Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/1-fBaThTrfs60J-dsoqP7pEwGe8M.roa
File:                     1-fBaThTrfs60J-dsoqP7pEwGe8M.roa (raw, json)
Hash identifier:          eowLHLXFWDyO2WgAiHFrGAqJistW+NltqwJbctnUlT8=
Subject key identifier:   F9:F0:5A:4E:14:EB:7E:CE:B4:27:E7:6C:A2:A3:FB:A4:4C:06:7B:C3
Certificate issuer:       /CN=5dc6245ca820899d7eb4140302c21041b5dbca06
Certificate serial:       0193F40407D90233ABF0020BB07BF140E19F
Authority key identifier: 5D:C6:24:5C:A8:20:89:9D:7E:B4:14:03:02:C2:10:41:B5:DB:CA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XcYkXKggiZ1-tBQDAsIQQbXbygY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/1-fBaThTrfs60J-dsoqP7pEwGe8M.roa
Signing time:             Mon 23 Dec 2024 14:55:25 +0000
ROA not before:           Mon 23 Dec 2024 14:55:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38984
IP address blocks:        185.23.228.0/22 maxlen: 22
                          185.23.228.0/23 maxlen: 23
                          185.23.230.0/24 maxlen: 24
                          185.23.231.0/24 maxlen: 24
                          188.65.232.0/21 maxlen: 21
                          188.65.232.0/22 maxlen: 22
                          188.65.236.0/23 maxlen: 23
                          188.65.238.0/23 maxlen: 23
                          195.135.236.0/22 maxlen: 22
                          195.135.236.0/24 maxlen: 24
                          195.135.237.0/24 maxlen: 24
                          195.135.238.0/24 maxlen: 24
                          195.135.239.0/24 maxlen: 24
                          2a03:7f00::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 09:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f4:04:07:d9:02:33:ab:f0:02:0b:b0:7b:f1:40:e1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dc6245ca820899d7eb4140302c21041b5dbca06
        Validity
            Not Before: Dec 23 14:55:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f05a4e14eb7eceb427e76ca2a3fba44c067bc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:db:f4:2b:4c:6d:9a:c1:c1:95:fd:2f:0a:c7:
                    00:5e:50:e8:19:cf:83:f0:78:0d:05:f1:9f:93:6a:
                    89:15:79:26:80:f1:62:4a:64:cb:49:a2:e3:cc:1e:
                    7e:b7:8a:52:94:ef:74:4a:e1:81:06:61:fc:30:ba:
                    a5:7c:84:41:82:1c:9f:6c:60:06:47:28:0e:d8:f6:
                    5d:c2:cb:6f:ff:c5:07:a2:9d:82:d5:47:3d:31:74:
                    64:27:79:70:e9:9d:ca:f0:a1:56:83:61:e6:af:f6:
                    d5:31:48:2a:65:e0:d7:14:81:68:ba:22:02:e4:88:
                    ea:b7:9b:35:08:36:fb:58:a2:5b:e7:42:a7:93:26:
                    21:a3:4c:f1:b8:7c:73:63:74:bb:76:3c:12:a2:ef:
                    ec:2d:59:79:97:66:ac:a5:02:1e:6a:64:9c:b1:77:
                    34:74:ba:5a:a7:7d:cb:a0:db:e5:cb:12:6c:38:5d:
                    0c:b9:d0:07:34:dd:f9:18:03:74:f5:3b:c6:49:13:
                    31:bf:c4:b2:ee:04:d4:dc:f3:35:dc:a2:b5:cc:f5:
                    0f:8c:a3:15:58:e1:ac:35:a0:af:73:08:46:2e:d4:
                    59:62:5d:9f:43:3d:7f:b0:5f:90:fa:a4:92:58:e0:
                    ab:b4:22:57:80:03:12:9b:c6:7b:5a:43:3f:f0:ff:
                    5b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F0:5A:4E:14:EB:7E:CE:B4:27:E7:6C:A2:A3:FB:A4:4C:06:7B:C3
