Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/najzfnXuW8te8_RMcJ_bxjWJOFE.roa
File:                     najzfnXuW8te8_RMcJ_bxjWJOFE.roa (raw, json)
Hash identifier:          5Xj4sRLdfw/q+0oWFr98OCHdWaA4vBIaYYnl736u1+E=
Subject key identifier:   9D:A8:F3:7E:75:EE:5B:CB:5E:F3:F4:4C:70:9F:DB:C6:35:89:38:51
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       01970C61A37CC90C3F947A7D6F752C8D957E
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/najzfnXuW8te8_RMcJ_bxjWJOFE.roa
Signing time:             Mon 26 May 2025 11:36:54 +0000
ROA not before:           Mon 26 May 2025 11:36:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57169
IP address blocks:        5.180.114.0/24 maxlen: 24
                          37.235.48.0/20 maxlen: 20
                          37.235.50.0/23 maxlen: 23
                          37.235.50.0/24 maxlen: 24
                          37.235.52.0/24 maxlen: 24
                          37.235.56.0/24 maxlen: 24
                          37.235.57.0/24 maxlen: 24
                          37.235.58.0/24 maxlen: 24
                          37.235.59.0/24 maxlen: 24
                          37.235.60.0/24 maxlen: 24
                          37.235.61.0/24 maxlen: 24
                          37.235.62.0/24 maxlen: 24
                          37.235.63.0/24 maxlen: 24
                          45.153.125.0/24 maxlen: 24
                          83.172.151.0/24 maxlen: 24
                          83.172.153.0/24 maxlen: 24
                          83.243.120.0/24 maxlen: 24
                          83.243.122.0/24 maxlen: 24
                          83.243.123.0/24 maxlen: 24
                          84.247.61.0/24 maxlen: 24
                          86.106.119.0/24 maxlen: 24
                          89.31.123.0/24 maxlen: 24
                          89.46.238.0/24 maxlen: 24
                          91.132.94.0/24 maxlen: 24
                          91.227.204.0/23 maxlen: 23
                          91.227.204.0/24 maxlen: 24
                          91.227.205.0/24 maxlen: 24
                          92.243.66.0/24 maxlen: 24
                          95.156.205.0/24 maxlen: 24
                          103.57.250.0/24 maxlen: 24
                          134.255.210.0/24 maxlen: 24
                          149.154.152.0/24 maxlen: 24
                          149.154.153.0/24 maxlen: 24
                          149.154.154.0/24 maxlen: 24
                          149.154.155.0/24 maxlen: 24
                          149.154.156.0/24 maxlen: 24
                          151.236.0.0/19 maxlen: 19
                          151.236.0.0/24 maxlen: 24
                          151.236.1.0/24 maxlen: 24
                          151.236.2.0/24 maxlen: 24
                          151.236.3.0/24 maxlen: 24
                          151.236.4.0/24 maxlen: 24
                          151.236.5.0/24 maxlen: 24
                          151.236.6.0/24 maxlen: 24
                          151.236.7.0/24 maxlen: 24
                          151.236.8.0/24 maxlen: 24
                          151.236.9.0/24 maxlen: 24
                          151.236.10.0/24 maxlen: 24
                          151.236.11.0/24 maxlen: 24
                          151.236.12.0/24 maxlen: 24
                          151.236.13.0/24 maxlen: 24
                          151.236.14.0/24 maxlen: 24
                          151.236.20.0/24 maxlen: 24
                          151.236.26.0/23 maxlen: 23
                          151.236.28.0/24 maxlen: 24
                          151.236.30.0/24 maxlen: 24
                          158.255.209.0/24 maxlen: 24
                          158.255.210.0/24 maxlen: 24
                          158.255.211.0/24 maxlen: 24
                          158.255.212.0/24 maxlen: 24
                          185.26.236.0/24 maxlen: 24
                          185.26.237.0/24 maxlen: 24
