Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/XkRKQofPomei-9Z6YZKgmVLFUIA.roa
File:                     XkRKQofPomei-9Z6YZKgmVLFUIA.roa (raw, json)
Hash identifier:          l/iqZTkI4EeidmGNUb75lTjZTKWSYSlWFg8gBOqJxao=
Subject key identifier:   5E:44:4A:42:87:CF:A2:67:A2:FB:D6:7A:61:92:A0:99:52:C5:50:80
Certificate issuer:       /CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
Certificate serial:       019420682814AE5F8A5D9E08C3A8FB351ABF
Authority key identifier: 7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/XkRKQofPomei-9Z6YZKgmVLFUIA.roa
Signing time:             Wed 01 Jan 2025 05:48:04 +0000
ROA not before:           Wed 01 Jan 2025 05:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43541
IP address blocks:        46.243.48.0/21 maxlen: 21
                          46.243.48.0/24 maxlen: 24
                          46.243.53.0/24 maxlen: 24
                          46.243.55.0/24 maxlen: 24
                          78.24.8.0/21 maxlen: 21
                          93.185.96.0/20 maxlen: 20
                          178.251.184.0/21 maxlen: 21
                          185.14.252.0/22 maxlen: 22
                          185.59.208.0/22 maxlen: 22
                          185.64.216.0/22 maxlen: 22
                          185.115.1.0/24 maxlen: 24
                          185.115.2.0/24 maxlen: 24
                          217.16.176.0/20 maxlen: 20
                          2a00:1ed0::/32 maxlen: 32
                          2a00:1ed1::/32 maxlen: 32
                          2a00:1ed2::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 01 Apr 2025 20:17:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:28:14:ae:5f:8a:5d:9e:08:c3:a8:fb:35:1a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
        Validity
            Not Before: Jan  1 05:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e444a4287cfa267a2fbd67a6192a09952c55080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:dd:01:87:99:35:66:92:7c:4e:98:0d:da:65:
                    eb:58:46:b9:21:4f:f2:43:b9:65:0c:e0:71:14:b0:
                    ff:fc:0c:26:0d:91:24:68:22:d4:7a:73:9a:0d:8e:
                    a9:f1:91:24:a6:92:94:8c:53:4b:82:e5:f2:a4:b4:
                    9c:44:bf:c8:2b:f3:b9:47:66:a1:5a:76:47:a0:8e:
                    10:2d:d8:20:b7:57:20:d6:01:92:a3:34:7d:53:3f:
                    c4:9a:39:60:b9:05:bb:99:1f:7c:77:d6:88:e5:bf:
                    a0:0a:c9:eb:78:f9:e7:4f:5b:21:5b:aa:e7:f6:4d:
                    8d:2e:69:28:42:de:cc:74:8d:24:ed:b6:c1:7c:45:
                    12:16:4d:25:e4:8b:16:27:21:8c:fe:2d:9b:66:6b:
                    1a:7d:f8:14:3a:9e:7f:1d:ab:de:b8:0d:40:26:8d:
                    0c:59:8a:df:14:92:57:f5:62:a8:3f:38:9c:e3:65:
                    78:28:02:3a:a4:1f:61:21:5a:6d:e1:b3:54:4a:e6:
                    6c:04:1d:80:5a:a6:f2:fa:ae:58:ff:ce:40:ca:5f:
                    81:10:ee:1f:37:3c:b0:24:14:a2:80:32:35:27:81:
                    a1:f0:4e:23:4d:a9:32:b1:76:a4:66:20:05:de:1c:
                    e0:1d:3a:80:d4:4b:5a:90:18:58:d4:c8:c0:5d:31:
                    03:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:44:4A:42:87:CF:A2:67:A2:FB:D6:7A:61:92:A0:99:52:C5:50:80
