Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/o4aYdhULiVqPRKgNI6DXhReJGd0.roa
File:                     o4aYdhULiVqPRKgNI6DXhReJGd0.roa (raw, json)
Hash identifier:          q04HvnjD3ixKyT1J1lG6bFE6o+ESGVzGgyEaszHyRu8=
Subject key identifier:   A3:86:98:76:15:0B:89:5A:8F:44:A8:0D:23:A0:D7:85:17:89:19:DD
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F89217B3AEFC2FC503D6416099667
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/o4aYdhULiVqPRKgNI6DXhReJGd0.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6282
IP address blocks:        31.131.8.0/23 maxlen: 23
                          31.131.10.0/23 maxlen: 23
                          64.43.100.0/22 maxlen: 22
                          64.43.108.0/22 maxlen: 22
                          64.43.116.0/22 maxlen: 22
                          77.36.24.0/22 maxlen: 22
                          81.161.0.0/23 maxlen: 23
                          93.120.16.0/22 maxlen: 22
                          93.120.20.0/22 maxlen: 22
                          176.96.52.0/22 maxlen: 22
                          176.111.160.0/23 maxlen: 23
                          176.111.162.0/23 maxlen: 23
                          176.113.184.0/22 maxlen: 22
                          176.113.188.0/22 maxlen: 22
                          176.116.32.0/22 maxlen: 22
                          176.116.36.0/22 maxlen: 22
                          178.159.144.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Fri 28 Mar 2025 13:26:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:89:21:7b:3a:ef:c2:fc:50:3d:64:16:09:96:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3869876150b895a8f44a80d23a0d785178919dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ae:7a:74:32:12:a6:fb:7c:cf:64:3e:93:41:
                    1d:b2:1d:9a:7c:54:0b:d6:01:b6:fc:f9:9f:d3:f9:
                    c1:19:b4:94:92:95:20:59:60:32:5c:e3:91:19:d8:
                    a8:9e:2c:05:9f:4c:65:1e:96:a4:8b:a6:fa:95:5b:
                    0c:ab:80:c3:8d:29:76:da:e2:ea:a1:c5:bc:c2:96:
                    ca:ef:d4:ea:f0:9f:e1:b3:9f:d8:c7:fc:43:33:7e:
                    09:ff:c2:c9:88:71:5e:ec:cf:2f:bb:e4:46:a2:d4:
                    ec:17:a9:57:05:50:d0:56:03:ba:81:39:7a:03:6c:
                    b2:76:09:52:e7:13:be:a0:40:7d:6f:57:2c:b1:97:
                    13:19:a4:46:7b:89:39:2e:0e:07:bb:0d:0c:7d:77:
                    b0:b4:5a:8c:07:32:4f:a6:90:b6:9b:ff:36:0b:5b:
                    01:d9:dd:33:4c:c0:a6:3a:63:ac:ec:61:c0:7a:ad:
                    20:45:91:22:ff:cc:e1:74:ff:cc:a3:a8:67:6c:64:
                    bf:68:b0:9d:54:74:61:00:75:d8:89:bd:79:38:7d:
                    76:0b:25:3f:97:0f:99:a4:7f:16:17:38:bd:ad:11:
                    dd:de:42:ca:e5:34:f8:2d:05:c4:76:86:8e:ab:a5:
                    38:79:a0:2b:a8:5d:18:94:3d:b5:29:13:c1:00:59:
                    a5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:86:98:76:15:0B:89:5A:8F:44:A8:0D:23:A0:D7:85:17:89:19:DD
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/o4aYdhULiVqPRKgNI6DXhReJGd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.8.0/22
                  64.43.100.0/22
                  64.43.108.0/22
                  64.43.116.0/22
                  77.36.24.0/22
                  81.161.0.0/23
                  93.120.16.0/21
                  176.96.52.0/22
                  176.111.160.0/22
                  176.113.184.0/21
                  176.116.32.0/21
                  178.159.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:55:95:4b:5e:7e:0e:aa:95:c5:5a:b2:be:6c:33:5a:6b:2b:
         3e:55:db:ab:fe:0a:fc:38:55:71:a9:43:a9:d7:9d:56:58:2c:
         5c:61:65:19:0b:67:c3:7f:e1:76:42:c2:cc:3f:85:36:68:c9:
         4d:66:9d:39:06:9c:bc:0e:73:a2:43:05:84:54:86:fd:b8:d3:
         4d:00:8a:7a:82:53:99:66:af:b6:c2:37:74:42:29:85:7f:1f:
         a0:d8:79:69:4e:44:cd:f2:d2:06:43:b7:53:27:a3:81:6d:bc:
         7b:dd:13:4b:ba:b7:dc:31:a1:e2:09:1f:d2:32:ad:ea:75:38:
         0d:f7:34:da:8f:af:8c:a7:bf:d9:7a:5f:3f:48:03:76:59:90:
         79:72:1c:9f:ea:c5:a0:72:26:8a:c1:bb:5a:d1:94:7e:5e:2e:
         0a:38:b2:31:75:f5:da:be:66:21:81:32:14:0a:fa:31:4f:5f:
         a9:60:e7:00:78:55:c1:32:80:d0:b8:89:67:b2:f0:09:7c:df:
         11:2a:62:71:af:cd:4c:d4:45:10:40:86:a5:6a:7f:e3:d3:7e:
         d1:6e:2c:a7:49:e6:69:58:a5:d4:7d:5d:3d:d0:7a:7d:2c:15:
         d0:a7:3f:4c:f9:e3:87:77:ab:ec:16:db:98:f8:f4:0d:ad:54:
         da:0c:0e:ed
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQlj4khezrvwvxQPWQWCZZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg2OTg3NjE1MGI4OTVhOGY0NGE4MGQyM2EwZDc4NTE3ODkxOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5q56dDISpvt8z2Q+k0Edsh2afFQL
1gG2/Pmf0/nBGbSUkpUgWWAyXOORGdioniwFn0xlHpaki6b6lVsMq4DDjSl22uLq
ocW8wpbK79Tq8J/hs5/Yx/xDM34J/8LJiHFe7M8vu+RGotTsF6lXBVDQVgO6gTl6
A2yydglS5xO+oEB9b1cssZcTGaRGe4k5Lg4Huw0MfXewtFqMBzJPppC2m/82C1sB
2d0zTMCmOmOs7GHAeq0gRZEi/8zhdP/Mo6hnbGS/aLCdVHRhAHXYib15OH12CyU/
lw+ZpH8WFzi9rRHd3kLK5TT4LQXEdoaOq6U4eaArqF0YlD21KRPBAFmlgQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFKOGmHYVC4laj0SoDSOg14UXiRndMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvbzRhWWRoVUxpVnFQUktnTkk2RFhoUmVKR2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCH4MIAwQC
QCtkAwQCQCtsAwQCQCt0AwQCTSQYAwQBUaEAAwQDXXgQAwQCsGA0AwQCsG+gAwQD
sHG4AwQDsHQgAwQBsp+QMA0GCSqGSIb3DQEBCwUAA4IBAQAWVZVLXn4OqpXFWrK+
bDNaays+Vdur/gr8OFVxqUOp151WWCxcYWUZC2fDf+F2QsLMP4U2aMlNZp05Bpy8
DnOiQwWEVIb9uNNNAIp6glOZZq+2wjd0QimFfx+g2HlpTkTN8tIGQ7dTJ6OBbbx7
3RNLurfcMaHiCR/SMq3qdTgN9zTaj6+Mp7/Zel8/SAN2WZB5chyf6sWgciaKwbta
0ZR+Xi4KOLIxdfXavmYhgTIUCvoxT1+pYOcAeFXBMoDQuIlnsvAJfN8RKmJxr81M
1EUQQIalan/j037RbiynSeZpWKXUfV090Hp9LBXQpz9M+eOHd6vsFtuY+PQNrVTa
DA7t
-----END CERTIFICATE-----