                          185.26.238.0/24 maxlen: 24
                          185.122.184.0/24 maxlen: 24
                          185.193.51.0/24 maxlen: 24
                          185.195.65.0/24 maxlen: 24
                          188.214.33.0/24 maxlen: 24
                          188.214.34.0/24 maxlen: 24
                          188.214.38.0/24 maxlen: 24
                          188.214.39.0/24 maxlen: 24
                          213.183.54.0/24 maxlen: 24
                          213.183.55.0/24 maxlen: 24
                          213.183.56.0/24 maxlen: 24
                          213.183.57.0/24 maxlen: 24
                          2a03:f80:7::/48 maxlen: 48
                          2a03:f80:31::/48 maxlen: 48
                          2a03:f80:56::/48 maxlen: 48
                          2a03:f80:57::/48 maxlen: 48
                          2a03:f80:70::/48 maxlen: 48
                          2a03:f80:354::/48 maxlen: 48
                          2a03:f80:357::/48 maxlen: 48
                          2a03:f80:359::/48 maxlen: 48
                          2a03:f80:370::/48 maxlen: 48
                          2a03:f80:371::/48 maxlen: 48
                          2a03:f80:3991::/48 maxlen: 48
                          2a03:f80:ad15::/48 maxlen: 48
                          2a03:f80:ed15::/48 maxlen: 48
                          2a03:f80:ed16::/48 maxlen: 48
                          2a03:f80:ed17::/48 maxlen: 48
                          2a03:f80:ed31::/48 maxlen: 48
                          2a03:f80:ed51::/48 maxlen: 48
                          2a03:f82:abcd::/48 maxlen: 48
                          2a03:f82:abcd:43::/64 maxlen: 64
                          2a03:f87:ffff::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 26 May 2025 13:11:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:61:a3:7c:c9:0c:3f:94:7a:7d:6f:75:2c:8d:95:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: May 26 11:36:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9da8f37e75ee5bcb5ef3f44c709fdbc635893851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:41:f6:32:6d:64:23:51:f7:14:a3:53:6e:c6:
                    fa:d2:3a:9c:c8:72:08:d7:79:05:ff:6d:94:d0:70:
                    fb:64:5b:2b:3e:0f:05:48:a5:1c:61:e7:df:0d:7c:
                    08:43:bd:a7:64:7e:58:06:13:35:20:2b:b8:84:ad:
                    a6:23:37:14:9d:b9:99:5f:a6:99:94:30:ab:1b:79:
                    05:51:cb:18:05:f7:5e:46:7c:a2:7b:a7:d0:32:0b:
                    ec:ac:c2:28:83:39:05:24:20:ee:f5:f1:68:aa:94:
                    bb:80:9b:2e:80:94:c4:16:f3:3a:c6:0f:78:0a:fe:
                    1a:86:b4:66:99:48:f6:00:91:ff:0f:00:e0:c0:8e:
                    96:96:3a:d6:55:53:46:08:bd:8b:e3:4a:98:6c:08:
                    52:32:24:a3:df:47:9a:54:49:ab:4f:65:d2:29:15:
                    50:ce:6b:4f:36:d9:70:37:67:73:2d:6f:61:82:22:
                    e5:bb:e5:47:bf:05:7e:73:0d:7f:54:30:97:37:81:
                    e6:e6:48:3d:1f:1c:2d:31:f4:e0:d3:c7:2f:f6:2a:
                    2d:03:56:2c:0e:01:8b:aa:be:58:7e:11:98:3b:97:
                    8c:da:6d:3f:ea:57:f4:4c:a2:fb:fc:fb:e9:fc:ed:
                    e2:86:6f:dd:96:3a:2c:42:1f:53:45:5d:70:bf:70:
                    c3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A8:F3:7E:75:EE:5B:CB:5E:F3:F4:4C:70:9F:DB:C6:35:89:38:51
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/najzfnXuW8te8_RMcJ_bxjWJOFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.114.0/24
                  37.235.48.0/20
                  45.153.125.0/24
                  83.172.151.0/24
                  83.172.153.0/24
                  83.243.120.0/24
                  83.243.122.0/23
                  84.247.61.0/24
                  86.106.119.0/24
                  89.31.123.0/24
                  89.46.238.0/24
                  91.132.94.0/24
                  91.227.204.0/23
