Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2XPmXS2kMXsR3-1rzCP1nhoUF-w.roa
File:                     2XPmXS2kMXsR3-1rzCP1nhoUF-w.roa (raw, json)
Hash identifier:          8dbue9i+OE3mt0TfZqFqO8ZQIgIIPQhZ/gP+sUYzSyc=
Subject key identifier:   D9:73:E6:5D:2D:A4:31:7B:11:DF:ED:6B:CC:23:F5:9E:1A:14:17:EC
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0194F1AC2E9AC828AB46F7F00215AAA94EBF
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2XPmXS2kMXsR3-1rzCP1nhoUF-w.roa
Signing time:             Mon 10 Feb 2025 21:03:00 +0000
ROA not before:           Mon 10 Feb 2025 21:03:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        109.236.48.0/24 maxlen: 24
                          109.236.49.0/24 maxlen: 24
                          109.236.50.0/24 maxlen: 24
                          109.236.51.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24
                          185.254.28.0/24 maxlen: 24
                          185.254.29.0/24 maxlen: 24
                          193.35.152.0/24 maxlen: 24
                          193.35.155.0/24 maxlen: 24
                          194.62.52.0/24 maxlen: 24
                          194.62.53.0/24 maxlen: 24
                          194.62.54.0/24 maxlen: 24
                          194.62.55.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 13 Feb 2025 09:33:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f1:ac:2e:9a:c8:28:ab:46:f7:f0:02:15:aa:a9:4e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Feb 10 21:03:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d973e65d2da4317b11dfed6bcc23f59e1a1417ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:e3:43:da:95:ad:d9:6e:92:9a:12:e6:d6:
                    b6:aa:2f:79:e1:28:84:f7:59:98:37:56:fd:0d:02:
                    38:32:81:d6:f3:7f:22:9c:71:7a:f0:4e:10:7f:9f:
                    88:51:d1:0a:f7:7d:d4:15:9a:e0:b7:88:8b:86:43:
                    0c:52:35:ce:9f:cd:a2:38:e5:55:fd:4e:f6:6d:8f:
                    49:ea:3c:0f:ed:2c:7f:bd:fa:b0:cb:49:ad:e6:c3:
                    5d:44:ed:a3:ef:7c:39:39:3c:37:d7:e1:90:d4:7c:
                    b6:ea:a6:ad:55:7c:8f:af:28:1e:e6:cd:71:ca:28:
                    b4:21:cd:10:d6:bb:19:d3:9c:50:2f:a8:0f:83:0d:
                    0b:bc:05:cb:93:0b:de:1a:1e:d2:af:fc:3d:a4:32:
                    c4:d3:57:7f:07:96:52:1c:36:9c:61:0c:91:5a:51:
                    6f:65:1e:bc:0c:dc:bd:b3:e6:be:9c:98:1e:4f:96:
                    79:d7:45:0a:4d:b2:c2:0d:5b:d3:a3:7e:26:70:c7:
                    a3:ac:06:3f:e1:88:96:01:bb:f6:06:e3:fc:b4:4c:
                    4b:dc:dd:cf:af:b1:3a:92:1f:cc:14:a2:0e:65:28:
                    11:f3:c4:b4:a5:e6:3b:05:ae:55:12:0e:17:86:6a:
                    9f:4e:93:78:43:27:e0:3d:2f:b4:6d:c9:d4:bb:bb:
                    cc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:73:E6:5D:2D:A4:31:7B:11:DF:ED:6B:CC:23:F5:9E:1A:14:17:EC
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2XPmXS2kMXsR3-1rzCP1nhoUF-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.48.0/22
                  185.86.6.0/24
                  185.254.28.0/23
                  193.35.152.0/24
                  193.35.155.0/24
                  194.62.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:90:c0:80:40:a3:f3:f3:25:31:a9:be:04:fe:1a:35:8e:fe:
         b3:f3:a9:6b:eb:0a:73:cc:07:31:6f:98:20:f6:fa:51:85:b0:
         2a:23:09:60:d0:05:a9:b4:32:88:a3:27:93:56:85:af:58:4b:
         ea:e0:0f:dd:ef:0e:d6:8b:2a:3f:a1:9c:41:db:dd:cd:de:2d:
         e0:04:e7:53:03:0c:4a:a5:45:a3:38:fe:b0:f5:de:ec:50:a9:
         e3:26:c6:26:33:04:05:34:8f:da:8b:9d:8f:28:8c:82:97:35:
         72:19:dc:d3:a2:ce:86:e0:00:62:7e:8e:f2:7c:23:d6:70:30:
         dd:12:25:b4:a6:47:9d:97:c4:18:dd:18:6a:a0:7a:95:ab:9a:
         56:2a:e0:4e:3e:58:f3:b4:2e:52:09:07:6d:c8:ef:0c:20:7b:
         1c:32:32:b0:c1:5b:28:f2:48:f5:07:33:49:04:f6:ba:04:8a:
         8a:bc:a5:7c:26:a6:1f:2b:51:ee:e5:c9:7b:9c:4f:26:60:62:
         ff:ac:49:e4:86:22:50:29:9e:53:63:b1:ad:f3:6b:a2:09:2a:
         12:a3:d7:6b:a1:72:a8:26:c0:91:0d:06:33:3f:fa:86:73:1c:
         95:f0:a9:88:c6:90:af:ef:6e:54:25:27:d0:ee:ae:96:eb:b7:
         71:df:29:21
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZTxrC6ayCirRvfwAhWqqU6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMjEwMjEwMzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTczZTY1ZDJkYTQzMTdiMTFkZmVkNmJjYzIzZjU5ZTFhMTQxN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW3jQ9qVrdlukpoS5ta2qi954SiE
91mYN1b9DQI4MoHW838inHF68E4Qf5+IUdEK933UFZrgt4iLhkMMUjXOn82iOOVV
/U72bY9J6jwP7Sx/vfqwy0mt5sNdRO2j73w5OTw31+GQ1Hy26qatVXyPryge5s1x
yii0Ic0Q1rsZ05xQL6gPgw0LvAXLkwveGh7Sr/w9pDLE01d/B5ZSHDacYQyRWlFv
ZR68DNy9s+a+nJgeT5Z510UKTbLCDVvTo34mcMejrAY/4YiWAbv2BuP8tExL3N3P
r7E6kh/MFKIOZSgR88S0peY7Ba5VEg4XhmqfTpN4QyfgPS+0bcnUu7vM0wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNlz5l0tpDF7Ed/ta8wj9Z4aFBfsMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvMlhQbVhTMmtNWHNSMy0xcnpDUDFuaG9VRi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCbewwAwQA
uVYGAwQBuf4cAwQAwSOYAwQAwSObAwQCwj40MA0GCSqGSIb3DQEBCwUAA4IBAQCM
kMCAQKPz8yUxqb4E/ho1jv6z86lr6wpzzAcxb5gg9vpRhbAqIwlg0AWptDKIoyeT
VoWvWEvq4A/d7w7Wiyo/oZxB293N3i3gBOdTAwxKpUWjOP6w9d7sUKnjJsYmMwQF
NI/ai52PKIyClzVyGdzTos6G4ABifo7yfCPWcDDdEiW0pkedl8QY3RhqoHqVq5pW
KuBOPljztC5SCQdtyO8MIHscMjKwwVso8kj1BzNJBPa6BIqKvKV8JqYfK1Hu5cl7
nE8mYGL/rEnkhiJQKZ5TY7Gt82uiCSoSo9droXKoJsCRDQYzP/qGcxyV8KmIxpCv
725UJSfQ7q6W67dx3ykh
-----END CERTIFICATE-----