Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AqFjIXs_R0Lr9Li9pWlnN2FW0_I.roa
File:                     AqFjIXs_R0Lr9Li9pWlnN2FW0_I.roa (raw, json)
Hash identifier:          7xvaqrz1dDhCwObPtuymrb1LGV5fXdClys/KlMzxPeA=
Subject key identifier:   02:A1:63:21:7B:3F:47:42:EB:F4:B8:BD:A5:69:67:37:61:56:D3:F2
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0196D80DE1A6F1DD948E66DFA4463480D46D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AqFjIXs_R0Lr9Li9pWlnN2FW0_I.roa
Signing time:             Fri 16 May 2025 07:45:10 +0000
ROA not before:           Fri 16 May 2025 07:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        134.222.32.0/21 maxlen: 24
                          134.222.48.0/22 maxlen: 24
                          134.222.60.0/22 maxlen: 24
                          134.222.64.0/21 maxlen: 24
                          134.222.72.0/22 maxlen: 24
                          134.222.100.0/22 maxlen: 24
                          134.222.156.0/22 maxlen: 24
                          134.222.160.0/21 maxlen: 24
                          134.222.172.0/22 maxlen: 24
                          134.222.196.0/22 maxlen: 24
                          134.222.200.0/21 maxlen: 24
                          134.222.232.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Mon 19 May 2025 08:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d8:0d:e1:a6:f1:dd:94:8e:66:df:a4:46:34:80:d4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May 16 07:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02a163217b3f4742ebf4b8bda56967376156d3f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:09:59:8a:14:ce:90:54:d0:4a:1e:a5:be:
                    27:ab:07:33:f4:46:e3:08:d8:93:13:66:ab:d7:d6:
                    e6:df:4e:ed:17:4f:45:3b:72:52:f1:c9:0f:64:9c:
                    ae:71:40:6b:7d:43:06:5f:69:08:93:0a:5b:39:ac:
                    39:90:b8:cd:0a:e8:47:07:04:b9:8a:9e:f1:09:c8:
                    af:69:a0:30:1b:82:b1:72:dd:fc:1e:fe:22:bf:ac:
                    c8:c5:b8:d5:9c:66:7b:38:54:bc:b2:a3:79:ad:02:
                    eb:6d:73:8f:ad:44:04:5f:23:46:da:01:1e:3c:57:
                    8f:a7:42:82:8a:72:24:bc:88:ef:26:47:ab:6f:77:
                    2d:ab:fc:a2:80:5d:05:f2:b6:0f:c0:f2:a4:f6:06:
                    8e:e3:49:46:87:c0:8f:89:89:f8:6d:84:b3:f1:11:
                    60:b3:6f:2f:18:40:c1:1c:2d:bb:ee:17:ec:3a:69:
                    cd:7c:e4:f9:b6:0f:17:b7:b5:8f:50:0a:cb:4c:97:
                    4a:e5:18:61:2a:f4:6a:65:ed:e9:03:0c:f3:84:f9:
                    75:8a:29:2f:04:e3:9f:e9:b0:e9:b1:97:97:53:e2:
                    75:91:57:f3:b8:5d:3b:16:74:77:6c:75:8a:7e:cd:
                    d6:41:41:46:25:19:f4:ed:c9:d0:b4:4b:b1:23:43:
                    89:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A1:63:21:7B:3F:47:42:EB:F4:B8:BD:A5:69:67:37:61:56:D3:F2
