Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa
File:                     MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa (raw, json)
Hash identifier:          xl56hrcC2vdtGqoWByQJLzqQms1sMIhFprXdgk7PuIA=
Subject key identifier:   30:17:4F:93:C8:AA:AE:25:48:43:4C:2F:B9:27:20:B5:75:3E:E8:78
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0196BAA57FF5245BFFF0FD058AB761373B73
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa
Signing time:             Sat 10 May 2025 14:42:10 +0000
ROA not before:           Sat 10 May 2025 14:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        109.236.49.0/24 maxlen: 24
                          109.236.51.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24
                          185.254.28.0/24 maxlen: 24
                          185.254.29.0/24 maxlen: 24
                          193.35.152.0/24 maxlen: 24
                          193.35.153.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 30 May 2025 11:33:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:a5:7f:f5:24:5b:ff:f0:fd:05:8a:b7:61:37:3b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: May 10 14:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30174f93c8aaae2548434c2fb92720b5753ee878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5f:99:1a:e9:9d:13:22:9f:1b:8f:27:35:7b:
                    79:e3:28:2d:b1:7a:10:ba:bb:f3:10:00:ff:aa:49:
                    7a:c2:27:26:3a:4a:aa:56:ce:5b:9b:69:17:b6:40:
                    0d:1e:d8:6e:eb:79:27:f5:c4:f4:0a:6b:b4:d2:b7:
                    56:d4:35:56:e7:99:8c:21:50:5d:9b:51:c1:b6:e8:
                    bc:a4:a1:ec:9a:a8:05:c8:21:84:34:ea:fd:31:a6:
                    f0:a3:d9:b3:96:91:79:8c:91:a0:e7:65:96:c2:d9:
                    6b:4f:cb:e2:99:20:c3:9a:1e:37:27:94:2c:e7:c6:
                    8d:1d:d2:47:70:a8:55:9c:a1:1c:ce:c1:d4:50:0f:
                    5f:7d:95:e7:fa:28:1c:7b:f9:32:0c:3d:96:53:2d:
                    17:b0:7c:da:68:a2:a8:68:09:12:93:7a:ed:c7:88:
                    79:3f:3b:63:86:1b:e8:bd:dc:47:2b:a1:55:80:19:
                    fa:c2:d7:ed:49:24:ea:77:a8:15:ab:08:51:5f:18:
                    4a:fd:8e:4e:25:86:26:96:96:7e:d9:0c:3e:a3:35:
                    46:58:b0:1b:a5:6b:d5:74:6d:19:47:4b:44:5c:01:
                    7b:43:c2:66:3c:49:fb:d5:dd:a3:1c:55:b7:9f:c6:
                    c4:cb:a8:8c:f9:51:fc:6e:40:3c:3a:5a:ee:24:f1:
                    00:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:17:4F:93:C8:AA:AE:25:48:43:4C:2F:B9:27:20:B5:75:3E:E8:78
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.49.0/24
                  109.236.51.0/24
                  185.86.6.0/24
                  185.254.28.0/23
                  193.35.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:1b:92:a2:d9:de:a5:34:e9:26:d4:d1:5b:50:81:73:d5:64:
         7b:84:91:06:8d:da:8f:fc:b8:d8:40:a8:1a:46:d5:68:87:1e:
         b1:a4:1e:69:cd:28:3e:be:9a:ac:86:35:2b:fa:2a:40:66:88:
         c1:1f:d8:a8:51:b9:5d:12:71:cd:b5:bb:f5:b9:a5:75:04:2e:
         47:01:ec:11:32:0d:ed:9d:b9:a3:21:f3:33:15:2e:61:d7:63:
         68:39:c3:e8:b0:03:36:b9:44:8f:e5:5f:66:49:6a:09:cb:cb:
         a2:95:bd:57:95:a1:5f:17:21:b6:5a:36:d6:e9:b8:25:46:26:
         ab:43:c1:b5:60:d6:9d:86:1b:d0:73:4a:08:dd:92:60:e2:d9:
         08:25:54:71:24:e4:07:3b:f8:ce:3d:00:6e:a0:8c:33:8d:28:
         47:fd:f1:7d:47:be:33:c8:d6:88:52:e5:41:f8:88:c3:76:71:
         b5:ff:e3:43:25:ad:19:81:5c:e5:70:3b:3b:71:7e:a2:d4:41:
         e6:24:10:0a:6e:b0:79:ab:9b:67:bc:48:47:c6:ae:a2:8d:ee:
         4b:56:b6:95:3a:d0:1e:7e:1d:ad:27:e5:5a:39:f1:37:02:87:
         89:19:63:5f:31:8f:66:bf:09:4b:98:ab:fe:a9:b9:e7:90:ca:
         d0:56:f7:de
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZa6pX/1JFv/8P0FirdhNztzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNTEwMTQ0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDE3NGY5M2M4YWFhZTI1NDg0MzRjMmZiOTI3MjBiNTc1M2VlODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1+ZGumdEyKfG48nNXt54ygtsXoQ
urvzEAD/qkl6wicmOkqqVs5bm2kXtkANHthu63kn9cT0Cmu00rdW1DVW55mMIVBd
m1HBtui8pKHsmqgFyCGENOr9Mabwo9mzlpF5jJGg52WWwtlrT8vimSDDmh43J5Qs
58aNHdJHcKhVnKEczsHUUA9ffZXn+igce/kyDD2WUy0XsHzaaKKoaAkSk3rtx4h5
PztjhhvovdxHK6FVgBn6wtftSSTqd6gVqwhRXxhK/Y5OJYYmlpZ+2Qw+ozVGWLAb
pWvVdG0ZR0tEXAF7Q8JmPEn71d2jHFW3n8bEy6iM+VH8bkA8OlruJPEAyQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDAXT5PIqq4lSENML7knILV1Puh4MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTUJkUGs4aXFyaVZJUTB3dnVTY2d0WFUtNkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbewxAwQA
bewzAwQAuVYGAwQBuf4cAwQBwSOYMA0GCSqGSIb3DQEBCwUAA4IBAQCPG5Ki2d6l
NOkm1NFbUIFz1WR7hJEGjdqP/LjYQKgaRtVohx6xpB5pzSg+vpqshjUr+ipAZojB
H9ioUbldEnHNtbv1uaV1BC5HAewRMg3tnbmjIfMzFS5h12NoOcPosAM2uUSP5V9m
SWoJy8uilb1XlaFfFyG2WjbW6bglRiarQ8G1YNadhhvQc0oI3ZJg4tkIJVRxJOQH
O/jOPQBuoIwzjShH/fF9R74zyNaIUuVB+IjDdnG1/+NDJa0ZgVzlcDs7cX6i1EHm
JBAKbrB5q5tnvEhHxq6ije5LVraVOtAefh2tJ+VaOfE3AoeJGWNfMY9mvwlLmKv+
qbnnkMrQVvfe
-----END CERTIFICATE-----
Generated at Tue Jun 10 14:01:01 2025 by rpki-client