Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/xhjvbhPhTroJUWYvq5h6QwSUEj8.roa
File:                     xhjvbhPhTroJUWYvq5h6QwSUEj8.roa (raw, json)
Hash identifier:          O5NQT2iTpxeQTcLbOovN+QYoj3+Z+pl9kmdLAhKjdhE=
Subject key identifier:   C6:18:EF:6E:13:E1:4E:BA:09:51:66:2F:AB:98:7A:43:04:94:12:3F
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       019554266F3BEAEF7FB3D27529DB1831B11D
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/xhjvbhPhTroJUWYvq5h6QwSUEj8.roa
Signing time:             Sat 01 Mar 2025 23:59:19 +0000
ROA not before:           Sat 01 Mar 2025 23:59:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58305
IP address blocks:        107.161.163.0/24 maxlen: 24
                          107.161.164.0/24 maxlen: 24
                          107.161.165.0/24 maxlen: 24
                          107.161.166.0/24 maxlen: 24
                          107.161.167.0/24 maxlen: 24
                          107.161.172.0/24 maxlen: 24
                          107.161.173.0/24 maxlen: 24
                          155.254.63.0/24 maxlen: 24
                          162.217.251.0/24 maxlen: 24
                          2a07:9942:39d6::/48 maxlen: 48
                          2a07:9944:40::/48 maxlen: 48
                          2a07:9945:45::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 03 Mar 2025 13:17:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:54:26:6f:3b:ea:ef:7f:b3:d2:75:29:db:18:31:b1:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Mar  1 23:59:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c618ef6e13e14eba0951662fab987a430494123f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f8:1a:d5:0e:3c:8c:e1:01:86:7d:1a:a3:77:
                    b0:ae:9a:8a:0a:ef:92:6b:a9:c4:40:f2:85:1e:9c:
                    c0:3d:f7:98:81:3e:b7:c1:e3:ad:20:25:e8:ab:9a:
                    0a:ae:4f:54:fc:1a:a5:6d:c6:0c:24:5e:85:34:c8:
                    a7:7f:0b:71:cd:f2:d0:65:e5:3c:bb:48:15:a0:b0:
                    a2:62:c5:6c:2f:97:34:e1:0a:87:7d:8c:6d:db:1d:
                    7f:a4:99:a2:2d:45:ee:16:6e:d2:ba:8a:4f:17:b1:
                    2a:4d:00:90:ad:02:a6:c7:ef:14:6a:76:e9:0e:c2:
                    66:e9:2c:cb:31:0a:a8:8a:7f:a1:50:d5:84:31:58:
                    c1:ea:95:a9:d8:ba:1b:aa:eb:9e:a7:50:5a:10:2e:
                    15:9e:9a:3f:9c:59:de:83:57:76:0d:54:9d:c3:5a:
                    dc:ba:fe:a9:2e:54:61:d4:c5:2a:72:16:26:59:9e:
                    14:67:2f:e2:f2:fd:c4:fb:49:c8:88:64:06:89:8a:
                    30:84:69:ff:37:a6:26:da:a9:52:5a:67:c9:65:35:
                    03:e1:42:fe:4b:d6:dd:91:5b:34:c0:d7:3e:80:1d:
                    d2:81:d0:95:2b:e1:f8:af:29:a4:02:db:70:95:50:
                    06:2f:9c:51:fa:7d:04:50:5c:63:55:0f:8f:81:f5:
                    9b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:EF:6E:13:E1:4E:BA:09:51:66:2F:AB:98:7A:43:04:94:12:3F
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/xhjvbhPhTroJUWYvq5h6QwSUEj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.163.0-107.161.167.255
                  107.161.172.0/23
                  155.254.63.0/24
                  162.217.251.0/24
                IPv6:
                  2a07:9942:39d6::/48
                  2a07:9944:40::/48
                  2a07:9945:45::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:30:86:42:d4:d5:ba:0a:4a:63:c6:2d:f3:5c:44:ce:c8:3f:
         2a:11:c7:0f:96:e4:58:94:8e:07:cf:04:b7:e4:51:fc:f5:ab:
         25:21:23:40:ab:22:16:86:dc:64:de:b3:fb:94:2d:c4:25:2d:
         57:f0:15:ef:73:72:ae:25:47:27:0a:e4:37:c9:47:71:68:e5:
         58:73:e8:39:85:f9:51:8a:4f:e0:9a:71:62:f2:cd:80:e2:8f:
         4d:35:ec:03:01:8e:90:ba:c4:0c:b4:13:d7:7a:42:b8:9d:3c:
         3e:df:60:8b:39:96:fa:e1:aa:21:6d:e2:c9:6d:f1:ae:48:9a:
         e1:23:d2:c0:fa:44:29:be:ca:fa:e9:5d:09:28:a6:5b:2b:fa:
         42:c6:7b:e3:43:64:64:c2:46:75:88:e0:6c:75:ae:42:5b:aa:
         ca:9c:38:fc:fb:0e:8c:9b:3f:d3:ef:98:93:1b:17:17:b7:5e:
         44:b3:ad:5c:8f:8e:3d:db:c2:cc:e3:e3:05:85:62:8b:65:ba:
         95:fb:db:a3:ba:c8:53:38:1e:17:67:31:43:17:28:c9:0a:c0:
         ad:b0:65:86:43:51:1e:40:0d:ca:81:22:df:0e:56:2b:12:76:
         8b:7b:16:55:9b:cd:ec:ba:0a:06:00:4d:92:e2:33:7f:88:3e:
         28:42:bc:e3
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZVUJm876u9/s9J1KdsYMbEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwMzAxMjM1OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE4ZWY2ZTEzZTE0ZWJhMDk1MTY2MmZhYjk4N2E0MzA0OTQxMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/ga1Q48jOEBhn0ao3ewrpqKCu+S
a6nEQPKFHpzAPfeYgT63weOtICXoq5oKrk9U/BqlbcYMJF6FNMinfwtxzfLQZeU8
u0gVoLCiYsVsL5c04QqHfYxt2x1/pJmiLUXuFm7SuopPF7EqTQCQrQKmx+8Uanbp
DsJm6SzLMQqoin+hUNWEMVjB6pWp2Lobquuep1BaEC4Vnpo/nFneg1d2DVSdw1rc
uv6pLlRh1MUqchYmWZ4UZy/i8v3E+0nIiGQGiYowhGn/N6Ym2qlSWmfJZTUD4UL+
S9bdkVs0wNc+gB3SgdCVK+H4rymkAttwlVAGL5xR+n0EUFxjVQ+PgfWbBwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFMYY724T4U66CVFmL6uYekMElBI/MB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEveGhqdmJoUGhUcm9KVVdZdnE1aDZRd1NVRWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAmBAIAATAgMAwDBABroaMD
BANroaADBAFroawDBACb/j8DBACi2fswIQQCAAIwGwMHACoHmUI51gMHACoHmUQA
QAMHACoHmUUARTANBgkqhkiG9w0BAQsFAAOCAQEAZzCGQtTVugpKY8Yt81xEzsg/
KhHHD5bkWJSOB88Et+RR/PWrJSEjQKsiFobcZN6z+5QtxCUtV/AV73NyriVHJwrk
N8lHcWjlWHPoOYX5UYpP4JpxYvLNgOKPTTXsAwGOkLrEDLQT13pCuJ08Pt9gizmW
+uGqIW3iyW3xrkia4SPSwPpEKb7K+uldCSimWyv6QsZ740NkZMJGdYjgbHWuQluq
ypw4/PsOjJs/0++YkxsXF7deRLOtXI+OPdvCzOPjBYVii2W6lfvbo7rIUzgeF2cx
QxcoyQrArbBlhkNRHkANyoEi3w5WKxJ2i3sWVZvN7LoKBgBNkuIzf4g+KEK84w==
-----END CERTIFICATE-----