Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/16d5ce-184a-4366-8d75-aaab25894d5e/1/uMaiNek2S7IW4H6amGOmvmZ9zHU.roa
File:                     uMaiNek2S7IW4H6amGOmvmZ9zHU.roa (raw, json)
Hash identifier:          Gz4lLzxIdRoBZPZEpNCtG/TEb7QH/fpJu3i27lW6tRM=
Subject key identifier:   B8:C6:A2:35:E9:36:4B:B2:16:E0:7E:9A:98:63:A6:BE:66:7D:CC:75
Certificate issuer:       /CN=34b0c5a403e2dad3c47b791fda2042cf715009cf
Certificate serial:       0194236A3512FE70DA7E6DDFD957F107B8FB
Authority key identifier: 34:B0:C5:A4:03:E2:DA:D3:C4:7B:79:1F:DA:20:42:CF:71:50:09:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLDFpAPi2tPEe3kf2iBCz3FQCc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/16d5ce-184a-4366-8d75-aaab25894d5e/1/uMaiNek2S7IW4H6amGOmvmZ9zHU.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216188
IP address blocks:        45.10.24.0/24 maxlen: 24
                          45.133.9.0/24 maxlen: 24
                          88.218.227.0/24 maxlen: 24
                          91.210.224.0/24 maxlen: 24
                          152.89.239.0/24 maxlen: 24
                          185.245.96.0/24 maxlen: 24
                          185.248.140.0/24 maxlen: 24
                          193.135.10.0/24 maxlen: 24
                          2a13:fd40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 20:31:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:35:12:fe:70:da:7e:6d:df:d9:57:f1:07:b8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34b0c5a403e2dad3c47b791fda2042cf715009cf
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8c6a235e9364bb216e07e9a9863a6be667dcc75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f6:02:cb:c0:03:4d:20:9a:4a:0b:1c:81:00:
                    4b:fe:32:dc:68:5f:aa:08:d6:67:02:00:17:10:fa:
                    62:69:c9:b9:29:0b:97:11:3b:c8:4d:89:44:e3:47:
                    67:1b:56:d6:48:54:dc:01:eb:3e:b0:bf:49:cc:f1:
                    51:0c:c7:cf:1b:e5:4e:94:57:fb:cf:81:ae:cd:c0:
                    c0:c8:31:37:7d:d7:f1:5c:d1:ef:7d:1f:7a:6e:ec:
                    21:18:16:19:65:b4:51:5c:57:6f:37:3c:83:bb:cb:
                    6f:fe:45:95:92:a3:9b:ed:8d:ad:f1:e9:67:ca:5e:
                    d0:e5:f0:55:ed:18:be:74:e1:d7:14:b4:26:8b:04:
                    df:8f:81:23:86:60:dc:89:fd:c6:1a:f3:76:a2:9c:
                    c3:02:55:81:13:84:62:73:4b:de:16:13:84:90:42:
                    e8:f8:cf:38:13:db:6c:2a:f9:a4:42:e3:52:84:d5:
                    82:d5:af:9c:04:d3:bd:34:ac:a6:86:f8:7c:dc:0e:
                    3b:d0:3c:aa:8e:78:c9:c5:19:ab:81:f0:a3:31:45:
                    c4:da:3b:d0:48:5b:7a:01:84:0b:51:b6:4f:2f:79:
                    99:f4:3d:ac:f9:4b:cd:2b:75:20:f8:2d:91:ca:a3:
                    a0:23:52:7f:87:b4:1d:f2:e2:e8:70:2a:ec:0c:73:
                    39:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C6:A2:35:E9:36:4B:B2:16:E0:7E:9A:98:63:A6:BE:66:7D:CC:75
            X509v3 Authority Key Identifier:
                keyid:34:B0:C5:A4:03:E2:DA:D3:C4:7B:79:1F:DA:20:42:CF:71:50:09:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLDFpAPi2tPEe3kf2iBCz3FQCc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/16d5ce-184a-4366-8d75-aaab25894d5e/1/uMaiNek2S7IW4H6amGOmvmZ9zHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/16d5ce-184a-4366-8d75-aaab25894d5e/1/NLDFpAPi2tPEe3kf2iBCz3FQCc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.24.0/24
