Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/_dR8nkzYNRO_g0X-OJOUhoW38Bs.roa
File:                     _dR8nkzYNRO_g0X-OJOUhoW38Bs.roa (raw, json)
Hash identifier:          vOjo088GQNO/mRN8QAZSO6KO64oJiOzApPwyTzWCozU=
Subject key identifier:   FD:D4:7C:9E:4C:D8:35:13:BF:83:45:FE:38:93:94:86:85:B7:F0:1B
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       0194221FF618643B1B5D7A125CC19247CDB6
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/_dR8nkzYNRO_g0X-OJOUhoW38Bs.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25454
IP address blocks:        46.166.0.0/18 maxlen: 24
                          77.89.192.0/18 maxlen: 24
                          94.243.64.0/18 maxlen: 24
                          185.8.68.0/22 maxlen: 22
                          185.8.68.0/23 maxlen: 23
                          185.167.132.0/22 maxlen: 24
                          188.131.0.0/17 maxlen: 24
                          193.239.182.0/23 maxlen: 24
                          195.22.224.0/19 maxlen: 24
                          212.56.192.0/19 maxlen: 24
                          217.12.112.0/20 maxlen: 24
                          2a00:1858::/32 maxlen: 48
Validation:               Failed, certificate revoked on Tue 18 Feb 2025 07:32:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f6:18:64:3b:1b:5d:7a:12:5c:c1:92:47:cd:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd47c9e4cd83513bf8345fe3893948685b7f01b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:04:4a:f3:8c:11:96:18:79:ac:5f:f7:9f:c2:
                    bc:42:35:af:04:f4:2f:da:a8:8e:36:48:77:15:7f:
                    3b:16:40:a5:c2:99:1e:a1:41:10:34:d4:15:6a:8e:
                    6e:ec:bc:a0:a7:15:c7:ff:71:20:42:f3:fe:0a:8a:
                    f7:d3:d3:2d:09:0a:ac:2e:da:a9:09:57:19:69:a9:
                    37:f2:5e:4b:e1:e0:49:0e:68:f9:f6:44:a1:29:0d:
                    86:e1:b5:df:da:cc:00:95:64:6d:0b:ec:d7:1d:25:
                    64:82:7b:74:bc:49:7b:5a:20:33:2f:72:67:46:c1:
                    c9:e7:f8:50:59:8b:f9:4c:cc:59:34:37:a8:df:d6:
                    de:70:25:f7:b7:db:b2:85:76:40:ef:90:37:f4:1d:
                    80:e6:21:1f:05:fb:b2:75:c1:98:61:44:09:8d:d3:
                    08:5e:54:0d:f2:ba:ce:77:d2:ca:e9:62:94:d5:ba:
                    69:95:cc:fb:9a:b5:90:4a:54:b2:25:75:bb:7d:d0:
                    84:ca:c0:b9:a4:cc:85:27:46:77:69:e7:fd:27:7e:
                    14:22:54:b3:7e:29:46:f1:73:4a:53:8a:e2:07:fe:
                    9a:c6:80:65:d9:d2:f4:74:44:2f:25:02:40:68:50:
                    22:f4:27:64:4e:58:22:29:21:f8:90:f5:ff:cb:67:
                    f5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D4:7C:9E:4C:D8:35:13:BF:83:45:FE:38:93:94:86:85:B7:F0:1B