                  92.243.66.0/24
                  95.156.205.0/24
                  103.57.250.0/24
                  134.255.210.0/24
                  149.154.152.0-149.154.156.255
                  151.236.0.0/19
                  158.255.209.0-158.255.212.255
                  185.26.236.0-185.26.238.255
                  185.122.184.0/24
                  185.193.51.0/24
                  185.195.65.0/24
                  188.214.33.0-188.214.34.255
                  188.214.38.0/23
                  213.183.54.0-213.183.57.255
                IPv6:
                  2a03:f80:7::/48
                  2a03:f80:31::/48
                  2a03:f80:56::/47
                  2a03:f80:70::/48
                  2a03:f80:354::/48
                  2a03:f80:357::/48
                  2a03:f80:359::/48
                  2a03:f80:370::/47
                  2a03:f80:3991::/48
                  2a03:f80:ad15::/48
                  2a03:f80:ed15::-2a03:f80:ed17:ffff:ffff:ffff:ffff:ffff
                  2a03:f80:ed31::/48
                  2a03:f80:ed51::/48
                  2a03:f82:abcd::/48
                  2a03:f87:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         be:98:1f:77:b3:77:96:de:07:4e:cb:12:53:a5:c1:c1:0a:65:
         67:4f:5a:fc:f6:f6:f0:cc:d4:43:c6:da:b3:c0:c2:b7:e1:83:
         0a:49:a2:85:fc:80:0c:f4:a1:11:b4:e1:ec:03:5f:6d:5e:7e:
         2b:37:c2:9f:2d:c1:30:60:89:ad:63:be:a5:ea:db:bf:50:d6:
         f8:c4:2d:e4:5c:26:33:ce:90:c0:5d:1c:d7:12:63:04:44:b3:
         6f:d9:c5:da:0d:fd:f2:0d:4d:0d:5e:4e:fc:50:dc:8c:e8:c4:
         3b:aa:5d:60:fa:bd:22:e7:32:64:a3:b4:5f:52:c0:83:8a:c6:
         95:23:bf:2c:3e:14:47:0d:43:78:ec:d3:43:8a:72:68:1e:89:
         69:77:cd:fb:82:34:c5:56:3a:c8:66:aa:ca:07:da:b4:03:4d:
         b8:48:ff:14:7b:4c:87:71:bd:9e:d2:c9:05:52:cf:b5:f9:07:
         1f:42:b6:5d:2c:0f:9d:54:e9:a6:fc:50:fc:e3:df:8e:45:d2:
         85:2d:93:9a:ba:c9:07:d4:e4:71:a3:8e:83:77:e6:52:39:cd:
         e2:94:ed:a8:20:d0:e3:56:ca:42:0b:e9:c1:06:6a:62:49:08:
         ed:04:5f:8a:8c:16:b1:d5:f0:05:cd:51:22:d1:c0:db:dd:0e:
         5e:77:47:e2
-----BEGIN CERTIFICATE-----
MIIGZTCCBU2gAwIBAgISAZcMYaN8yQw/lHp9b3UsjZV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwNTI2MTEzNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGE4ZjM3ZTc1ZWU1YmNiNWVmM2Y0NGM3MDlmZGJjNjM1ODkzODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUH2Mm1kI1H3FKNTbsb60jqcyHII
13kF/22U0HD7ZFsrPg8FSKUcYeffDXwIQ72nZH5YBhM1ICu4hK2mIzcUnbmZX6aZ
lDCrG3kFUcsYBfdeRnyie6fQMgvsrMIogzkFJCDu9fFoqpS7gJsugJTEFvM6xg94
Cv4ahrRmmUj2AJH/DwDgwI6WljrWVVNGCL2L40qYbAhSMiSj30eaVEmrT2XSKRVQ
zmtPNtlwN2dzLW9hgiLlu+VHvwV+cw1/VDCXN4Hm5kg9HxwtMfTg08cv9iotA1Ys
DgGLqr5YfhGYO5eM2m0/6lf0TKL7/Pvp/O3ihm/dljosQh9TRV1wv3DDeQIDAQAB
o4IDcTCCA20wHQYDVR0OBBYEFJ2o83517lvLXvP0THCf28Y1iThRMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvbmFqemZuWHVXOHRlOF9STWNKX2J4aldKT0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhQYIKwYBBQUHAQcBAf8EggF0MIIBcDCB0QQCAAEwgcoD
BAAFtHIDBAQl6zADBAAtmX0DBABTrJcDBABTrJkDBABT83gDBAFT83oDBABU9z0D
BABWancDBABZH3sDBABZLu4DBABbhF4DBAFb48wDBABc80IDBABfnM0DBABnOfoD
BACG/9IwDAMEA5WamAMEAJWanAMEBZfsADAMAwQAnv/RAwQAnv/UMAwDBAK5GuwD
BAC5Gu4DBAC5ergDBAC5wTMDBAC5w0EwDAMEALzWIQMEALzWIgMEAbzWJjAMAwQB
1bc2AwQB1bc4MIGZBAIAAjCBkgMHACoDD4AABwMHACoDD4AAMQMHASoDD4AAVgMH
ACoDD4AAcAMHACoDD4ADVAMHACoDD4ADVwMHACoDD4ADWQMHASoDD4ADcAMHACoD
D4A5kQMHACoDD4CtFTASAwcAKgMPgO0VAwcDKgMPgO0QAwcAKgMPgO0xAwcAKgMP
gO1RAwcAKgMPgqvNAwcAKgMPh///MA0GCSqGSIb3DQEBCwUAA4IBAQC+mB93s3eW
3gdOyxJTpcHBCmVnT1r89vbwzNRDxtqzwMK34YMKSaKF/IAM9KERtOHsA19tXn4r
N8KfLcEwYImtY76l6tu/UNb4xC3kXCYzzpDAXRzXEmMERLNv2cXaDf3yDU0NXk78
UNyM6MQ7ql1g+r0i5zJko7RfUsCDisaVI78sPhRHDUN47NNDinJoHolpd837gjTF
VjrIZqrKB9q0A024SP8Ue0yHcb2e0skFUs+1+QcfQrZdLA+dVOmm/FD849+ORdKF
LZOauskH1ORxo46Dd+ZSOc3ilO2oINDjVspCC+nBBmpiSQjtBF+KjBax1fAFzVEi
0cDb3Q5ed0fi
-----END CERTIFICATE-----
Generated at Tue Jun 10 08:39:58 2025 by rpki-client