Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Cgzg8eFe21C-P6OO55BBIluial0.roa
File:                     Cgzg8eFe21C-P6OO55BBIluial0.roa (raw, json)
Hash identifier:          s7UZb+mByV/fntwnW5gHi/EHpBd+u4EOibgVM59y9QA=
Subject key identifier:   0A:0C:E0:F1:E1:5E:DB:50:BE:3F:A3:8E:E7:90:41:22:5B:A2:6A:5D
Certificate issuer:       /CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
Certificate serial:       019426FC098727C18F33671C3165CD6D2451
Authority key identifier: 51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Cgzg8eFe21C-P6OO55BBIluial0.roa
Signing time:             Thu 02 Jan 2025 12:27:19 +0000
ROA not before:           Thu 02 Jan 2025 12:27:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47790
IP address blocks:        91.206.210.0/24 maxlen: 24
                          91.206.211.0/24 maxlen: 24
                          91.224.216.0/23 maxlen: 24
                          91.226.196.0/24 maxlen: 24
                          91.226.197.0/24 maxlen: 24
                          91.230.8.0/24 maxlen: 24
                          91.230.9.0/24 maxlen: 24
                          185.48.28.0/22 maxlen: 24
                          185.142.160.0/22 maxlen: 24
                          185.142.160.0/24 maxlen: 24
                          185.142.161.0/24 maxlen: 24
                          185.142.162.0/24 maxlen: 24
                          185.142.163.0/24 maxlen: 24
                          185.152.120.0/24 maxlen: 24
                          185.152.121.0/24 maxlen: 24
                          185.152.122.0/24 maxlen: 24
                          185.152.123.0/24 maxlen: 24
                          2a14:7a80::/29 maxlen: 32
                          2a14:7a80::/30 maxlen: 30
                          2a14:7a84::/30 maxlen: 30
Validation:               Failed, certificate revoked on Fri 03 Jan 2025 09:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:fc:09:87:27:c1:8f:33:67:1c:31:65:cd:6d:24:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
        Validity
            Not Before: Jan  2 12:27:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a0ce0f1e15edb50be3fa38ee79041225ba26a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:65:ff:84:52:80:ea:b7:05:d8:fa:d1:f2:64:
                    24:dd:4b:15:28:b9:62:97:52:ab:d4:66:c9:af:6c:
                    46:e4:9d:ee:41:e2:56:d9:8e:f0:12:14:ad:75:94:
                    d7:89:54:23:62:e9:00:1a:18:9f:92:e7:be:fe:24:
                    6b:0f:52:6f:06:e7:a1:a0:12:b7:53:a7:c4:07:c1:
                    c3:4a:de:46:78:51:01:03:8e:b5:cb:2c:66:55:0b:
                    f0:06:99:39:a2:18:fb:7c:a4:6d:c8:b3:6b:3e:c0:
                    b0:40:d0:55:08:af:e9:18:a5:d4:1e:85:50:d2:3b:
                    ae:d6:ce:85:3d:0e:07:95:ba:31:0b:0a:a0:98:43:
                    a2:0e:59:2a:d3:83:a0:ba:b8:28:46:72:8d:34:83:
                    48:3b:9e:60:dd:12:29:00:86:ab:9d:a6:af:59:e2:
                    f3:df:c7:1b:07:7f:e6:e5:58:42:64:ee:a4:ba:f3:
                    e9:29:59:8c:0d:a5:5b:e7:0e:8a:4d:67:97:bc:58:
                    dc:d4:59:19:a6:65:e6:68:ff:7c:0d:21:11:53:b4:
                    ff:79:7f:2d:7c:ac:3a:76:ac:61:86:9b:e8:de:9d:
                    e8:94:90:02:16:45:c4:3e:a5:72:3b:b5:9f:59:9d:
