Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Cs_toe8teq9HeKsW5CJg6AMAfBA.roa
File:                     Cs_toe8teq9HeKsW5CJg6AMAfBA.roa (raw, json)
Hash identifier:          NjVVL4AXQDePeFpInFbQqJ+OKg59EsfgHqKRmV0unCU=
Subject key identifier:   0A:CF:ED:A1:EF:2D:7A:AF:47:78:AB:16:E4:22:60:E8:03:00:7C:10
Certificate issuer:       /CN=64d4e8723450d0a710c32d90ffea18529104e538
Certificate serial:       0196ED9CEC42F56DCF9656164C12DDEA44B5
Authority key identifier: 64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Cs_toe8teq9HeKsW5CJg6AMAfBA.roa
Signing time:             Tue 20 May 2025 12:13:26 +0000
ROA not before:           Tue 20 May 2025 12:13:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48031
IP address blocks:        91.207.60.0/24 maxlen: 24
                          91.217.91.0/24 maxlen: 24
                          91.226.212.0/24 maxlen: 24
                          176.103.48.0/20 maxlen: 20
                          176.103.48.0/21 maxlen: 21
                          176.103.56.0/22 maxlen: 22
                          176.103.60.0/23 maxlen: 23
                          176.103.62.0/23 maxlen: 23
                          193.169.86.0/23 maxlen: 23
                          2001:678:334::/48 maxlen: 48
                          2a13:f580:1::/48 maxlen: 48
                          2a13:f580:2::/48 maxlen: 48
                          2a13:f580:4::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 23 May 2025 10:50:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:9c:ec:42:f5:6d:cf:96:56:16:4c:12:dd:ea:44:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d4e8723450d0a710c32d90ffea18529104e538
        Validity
            Not Before: May 20 12:13:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0acfeda1ef2d7aaf4778ab16e42260e803007c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:dc:79:28:27:d6:f9:3f:f0:00:73:23:1c:43:
                    00:60:10:f5:da:67:df:94:b1:92:53:95:50:6b:c0:
                    58:db:89:8b:d1:52:c1:5b:2d:38:c3:7b:1f:10:06:
                    a6:a2:b4:85:79:96:2c:2c:aa:56:d9:62:b9:ea:38:
                    6a:97:b9:d3:5f:d2:a5:b7:29:1f:f2:29:b7:f4:f3:
                    03:31:5f:83:7c:f5:43:34:43:d0:55:0d:9d:98:8e:
                    d1:08:79:cc:ea:c1:4f:52:b6:40:0d:45:58:73:52:
                    04:0b:4b:77:15:ee:ab:28:c2:4a:be:57:88:3a:13:
                    b3:03:c9:04:ac:ee:61:e7:cd:37:8a:8d:d4:26:1b:
                    4f:57:87:b1:02:38:3c:77:a6:91:5e:7a:24:b2:60:
                    23:7a:2a:10:1b:a4:6b:a8:92:a7:90:01:a3:ce:ed:
                    3f:c4:6c:e5:49:70:e0:06:45:1d:5f:dc:58:17:41:
                    0d:54:e6:50:71:d0:f6:33:e0:c9:bf:47:ba:84:81:
                    3f:f5:d3:dd:70:15:31:cd:2f:e0:b0:8e:22:7e:4d:
                    8e:6c:27:70:17:44:e5:73:00:48:fd:a4:8f:68:1c:
                    47:69:a7:3c:37:4b:cb:2a:28:eb:b5:d3:1b:06:17:
                    88:4e:35:b0:18:12:9f:6e:41:ca:f7:99:92:4c:34:
                    18:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CF:ED:A1:EF:2D:7A:AF:47:78:AB:16:E4:22:60:E8:03:00:7C:10