                  45.133.9.0/24
                  88.218.227.0/24
                  91.210.224.0/24
                  152.89.239.0/24
                  185.245.96.0/24
                  185.248.140.0/24
                  193.135.10.0/24
                IPv6:
                  2a13:fd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:c5:dc:0a:30:7a:99:0f:c8:1d:84:fb:11:05:ab:87:c9:dd:
         2f:e0:1a:cd:27:db:7c:9c:16:f2:62:6e:a4:57:41:d1:df:ae:
         7c:fc:48:01:e7:fd:7a:b6:fa:34:27:ad:f2:7c:9e:12:58:ab:
         c2:b0:f3:4a:fd:db:a2:e6:5a:79:bb:e1:c7:dd:dc:7d:19:08:
         31:12:3c:ce:4f:71:b1:69:00:39:a8:b4:fe:fa:e3:81:95:69:
         54:40:e3:dc:84:74:d9:35:03:2a:e4:fc:0b:98:32:bf:f3:cb:
         89:63:83:34:23:c1:b5:5f:34:1c:b1:d3:e3:7a:b7:de:02:de:
         e5:04:ba:8c:dd:f0:32:af:69:2f:a4:b0:f6:92:c1:e8:d0:94:
         8c:c7:a3:5f:98:d3:83:4a:2b:8c:a1:ea:4b:ca:f3:4f:e1:dc:
         35:22:6a:95:e6:ee:ea:e3:6f:cc:1a:02:39:7d:62:77:55:17:
         cc:74:11:28:da:84:cd:7b:e4:e1:82:17:e2:da:6d:59:8b:89:
         af:63:d5:7a:0c:71:1e:d4:ad:b0:01:d6:a2:c0:57:dd:31:32:
         cb:cf:4a:a2:17:46:61:9e:7a:d2:c7:0a:2b:a7:b5:0a:95:0b:
         80:5f:b1:34:44:da:61:82:3a:9f:24:27:bd:89:77:79:67:e9:
         47:dc:a3:7a
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZQjajUS/nDafm3f2VfxB7j7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YjBjNWE0MDNlMmRhZDNjNDdiNzkxZmRhMjA0MmNmNzE1
MDA5Y2YwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGM2YTIzNWU5MzY0YmIyMTZlMDdlOWE5ODYzYTZiZTY2N2RjYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPYCy8ADTSCaSgscgQBL/jLcaF+q
CNZnAgAXEPpiacm5KQuXETvITYlE40dnG1bWSFTcAes+sL9JzPFRDMfPG+VOlFf7
z4GuzcDAyDE3fdfxXNHvfR96buwhGBYZZbRRXFdvNzyDu8tv/kWVkqOb7Y2t8eln
yl7Q5fBV7Ri+dOHXFLQmiwTfj4EjhmDcif3GGvN2opzDAlWBE4Ric0veFhOEkELo
+M84E9tsKvmkQuNShNWC1a+cBNO9NKymhvh83A470DyqjnjJxRmrgfCjMUXE2jvQ
SFt6AYQLUbZPL3mZ9D2s+UvNK3Ug+C2RyqOgI1J/h7Qd8uLocCrsDHM5dQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFLjGojXpNkuyFuB+mphjpr5mfcx1MB8GA1UdIwQY
MBaAFDSwxaQD4trTxHt5H9ogQs9xUAnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxERnBBUGkydFBFZTNrZjJpQkN6M0ZRQ2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xNmQ1Y2UtMTg0YS00MzY2LThkNzUt
YWFhYjI1ODk0ZDVlLzEvdU1haU5lazJTN0lXNEg2YW1HT212bVo5ekhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xNmQ1Y2UtMTg0YS00MzY2LThkNzUtYWFhYjI1ODk0ZDVl
LzEvTkxERnBBUGkydFBFZTNrZjJpQkN6M0ZRQ2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQALQoYAwQA
LYUJAwQAWNrjAwQAW9LgAwQAmFnvAwQAufVgAwQAufiMAwQAwYcKMA0EAgACMAcD
BQMqE/1AMA0GCSqGSIb3DQEBCwUAA4IBAQBVxdwKMHqZD8gdhPsRBauHyd0v4BrN
J9t8nBbyYm6kV0HR3658/EgB5/16tvo0J63yfJ4SWKvCsPNK/dui5lp5u+HH3dx9
GQgxEjzOT3GxaQA5qLT++uOBlWlUQOPchHTZNQMq5PwLmDK/88uJY4M0I8G1XzQc
sdPjerfeAt7lBLqM3fAyr2kvpLD2ksHo0JSMx6NfmNODSiuMoepLyvNP4dw1ImqV
5u7q42/MGgI5fWJ3VRfMdBEo2oTNe+Thghfi2m1Zi4mvY9V6DHEe1K2wAdaiwFfd
MTLLz0qiF0ZhnnrSxworp7UKlQuAX7E0RNphgjqfJCe9iXd5Z+lH3KN6
-----END CERTIFICATE-----