Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/B6PzhaU-LlazN6dfVw1I_yIivSs.roa
File:                     B6PzhaU-LlazN6dfVw1I_yIivSs.roa (raw, json)
Hash identifier:          dlp4VtNvzUJZy9J5Q7mlpWdM8/AZpWLspQ4Q9PCdzH0=
Subject key identifier:   07:A3:F3:85:A5:3E:2E:56:B3:37:A7:5F:57:0D:48:FF:22:22:BD:2B
Certificate issuer:       /CN=7a6735b7a553a1680c11add3e48c3635b53979ca
Certificate serial:       0193BF24D5D5BB70E4A9544819D8FCDAC4A8
Authority key identifier: 7A:67:35:B7:A5:53:A1:68:0C:11:AD:D3:E4:8C:36:35:B5:39:79:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/emc1t6VToWgMEa3T5Iw2NbU5eco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/B6PzhaU-LlazN6dfVw1I_yIivSs.roa
Signing time:             Fri 13 Dec 2024 08:31:22 +0000
ROA not before:           Fri 13 Dec 2024 08:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49604
IP address blocks:        45.151.4.0/23 maxlen: 23
                          45.151.6.0/23 maxlen: 23
                          85.222.232.0/22 maxlen: 24
                          85.234.242.0/23 maxlen: 23
                          85.234.244.0/23 maxlen: 23
                          85.234.246.0/23 maxlen: 24
                          185.31.240.0/22 maxlen: 24
                          217.146.64.0/20 maxlen: 24
                          2a02:29e8::/32 maxlen: 32
                          2a02:29ea:a::/48 maxlen: 48
                          2a02:29ea:14::/48 maxlen: 48
                          2a02:29ea:1e::/48 maxlen: 48
                          2a02:29ea:ffff::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 11:49:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:bf:24:d5:d5:bb:70:e4:a9:54:48:19:d8:fc:da:c4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a6735b7a553a1680c11add3e48c3635b53979ca
        Validity
            Not Before: Dec 13 08:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a3f385a53e2e56b337a75f570d48ff2222bd2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c9:9c:aa:ca:6d:77:fa:83:6a:32:ee:6a:0a:
                    d9:c5:9e:ab:29:cc:2f:21:5d:08:eb:ef:73:19:3b:
                    36:c6:a4:b2:85:a1:8d:8b:5e:7f:bf:e9:4b:b0:5f:
                    cb:8b:ab:5e:e8:a8:48:30:8a:93:a7:ef:08:b5:13:
                    1d:b2:83:a6:0a:af:42:12:12:a7:b7:b6:3d:df:31:
                    fb:29:aa:91:0c:f6:7b:10:5b:2d:4a:c5:d6:c5:54:
                    5d:c2:39:35:05:4e:ad:96:51:8d:b8:a3:37:b4:bf:
                    53:56:8f:c5:5a:75:25:4d:b3:8d:5e:b1:a9:da:0f:
                    b5:a0:41:5d:2b:2f:23:5f:4a:3b:bb:f6:4f:ba:47:
                    e7:89:9f:63:e4:7a:bd:e9:95:ad:e0:0a:26:48:c5:
                    bd:ab:0c:69:49:54:ae:ad:ad:3c:ff:bd:b1:1f:db:
                    ec:90:51:f4:c5:38:46:7e:43:fd:8c:6c:82:1a:a2:
                    e8:87:c0:9f:ad:56:35:fa:8d:70:53:2f:5d:c3:41:
                    21:5d:6b:bf:2c:af:79:21:94:d7:b3:fe:e9:7c:59:
                    f3:3d:07:08:0f:a7:6d:a1:14:bd:db:e3:aa:1f:dc:
                    db:af:a7:e9:e1:ef:8e:b4:9a:96:fe:2a:f0:91:3f:
                    89:4e:b7:72:91:b8:3b:e0:c5:63:43:04:3f:00:bb:
                    50:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A3:F3:85:A5:3E:2E:56:B3:37:A7:5F:57:0D:48:FF:22:22:BD:2B
            X509v3 Authority Key Identifier:
                keyid:7A:67:35:B7:A5:53:A1:68:0C:11:AD:D3:E4:8C:36:35:B5:39:79:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/emc1t6VToWgMEa3T5Iw2NbU5eco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/B6PzhaU-LlazN6dfVw1I_yIivSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/emc1t6VToWgMEa3T5Iw2NbU5eco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.4.0/22
                  85.222.232.0/22
                  85.234.242.0-85.234.247.255
                  185.31.240.0/22
                  217.146.64.0/20
                IPv6:
                  2a02:29e8::/32
                  2a02:29ea:a::/48
                  2a02:29ea:14::/48
                  2a02:29ea:1e::/48
                  2a02:29ea:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:fb:10:c8:0a:16:4c:98:52:a2:39:43:23:ea:fd:8c:aa:1a:
         19:e8:25:8a:51:88:56:b5:15:94:28:0e:38:e5:77:4b:91:94:
         0e:45:ca:01:a2:45:1a:8c:c5:dd:19:08:d7:74:bc:43:56:65:
         97:99:48:19:99:20:17:f3:c3:25:1b:91:8b:ee:fc:91:b1:69:
         1d:18:a3:e8:fc:ce:8e:be:a3:86:6f:f3:fb:6d:09:bd:39:31:
         03:68:cd:04:f8:17:fb:1b:d4:63:1e:9b:f0:bc:14:74:83:16:
         20:8d:e6:37:ac:75:19:b5:66:39:d0:84:f4:c9:1d:a4:44:6f:
         d8:5f:2b:a4:88:72:84:b3:24:82:b7:41:39:b5:9d:6b:99:4f:
         00:8b:f9:ad:f0:8a:1e:7c:a1:06:e2:78:15:0b:69:81:d9:9c:
         f7:04:6c:4e:c4:9f:ae:b6:22:17:a6:bb:bb:10:4b:6b:1e:04:
         7b:be:64:25:39:4c:fe:1f:6f:41:14:f4:37:ad:8a:e9:f8:b5:
         61:b5:76:12:5c:d1:c7:c5:61:82:35:2a:cb:fc:54:fc:9d:a2:
         31:aa:4c:39:0f:c7:35:67:ca:31:40:07:18:2e:a9:96:c6:68:
         05:3e:28:38:a1:e2:4a:0c:9f:cd:b1:9e:2a:fc:fd:79:93:0f:
         9d:1e:e8:4a
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZO/JNXVu3DkqVRIGdj82sSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNjczNWI3YTU1M2ExNjgwYzExYWRkM2U0OGMzNjM1YjUz
OTc5Y2EwHhcNMjQxMjEzMDgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EzZjM4NWE1M2UyZTU2YjMzN2E3NWY1NzBkNDhmZjIyMjJiZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48mcqsptd/qDajLuagrZxZ6rKcwv
IV0I6+9zGTs2xqSyhaGNi15/v+lLsF/Li6te6KhIMIqTp+8ItRMdsoOmCq9CEhKn
t7Y93zH7KaqRDPZ7EFstSsXWxVRdwjk1BU6tllGNuKM3tL9TVo/FWnUlTbONXrGp
2g+1oEFdKy8jX0o7u/ZPukfniZ9j5Hq96ZWt4AomSMW9qwxpSVSura08/72xH9vs
kFH0xThGfkP9jGyCGqLoh8CfrVY1+o1wUy9dw0EhXWu/LK95IZTXs/7pfFnzPQcI
D6dtoRS92+OqH9zbr6fp4e+OtJqW/irwkT+JTrdykbg74MVjQwQ/ALtQnwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFAej84WlPi5WszenX1cNSP8iIr0rMB8GA1UdIwQY
MBaAFHpnNbelU6FoDBGt0+SMNjW1OXnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW1jMXQ2VlRvV2dNRWEzVDVJdzJOYlU1ZWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iYjI2NDctMDk1MC00NmE0LWI1NmQt
MzRlYjY3YjQ3NWY2LzEvQjZQemhhVS1MbGF6TjZkZlZ3MUlfeUlpdlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iYjI2NDctMDk1MC00NmE0LWI1NmQtMzRlYjY3YjQ3NWY2
LzEvZW1jMXQ2VlRvV2dNRWEzVDVJdzJOYlU1ZWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTAsBAIAATAmAwQCLZcEAwQC
Vd7oMAwDBAFV6vIDBANV6vADBAK5H/ADBATZkkAwMQQCAAIwKwMFACoCKegDBwAq
AinqAAoDBwAqAinqABQDBwAqAinqAB4DBwAqAinq//8wDQYJKoZIhvcNAQELBQAD
ggEBAIf7EMgKFkyYUqI5QyPq/YyqGhnoJYpRiFa1FZQoDjjld0uRlA5FygGiRRqM
xd0ZCNd0vENWZZeZSBmZIBfzwyUbkYvu/JGxaR0Yo+j8zo6+o4Zv8/ttCb05MQNo
zQT4F/sb1GMem/C8FHSDFiCN5jesdRm1ZjnQhPTJHaREb9hfK6SIcoSzJIK3QTm1
nWuZTwCL+a3wih58oQbieBULaYHZnPcEbE7En662Ihemu7sQS2seBHu+ZCU5TP4f
b0EU9Detiun4tWG1dhJc0cfFYYI1Ksv8VPydojGqTDkPxzVnyjFABxguqZbGaAU+
KDih4koMn82xnir8/XmTD50e6Eo=
-----END CERTIFICATE-----