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AqFjIXs_R0Lr9Li9pWlnN2FW0_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.222.32.0/21
                  134.222.48.0/22
                  134.222.60.0-134.222.75.255
                  134.222.100.0/22
                  134.222.156.0-134.222.167.255
                  134.222.172.0/22
                  134.222.196.0-134.222.207.255
                  134.222.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:c7:92:d5:0a:c6:92:97:ce:7d:95:c4:fd:b8:5f:a4:71:97:
         57:d3:f0:cf:c7:2d:56:1a:cc:95:c4:98:e7:11:32:e8:7d:ca:
         49:e7:aa:82:1c:c5:31:3e:e2:2b:18:39:c0:66:13:bc:b8:91:
         aa:78:6f:60:aa:fd:2c:18:2e:33:fa:d6:9c:27:82:6c:1d:35:
         8b:ae:53:cb:05:6e:09:a8:9a:f1:70:c3:8f:ad:32:63:7f:95:
         ee:97:fc:17:6b:db:20:de:03:5a:06:56:df:8d:19:74:c7:50:
         07:36:fd:19:e8:29:cf:60:49:86:96:aa:d7:28:86:4a:1d:9d:
         3e:64:6b:e0:f2:f8:b6:1d:c0:a5:4a:cb:78:29:74:f2:f3:66:
         8f:d6:fb:33:e1:cb:cc:d5:e7:2d:58:af:17:01:e5:ef:1f:2a:
         9d:94:76:41:1f:e1:b1:46:7e:58:27:d9:70:ff:70:a1:d0:8f:
         76:d2:3e:01:52:45:5e:d5:77:1f:53:1b:12:12:c0:ec:4a:c9:
         cf:17:b2:ed:00:5f:54:2c:5a:18:5a:3f:bc:6b:c0:d1:60:42:
         30:a3:2a:b1:2f:d0:f1:2a:72:66:5c:78:51:b0:eb:86:d0:fd:
         ab:9a:ba:2a:12:7a:28:ba:43:02:6e:60:5e:9d:3a:c7:39:5e:
         fd:64:27:d5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZbYDeGm8d2UjmbfpEY0gNRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNTE2MDc0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmExNjMyMTdiM2Y0NzQyZWJmNGI4YmRhNTY5NjczNzYxNTZkM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQwJWYoUzpBU0Eoepb4nqwcz9Ebj
CNiTE2ar19bm307tF09FO3JS8ckPZJyucUBrfUMGX2kIkwpbOaw5kLjNCuhHBwS5
ip7xCcivaaAwG4Kxct38Hv4iv6zIxbjVnGZ7OFS8sqN5rQLrbXOPrUQEXyNG2gEe
PFePp0KCinIkvIjvJkerb3ctq/yigF0F8rYPwPKk9gaO40lGh8CPiYn4bYSz8RFg
s28vGEDBHC277hfsOmnNfOT5tg8Xt7WPUArLTJdK5RhhKvRqZe3pAwzzhPl1iikv
BOOf6bDpsZeXU+J1kVfzuF07FnR3bHWKfs3WQUFGJRn07cnQtEuxI0OJ4QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAKhYyF7P0dC6/S4vaVpZzdhVtPyMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQXFGaklYc19SMExyOUxpOXBXbG5OMkZXMF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQDht4gAwQC
ht4wMAwDBAKG3jwDBAKG3kgDBAKG3mQwDAMEAobenAMEA4beoAMEAoberDAMAwQC
ht7EAwQEht7AAwQCht7oMA0GCSqGSIb3DQEBCwUAA4IBAQBnx5LVCsaSl859lcT9
uF+kcZdX0/DPxy1WGsyVxJjnETLofcpJ56qCHMUxPuIrGDnAZhO8uJGqeG9gqv0s
GC4z+tacJ4JsHTWLrlPLBW4JqJrxcMOPrTJjf5Xul/wXa9sg3gNaBlbfjRl0x1AH
Nv0Z6CnPYEmGlqrXKIZKHZ0+ZGvg8vi2HcClSst4KXTy82aP1vsz4cvM1ectWK8X
AeXvHyqdlHZBH+GxRn5YJ9lw/3Ch0I920j4BUkVe1XcfUxsSEsDsSsnPF7LtAF9U
LFoYWj+8a8DRYEIwoyqxL9DxKnJmXHhRsOuG0P2rmroqEnooukMCbmBenTrHOV79
ZCfV
-----END CERTIFICATE-----