Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/O2i08WreUcq52GbJeu6l0XrTYXg.roa
File:                     O2i08WreUcq52GbJeu6l0XrTYXg.roa (raw, json)
Hash identifier:          16ftx6VeFbJJfbXy6Tx5ATiWYCWHh+iwJfbZX6CSkWg=
Subject key identifier:   3B:68:B4:F1:6A:DE:51:CA:B9:D8:66:C9:7A:EE:A5:D1:7A:D3:61:78
Certificate issuer:       /CN=06e4bbdab896e66113f351b4d9c82df50e66a712
Certificate serial:       019736124AF03022974517038DCC961842C8
Authority key identifier: 06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/O2i08WreUcq52GbJeu6l0XrTYXg.roa
Signing time:             Tue 03 Jun 2025 13:54:17 +0000
ROA not before:           Tue 03 Jun 2025 13:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12837
IP address blocks:        31.24.214.0/24 maxlen: 24
                          2a03:6306::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 15:53:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:12:4a:f0:30:22:97:45:17:03:8d:cc:96:18:42:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06e4bbdab896e66113f351b4d9c82df50e66a712
        Validity
            Not Before: Jun  3 13:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b68b4f16ade51cab9d866c97aeea5d17ad36178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7d:60:69:e6:ce:a3:f0:59:7c:13:85:33:06:
                    3d:c6:c8:91:4c:9b:cb:ce:43:9f:5b:26:78:78:b7:
                    35:36:72:f0:02:75:8e:c8:ae:c3:7e:8b:92:b1:85:
                    b5:ee:f3:5f:f9:d6:bc:6d:c2:83:0a:3b:49:27:72:
                    01:f5:05:bd:40:6c:50:d4:26:42:e1:c3:db:f4:1b:
                    88:c6:b1:4b:19:71:7b:70:1b:0c:c7:51:a4:ea:d7:
                    b4:5e:30:22:fc:92:69:de:06:05:d6:8b:62:ac:53:
                    ec:89:8d:29:59:b9:34:23:b4:8b:23:eb:e0:64:3c:
                    c1:59:4d:56:4e:95:9f:59:7e:d8:58:eb:bd:d1:10:
                    51:a5:08:4a:bf:e6:8d:a6:dc:69:0a:78:12:86:a8:
                    25:32:0b:53:2f:4e:b4:c7:da:4b:08:c4:10:fd:12:
                    59:cb:d8:5b:23:bd:41:44:6b:e9:c8:96:85:d0:a6:
                    71:4e:34:6a:54:1d:c5:bc:f4:33:d4:22:6c:e0:0e:
                    03:c0:1a:c0:90:a0:8c:82:a7:6c:71:0a:c9:c8:8f:
                    63:1e:1f:19:bb:3c:70:99:43:c9:8f:29:1f:6c:32:
                    35:1b:09:ee:15:21:e5:d3:5f:d5:24:77:62:3b:9d:
                    e1:c7:44:f8:16:a7:39:78:ea:5d:f3:4b:15:78:1e:
                    4f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:68:B4:F1:6A:DE:51:CA:B9:D8:66:C9:7A:EE:A5:D1:7A:D3:61:78
            X509v3 Authority Key Identifier:
                keyid:06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/O2i08WreUcq52GbJeu6l0XrTYXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/BuS72riW5mET81G02cgt9Q5mpxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.214.0/24
