Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/IG0kDelwdQU-Qv_g6IUzNKvaI20.roa
File:                     IG0kDelwdQU-Qv_g6IUzNKvaI20.roa (raw, json)
Hash identifier:          8ZPJ8ZCN6RpboAlU0a36JIO5m3jzT3dfPXGYtQTjFQM=
Subject key identifier:   20:6D:24:0D:E9:70:75:05:3E:42:FF:E0:E8:85:33:34:AB:DA:23:6D
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0196C8A79E7060DA7F8E415BF19DD4709307
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/IG0kDelwdQU-Qv_g6IUzNKvaI20.roa
Signing time:             Tue 13 May 2025 07:59:10 +0000
ROA not before:           Tue 13 May 2025 07:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        89.251.20.0/24 maxlen: 24
                          91.200.221.0/24 maxlen: 24
                          109.122.42.0/24 maxlen: 24
                          109.122.44.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 22 May 2025 12:18:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:a7:9e:70:60:da:7f:8e:41:5b:f1:9d:d4:70:93:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 13 07:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=206d240de97075053e42ffe0e8853334abda236d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8b:43:3a:15:89:28:df:6c:d7:7f:7c:17:ea:
                    ce:82:f3:8f:6a:1a:af:cb:a0:22:83:1c:d0:7f:3c:
                    f1:2e:46:ac:9a:39:91:7a:36:92:a8:87:94:cf:65:
                    05:e9:bc:82:07:83:55:6f:1f:e5:14:51:3a:c9:5e:
                    53:e3:b0:1f:80:bb:04:6a:d8:1d:9b:b6:19:d4:ef:
                    85:3f:c1:c1:bd:f7:64:a3:bb:bd:4c:cc:fd:20:95:
                    bf:2e:d0:dd:79:68:03:3a:10:f9:97:79:74:ad:ad:
                    5e:c0:74:90:4f:5c:a4:3e:e7:ec:f1:e6:5e:8c:90:
                    05:47:62:05:c3:ae:13:55:46:e9:29:60:42:33:60:
                    66:a8:26:82:8c:f8:1d:7e:6d:32:55:69:70:03:4f:
                    82:64:33:35:4a:e8:5c:4e:71:02:63:22:46:4e:b3:
                    03:4b:9a:50:1e:b7:5c:02:53:ce:7b:bc:49:be:2a:
                    e2:f5:7e:69:75:67:54:57:35:9d:75:9a:ac:43:4a:
                    67:e0:33:15:15:fc:29:bf:58:00:fa:80:99:ab:10:
                    c3:b7:f9:8b:12:d8:12:35:9b:3d:9d:81:e8:d4:82:
                    da:dc:ee:cb:7f:b9:f3:b8:ec:1f:ba:bf:6e:a0:12:
                    22:c6:e9:d4:5c:02:80:ea:e0:03:08:44:ff:ce:62:
                    7f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6D:24:0D:E9:70:75:05:3E:42:FF:E0:E8:85:33:34:AB:DA:23:6D
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/IG0kDelwdQU-Qv_g6IUzNKvaI20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.20.0/24
                  91.200.221.0/24
                  109.122.42.0/24
                  109.122.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:a8:e4:b1:2d:f2:80:91:a0:43:4a:eb:0a:82:8a:91:e9:ce:
         7f:da:5f:48:dc:1d:a2:ed:04:ff:d6:7a:b9:60:4a:5b:45:5a:
         71:05:33:57:d9:d9:40:ab:36:0a:d7:c6:73:d4:90:34:bf:7c:
         38:cc:f3:c4:6a:10:3b:74:df:f1:13:e6:e9:a2:e3:68:ad:0f:
         b3:5f:70:1e:cd:4e:17:6f:b7:b5:de:1a:69:54:30:68:66:72:
         e4:85:ad:1f:e2:9f:50:e5:99:30:04:91:c5:d8:e5:90:b9:d7:
         62:1c:20:4f:a7:fd:56:40:c0:55:41:dd:bf:2c:55:00:3c:f3:
         49:fe:1f:5d:4d:85:a0:00:1f:37:90:df:ac:22:eb:32:7c:bd:
         03:c8:40:08:d7:f5:bc:a2:70:1c:54:e2:6d:a6:1b:59:11:9d:
         b5:61:b9:f6:d5:d9:62:e1:88:02:f1:ce:f9:08:8f:ab:5a:8e:
         69:ef:c3:80:45:aa:e3:c5:72:b4:d5:36:c5:20:bd:f0:3f:c2:
         88:f7:e0:90:45:74:18:2b:2b:7a:be:a4:54:d9:d2:f8:20:f2:
         74:51:14:df:e4:7d:54:8c:3c:24:f2:f9:46:09:ad:7a:53:7f:
         0a:da:f6:58:16:00:0b:8c:7c:00:31:1f:2a:06:57:a3:32:11:
         8e:d0:57:97
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZbIp55wYNp/jkFb8Z3UcJMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNTEzMDc1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDZkMjQwZGU5NzA3NTA1M2U0MmZmZTBlODg1MzMzNGFiZGEyMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzotDOhWJKN9s1398F+rOgvOPahqv
y6AigxzQfzzxLkasmjmRejaSqIeUz2UF6byCB4NVbx/lFFE6yV5T47AfgLsEatgd
m7YZ1O+FP8HBvfdko7u9TMz9IJW/LtDdeWgDOhD5l3l0ra1ewHSQT1ykPufs8eZe
jJAFR2IFw64TVUbpKWBCM2BmqCaCjPgdfm0yVWlwA0+CZDM1SuhcTnECYyJGTrMD
S5pQHrdcAlPOe7xJviri9X5pdWdUVzWddZqsQ0pn4DMVFfwpv1gA+oCZqxDDt/mL
EtgSNZs9nYHo1ILa3O7Lf7nzuOwfur9uoBIixunUXAKA6uADCET/zmJ/QwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCBtJA3pcHUFPkL/4OiFMzSr2iNtMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSUcwa0RlbHdkUVUtUXZfZzZJVXpOS3ZhSTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWfsUAwQA
W8jdAwQAbXoqAwQAbXosMA0GCSqGSIb3DQEBCwUAA4IBAQCZqOSxLfKAkaBDSusK
goqR6c5/2l9I3B2i7QT/1nq5YEpbRVpxBTNX2dlAqzYK18Zz1JA0v3w4zPPEahA7
dN/xE+bpouNorQ+zX3AezU4Xb7e13hppVDBoZnLkha0f4p9Q5ZkwBJHF2OWQuddi
HCBPp/1WQMBVQd2/LFUAPPNJ/h9dTYWgAB83kN+sIusyfL0DyEAI1/W8onAcVOJt
phtZEZ21Ybn21dli4YgC8c75CI+rWo5p78OARarjxXK01TbFIL3wP8KI9+CQRXQY
Kyt6vqRU2dL4IPJ0URTf5H1UjDwk8vlGCa16U38K2vZYFgALjHwAMR8qBlejMhGO
0FeX
-----END CERTIFICATE-----
Generated at Tue Jun 10 22:49:53 2025 by rpki-client