Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/fxHBxllLco2HWfBhozsovYeErHY.roa
File:                     fxHBxllLco2HWfBhozsovYeErHY.roa (raw, json)
Hash identifier:          1a7FdgNim6IzilB1+DY3RGXHcMfrJFIJTqsgxozjeUs=
Subject key identifier:   7F:11:C1:C6:59:4B:72:8D:87:59:F0:61:A3:3B:28:BD:87:84:AC:76
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01953EA346D36CB4AA92303D1024DD6D07C5
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/fxHBxllLco2HWfBhozsovYeErHY.roa
Signing time:             Tue 25 Feb 2025 19:44:02 +0000
ROA not before:           Tue 25 Feb 2025 19:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58305
IP address blocks:        107.161.163.0/24 maxlen: 24
                          107.161.164.0/24 maxlen: 24
                          107.161.165.0/24 maxlen: 24
                          107.161.166.0/24 maxlen: 24
                          107.161.167.0/24 maxlen: 24
                          107.161.172.0/24 maxlen: 24
                          107.161.173.0/24 maxlen: 24
                          155.254.63.0/24 maxlen: 24
                          162.217.251.0/24 maxlen: 24
                          2a07:9942:39d6::/48 maxlen: 48
                          2a07:9944:40::/48 maxlen: 48
                          2a07:9945:45::/48 maxlen: 48
                          2a07:9946::/32 maxlen: 32
                          2a07:9947::/32 maxlen: 32
Validation:               Failed, certificate revoked on Sat 01 Mar 2025 16:10:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3e:a3:46:d3:6c:b4:aa:92:30:3d:10:24:dd:6d:07:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Feb 25 19:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f11c1c6594b728d8759f061a33b28bd8784ac76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c3:d6:a1:0e:28:b9:9e:64:85:09:82:16:5d:
                    b7:57:25:8d:d5:8a:e9:5d:1e:1c:cc:e4:1b:cb:89:
                    49:5a:cb:c3:23:31:06:4b:03:f8:d6:9d:66:19:4e:
                    54:44:41:a7:2d:a8:d4:19:e9:03:71:4e:2b:65:e1:
                    f0:0c:8e:72:14:b0:5f:bc:69:ba:3d:1d:f9:db:19:
                    ba:0f:e9:c5:4b:11:17:17:0d:5b:36:48:2b:a5:76:
                    ee:ec:e4:00:17:fe:15:66:e2:af:a5:d2:70:67:ae:
                    97:7b:83:a6:a8:6c:82:d4:b2:c1:8f:b4:3c:22:3c:
                    eb:db:3d:25:43:4c:27:39:cc:cc:bd:54:31:9d:73:
                    4f:32:0c:3a:aa:b8:59:6a:f2:1b:bd:df:04:45:75:
                    8f:21:c9:d5:39:f7:e0:91:1e:fc:51:15:82:08:62:
                    2d:fe:74:0e:9d:09:07:5c:dd:c0:9e:ef:c8:1b:d2:
                    23:46:4f:bf:7a:24:1d:d8:d4:cb:ec:77:4f:2a:32:
                    5d:c4:5c:2c:0b:4b:e2:7a:89:95:8b:ae:36:1f:ca:
                    41:af:38:30:6a:c6:ab:f1:04:d7:12:d2:0b:46:8a:
                    80:94:0f:0d:56:ba:da:fd:0f:43:0d:ab:1c:7f:27:
                    25:a2:a3:5b:f4:3f:6a:dc:75:a4:ad:46:f5:ed:1d:
                    cd:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:11:C1:C6:59:4B:72:8D:87:59:F0:61:A3:3B:28:BD:87:84:AC:76
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/fxHBxllLco2HWfBhozsovYeErHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.163.0-107.161.167.255
                  107.161.172.0/23
                  155.254.63.0/24
                  162.217.251.0/24
                IPv6:
                  2a07:9942:39d6::/48
                  2a07:9944:40::/48
                  2a07:9945:45::/48
                  2a07:9946::/31

    Signature Algorithm: sha256WithRSAEncryption
         47:f1:1b:1e:8d:84:8a:3f:ef:8f:c9:8a:94:61:79:54:44:b9:
         c0:73:48:24:87:fa:ae:be:a8:bf:06:20:e9:98:77:e5:6d:d9:
         72:da:25:7a:35:05:cf:2f:ea:87:ac:69:f2:06:94:f6:56:06:
         e7:c4:52:82:c2:59:f2:1b:8c:d8:13:11:3b:b4:d1:05:3e:ad:
         e1:c9:a4:39:c8:3f:60:07:32:56:8b:ce:75:91:06:f8:b8:aa:
         24:6e:23:33:1e:a4:3d:c7:3a:0e:77:3a:1d:8f:98:6e:de:8a:
         33:81:09:e7:65:b7:dd:d0:12:46:7b:c8:58:39:97:3b:be:76:
         9b:19:08:3b:45:09:1a:db:4e:87:0d:ec:d2:60:7b:af:d7:1e:
         71:a7:d1:da:53:ef:54:e5:cd:9f:e5:ae:cd:72:6b:da:f4:d5:
         23:65:91:88:e7:0b:cf:14:51:f4:ef:28:60:1a:42:dd:7f:09:
         76:c3:72:3b:eb:57:bd:42:b7:34:6d:91:9b:1e:b4:87:4c:03:
         a2:19:b6:67:b6:1a:48:45:51:32:e6:1c:68:c4:c8:b1:d2:bb:
         de:cc:a2:14:f7:b5:e4:62:0d:ef:68:c5:6e:5e:d9:42:f4:5c:
         a4:15:8d:b7:36:83:dc:82:de:22:01:73:80:ba:6f:7d:71:9f:
         df:af:f2:1d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZU+o0bTbLSqkjA9ECTdbQfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwMjI1MTk0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjExYzFjNjU5NGI3MjhkODc1OWYwNjFhMzNiMjhiZDg3ODRhYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocPWoQ4ouZ5khQmCFl23VyWN1Yrp
XR4czOQby4lJWsvDIzEGSwP41p1mGU5UREGnLajUGekDcU4rZeHwDI5yFLBfvGm6
PR352xm6D+nFSxEXFw1bNkgrpXbu7OQAF/4VZuKvpdJwZ66Xe4OmqGyC1LLBj7Q8
Ijzr2z0lQ0wnOczMvVQxnXNPMgw6qrhZavIbvd8ERXWPIcnVOffgkR78URWCCGIt
/nQOnQkHXN3Anu/IG9IjRk+/eiQd2NTL7HdPKjJdxFwsC0vieomVi642H8pBrzgw
asar8QTXEtILRoqAlA8NVrra/Q9DDascfycloqNb9D9q3HWkrUb17R3NwwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFH8RwcZZS3KNh1nwYaM7KL2HhKx2MB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvZnhIQnhsbExjbzJIV2ZCaG96c292WWVFckhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAmBAIAATAgMAwDBABroaMD
BANroaADBAFroawDBACb/j8DBACi2fswKAQCAAIwIgMHACoHmUI51gMHACoHmUQA
QAMHACoHmUUARQMFASoHmUYwDQYJKoZIhvcNAQELBQADggEBAEfxGx6NhIo/74/J
ipRheVREucBzSCSH+q6+qL8GIOmYd+Vt2XLaJXo1Bc8v6oesafIGlPZWBufEUoLC
WfIbjNgTETu00QU+reHJpDnIP2AHMlaLznWRBvi4qiRuIzMepD3HOg53Oh2PmG7e
ijOBCedlt93QEkZ7yFg5lzu+dpsZCDtFCRrbTocN7NJge6/XHnGn0dpT71TlzZ/l
rs1ya9r01SNlkYjnC88UUfTvKGAaQt1/CXbDcjvrV71CtzRtkZsetIdMA6IZtme2
GkhFUTLmHGjEyLHSu97MohT3teRiDe9oxW5e2UL0XKQVjbc2g9yC3iIBc4C6b31x
n9+v8h0=
-----END CERTIFICATE-----