            X509v3 Authority Key Identifier:
                keyid:5D:C6:24:5C:A8:20:89:9D:7E:B4:14:03:02:C2:10:41:B5:DB:CA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XcYkXKggiZ1-tBQDAsIQQbXbygY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/1-fBaThTrfs60J-dsoqP7pEwGe8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8a430f-40c5-474b-8fd9-074ed70b4673/1/XcYkXKggiZ1-tBQDAsIQQbXbygY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.228.0/22
                  188.65.232.0/21
                  195.135.236.0/22
                IPv6:
                  2a03:7f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:16:53:e0:94:c0:e6:6d:ce:73:ba:3b:77:f1:33:98:48:b0:
         22:87:b5:77:9d:23:24:b5:c3:2b:d6:73:01:37:67:70:fe:c9:
         c4:eb:8d:6f:aa:64:88:89:ce:37:20:39:38:ce:e4:9c:9e:f2:
         f7:86:81:91:c1:9e:58:cf:9d:82:79:26:bf:9a:f6:f2:b3:34:
         86:0c:ab:95:94:92:c0:dd:44:9c:0f:a6:1a:b7:cf:6a:83:a3:
         0c:f8:8b:bf:95:64:51:9e:d3:a1:af:64:a4:81:89:92:4f:f9:
         f1:84:1e:77:4c:6f:39:5c:82:70:fd:df:e9:a1:12:14:34:22:
         39:35:3d:d6:71:f9:db:d0:05:2e:51:0c:8b:2b:c1:7d:d0:e7:
         48:90:a2:5d:c4:97:97:fb:30:b2:80:55:82:0a:bb:13:09:63:
         3d:9f:d2:c2:92:e9:5b:40:25:5e:3d:ad:b5:f3:10:60:35:f9:
         8c:8e:6d:35:6a:fb:5f:3e:85:65:9b:1a:66:30:14:05:a8:ed:
         ee:8d:03:a6:dd:79:08:e7:a2:78:7d:2a:75:e1:93:50:a6:74:
         20:42:ac:72:51:1e:13:ca:94:1f:ba:1d:b5:bc:1c:5d:70:fe:
         f6:b8:1f:6b:8a:7c:17:60:1b:fd:15:0b:a2:2b:c4:57:77:fb:
         89:65:a2:66
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZP0BAfZAjOr8AILsHvxQOGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYzYyNDVjYTgyMDg5OWQ3ZWI0MTQwMzAyYzIxMDQxYjVk
YmNhMDYwHhcNMjQxMjIzMTQ1NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYwNWE0ZTE0ZWI3ZWNlYjQyN2U3NmNhMmEzZmJhNDRjMDY3YmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9v0K0xtmsHBlf0vCscAXlDoGc+D
8HgNBfGfk2qJFXkmgPFiSmTLSaLjzB5+t4pSlO90SuGBBmH8MLqlfIRBghyfbGAG
RygO2PZdwstv/8UHop2C1Uc9MXRkJ3lw6Z3K8KFWg2Hmr/bVMUgqZeDXFIFouiIC
5Ijqt5s1CDb7WKJb50KnkyYho0zxuHxzY3S7djwSou/sLVl5l2aspQIeamScsXc0
dLpap33LoNvlyxJsOF0MudAHNN35GAN09TvGSRMxv8Sy7gTU3PM13KK1zPUPjKMV
WOGsNaCvcwhGLtRZYl2fQz1/sF+Q+qSSWOCrtCJXgAMSm8Z7WkM/8P9bLwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPnwWk4U637OtCfnbKKj+6RMBnvDMB8GA1UdIwQY
MBaAFF3GJFyoIImdfrQUAwLCEEG128oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGNZa1hLZ2dpWjEtdEJRREFzSVFRYlhieWdZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YTQzMGYtNDBjNS00NzRiLThmZDkt
MDc0ZWQ3MGI0NjczLzEvMS1mQmFUaFRyZnM2MEotZHNvcVA3cEV3R2U4TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvOGE0MzBmLTQwYzUtNDc0Yi04ZmQ5LTA3NGVkNzBiNDY3
My8xL1hjWWtYS2dnaVoxLXRCUURBc0lRUWJYYnlnWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA6BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEArkX5AME
A7xB6AMEAsOH7DANBAIAAjAHAwUAKgN/ADANBgkqhkiG9w0BAQsFAAOCAQEAIRZT
4JTA5m3Oc7o7d/EzmEiwIoe1d50jJLXDK9ZzATdncP7JxOuNb6pkiInONyA5OM7k
nJ7y94aBkcGeWM+dgnkmv5r28rM0hgyrlZSSwN1EnA+mGrfPaoOjDPiLv5VkUZ7T
oa9kpIGJkk/58YQed0xvOVyCcP3f6aESFDQiOTU91nH529AFLlEMiyvBfdDnSJCi
XcSXl/swsoBVggq7EwljPZ/SwpLpW0AlXj2ttfMQYDX5jI5tNWr7Xz6FZZsaZjAU
Bajt7o0Dpt15COeieH0qdeGTUKZ0IEKsclEeE8qUH7odtbwcXXD+9rgfa4p8F2Ab
/RULoivEV3f7iWWiZg==
-----END CERTIFICATE-----