Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/KLoJ7lxtb0416WIyMr5wB21kcLY.roa
File:                     KLoJ7lxtb0416WIyMr5wB21kcLY.roa (raw, json)
Hash identifier:          dfE+11SjeHnGBgMM4vK+M+M3uhHK7B6VQvHgR6g272Y=
Subject key identifier:   28:BA:09:EE:5C:6D:6F:4E:35:E9:62:32:32:BE:70:07:6D:64:70:B6
Certificate issuer:       /CN=68a8e93d3f590f4450d1db3c2074598244353e93
Certificate serial:       0193F82DB584DB67F2529BF11254493F620D
Authority key identifier: 68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/KLoJ7lxtb0416WIyMr5wB21kcLY.roa
Signing time:             Tue 24 Dec 2024 10:19:25 +0000
ROA not before:           Tue 24 Dec 2024 10:19:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        2.56.226.0/23 maxlen: 24
                          46.182.180.0/23 maxlen: 24
                          46.182.182.0/23 maxlen: 24
                          178.255.192.0/21 maxlen: 24
                          185.70.208.0/22 maxlen: 24
                          185.214.148.0/22 maxlen: 24
                          217.18.64.0/20 maxlen: 24
                          2a00:19c0::/32 maxlen: 48
                          2a04:e1c0:1::/48 maxlen: 48
                          2a09:d240:1::/48 maxlen: 48
                          2a0b:9cc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:49:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f8:2d:b5:84:db:67:f2:52:9b:f1:12:54:49:3f:62:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a8e93d3f590f4450d1db3c2074598244353e93
        Validity
            Not Before: Dec 24 10:19:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28ba09ee5c6d6f4e35e9623232be70076d6470b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:36:4e:ca:4c:26:b4:e8:3f:ac:7c:c5:f4:0d:
                    53:1a:78:be:d7:c5:8a:92:35:cb:6a:6d:88:72:fc:
                    07:8a:1e:6a:62:d0:66:dd:c4:09:e8:cf:85:27:6d:
                    ad:4e:11:fd:65:38:8b:51:f2:de:e7:42:49:85:d3:
                    23:c4:de:f4:52:5c:84:8d:3b:5d:9f:58:a3:6e:65:
                    30:29:dc:1f:a7:39:e4:c3:8e:43:bf:6c:74:bb:d3:
                    1b:a3:bd:e3:b4:b7:7e:a1:2e:90:9a:5b:60:44:88:
                    03:94:f2:f1:b8:05:0c:63:54:ff:d4:9a:18:90:77:
                    12:27:07:ae:b5:b7:a1:0c:de:a4:38:31:51:08:c1:
                    70:3c:00:bc:be:e5:4a:d3:4e:11:f8:7f:f6:7e:36:
                    6a:41:8f:40:20:f8:09:35:aa:47:73:80:91:3f:5b:
                    d0:2e:dd:53:82:6e:3f:fe:f4:88:e3:f6:7c:9d:99:
                    d2:bb:ee:6e:ca:6b:9c:6e:ec:d6:7e:5e:10:d7:ed:
                    ed:a0:6b:87:83:79:69:d0:8c:8b:9c:56:15:7a:e6:
                    8a:db:66:b8:f5:69:7d:cf:46:2d:22:94:0e:68:be:
                    d4:5d:87:a6:5c:40:3f:cc:5b:ea:dd:0e:f5:fb:94:
                    8f:64:6d:5b:1b:ba:29:2f:58:eb:6a:19:d5:cf:3d:
                    d3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BA:09:EE:5C:6D:6F:4E:35:E9:62:32:32:BE:70:07:6D:64:70:B6
            X509v3 Authority Key Identifier:
                keyid:68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/KLoJ7lxtb0416WIyMr5wB21kcLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.226.0/23
                  46.182.180.0/22
                  178.255.192.0/21
                  185.70.208.0/22
                  185.214.148.0/22
                  217.18.64.0/20
                IPv6:
                  2a00:19c0::/32
                  2a04:e1c0:1::/48
                  2a09:d240:1::/48
                  2a0b:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:9a:e8:65:b9:0f:7b:dc:79:9d:f8:15:87:ed:1a:c9:26:bf:
         31:78:81:bf:b3:20:19:7f:2b:36:04:08:07:15:4a:41:99:81:
         5b:9f:1d:cc:3e:f7:ef:43:17:2f:8f:64:0c:f7:65:c2:d4:34:
         b4:fc:5d:63:29:0e:a4:dc:72:53:d2:f0:26:97:91:13:51:20:
         31:8a:2c:29:18:5d:c0:f6:8f:d0:60:ba:1f:d4:1a:ec:1b:7e:
         bb:b9:cc:f7:43:ac:87:c3:f8:2f:cf:2e:ab:a2:51:d6:56:de:
         63:10:fd:86:64:7a:ee:79:03:de:c9:c8:07:fa:78:dc:a9:6f:
         bf:21:81:9e:aa:7c:6e:35:f8:10:5c:79:f7:31:c8:2f:ec:24:
         f5:f0:43:a8:b4:d6:1a:bd:8e:f6:c1:56:1c:e7:a8:f0:08:4b:
         48:b6:3e:56:06:d6:49:9b:86:89:2b:30:31:2c:66:66:96:00:
         1f:83:c6:75:fa:a8:0d:06:a1:04:89:9b:72:93:13:c6:40:8c:
         48:2c:fe:55:86:c5:4a:17:4d:5f:a4:47:4f:1e:67:0b:2a:94:
         40:62:30:6f:35:8c:f7:ea:85:68:db:bd:58:92:30:f2:a2:c2:
         d1:00:c2:f9:90:5b:93:a5:ca:e5:03:53:0a:1c:67:1d:f5:5d:
         26:32:3b:e8
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZP4LbWE22fyUpvxElRJP2INMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YThlOTNkM2Y1OTBmNDQ1MGQxZGIzYzIwNzQ1OTgyNDQz
NTNlOTMwHhcNMjQxMjI0MTAxOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJhMDllZTVjNmQ2ZjRlMzVlOTYyMzIzMmJlNzAwNzZkNjQ3MGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzZOykwmtOg/rHzF9A1TGni+18WK
kjXLam2IcvwHih5qYtBm3cQJ6M+FJ22tThH9ZTiLUfLe50JJhdMjxN70UlyEjTtd
n1ijbmUwKdwfpznkw45Dv2x0u9Mbo73jtLd+oS6QmltgRIgDlPLxuAUMY1T/1JoY
kHcSJweutbehDN6kODFRCMFwPAC8vuVK004R+H/2fjZqQY9AIPgJNapHc4CRP1vQ
Lt1Tgm4//vSI4/Z8nZnSu+5uymucbuzWfl4Q1+3toGuHg3lp0IyLnFYVeuaK22a4
9Wl9z0YtIpQOaL7UXYemXEA/zFvq3Q71+5SPZG1bG7opL1jrahnVzz3TYQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCi6Ce5cbW9ONeliMjK+cAdtZHC2MB8GA1UdIwQY
MBaAFGio6T0/WQ9EUNHbPCB0WYJENT6TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMt
MjVkZDRjYmIzNjk4LzEvS0xvSjdseHRiMDQxNldJeU1yNXdCMjFrY0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMtMjVkZDRjYmIzNjk4
LzEvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQBAjjiAwQC
Lra0AwQDsv/AAwQCuUbQAwQCudaUAwQE2RJAMCYEAgACMCADBQAqABnAAwcAKgTh
wAABAwcAKgnSQAABAwUDKgucwDANBgkqhkiG9w0BAQsFAAOCAQEAW5roZbkPe9x5
nfgVh+0aySa/MXiBv7MgGX8rNgQIBxVKQZmBW58dzD7370MXL49kDPdlwtQ0tPxd
YykOpNxyU9LwJpeRE1EgMYosKRhdwPaP0GC6H9Qa7Bt+u7nM90Osh8P4L88uq6JR
1lbeYxD9hmR67nkD3snIB/p43KlvvyGBnqp8bjX4EFx59zHIL+wk9fBDqLTWGr2O
9sFWHOeo8AhLSLY+VgbWSZuGiSswMSxmZpYAH4PGdfqoDQahBImbcpMTxkCMSCz+
VYbFShdNX6RHTx5nCyqUQGIwbzWM9+qFaNu9WJIw8qLC0QDC+ZBbk6XK5QNTChxn
HfVdJjI76A==
-----END CERTIFICATE-----