Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/xaEx2Ak49yUCp9FGLfuO_X5QUmw.roa
File:                     xaEx2Ak49yUCp9FGLfuO_X5QUmw.roa (raw, json)
Hash identifier:          yhuupWZUtO7O22HTACwyfGbPCXHCjbUSmewFYRr0TGg=
Subject key identifier:   C5:A1:31:D8:09:38:F7:25:02:A7:D1:46:2D:FB:8E:FD:7E:50:52:6C
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       0193AB6C9E67EB0131F039FBF58CC6FC709F
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/xaEx2Ak49yUCp9FGLfuO_X5QUmw.roa
Signing time:             Mon 09 Dec 2024 12:37:22 +0000
ROA not before:           Mon 09 Dec 2024 12:37:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        46.253.0.0/24 maxlen: 24
                          46.253.1.0/24 maxlen: 24
                          46.253.4.0/24 maxlen: 24
                          91.132.60.0/24 maxlen: 24
                          91.132.62.0/24 maxlen: 24
                          91.132.63.0/24 maxlen: 24
                          93.94.140.0/24 maxlen: 24
                          93.94.142.0/24 maxlen: 24
                          95.169.202.0/24 maxlen: 24
                          185.1.156.0/24 maxlen: 24
                          185.243.213.0/24 maxlen: 24
                          2a09:be80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:52:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ab:6c:9e:67:eb:01:31:f0:39:fb:f5:8c:c6:fc:70:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Dec  9 12:37:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5a131d80938f72502a7d1462dfb8efd7e50526c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f3:23:f7:ee:81:f7:16:26:b4:ee:90:f9:dc:
                    ef:3f:89:53:16:7b:4c:4c:1f:ec:87:63:12:c4:34:
                    38:a8:22:55:cb:bb:b0:49:cf:14:fc:90:63:b1:e6:
                    7c:2e:69:e1:fd:63:ae:48:d8:61:e2:7f:89:a3:90:
                    f2:93:6e:4c:11:41:84:81:48:a4:2f:aa:1b:ea:0e:
                    f6:4e:ca:43:f1:f2:aa:0d:f8:3b:0d:8c:e5:a2:4e:
                    24:00:0d:6c:10:76:a7:ff:65:8b:6a:df:cb:c2:0d:
                    65:4a:fd:bd:b7:8c:05:f9:78:14:d3:cf:8b:e7:1e:
                    f8:c3:91:b5:53:4a:52:31:bc:82:5d:1a:b6:cc:df:
                    79:20:fd:e6:08:94:5c:f3:08:0c:44:c3:62:c4:6d:
                    ad:45:4f:8a:ad:aa:45:02:85:10:cc:88:d7:d8:0b:
                    79:71:55:4c:52:45:7d:e8:a8:d9:82:5d:01:99:c8:
                    56:70:a1:44:42:77:84:f2:ce:f6:55:af:b9:a3:96:
                    ee:15:40:b2:e1:09:b7:42:8d:9a:7e:8e:43:7d:f3:
                    8c:eb:5a:d2:0a:d7:cb:08:ff:1c:73:50:55:1c:88:
                    19:26:eb:fc:5c:96:d5:07:69:37:32:12:f1:6e:20:
                    6e:6c:c2:67:aa:17:ec:7d:12:71:5f:f7:13:64:90:
                    99:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A1:31:D8:09:38:F7:25:02:A7:D1:46:2D:FB:8E:FD:7E:50:52:6C
