Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NNAAjj1D2ViySFMhdnN_PJIuRkk.roa
File:                     NNAAjj1D2ViySFMhdnN_PJIuRkk.roa (raw, json)
Hash identifier:          PX+N9gH1eYRL8YDXr4F0C02Jtr0nkyzc6V19BTjAP9U=
Subject key identifier:   34:D0:00:8E:3D:43:D9:58:B2:48:53:21:76:73:7F:3C:92:2E:46:49
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01977E26C01BCD99E7AC372BB91B55E491FB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NNAAjj1D2ViySFMhdnN_PJIuRkk.roa
Signing time:             Tue 17 Jun 2025 13:49:18 +0000
ROA not before:           Tue 17 Jun 2025 13:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        37.202.194.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.243.7.0/24 maxlen: 24
                          151.243.10.0/24 maxlen: 24
                          151.243.152.0/22 maxlen: 24
                          151.243.228.0/24 maxlen: 24
                          151.243.243.0/24 maxlen: 24
                          151.244.54.0/24 maxlen: 24
                          151.245.1.0/24 maxlen: 24
                          151.245.3.0/24 maxlen: 24
                          151.245.4.0/24 maxlen: 24
                          151.245.60.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Thu 26 Jun 2025 09:04:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:26:c0:1b:cd:99:e7:ac:37:2b:b9:1b:55:e4:91:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 17 13:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34d0008e3d43d958b248532176737f3c922e4649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ff:d5:cf:c3:f7:9b:b5:d3:38:18:69:4f:70:
                    96:c5:a7:7c:fb:1f:ad:39:82:9c:ea:ee:55:5a:7a:
                    f3:db:57:0d:b9:33:c9:84:58:81:c8:b5:9c:8c:79:
                    26:1b:5e:30:c3:ce:7f:a9:df:4f:c5:b5:bc:df:fc:
                    15:0f:3c:31:37:07:6b:fd:19:8e:73:fb:64:11:a9:
                    af:20:b4:bf:4d:c2:10:50:ba:1c:66:4d:ca:6a:ff:
                    73:d8:51:97:62:73:ae:21:89:14:28:b3:e7:9c:6a:
                    a5:5b:86:49:dd:b7:77:00:99:73:61:82:11:09:a6:
                    6e:dc:f8:8d:fc:40:c7:33:d2:dd:f2:c4:3a:a3:4c:
                    66:4c:3c:c9:69:eb:79:41:bf:3c:57:76:d9:ca:47:
                    fe:b3:bf:11:53:56:fb:d9:bf:15:55:5f:8d:e1:2b:
                    b4:0d:c6:93:a9:97:96:60:b9:6f:81:75:0a:2e:74:
                    34:70:6d:92:e2:d5:7a:e4:62:cc:d9:2c:c3:5d:87:
                    c6:22:eb:5c:99:57:f4:f0:20:64:d5:93:59:6c:86:
                    f5:44:49:b3:f8:09:c2:6f:43:ec:a7:5b:dc:32:cc:
                    30:1f:4f:3b:6e:22:a2:d6:6c:a8:62:d8:e1:bd:c1:
                    89:53:1c:1f:2d:33:b2:08:56:ab:40:5c:54:50:02:
                    ff:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D0:00:8E:3D:43:D9:58:B2:48:53:21:76:73:7F:3C:92:2E:46:49