            X509v3 Authority Key Identifier:
                keyid:7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/XkRKQofPomei-9Z6YZKgmVLFUIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.48.0/21
                  78.24.8.0/21
                  93.185.96.0/20
                  178.251.184.0/21
                  185.14.252.0/22
                  185.59.208.0/22
                  185.64.216.0/22
                  185.115.1.0-185.115.2.255
                  217.16.176.0/20
                IPv6:
                  2a00:1ed0::-2a00:1ed2:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         71:1d:9f:0a:e2:7d:59:49:4c:c6:af:89:b8:88:c2:ce:19:4b:
         8e:2f:ff:69:51:cd:45:f2:3e:ca:39:8e:05:85:54:07:d9:6e:
         a4:1e:39:ea:69:a3:60:4c:e6:c7:de:c2:54:63:95:28:aa:e9:
         ad:0e:7b:0e:35:f3:ad:d2:30:7d:44:13:f4:42:87:39:18:86:
         41:0b:6c:f9:d0:90:b8:dd:48:00:db:42:29:b2:65:84:c0:21:
         e7:1f:41:be:d8:1d:ad:91:d2:b9:36:da:f0:f7:09:91:ef:c1:
         a7:ab:fc:48:0a:55:58:90:4a:c1:3f:17:dc:ae:94:25:e5:59:
         b5:b7:19:3b:87:c4:05:2f:89:96:b7:35:61:46:1d:19:d0:96:
         cb:b6:bb:9b:03:65:33:91:96:5b:72:3d:1e:07:12:9b:03:94:
         a4:31:68:48:28:4d:f1:82:7f:60:59:cf:37:91:ca:d6:cf:4f:
         6c:9d:bb:9c:ad:df:c1:68:df:ae:ee:f4:7c:ee:27:9a:24:2d:
         c9:fb:b4:7f:78:ae:22:43:5b:ba:be:1a:d2:db:e8:d0:32:9c:
         38:4a:c3:e9:ec:31:e2:30:ac:a7:ab:c0:e4:85:1c:e5:38:e4:
         d7:1d:7d:13:86:0c:af:a6:b1:00:ad:00:d4:41:71:f1:45:50:
         9c:4e:a8:63
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQgaCgUrl+KXZ4Iw6j7NRq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjVkYWIyMzk0MGNiMzk0ZjlhYWE2NjRmZWE0ZDZmOGY0
MmUzMTgwHhcNMjUwMTAxMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQ0NGE0Mjg3Y2ZhMjY3YTJmYmQ2N2E2MTkyYTA5OTUyYzU1MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN0Bh5k1ZpJ8TpgN2mXrWEa5IU/y
Q7llDOBxFLD//AwmDZEkaCLUenOaDY6p8ZEkppKUjFNLguXypLScRL/IK/O5R2ah
WnZHoI4QLdggt1cg1gGSozR9Uz/EmjlguQW7mR98d9aI5b+gCsnrePnnT1shW6rn
9k2NLmkoQt7MdI0k7bbBfEUSFk0l5IsWJyGM/i2bZmsaffgUOp5/HaveuA1AJo0M
WYrfFJJX9WKoPzic42V4KAI6pB9hIVpt4bNUSuZsBB2AWqby+q5Y/85Ayl+BEO4f
NzywJBSigDI1J4Gh8E4jTakysXakZiAF3hzgHTqA1EtakBhY1MjAXTEDywIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFF5ESkKHz6JnovvWemGSoJlSxVCAMB8GA1UdIwQY
MBaAFH5l2rI5QMs5T5qqZk/qTW+PQuMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYt
ODQ5Y2ZjYWJiNjU3LzEvWGtSS1FvZlBvbWVpLTlaNllaS2dtVkxGVUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYtODQ5Y2ZjYWJiNjU3
LzEvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBEBAIAATA+AwQDLvMwAwQD
ThgIAwQEXblgAwQDsvu4AwQCuQ78AwQCuTvQAwQCuUDYMAwDBAC5cwEDBAC5cwID
BATZELAwFgQCAAIwEDAOAwUEKgAe0AMFACoAHtIwDQYJKoZIhvcNAQELBQADggEB
AHEdnwrifVlJTMavibiIws4ZS44v/2lRzUXyPso5jgWFVAfZbqQeOeppo2BM5sfe
wlRjlSiq6a0Oew41863SMH1EE/RChzkYhkELbPnQkLjdSADbQimyZYTAIecfQb7Y
Ha2R0rk22vD3CZHvwaer/EgKVViQSsE/F9yulCXlWbW3GTuHxAUviZa3NWFGHRnQ
lsu2u5sDZTORlltyPR4HEpsDlKQxaEgoTfGCf2BZzzeRytbPT2ydu5yt38Fo367u
9HzuJ5okLcn7tH94riJDW7q+GtLb6NAynDhKw+nsMeIwrKerwOSFHOU45NcdfROG
DK+msQCtANRBcfFFUJxOqGM=
-----END CERTIFICATE-----