Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/irVpHblWgrNIWCjwQDcGw5cQxjE.roa
File:                     irVpHblWgrNIWCjwQDcGw5cQxjE.roa (raw, json)
Hash identifier:          vnOvnW+AcJctp4GmloJgwisARCjnxRw13NpkQ+8avpM=
Subject key identifier:   8A:B5:69:1D:B9:56:82:B3:48:58:28:F0:40:37:06:C3:97:10:C6:31
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019643043385939085353D9A4F3C6145CD55
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/irVpHblWgrNIWCjwQDcGw5cQxjE.roa
Signing time:             Thu 17 Apr 2025 09:11:10 +0000
ROA not before:           Thu 17 Apr 2025 09:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        45.43.166.0/24 maxlen: 24
                          104.238.21.0/24 maxlen: 24
                          104.238.30.0/24 maxlen: 24
                          104.239.15.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 11:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:04:33:85:93:90:85:35:3d:9a:4f:3c:61:45:cd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr 17 09:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ab5691db95682b3485828f0403706c39710c631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ed:c4:4b:c2:db:0d:2d:26:88:4e:18:6a:2b:
                    65:d8:4b:98:98:24:bf:e4:ae:bc:0d:7b:86:44:05:
                    12:95:5d:38:76:90:40:b1:de:86:f5:a7:5d:0b:9d:
                    9c:09:01:08:3c:3e:17:68:ac:9f:85:d4:e7:4e:e0:
                    e3:b5:77:f6:42:eb:e8:27:06:43:f5:a3:6e:de:d2:
                    17:81:11:42:f9:7d:2a:3e:df:f8:a4:a9:61:59:08:
                    5d:ec:4b:2a:04:f7:7f:df:70:7c:39:dd:8c:7c:64:
                    f2:84:af:66:37:3d:0f:83:21:0f:7e:ad:cc:73:f4:
                    66:9c:6b:e3:96:34:cf:ff:36:d9:6b:3a:21:38:a6:
                    ea:2e:08:00:80:b0:43:84:36:95:bf:62:5b:33:63:
                    9a:a8:bd:08:96:bc:db:c4:42:5d:0b:0d:9e:d1:19:
                    9b:c9:c7:06:b9:c8:10:b7:6b:84:d8:50:ba:03:fb:
                    29:07:fb:f8:e1:4d:ed:5b:27:f5:b6:cd:c2:1e:61:
                    1c:78:51:5f:de:4b:df:a1:6c:26:16:1a:42:62:6c:
                    70:06:cf:f3:ef:42:83:e7:6f:e9:84:43:35:fd:d9:
                    24:db:74:70:65:5c:32:03:33:4c:2e:33:77:19:75:
                    65:6b:80:7b:68:95:a8:4d:9a:ed:49:e2:fb:c6:b7:
                    e7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B5:69:1D:B9:56:82:B3:48:58:28:F0:40:37:06:C3:97:10:C6:31
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/irVpHblWgrNIWCjwQDcGw5cQxjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.166.0/24
                  104.238.21.0/24
                  104.238.30.0/24
                  104.239.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:43:b1:22:d0:d2:8c:49:e2:b3:98:d2:0e:a2:f2:3c:d6:99:
         27:fd:af:09:5c:6d:5f:88:fe:a1:c7:14:fc:af:59:48:2d:77:
         94:6f:de:4d:f6:08:54:41:d8:6c:d5:16:50:56:e8:e0:59:0a:
         65:5d:90:3b:42:ee:8f:4a:b8:46:8f:71:67:81:d0:66:ce:42:
         ff:4a:66:de:b8:50:bc:55:0a:b6:a0:ea:3d:31:ca:01:5b:9d:
         92:a6:77:73:c7:16:1a:bf:a7:a6:94:d0:4c:72:58:7f:03:c4:
         61:66:ad:27:10:c5:ca:f7:43:eb:49:00:06:30:0f:90:3b:4b:
         7f:28:a0:8c:4e:86:9a:be:0c:f8:8e:6c:a9:aa:42:d9:2e:22:
         e5:2a:ae:88:44:b1:6e:2e:ec:b7:fe:26:dc:cb:38:ab:2b:ae:
         e3:16:17:a7:f5:69:4a:23:c3:21:20:c7:1c:66:98:df:f7:34:
         2e:6e:9f:69:33:1f:17:0b:b2:08:66:4a:5e:74:68:a6:ea:46:
         fd:7b:81:75:9a:5d:80:f6:95:77:24:1e:a5:ab:69:6a:bf:b6:
         eb:8a:d2:c9:0c:ae:2a:2b:73:0e:35:23:2e:8a:28:06:a5:cc:
         a8:62:a3:ff:50:85:97:b2:07:53:5b:b9:57:61:5d:28:d8:fb:
         a1:d4:ed:61
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZZDBDOFk5CFNT2aTzxhRc1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNDE3MDkxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWI1NjkxZGI5NTY4MmIzNDg1ODI4ZjA0MDM3MDZjMzk3MTBjNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqe3ES8LbDS0miE4Yaitl2EuYmCS/
5K68DXuGRAUSlV04dpBAsd6G9addC52cCQEIPD4XaKyfhdTnTuDjtXf2QuvoJwZD
9aNu3tIXgRFC+X0qPt/4pKlhWQhd7EsqBPd/33B8Od2MfGTyhK9mNz0PgyEPfq3M
c/RmnGvjljTP/zbZazohOKbqLggAgLBDhDaVv2JbM2OaqL0IlrzbxEJdCw2e0Rmb
yccGucgQt2uE2FC6A/spB/v44U3tWyf1ts3CHmEceFFf3kvfoWwmFhpCYmxwBs/z
70KD52/phEM1/dkk23RwZVwyAzNMLjN3GXVla4B7aJWoTZrtSeL7xrfnrwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIq1aR25VoKzSFgo8EA3BsOXEMYxMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvaXJWcEhibFdnck5JV0Nqd1FEY0d3NWNReGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALSumAwQA
aO4VAwQAaO4eAwQAaO8PMA0GCSqGSIb3DQEBCwUAA4IBAQAfQ7Ei0NKMSeKzmNIO
ovI81pkn/a8JXG1fiP6hxxT8r1lILXeUb95N9ghUQdhs1RZQVujgWQplXZA7Qu6P
SrhGj3FngdBmzkL/SmbeuFC8VQq2oOo9McoBW52SpndzxxYav6emlNBMclh/A8Rh
Zq0nEMXK90PrSQAGMA+QO0t/KKCMToaavgz4jmypqkLZLiLlKq6IRLFuLuy3/ibc
yzirK67jFhen9WlKI8MhIMccZpjf9zQubp9pMx8XC7IIZkpedGim6kb9e4F1ml2A
9pV3JB6lq2lqv7britLJDK4qK3MONSMuiigGpcyoYqP/UIWXsgdTW7lXYV0o2Puh
1O1h
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:38:43 2025 by rpki-client