            X509v3 Authority Key Identifier:
                keyid:64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Cs_toe8teq9HeKsW5CJg6AMAfBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.60.0/24
                  91.217.91.0/24
                  91.226.212.0/24
                  176.103.48.0/20
                  193.169.86.0/23
                IPv6:
                  2001:678:334::/48
                  2a13:f580:1::-2a13:f580:2:ffff:ffff:ffff:ffff:ffff
                  2a13:f580:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:75:66:2b:7d:f2:66:16:19:ec:cb:fe:f6:c0:76:28:80:f8:
         ad:20:69:5c:d2:87:90:6d:14:7a:bc:e6:39:ca:de:6d:c8:da:
         44:e8:7b:af:8b:3a:5e:78:37:79:75:9d:fb:c6:f3:0b:e4:ff:
         f4:53:7e:63:12:70:bf:c4:52:8a:ce:9a:85:75:6e:74:d7:dd:
         72:d0:5d:40:c1:a5:75:fb:3f:da:5d:b8:c9:eb:37:c6:33:07:
         f0:80:41:ee:68:c1:f4:1f:6a:41:58:ac:bf:c9:9b:5f:b9:3f:
         fe:ff:f8:89:1c:73:4a:ae:9b:c4:39:10:54:f8:36:15:1c:9b:
         f4:b9:58:67:ac:d1:97:6a:f4:ca:4e:45:22:95:21:94:63:05:
         8c:c6:ae:22:08:8b:03:a2:c8:cb:be:6d:42:72:8f:f2:26:dc:
         72:8c:fa:b8:83:07:ce:fb:93:7b:ea:a2:c7:27:b6:d6:74:6d:
         b8:3c:0d:97:f6:4a:ee:33:ac:95:58:30:09:77:69:84:5d:f7:
         12:76:10:b4:aa:17:37:b4:07:31:02:2a:73:cf:05:0c:a1:4c:
         a5:a9:af:34:40:33:ac:33:ad:84:cf:5d:65:b3:b8:0e:03:21:
         40:59:7e:cf:a0:82:3b:0b:7b:33:56:94:6e:78:e7:87:47:13:
         ed:0c:a1:da
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZbtnOxC9W3PllYWTBLd6kS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDRlODcyMzQ1MGQwYTcxMGMzMmQ5MGZmZWExODUyOTEw
NGU1MzgwHhcNMjUwNTIwMTIxMzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWNmZWRhMWVmMmQ3YWFmNDc3OGFiMTZlNDIyNjBlODAzMDA3YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttx5KCfW+T/wAHMjHEMAYBD12mff
lLGSU5VQa8BY24mL0VLBWy04w3sfEAamorSFeZYsLKpW2WK56jhql7nTX9Kltykf
8im39PMDMV+DfPVDNEPQVQ2dmI7RCHnM6sFPUrZADUVYc1IEC0t3Fe6rKMJKvleI
OhOzA8kErO5h5803io3UJhtPV4exAjg8d6aRXnoksmAjeioQG6RrqJKnkAGjzu0/
xGzlSXDgBkUdX9xYF0ENVOZQcdD2M+DJv0e6hIE/9dPdcBUxzS/gsI4ifk2ObCdw
F0TlcwBI/aSPaBxHaac8N0vLKijrtdMbBheITjWwGBKfbkHK95mSTDQYOwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFArP7aHvLXqvR3irFuQiYOgDAHwQMB8GA1UdIwQY
MBaAFGTU6HI0UNCnEMMtkP/qGFKRBOU4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzIt
NDIyYWVkM2E3NzAyLzEvQ3NfdG9lOHRlcTlIZUtzVzVDSmc2QU1BZkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzItNDIyYWVkM2E3NzAy
LzEvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAkBAIAATAeAwQAW888AwQA
W9lbAwQAW+LUAwQEsGcwAwQBwalWMCwEAgACMCYDBwAgAQZ4AzQwEgMHACoT9YAA
AQMHACoT9YAAAgMHACoT9YAABDANBgkqhkiG9w0BAQsFAAOCAQEABnVmK33yZhYZ
7Mv+9sB2KID4rSBpXNKHkG0UerzmOcrebcjaROh7r4s6Xng3eXWd+8bzC+T/9FN+
YxJwv8RSis6ahXVudNfdctBdQMGldfs/2l24yes3xjMH8IBB7mjB9B9qQVisv8mb
X7k//v/4iRxzSq6bxDkQVPg2FRyb9LlYZ6zRl2r0yk5FIpUhlGMFjMauIgiLA6LI
y75tQnKP8ibccoz6uIMHzvuTe+qixye21nRtuDwNl/ZK7jOslVgwCXdphF33EnYQ
tKoXN7QHMQIqc88FDKFMpamvNEAzrDOthM9dZbO4DgMhQFl+z6CCOwt7M1aUbnjn
h0cT7Qyh2g==
-----END CERTIFICATE-----