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/_dR8nkzYNRO_g0X-OJOUhoW38Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.166.0.0/18
                  77.89.192.0/18
                  94.243.64.0/18
                  185.8.68.0/22
                  185.167.132.0/22
                  188.131.0.0/17
                  193.239.182.0/23
                  195.22.224.0/19
                  212.56.192.0/19
                  217.12.112.0/20
                IPv6:
                  2a00:1858::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:2a:5c:50:2b:67:f3:be:fb:16:8d:98:1b:20:5c:7f:db:9a:
         b9:8d:8a:72:6f:b9:09:5f:7f:28:09:c4:04:8f:22:87:16:68:
         72:eb:0c:db:36:21:f4:5c:3d:bd:dc:a6:2f:65:8b:47:7d:c2:
         e1:99:70:56:db:b3:88:06:dd:1b:0a:8f:5c:08:3f:ff:24:c4:
         7b:ab:40:ff:4a:d2:6e:c7:3b:4f:b0:36:51:08:5f:20:54:96:
         df:fa:06:d8:7f:3a:2a:bc:6d:37:64:e1:38:98:db:d1:a3:50:
         f3:94:e4:b9:61:7e:a2:d4:fc:df:c9:8c:de:6e:6e:9e:6f:81:
         30:42:cf:b4:a6:b8:7a:2f:f4:78:e5:1f:f7:f7:4d:a6:cf:f9:
         1b:e5:19:5c:b5:88:ba:3b:13:45:1b:ee:ee:c0:57:bd:c5:1a:
         1a:e6:82:d7:47:cf:53:34:af:76:1a:da:70:8c:00:95:d9:11:
         67:1b:91:18:05:04:f8:eb:39:38:7f:77:37:fd:fa:62:c3:b3:
         06:f9:ff:01:3b:04:30:dd:de:6c:97:56:4f:db:fd:b6:0b:ff:
         c4:a9:9d:5c:94:48:fa:c4:83:78:47:78:a7:30:cd:f4:08:5c:
         62:fe:30:07:f7:c1:d1:1a:40:2f:88:c9:cd:59:17:6b:7f:66:
         91:5a:8c:2a
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZQiH/YYZDsbXXoSXMGSR822MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ0N2M5ZTRjZDgzNTEzYmY4MzQ1ZmUzODkzOTQ4Njg1YjdmMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ARK84wRlhh5rF/3n8K8QjWvBPQv
2qiONkh3FX87FkClwpkeoUEQNNQVao5u7LygpxXH/3EgQvP+Cor309MtCQqsLtqp
CVcZaak38l5L4eBJDmj59kShKQ2G4bXf2swAlWRtC+zXHSVkgnt0vEl7WiAzL3Jn
RsHJ5/hQWYv5TMxZNDeo39becCX3t9uyhXZA75A39B2A5iEfBfuydcGYYUQJjdMI
XlQN8rrOd9LK6WKU1bpplcz7mrWQSlSyJXW7fdCEysC5pMyFJ0Z3aef9J34UIlSz
filG8XNKU4riB/6axoBl2dL0dEQvJQJAaFAi9CdkTlgiKSH4kPX/y2f1CwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFP3UfJ5M2DUTv4NF/jiTlIaFt/AbMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvX2RSOG5rellOUk9fZzBYLU9KT1Vob1czOEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQGLqYAAwQG
TVnAAwQGXvNAAwQCuQhEAwQCuaeEAwQHvIMAAwQBwe+2AwQFwxbgAwQF1DjAAwQE
2QxwMA0EAgACMAcDBQAqABhYMA0GCSqGSIb3DQEBCwUAA4IBAQAzKlxQK2fzvvsW
jZgbIFx/25q5jYpyb7kJX38oCcQEjyKHFmhy6wzbNiH0XD293KYvZYtHfcLhmXBW
27OIBt0bCo9cCD//JMR7q0D/StJuxztPsDZRCF8gVJbf+gbYfzoqvG03ZOE4mNvR
o1DzlOS5YX6i1PzfyYzebm6eb4EwQs+0prh6L/R45R/3902mz/kb5RlctYi6OxNF
G+7uwFe9xRoa5oLXR89TNK92GtpwjACV2RFnG5EYBQT46zk4f3c3/fpiw7MG+f8B
OwQw3d5sl1ZP2/22C//EqZ1clEj6xIN4R3inMM30CFxi/jAH98HRGkAviMnNWRdr
f2aRWowq
-----END CERTIFICATE-----