Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/fx1j66CDV7YvqFfG0M9M62qV07Y.roa
File:                     fx1j66CDV7YvqFfG0M9M62qV07Y.roa (raw, json)
Hash identifier:          OT1MLksszxKJOCIbC4BwdmTLYUVoWbXnQts0OqYnYlo=
Subject key identifier:   7F:1D:63:EB:A0:83:57:B6:2F:A8:57:C6:D0:CF:4C:EB:6A:95:D3:B6
Certificate issuer:       /CN=30a55632ec9034c9b9a3f290aaecd9a07c1f26ab
Certificate serial:       0193D40C1802E7910C676B9BD8B9F1284DB1
Authority key identifier: 30:A5:56:32:EC:90:34:C9:B9:A3:F2:90:AA:EC:D9:A0:7C:1F:26:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MKVWMuyQNMm5o_KQquzZoHwfJqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/fx1j66CDV7YvqFfG0M9M62qV07Y.roa
Signing time:             Tue 17 Dec 2024 09:56:22 +0000
ROA not before:           Tue 17 Dec 2024 09:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199508
IP address blocks:        45.8.128.0/22 maxlen: 22
                          62.220.252.0/22 maxlen: 22
                          85.194.236.0/23 maxlen: 23
                          89.41.48.0/24 maxlen: 24
                          89.42.43.0/24 maxlen: 24
                          185.11.208.0/22 maxlen: 22
                          185.195.149.0/24 maxlen: 24
                          185.195.150.0/23 maxlen: 23
                          195.192.250.0/23 maxlen: 23
                          2a01:b5a0::/32 maxlen: 32
                          2a03:6f40::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:d4:0c:18:02:e7:91:0c:67:6b:9b:d8:b9:f1:28:4d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30a55632ec9034c9b9a3f290aaecd9a07c1f26ab
        Validity
            Not Before: Dec 17 09:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f1d63eba08357b62fa857c6d0cf4ceb6a95d3b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:12:ef:af:68:0d:25:16:f9:0b:98:bc:b2:fe:
                    16:7a:dd:86:4f:49:65:96:e2:dd:4b:3f:9e:de:a6:
                    13:c8:96:95:da:88:b6:ce:1b:45:55:9b:ef:48:60:
                    a6:1b:a8:60:22:1e:62:9c:29:3a:5d:33:c9:9b:8d:
                    b3:02:23:1f:91:bd:e4:ad:72:8f:a7:ee:b9:0a:1e:
                    55:6b:2d:cc:9e:76:ab:7c:d5:99:c2:ad:ad:10:e8:
                    9b:ca:a2:06:9c:aa:e9:72:bb:c0:03:d7:67:b1:b3:
                    73:0f:4b:0a:bc:ce:5f:ff:8a:f5:64:e8:22:f4:56:
                    23:ee:62:d3:23:fc:2b:d9:f6:ad:fd:94:7d:d7:6f:
                    47:4a:50:8e:a1:66:df:67:7d:4e:56:a8:67:26:0a:
                    1f:d3:b8:f1:d9:bf:03:90:5b:27:4e:59:54:17:bb:
                    4d:08:62:78:35:d6:df:4b:fe:3b:82:7b:52:2a:1d:
                    f4:98:4d:de:3f:64:eb:73:6e:7b:28:6e:fa:cf:87:
                    79:25:e4:9e:9d:c9:72:cf:2d:2e:ac:23:1a:7c:36:
                    bf:d4:9c:1b:ff:19:ec:dd:ff:fc:3a:1e:de:22:69:
                    20:1f:32:71:56:cb:c6:3c:65:62:8d:7e:61:12:9b:
                    d3:52:a1:c9:ce:85:c4:fa:7e:fa:51:84:87:c5:00:
                    ec:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:1D:63:EB:A0:83:57:B6:2F:A8:57:C6:D0:CF:4C:EB:6A:95:D3:B6
            X509v3 Authority Key Identifier:
                keyid:30:A5:56:32:EC:90:34:C9:B9:A3:F2:90:AA:EC:D9:A0:7C:1F:26:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MKVWMuyQNMm5o_KQquzZoHwfJqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/fx1j66CDV7YvqFfG0M9M62qV07Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/850024-84ee-44c8-b2d9-7d20eb063455/1/MKVWMuyQNMm5o_KQquzZoHwfJqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.128.0/22
                  62.220.252.0/22
                  85.194.236.0/23
                  89.41.48.0/24
                  89.42.43.0/24
                  185.11.208.0/22
                  185.195.149.0-185.195.151.255
                  195.192.250.0/23
                IPv6:
                  2a01:b5a0::/32
                  2a03:6f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:3a:d8:53:30:23:9c:ca:4b:fc:53:ee:97:e1:ef:94:83:66:
         5e:74:2b:05:c9:87:d1:1f:41:6c:83:d1:0c:33:6b:b0:a9:ee:
         d4:1a:a9:bd:59:51:f6:e6:0a:00:18:3c:92:7c:1c:57:bd:55:
         f8:54:f4:62:5a:57:fd:52:45:d7:af:b7:6c:77:1a:55:96:3a:
         93:ac:71:33:62:fc:ea:9e:e5:ea:1e:54:93:18:01:c9:26:34:
         c2:0a:ab:b4:e7:d4:dd:3f:5a:0e:00:7d:36:17:4d:39:7d:16:
         f9:a3:bd:38:a1:86:3c:92:76:34:42:cc:05:47:90:4b:f2:f5:
         fa:45:89:6d:b6:60:b8:65:66:2d:1f:00:28:4b:ca:36:4b:66:
         60:b1:d3:ad:cd:97:47:dc:54:80:fe:94:f6:1d:97:9c:6e:a1:
         6a:b9:36:e4:2e:53:46:90:17:01:78:37:11:1e:75:28:97:4f:
         6f:fd:f3:ca:2b:47:60:1e:66:03:05:5e:2c:b4:b1:44:17:77:
         0a:66:eb:2c:8b:c7:7a:65:ca:58:ab:48:86:a1:38:42:23:12:
         e1:b0:87:c2:2f:f8:7b:ed:2c:9e:84:3f:fa:53:61:57:ce:59:
         ba:11:38:5a:08:ea:3c:a0:5c:bf:53:8f:33:f7:3a:d2:70:d1:
         d3:45:38:d2
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZPUDBgC55EMZ2ub2LnxKE2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYTU1NjMyZWM5MDM0YzliOWEzZjI5MGFhZWNkOWEwN2Mx
ZjI2YWIwHhcNMjQxMjE3MDk1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjFkNjNlYmEwODM1N2I2MmZhODU3YzZkMGNmNGNlYjZhOTVkM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthLvr2gNJRb5C5i8sv4Wet2GT0ll
luLdSz+e3qYTyJaV2oi2zhtFVZvvSGCmG6hgIh5inCk6XTPJm42zAiMfkb3krXKP
p+65Ch5Vay3MnnarfNWZwq2tEOibyqIGnKrpcrvAA9dnsbNzD0sKvM5f/4r1ZOgi
9FYj7mLTI/wr2fat/ZR9129HSlCOoWbfZ31OVqhnJgof07jx2b8DkFsnTllUF7tN
CGJ4NdbfS/47gntSKh30mE3eP2Trc257KG76z4d5JeSenclyzy0urCMafDa/1Jwb
/xns3f/8Oh7eImkgHzJxVsvGPGVijX5hEpvTUqHJzoXE+n76UYSHxQDscwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFH8dY+ugg1e2L6hXxtDPTOtqldO2MB8GA1UdIwQY
MBaAFDClVjLskDTJuaPykKrs2aB8HyarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtWV011eVFOTW01b19LUXF1elpvSHdmSnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84NTAwMjQtODRlZS00NGM4LWIyZDkt
N2QyMGViMDYzNDU1LzEvZngxajY2Q0RWN1l2cUZmRzBNOU02MnFWMDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84NTAwMjQtODRlZS00NGM4LWIyZDktN2QyMGViMDYzNDU1
LzEvTUtWV011eVFOTW01b19LUXF1elpvSHdmSnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQCLQiAAwQC
Ptz8AwQBVcLsAwQAWSkwAwQAWSorAwQCuQvQMAwDBAC5w5UDBAO5w5ADBAHDwPow
FAQCAAIwDgMFACoBtaADBQAqA29AMA0GCSqGSIb3DQEBCwUAA4IBAQAfOthTMCOc
ykv8U+6X4e+Ug2ZedCsFyYfRH0Fsg9EMM2uwqe7UGqm9WVH25goAGDySfBxXvVX4
VPRiWlf9UkXXr7dsdxpVljqTrHEzYvzqnuXqHlSTGAHJJjTCCqu059TdP1oOAH02
F005fRb5o704oYY8knY0QswFR5BL8vX6RYlttmC4ZWYtHwAoS8o2S2ZgsdOtzZdH
3FSA/pT2HZecbqFquTbkLlNGkBcBeDcRHnUol09v/fPKK0dgHmYDBV4stLFEF3cK
Zussi8d6ZcpYq0iGoThCIxLhsIfCL/h77SyehD/6U2FXzlm6EThaCOo8oFy/U48z
9zrScNHTRTjS
-----END CERTIFICATE-----