Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/291OMNu8G-XJvJWSxquCjixBoJA.roa
File:                     291OMNu8G-XJvJWSxquCjixBoJA.roa (raw, json)
Hash identifier:          Mv6Cl+Hf7XNd92+jAI/iQAG4RU/SS69CQgRW3FHgeAg=
Subject key identifier:   DB:DD:4E:30:DB:BC:1B:E5:C9:BC:95:92:C6:AB:82:8E:2C:41:A0:90
Certificate issuer:       /CN=72769d6e4a0fc2c98013b722eb2beb9e6e871fc6
Certificate serial:       0195CD87E3DCFAEC2B5285F9616F156D8E13
Authority key identifier: 72:76:9D:6E:4A:0F:C2:C9:80:13:B7:22:EB:2B:EB:9E:6E:87:1F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnadbkoPwsmAE7ci6yvrnm6HH8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/291OMNu8G-XJvJWSxquCjixBoJA.roa
Signing time:             Tue 25 Mar 2025 13:39:49 +0000
ROA not before:           Tue 25 Mar 2025 13:39:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48448
IP address blocks:        45.85.73.0/24 maxlen: 24
                          87.236.32.0/24 maxlen: 24
                          202.14.113.0/24 maxlen: 24
                          203.33.38.0/24 maxlen: 24
                          2a0e:bb81::/48 maxlen: 48
                          2a0e:bb81:a1::/48 maxlen: 48
                          2a0e:bb81:b1::/48 maxlen: 48
                          2a0e:bb81:b2::/48 maxlen: 48
                          2a0e:bb81:1000::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 27 Mar 2025 15:14:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:87:e3:dc:fa:ec:2b:52:85:f9:61:6f:15:6d:8e:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72769d6e4a0fc2c98013b722eb2beb9e6e871fc6
        Validity
            Not Before: Mar 25 13:39:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbdd4e30dbbc1be5c9bc9592c6ab828e2c41a090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:46:2e:e7:6c:92:15:82:9f:ac:be:73:a7:fe:
                    58:0a:0d:56:e8:53:07:15:c6:7a:fd:b1:32:7b:01:
                    fb:5a:76:22:64:62:14:32:02:c7:b0:70:c3:77:36:
                    39:4a:25:5f:e0:4d:14:03:67:d8:6f:e6:2e:1f:62:
                    2a:68:4f:63:99:94:02:4a:5c:7e:38:fc:a4:b3:f2:
                    0b:d0:f5:ae:e4:4c:e7:9a:05:47:24:11:bf:ef:41:
                    a2:96:94:56:70:9c:32:f7:5a:30:4f:41:b5:69:b7:
                    40:7f:a0:d0:5d:86:64:07:61:56:94:31:0c:c6:22:
                    36:78:bd:a4:0e:e4:aa:1c:e8:cd:d4:f8:3f:e0:fd:
                    dc:ef:ea:b0:ad:76:05:69:ee:16:82:d3:cc:f3:35:
                    a5:c7:0e:6d:71:0c:7d:71:7a:1f:ae:9c:c2:86:ce:
                    eb:3c:4a:7e:ac:ae:74:a4:ec:20:10:30:87:50:fb:
                    a9:cb:ca:41:1b:53:b0:15:6d:bc:6b:fc:25:5a:23:
                    96:57:34:10:9c:a2:22:04:e0:eb:0e:12:26:8c:1f:
                    fa:7d:76:7f:53:12:7c:ff:23:f5:be:98:3c:91:ae:
                    e9:2d:a7:7d:4a:b3:ee:01:00:50:7c:f5:15:23:38:
                    ab:7c:73:66:f6:c9:64:3a:1a:b8:41:2b:62:37:28:
                    b5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DD:4E:30:DB:BC:1B:E5:C9:BC:95:92:C6:AB:82:8E:2C:41:A0:90
            X509v3 Authority Key Identifier:
                keyid:72:76:9D:6E:4A:0F:C2:C9:80:13:B7:22:EB:2B:EB:9E:6E:87:1F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnadbkoPwsmAE7ci6yvrnm6HH8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/291OMNu8G-XJvJWSxquCjixBoJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/cnadbkoPwsmAE7ci6yvrnm6HH8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.73.0/24
                  87.236.32.0/24
                  202.14.113.0/24
                  203.33.38.0/24
                IPv6:
                  2a0e:bb81::/48
                  2a0e:bb81:a1::/48
                  2a0e:bb81:b1::-2a0e:bb81:b2:ffff:ffff:ffff:ffff:ffff
                  2a0e:bb81:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:05:7a:46:3d:8b:cc:a1:0a:18:00:35:11:4d:14:73:73:09:
         90:d5:5c:08:29:1b:6e:33:d6:f4:6d:28:7f:8b:c6:51:14:9c:
         9a:66:5c:4b:75:b5:8c:ac:75:18:ff:08:c6:a6:00:da:52:90:
         b8:2a:05:0f:39:23:3f:3a:8a:92:9f:35:32:b6:62:e1:75:5a:
         44:15:a6:30:16:8b:f2:08:a4:e5:f6:70:d1:04:d6:34:51:37:
         bf:7e:8f:de:ed:77:39:1e:66:40:d0:a0:c6:df:94:fc:86:34:
         0f:f1:b3:f2:ce:63:d5:79:40:67:5e:70:93:91:1d:45:00:3c:
         b2:4d:c8:1d:70:df:20:86:3d:9d:78:6e:77:8e:0e:18:ad:a3:
         29:8a:1f:cb:48:d2:02:7c:df:82:8e:d1:b8:81:28:5a:29:be:
         dc:0d:e3:4c:f7:2e:dd:db:44:8d:cc:bf:a4:3e:fd:69:eb:29:
         fd:e3:fd:c7:89:3e:1b:9d:12:64:c0:26:89:70:34:8c:70:4e:
         db:3b:a7:59:2a:0d:6b:fc:27:10:bc:d6:e1:34:69:1f:b8:c9:
         1c:5c:1f:69:e3:69:8e:3a:7f:0d:96:2e:8d:b9:2b:c8:1f:8b:
         99:78:b4:3a:e1:bd:6a:d2:a7:bf:7f:e5:df:5c:29:ee:cc:f2:
         3d:f3:74:74
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZXNh+Pc+uwrUoX5YW8VbY4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzY5ZDZlNGEwZmMyYzk4MDEzYjcyMmViMmJlYjllNmU4
NzFmYzYwHhcNMjUwMzI1MTMzOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRkNGUzMGRiYmMxYmU1YzliYzk1OTJjNmFiODI4ZTJjNDFhMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkYu52ySFYKfrL5zp/5YCg1W6FMH
FcZ6/bEyewH7WnYiZGIUMgLHsHDDdzY5SiVf4E0UA2fYb+YuH2IqaE9jmZQCSlx+
OPyks/IL0PWu5EznmgVHJBG/70GilpRWcJwy91owT0G1abdAf6DQXYZkB2FWlDEM
xiI2eL2kDuSqHOjN1Pg/4P3c7+qwrXYFae4WgtPM8zWlxw5tcQx9cXofrpzChs7r
PEp+rK50pOwgEDCHUPupy8pBG1OwFW28a/wlWiOWVzQQnKIiBODrDhImjB/6fXZ/
UxJ8/yP1vpg8ka7pLad9SrPuAQBQfPUVIzirfHNm9slkOhq4QStiNyi1ywIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFNvdTjDbvBvlybyVksargo4sQaCQMB8GA1UdIwQY
MBaAFHJ2nW5KD8LJgBO3Iusr655uhx/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25hZGJrb1B3c21BRTdjaTZ5dnJubTZISDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jNjc1MjItNzFjNS00MDYxLWExOGIt
NjkzM2E5MGM1M2ZhLzEvMjkxT01OdThHLVhKdkpXU3hxdUNqaXhCb0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jNjc1MjItNzFjNS00MDYxLWExOGItNjkzM2E5MGM1M2Zh
LzEvY25hZGJrb1B3c21BRTdjaTZ5dnJubTZISDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzAeBAIAATAYAwQALVVJAwQA
V+wgAwQAyg5xAwQAyyEmMDUEAgACMC8DBwAqDruBAAADBwAqDruBAKEwEgMHACoO
u4EAsQMHACoOu4EAsgMHACoOu4EQADANBgkqhkiG9w0BAQsFAAOCAQEAfAV6Rj2L
zKEKGAA1EU0Uc3MJkNVcCCkbbjPW9G0of4vGURScmmZcS3W1jKx1GP8IxqYA2lKQ
uCoFDzkjPzqKkp81MrZi4XVaRBWmMBaL8gik5fZw0QTWNFE3v36P3u13OR5mQNCg
xt+U/IY0D/Gz8s5j1XlAZ15wk5EdRQA8sk3IHXDfIIY9nXhud44OGK2jKYofy0jS
Anzfgo7RuIEoWim+3A3jTPcu3dtEjcy/pD79aesp/eP9x4k+G50SZMAmiXA0jHBO
2zunWSoNa/wnELzW4TRpH7jJHFwfaeNpjjp/DZYujbkryB+LmXi0OuG9atKnv3/l
31wp7szyPfN0dA==
-----END CERTIFICATE-----