                    e9:a3:b9:3b:82:20:43:60:d9:70:3f:cc:3c:80:29:
                    32:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:0C:E0:F1:E1:5E:DB:50:BE:3F:A3:8E:E7:90:41:22:5B:A2:6A:5D
            X509v3 Authority Key Identifier:
                keyid:51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Cgzg8eFe21C-P6OO55BBIluial0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Ua1nkbjb6cNSvWSpMiFytBxLIXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.210.0/23
                  91.224.216.0/23
                  91.226.196.0/23
                  91.230.8.0/23
                  185.48.28.0/22
                  185.142.160.0/22
                  185.152.120.0/22
                IPv6:
                  2a14:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:98:36:98:f0:e8:92:fd:43:e4:c1:24:ab:b1:79:68:33:cc:
         0a:b1:7c:77:62:62:62:9c:45:14:60:bd:68:22:bc:d6:69:59:
         11:28:f6:6c:4a:b1:60:d0:ae:75:8b:2a:02:bd:61:f8:56:8f:
         c2:bd:65:7d:24:5b:74:a1:46:41:97:fb:83:98:9b:f4:30:48:
         a1:3d:17:7f:92:cf:9c:12:90:28:3f:87:0a:72:5f:9a:e5:ab:
         9c:e8:56:ff:2a:fc:3d:8e:32:16:19:e5:18:82:29:2e:0f:35:
         30:8b:ee:44:1e:f5:0f:c1:fa:05:94:ca:b7:0b:50:60:b0:3f:
         bc:8c:da:62:3a:c6:ef:08:4b:b7:66:ee:df:0a:66:5c:4a:7e:
         bc:fa:2d:e9:a7:1f:43:b7:6a:8a:dd:5b:9e:2e:a0:66:80:1c:
         12:9c:17:15:57:f5:88:e2:b3:64:5e:c9:69:47:6f:b8:43:91:
         05:0b:c1:66:ea:ed:af:f2:c2:42:57:43:42:c3:63:b7:38:c8:
         d1:97:d1:f1:cf:58:dd:71:2b:06:8f:1b:5f:18:87:62:ac:b0:
         f2:6c:94:53:29:61:aa:25:75:6c:b0:68:ff:0d:4e:fc:55:c5:
         02:84:d9:dc:1a:63:31:19:2f:7e:59:c3:8e:2b:1a:a7:42:ad:
         e1:32:b5:71
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQm/AmHJ8GPM2ccMWXNbSRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWQ2NzkxYjhkYmU5YzM1MmJkNjRhOTMyMjE3MmI0MWM0
YjIxNzEwHhcNMjUwMTAyMTIyNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBjZTBmMWUxNWVkYjUwYmUzZmEzOGVlNzkwNDEyMjViYTI2YTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWX/hFKA6rcF2PrR8mQk3UsVKLli
l1Kr1GbJr2xG5J3uQeJW2Y7wEhStdZTXiVQjYukAGhifkue+/iRrD1JvBuehoBK3
U6fEB8HDSt5GeFEBA461yyxmVQvwBpk5ohj7fKRtyLNrPsCwQNBVCK/pGKXUHoVQ
0juu1s6FPQ4HlboxCwqgmEOiDlkq04OgurgoRnKNNINIO55g3RIpAIarnaavWeLz
38cbB3/m5VhCZO6kuvPpKVmMDaVb5w6KTWeXvFjc1FkZpmXmaP98DSERU7T/eX8t
fKw6dqxhhpvo3p3olJACFkXEPqVyO7WfWZ3po7k7giBDYNlwP8w8gCkyBwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAoM4PHhXttQvj+jjueQQSJbompdMB8GA1UdIwQY
MBaAFFGtZ5G42+nDUr1kqTIhcrQcSyFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMt
MWE4OWZmMTE5NjVlLzEvQ2d6ZzhlRmUyMUMtUDZPTzU1QkJJbHVpYWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMtMWE4OWZmMTE5NjVl
LzEvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQBW87SAwQB
W+DYAwQBW+LEAwQBW+YIAwQCuTAcAwQCuY6gAwQCuZh4MA0EAgACMAcDBQMqFHqA
MA0GCSqGSIb3DQEBCwUAA4IBAQA1mDaY8OiS/UPkwSSrsXloM8wKsXx3YmJinEUU
YL1oIrzWaVkRKPZsSrFg0K51iyoCvWH4Vo/CvWV9JFt0oUZBl/uDmJv0MEihPRd/
ks+cEpAoP4cKcl+a5auc6Fb/Kvw9jjIWGeUYgikuDzUwi+5EHvUPwfoFlMq3C1Bg
sD+8jNpiOsbvCEu3Zu7fCmZcSn68+i3ppx9Dt2qK3VueLqBmgBwSnBcVV/WI4rNk
XslpR2+4Q5EFC8Fm6u2v8sJCV0NCw2O3OMjRl9Hxz1jdcSsGjxtfGIdirLDybJRT
KWGqJXVssGj/DU78VcUChNncGmMxGS9+WcOOKxqnQq3hMrVx
-----END CERTIFICATE-----