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/xaEx2Ak49yUCp9FGLfuO_X5QUmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.0.0/23
                  46.253.4.0/24
                  91.132.60.0/24
                  91.132.62.0/23
                  93.94.140.0/24
                  93.94.142.0/24
                  95.169.202.0/24
                  185.1.156.0/24
                  185.243.213.0/24
                IPv6:
                  2a09:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:cf:6f:26:14:48:a4:f1:93:02:58:04:04:a1:3d:28:5e:b3:
         b0:0c:43:45:86:9e:a3:bd:cb:15:bb:34:c3:f1:a4:23:93:ad:
         fc:64:5d:97:24:b0:77:ef:3f:1b:f1:a9:d1:51:f8:4a:c1:42:
         54:04:4c:75:ce:33:f6:ff:c7:11:92:fb:93:a2:c0:b2:21:2c:
         62:b5:1f:76:57:94:e7:2c:78:2f:e0:c0:99:98:3b:fc:ce:1a:
         45:3b:2c:90:ec:6b:47:bd:8f:30:ba:79:1c:03:53:fe:f1:fd:
         b4:b1:df:1f:40:8b:7b:10:09:c8:c1:37:a7:90:42:38:9b:1f:
         78:26:41:44:a7:a7:12:37:a6:db:0a:0d:57:91:11:6b:a8:3a:
         5a:a3:7c:5f:6f:d3:7f:b4:23:44:65:cb:6e:a5:0d:01:32:43:
         4e:6f:9d:77:c2:75:31:8c:bf:93:b5:65:26:8f:01:fd:90:b3:
         90:d0:36:f2:40:e8:83:ba:87:9b:5c:31:b6:cf:c6:ea:b6:de:
         61:7a:60:ce:1d:2a:6c:f0:a6:93:44:b1:53:08:fa:25:cc:cd:
         03:f4:d0:2a:17:5b:2e:dd:52:79:8d:34:59:41:9e:b7:de:dd:
         34:df:7b:8d:84:4c:e3:6e:55:f7:30:f7:1f:e9:e8:b3:6e:fa:
         9a:25:9a:82
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZOrbJ5n6wEx8Dn79YzG/HCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQxMjA5MTIzNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWExMzFkODA5MzhmNzI1MDJhN2QxNDYyZGZiOGVmZDdlNTA1MjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vMj9+6B9xYmtO6Q+dzvP4lTFntM
TB/sh2MSxDQ4qCJVy7uwSc8U/JBjseZ8Lmnh/WOuSNhh4n+Jo5Dyk25MEUGEgUik
L6ob6g72TspD8fKqDfg7DYzlok4kAA1sEHan/2WLat/Lwg1lSv29t4wF+XgU08+L
5x74w5G1U0pSMbyCXRq2zN95IP3mCJRc8wgMRMNixG2tRU+KrapFAoUQzIjX2At5
cVVMUkV96KjZgl0BmchWcKFEQneE8s72Va+5o5buFUCy4Qm3Qo2afo5DffOM61rS
CtfLCP8cc1BVHIgZJuv8XJbVB2k3MhLxbiBubMJnqhfsfRJxX/cTZJCZRwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMWhMdgJOPclAqfRRi37jv1+UFJsMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEveGFFeDJBazQ5eVVDcDlGR0xmdU9fWDVRVW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQBLv0AAwQA
Lv0EAwQAW4Q8AwQBW4Q+AwQAXV6MAwQAXV6OAwQAX6nKAwQAuQGcAwQAufPVMA0E
AgACMAcDBQAqCb6AMA0GCSqGSIb3DQEBCwUAA4IBAQBYz28mFEik8ZMCWAQEoT0o
XrOwDENFhp6jvcsVuzTD8aQjk638ZF2XJLB37z8b8anRUfhKwUJUBEx1zjP2/8cR
kvuTosCyISxitR92V5TnLHgv4MCZmDv8zhpFOyyQ7GtHvY8wunkcA1P+8f20sd8f
QIt7EAnIwTenkEI4mx94JkFEp6cSN6bbCg1XkRFrqDpao3xfb9N/tCNEZctupQ0B
MkNOb513wnUxjL+TtWUmjwH9kLOQ0DbyQOiDuoebXDG2z8bqtt5hemDOHSps8KaT
RLFTCPolzM0D9NAqF1su3VJ5jTRZQZ633t0033uNhEzjblX3MPcf6eizbvqaJZqC
-----END CERTIFICATE-----