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NNAAjj1D2ViySFMhdnN_PJIuRkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.194.0/24
                  37.202.201.0/24
                  151.243.7.0/24
                  151.243.10.0/24
                  151.243.152.0/22
                  151.243.228.0/24
                  151.243.243.0/24
                  151.244.54.0/24
                  151.245.1.0/24
                  151.245.3.0-151.245.4.255
                  151.245.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:55:cc:a1:68:76:48:90:71:ba:ae:d2:22:79:ee:a8:23:35:
         cc:75:94:0b:2b:03:b9:4f:cc:d2:aa:c2:a0:c0:16:10:1c:b3:
         36:a1:6b:26:b2:09:b1:3f:47:5c:98:e9:e0:da:07:4e:41:4c:
         a0:b3:f8:44:d4:88:13:19:3a:c7:8c:f4:44:b3:3c:c2:44:1b:
         d6:72:91:1f:4d:9c:5c:72:ed:ae:ba:89:db:21:72:94:22:1a:
         36:a1:10:27:47:08:c4:20:aa:49:b8:b8:98:a2:34:e5:d5:36:
         40:5c:3e:9f:b3:a9:e4:f4:73:c3:c8:26:87:fa:74:fd:24:64:
         84:e0:c1:2c:c4:42:ef:19:eb:1c:c1:b0:ed:91:f8:e0:bf:c9:
         b5:20:6d:eb:2f:47:f1:a0:5d:c0:81:ca:47:3b:af:38:57:56:
         d2:91:c0:e3:af:00:ff:66:c4:fa:cf:f5:3b:b7:72:51:f9:48:
         e7:8e:a1:04:ae:6e:03:5b:29:d7:ed:f6:82:69:48:f0:4b:75:
         6f:69:2d:b6:96:aa:aa:da:e3:0a:aa:44:27:b2:88:5c:57:ca:
         7b:e6:c0:18:da:4f:47:15:94:1e:65:d4:80:ce:db:88:01:88:
         a3:53:d9:52:b2:62:90:b9:07:64:7c:c2:e0:c4:c8:4d:38:06:
         19:f0:a1:c2
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZd+JsAbzZnnrDcruRtV5JH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjE3MTM0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQwMDA4ZTNkNDNkOTU4YjI0ODUzMjE3NjczN2YzYzkyMmU0NjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP/Vz8P3m7XTOBhpT3CWxad8+x+t
OYKc6u5VWnrz21cNuTPJhFiByLWcjHkmG14ww85/qd9PxbW83/wVDzwxNwdr/RmO
c/tkEamvILS/TcIQULocZk3Kav9z2FGXYnOuIYkUKLPnnGqlW4ZJ3bd3AJlzYYIR
CaZu3PiN/EDHM9Ld8sQ6o0xmTDzJaet5Qb88V3bZykf+s78RU1b72b8VVV+N4Su0
DcaTqZeWYLlvgXUKLnQ0cG2S4tV65GLM2SzDXYfGIutcmVf08CBk1ZNZbIb1REmz
+AnCb0Psp1vcMswwH087biKi1myoYtjhvcGJUxwfLTOyCFarQFxUUAL/QQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDTQAI49Q9lYskhTIXZzfzySLkZJMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTk5BQWpqMUQyVml5U0ZNaGRuTl9QSkl1UmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAJcrCAwQA
JcrJAwQAl/MHAwQAl/MKAwQCl/OYAwQAl/PkAwQAl/PzAwQAl/Q2AwQAl/UBMAwD
BACX9QMDBACX9QQDBAKX9TwwDQYJKoZIhvcNAQELBQADggEBADdVzKFodkiQcbqu
0iJ57qgjNcx1lAsrA7lPzNKqwqDAFhAcszahayayCbE/R1yY6eDaB05BTKCz+ETU
iBMZOseM9ESzPMJEG9ZykR9NnFxy7a66idshcpQiGjahECdHCMQgqkm4uJiiNOXV
NkBcPp+zqeT0c8PIJof6dP0kZITgwSzEQu8Z6xzBsO2R+OC/ybUgbesvR/GgXcCB
ykc7rzhXVtKRwOOvAP9mxPrP9Tu3clH5SOeOoQSubgNbKdft9oJpSPBLdW9pLbaW
qqra4wqqRCeyiFxXynvmwBjaT0cVlB5l1IDO24gBiKNT2VKyYpC5B2R8wuDEyE04
BhnwocI=
-----END CERTIFICATE-----