                IPv6:
                  2a03:6306::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:d4:b1:f0:d2:e0:aa:69:0b:e7:f4:c2:20:8d:44:b8:58:70:
         18:8b:c8:79:d6:2c:90:4b:f8:cb:f0:4c:90:9b:43:9d:86:74:
         fd:70:02:01:a4:5d:67:42:39:b1:3d:4f:3c:18:fb:87:fd:a0:
         80:74:b6:91:25:15:bc:f3:69:9d:91:71:c1:ea:61:b3:7c:1a:
         f7:d8:5b:83:77:57:b7:93:39:24:83:13:e9:74:cd:85:d8:5a:
         db:85:e6:d4:53:9e:ae:73:12:28:f3:4d:d6:7f:c4:d6:35:89:
         81:9f:06:b7:bd:44:cb:4c:83:89:2a:37:ad:59:e4:e5:32:58:
         45:e0:a4:53:82:6e:ca:91:90:f7:14:1b:38:87:a8:af:5d:ec:
         e6:24:8c:2d:16:9b:6c:d0:15:40:f1:3d:c1:a0:d6:4d:ba:87:
         84:87:68:00:2a:7f:75:02:80:75:7c:15:80:97:51:4f:5e:f0:
         21:a6:ad:52:f8:41:24:c1:cd:18:e0:52:ad:44:c9:03:51:fc:
         fa:5a:62:84:36:a8:e4:29:45:e1:00:ef:fa:4f:53:b8:6f:5e:
         7c:4f:e0:cc:07:61:fc:c4:5b:36:b4:8b:f5:ae:19:dd:5e:a8:
         c9:aa:de:c9:b0:72:ba:1c:d1:d0:dd:4f:64:bd:95:57:f5:74:
         08:e9:72:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZc2EkrwMCKXRRcDjcyWGELIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZTRiYmRhYjg5NmU2NjExM2YzNTFiNGQ5YzgyZGY1MGU2
NmE3MTIwHhcNMjUwNjAzMTM1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY4YjRmMTZhZGU1MWNhYjlkODY2Yzk3YWVlYTVkMTdhZDM2MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH1gaebOo/BZfBOFMwY9xsiRTJvL
zkOfWyZ4eLc1NnLwAnWOyK7DfouSsYW17vNf+da8bcKDCjtJJ3IB9QW9QGxQ1CZC
4cPb9BuIxrFLGXF7cBsMx1Gk6te0XjAi/JJp3gYF1otirFPsiY0pWbk0I7SLI+vg
ZDzBWU1WTpWfWX7YWOu90RBRpQhKv+aNptxpCngShqglMgtTL060x9pLCMQQ/RJZ
y9hbI71BRGvpyJaF0KZxTjRqVB3FvPQz1CJs4A4DwBrAkKCMgqdscQrJyI9jHh8Z
uzxwmUPJjykfbDI1GwnuFSHl01/VJHdiO53hx0T4Fqc5eOpd80sVeB5PhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDtotPFq3lHKudhmyXrupdF602F4MB8GA1UdIwQY
MBaAFAbku9q4luZhE/NRtNnILfUOZqcSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAt
ZmUwZDI4YjY4Y2Q1LzEvTzJpMDhXcmVVY3E1MkdiSmV1NmwwWHJUWVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAtZmUwZDI4YjY4Y2Q1
LzEvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAHxjWMA0E
AgACMAcDBQAqA2MGMA0GCSqGSIb3DQEBCwUAA4IBAQB41LHw0uCqaQvn9MIgjUS4
WHAYi8h51iyQS/jL8EyQm0OdhnT9cAIBpF1nQjmxPU88GPuH/aCAdLaRJRW882md
kXHB6mGzfBr32FuDd1e3kzkkgxPpdM2F2FrbhebUU56ucxIo803Wf8TWNYmBnwa3
vUTLTIOJKjetWeTlMlhF4KRTgm7KkZD3FBs4h6ivXezmJIwtFpts0BVA8T3BoNZN
uoeEh2gAKn91AoB1fBWAl1FPXvAhpq1S+EEkwc0Y4FKtRMkDUfz6WmKENqjkKUXh
AO/6T1O4b158T+DMB2H8xFs2tIv1rhndXqjJqt7JsHK6HNHQ3U9kvZVX9XQI6XLZ
-----END CERTIFICATE-----
Generated at Tue Jun 10 18:20:17 2025 by rpki-client