuJISi2VDGBM7c.roa (raw, json)
Hash identifier:          SiLCn4NY/b4Hmu3M8YzzUYZeOOzOry3i+PWl6++nskw=
Subject key identifier:   DE:39:3F:2F:E2:9A:A7:A8:B3:14:1B:89:21:28:B6:54:31:81:33:B7
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0197D4FA4B8BDE8F78B552A08BE71CB09201
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3jk_L-Kap6izFBuJISi2VDGBM7c.roa
Signing time:             Fri 04 Jul 2025 10:27:42 +0000
ROA not before:           Fri 04 Jul 2025 10:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213732
IP address blocks:        46.38.144.0/24 maxlen: 24
                          46.38.146.0/24 maxlen: 24
                          46.38.147.0/24 maxlen: 24
                          46.38.148.0/24 maxlen: 24
                          46.38.149.0/24 maxlen: 24
                          46.38.150.0/24 maxlen: 24
                          46.38.151.0/24 maxlen: 24
                          185.29.223.0/24 maxlen: 24
                          212.80.29.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 21 Jul 2025 13:35:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:fa:4b:8b:de:8f:78:b5:52:a0:8b:e7:1c:b0:92:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jul  4 10:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de393f2fe29aa7a8b3141b892128b654318133b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e5:b7:1a:ed:79:7d:ec:a4:da:f6:3f:ae:af:
                    55:84:17:a0:1e:57:0b:a9:a5:74:c0:48:9a:be:ab:
                    31:3c:fd:63:6f:a9:8f:9d:75:9d:8d:45:5b:9f:a9:
                    2a:ae:a1:8e:41:c3:42:38:bb:30:0b:3c:47:fc:a5:
                    09:6f:63:06:10:c4:cc:c2:c9:ad:48:79:c2:c4:4b:
                    00:31:2d:e4:65:19:d2:64:7a:61:80:88:69:9f:c6:
                    f9:50:ba:a4:dd:fc:53:e1:f5:55:c3:2e:2d:6a:9a:
                    36:0b:51:6e:e8:bd:70:55:9b:fe:0f:60:fe:f4:5f:
                    19:1b:f6:da:73:13:2d:76:73:8e:1f:fc:c3:60:cb:
                    f3:22:06:0f:73:9d:af:7a:d6:74:1d:33:95:87:91:
                    b4:c3:e0:99:2f:27:3a:23:7e:8b:99:bb:39:83:cb:
                    e8:d6:e2:5a:55:0a:16:42:30:05:6e:79:e5:7e:2f:
                    99:ce:51:77:96:34:0c:70:9e:fe:0a:29:37:ae:a8:
                    c8:42:da:89:82:e2:39:e0:a1:ca:28:0c:83:4f:71:
                    16:aa:7a:e5:a4:c6:cd:ad:b0:2d:93:df:ac:c9:87:
                    0a:d0:20:2a:e0:aa:d9:83:b9:d0:47:f5:dd:9c:9a:
                    44:42:44:55:cd:60:99:45:c4:40:b9:51:a1:a5:19:
                    12:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:39:3F:2F:E2:9A:A7:A8:B3:14:1B:89:21:28:B6:54:31:81:33:B7
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3jk_L-Kap6izFBuJISi2VDGBM7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.144.0/24
                  46.38.146.0-46.38.151.255
                  185.29.223.0/24
                  212.80.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f2:d2:6b:df:eb:64:00:95:9b:c4:d3:65:c4:07:a3:f4:d9:
         13:39:53:d0:8d:ba:80:8a:36:e8:49:71:c1:d0:3c:d9:c2:eb:
         6a:2c:1f:a0:a7:5b:0a:84:f6:c5:f4:33:44:91:16:2f:07:5d:
         eb:92:03:9c:31:0e:c9:6e:1f:69:64:45:ab:ff:77:41:59:85:
         e4:35:69:54:cc:94:d6:ff:04:05:62:6d:d1:b5:87:f5:41:bb:
         c0:32:c2:1d:e0:b8:0b:a0:51:61:4c:bc:a3:f6:40:50:e9:2a:
         95:27:c2:b7:c0:9b:6a:78:78:a1:1e:95:80:a4:b4:86:b2:a5:
         9f:4f:c9:9e:18:f6:d0:55:4b:f7:eb:f2:89:e6:72:fa:8c:dc:
         95:c3:3b:b4:7c:36:0a:1f:b8:bb:ce:e2:a1:15:80:38:e8:94:
         21:04:5d:81:f9:f4:d6:89:a8:1b:c6:df:64:c7:8b:ca:8c:7c:
         81:36:63:54:72:f5:4f:4b:66:a5:7b:37:c7:dc:38:ce:ef:e4:
         cc:36:e1:ea:13:0f:00:73:0d:12:a4:a6:86:06:94:cb:a3:53:
         34:9e:35:a6:f5:fb:34:ca:e1:fe:2d:09:da:2c:17:ef:24:14:
         1f:91:ec:1f:d3:a2:bf:a3:db:b2:a8:28:03:0a:86:c3:3c:52:
         a7:bb:69:cd
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZfU+kuL3o94tVKgi+ccsJIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzA0MTAyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM5M2YyZmUyOWFhN2E4YjMxNDFiODkyMTI4YjY1NDMxODEzM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uW3Gu15feyk2vY/rq9VhBegHlcL
qaV0wEiavqsxPP1jb6mPnXWdjUVbn6kqrqGOQcNCOLswCzxH/KUJb2MGEMTMwsmt
SHnCxEsAMS3kZRnSZHphgIhpn8b5ULqk3fxT4fVVwy4tapo2C1Fu6L1wVZv+D2D+
9F8ZG/bacxMtdnOOH/zDYMvzIgYPc52vetZ0HTOVh5G0w+CZLyc6I36Lmbs5g8vo
1uJaVQoWQjAFbnnlfi+ZzlF3ljQMcJ7+Cik3rqjIQtqJguI54KHKKAyDT3EWqnrl
pMbNrbAtk9+syYcK0CAq4KrZg7nQR/XdnJpEQkRVzWCZRcRAuVGhpRkSEwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFN45Py/imqeosxQbiSEotlQxgTO3MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvM2prX0wtS2FwNml6RkJ1SklTaTJWREdCTTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQALiaQMAwD
BAEuJpIDBAMuJpADBAC5Hd8DBADUUB0wDQYJKoZIhvcNAQELBQADggEBAE/y0mvf
62QAlZvE02XEB6P02RM5U9CNuoCKNuhJccHQPNnC62osH6CnWwqE9sX0M0SRFi8H
XeuSA5wxDsluH2lkRav/d0FZheQ1aVTMlNb/BAVibdG1h/VBu8Aywh3guAugUWFM
vKP2QFDpKpUnwrfAm2p4eKEelYCktIaypZ9PyZ4Y9tBVS/fr8onmcvqM3JXDO7R8
NgofuLvO4qEVgDjolCEEXYH59NaJqBvG32THi8qMfIE2Y1Ry9U9LZqV7N8fcOM7v
5Mw24eoTDwBzDRKkpoYGlMujUzSeNab1+zTK4f4tCdosF+8kFB+R7B/Tor+j27Ko
KAMKhsM8Uqe7ac0=
-----END CERTIFICATE-----
Generated at Wed Jul 23 08:10:23 2025 by rpki-client