Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/qzgRewf6m9Jf-8BxefH1KdNTdPY.roa
File:                     qzgRewf6m9Jf-8BxefH1KdNTdPY.roa (raw, json)
Hash identifier:          Mm9kutfolBx9DMBHXFqEeVwjHvREd/VHCCl1fZyqtR4=
Subject key identifier:   AB:38:11:7B:07:FA:9B:D2:5F:FB:C0:71:79:F1:F5:29:D3:53:74:F6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0195030485910EC862A0770C72AAB46527B9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/qzgRewf6m9Jf-8BxefH1KdNTdPY.roa
Signing time:             Fri 14 Feb 2025 05:53:02 +0000
ROA not before:           Fri 14 Feb 2025 05:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.36.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 05 Mar 2025 11:41:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:03:04:85:91:0e:c8:62:a0:77:0c:72:aa:b4:65:27:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb 14 05:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab38117b07fa9bd25ffbc07179f1f529d35374f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:44:ca:76:e7:25:55:d7:aa:b4:c6:d5:62:54:
                    7b:ad:99:f7:ad:a5:74:c4:da:d6:03:6a:8c:5d:b6:
                    a3:ca:24:01:06:0c:62:e9:e8:29:60:ba:21:3e:db:
                    d2:b9:82:fe:c5:72:45:7b:ae:d3:b2:6b:0f:9b:b8:
                    f3:56:80:b9:ad:06:90:11:77:63:3c:1d:24:48:3a:
                    61:94:d8:46:b4:b6:70:05:0a:d3:cf:b1:a5:dc:d4:
                    b1:b0:ff:dd:0c:f2:11:a6:ec:90:04:70:f5:84:68:
                    b3:25:dc:f4:c3:09:18:67:2c:87:f0:7f:6d:30:72:
                    2e:95:76:c0:dd:19:95:bd:1a:fc:1d:39:e5:a1:72:
                    f6:1b:c5:99:26:df:d0:06:76:b2:7b:b0:c0:ea:55:
                    50:16:22:50:fd:61:90:70:a8:b0:67:a0:f5:4f:10:
                    fe:f4:ee:e0:10:a3:d9:e5:2d:8d:f5:56:5b:fd:04:
                    42:40:1f:f4:d7:96:d9:1f:11:60:0c:38:b3:8b:ff:
                    67:2c:bd:c0:29:39:f3:71:36:53:91:83:09:bf:6f:
                    8b:0a:61:9a:89:13:1a:60:8a:e7:c6:e5:a0:a8:04:
                    40:55:7b:a5:3f:55:ae:8c:7e:b8:4e:0c:93:8a:0f:
                    09:b1:e1:36:28:5f:f0:ef:e5:44:f9:8e:70:5a:0c:
                    93:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:38:11:7B:07:FA:9B:D2:5F:FB:C0:71:79:F1:F5:29:D3:53:74:F6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/qzgRewf6m9Jf-8BxefH1KdNTdPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.36.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:59:35:f8:f4:c0:bb:59:ed:e8:c0:96:51:b9:cf:69:7c:73:
         fa:da:db:f5:52:3a:09:a2:a3:fe:06:db:ac:19:75:6d:dd:45:
         1d:b3:3d:30:ae:f7:00:ee:eb:ae:31:91:5b:c3:58:15:5e:23:
         f5:e4:92:9c:dd:b3:17:a2:ac:d0:06:48:8e:30:29:68:c7:3f:
         60:51:1b:79:66:a2:75:2a:48:eb:3d:d0:00:6f:6f:ea:63:e4:
         d8:c4:4c:31:7d:37:d8:01:d1:c7:0b:b3:bb:c8:9a:50:d1:bb:
         8d:a2:9c:4b:23:7b:2b:c8:a4:f6:b2:f9:9d:5c:4f:c0:69:2e:
         0d:73:f5:68:61:21:db:15:c3:89:b3:61:a3:a7:13:06:1e:65:
         de:00:2e:de:92:78:f4:42:ad:ad:30:a1:12:5a:e5:85:05:9e:
         2c:ba:83:ce:ac:46:fc:c2:62:68:3b:cf:e9:1b:76:da:94:f2:
         b3:b1:0d:ca:75:20:7a:d7:ac:71:91:b5:02:33:84:11:61:7c:
         0c:c8:37:27:13:c7:05:0a:66:90:5c:32:e4:a9:b3:0a:69:16:
         7d:d4:8d:1e:e5:bf:07:3e:be:e8:d3:c8:9b:0c:ac:e7:34:25:
         9b:7b:20:ed:8a:df:22:7d:1d:ff:89:b8:22:58:1c:da:26:73:
         1e:9a:0d:1a
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZUDBIWRDshioHcMcqq0ZSe5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMjE0MDU1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM4MTE3YjA3ZmE5YmQyNWZmYmMwNzE3OWYxZjUyOWQzNTM3NGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0TKduclVdeqtMbVYlR7rZn3raV0
xNrWA2qMXbajyiQBBgxi6egpYLohPtvSuYL+xXJFe67TsmsPm7jzVoC5rQaQEXdj
PB0kSDphlNhGtLZwBQrTz7Gl3NSxsP/dDPIRpuyQBHD1hGizJdz0wwkYZyyH8H9t
MHIulXbA3RmVvRr8HTnloXL2G8WZJt/QBnaye7DA6lVQFiJQ/WGQcKiwZ6D1TxD+
9O7gEKPZ5S2N9VZb/QRCQB/015bZHxFgDDizi/9nLL3AKTnzcTZTkYMJv2+LCmGa
iRMaYIrnxuWgqARAVXulP1WujH64TgyTig8JseE2KF/w7+VE+Y5wWgyTiwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKs4EXsH+pvSX/vAcXnx9SnTU3T2MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcXpnUmV3ZjZtOUpmLThCeGVmSDFLZE5UZFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwjokAwQA
wjqbAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB1MEaMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAJ1k1+PTAu1nt6MCWUbnP
aXxz+trb9VI6CaKj/gbbrBl1bd1FHbM9MK73AO7rrjGRW8NYFV4j9eSSnN2zF6Ks
0AZIjjApaMc/YFEbeWaidSpI6z3QAG9v6mPk2MRMMX032AHRxwuzu8iaUNG7jaKc
SyN7K8ik9rL5nVxPwGkuDXP1aGEh2xXDibNho6cTBh5l3gAu3pJ49EKtrTChElrl
hQWeLLqDzqxG/MJiaDvP6Rt22pTys7ENynUgetescZG1AjOEEWF8DMg3JxPHBQpm
kFwy5KmzCmkWfdSNHuW/Bz6+6NPImwys5zQlm3sg7YrfIn0d/4m4Ilgc2iZzHpoN
Gg==
-----END CERTIFICATE-----