Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/gaCICU3X8TlXfc4CeKtFfAvV-pM.roa
File:                     gaCICU3X8TlXfc4CeKtFfAvV-pM.roa (raw, json)
Hash identifier:          9Io3g6MEsVkIpntewa7kBszL4QxLWiyShgCYuzGy7lI=
Subject key identifier:   81:A0:88:09:4D:D7:F1:39:57:7D:CE:02:78:AB:45:7C:0B:D5:FA:93
Certificate issuer:       /CN=885e6e65e8d74182039634566cd1fa2b2b325702
Certificate serial:       01947100836B325FCADDFEB1CB9E7D24F01B
Authority key identifier: 88:5E:6E:65:E8:D7:41:82:03:96:34:56:6C:D1:FA:2B:2B:32:57:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iF5uZejXQYIDljRWbNH6KysyVwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/gaCICU3X8TlXfc4CeKtFfAvV-pM.roa
Signing time:             Thu 16 Jan 2025 21:24:06 +0000
ROA not before:           Thu 16 Jan 2025 21:24:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42638
IP address blocks:        91.189.200.0/21 maxlen: 21
Validation:               Failed, certificate revoked on Wed 22 Jan 2025 23:22:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:71:00:83:6b:32:5f:ca:dd:fe:b1:cb:9e:7d:24:f0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885e6e65e8d74182039634566cd1fa2b2b325702
        Validity
            Not Before: Jan 16 21:24:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81a088094dd7f139577dce0278ab457c0bd5fa93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b9:b8:d6:2a:80:b7:f5:a4:c4:27:f8:82:74:
                    69:aa:1f:3f:42:4b:91:ca:c0:e3:96:b0:93:32:9c:
                    bb:ed:fa:99:ae:ee:75:4d:c6:70:e0:00:b8:0d:71:
                    15:8f:1e:5e:0c:ca:01:a8:bf:9c:d3:ad:53:68:23:
                    76:fd:3c:22:74:70:a6:44:82:e9:89:f5:22:2c:f1:
                    88:73:e5:c0:c0:fb:bc:9d:20:ec:2b:c7:43:31:6f:
                    97:0d:8b:a4:52:09:1d:63:a0:6c:59:f9:fb:49:f3:
                    ad:4a:c8:8d:47:87:4a:47:fe:d1:ee:dd:29:b6:98:
                    16:4d:87:ed:da:85:ba:f4:60:ac:7a:c9:e4:8f:66:
                    16:92:bc:8c:94:5e:60:e0:7f:f3:19:7a:b2:c6:8b:
                    52:93:69:06:92:ff:8d:01:0d:98:f4:4e:39:64:ce:
                    5b:e3:21:43:29:10:3f:c0:99:ef:04:fa:0e:cf:d1:
                    c6:ed:5f:63:42:a6:46:bd:be:c1:8a:c1:2d:b9:be:
                    53:34:13:78:ec:c6:c2:a4:00:3d:f1:5a:cd:87:57:
                    6d:3a:28:4f:aa:ef:7d:27:62:42:6b:1a:e6:28:72:
                    6e:80:3e:c0:4b:15:da:8d:9a:fe:46:a9:27:a7:50:
                    98:cb:d0:43:64:f3:d6:28:fa:e8:7f:1d:5c:11:94:
                    0a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A0:88:09:4D:D7:F1:39:57:7D:CE:02:78:AB:45:7C:0B:D5:FA:93
            X509v3 Authority Key Identifier:
                keyid:88:5E:6E:65:E8:D7:41:82:03:96:34:56:6C:D1:FA:2B:2B:32:57:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iF5uZejXQYIDljRWbNH6KysyVwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/gaCICU3X8TlXfc4CeKtFfAvV-pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/iF5uZejXQYIDljRWbNH6KysyVwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:eb:7e:11:09:b2:e1:ae:49:13:bb:31:0b:84:ec:aa:be:3d:
         bf:9b:04:51:2d:3c:52:98:03:e9:66:38:2d:01:38:3a:d0:31:
         49:b1:fd:ed:41:39:3d:08:9a:01:9c:6b:71:3b:f4:da:a3:cc:
         85:0f:11:65:33:53:05:0d:75:4d:67:13:8d:b2:c7:ce:2b:99:
         79:d3:f5:c1:5d:bc:48:b0:27:d2:67:44:f0:88:ff:58:4e:21:
         98:d6:41:c6:a9:77:5a:fb:84:60:fa:e1:d8:fc:a2:33:d4:f5:
         03:ac:54:e3:9b:b4:39:fb:fa:77:82:7b:34:79:bc:da:17:fe:
         8a:7a:1b:22:65:59:5f:93:9d:15:52:51:0c:a8:75:d1:c6:bc:
         aa:49:13:67:e2:3c:80:a7:db:19:bc:0e:53:3e:e2:2e:8b:37:
         cd:94:ee:4c:72:a1:f2:ed:db:57:4f:f4:87:34:13:68:78:2b:
         3f:dc:42:2d:c7:c1:8e:dd:4a:6d:ae:8c:60:f0:1c:d6:6b:30:
         91:11:bb:57:34:46:f3:14:84:6e:db:72:76:67:63:f7:86:1e:
         4e:40:14:2b:31:af:ec:06:95:dc:99:99:85:e7:f3:3b:ba:cc:
         23:30:0e:e6:88:9e:ae:64:92:ac:fd:91:0d:21:80:72:c3:5d:
         a6:fd:f4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRxAINrMl/K3f6xy559JPAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWU2ZTY1ZThkNzQxODIwMzk2MzQ1NjZjZDFmYTJiMmIz
MjU3MDIwHhcNMjUwMTE2MjEyNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWEwODgwOTRkZDdmMTM5NTc3ZGNlMDI3OGFiNDU3YzBiZDVmYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbm41iqAt/WkxCf4gnRpqh8/QkuR
ysDjlrCTMpy77fqZru51TcZw4AC4DXEVjx5eDMoBqL+c061TaCN2/TwidHCmRILp
ifUiLPGIc+XAwPu8nSDsK8dDMW+XDYukUgkdY6BsWfn7SfOtSsiNR4dKR/7R7t0p
tpgWTYft2oW69GCsesnkj2YWkryMlF5g4H/zGXqyxotSk2kGkv+NAQ2Y9E45ZM5b
4yFDKRA/wJnvBPoOz9HG7V9jQqZGvb7BisEtub5TNBN47MbCpAA98VrNh1dtOihP
qu99J2JCaxrmKHJugD7ASxXajZr+Rqknp1CYy9BDZPPWKProfx1cEZQKPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGgiAlN1/E5V33OAnirRXwL1fqTMB8GA1UdIwQY
MBaAFIhebmXo10GCA5Y0VmzR+isrMlcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUY1dVplalhRWUlEbGpSV2JOSDZLeXN5VndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9iNWU0MzgtZTI5Mi00ZDIyLWE5MGUt
Y2VlYmRmZGUwMWZjLzEvZ2FDSUNVM1g4VGxYZmM0Q2VLdEZmQXZWLXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9iNWU0MzgtZTI5Mi00ZDIyLWE5MGUtY2VlYmRmZGUwMWZj
LzEvaUY1dVplalhRWUlEbGpSV2JOSDZLeXN5VndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW73IMA0G
CSqGSIb3DQEBCwUAA4IBAQAB634RCbLhrkkTuzELhOyqvj2/mwRRLTxSmAPpZjgt
ATg60DFJsf3tQTk9CJoBnGtxO/Tao8yFDxFlM1MFDXVNZxONssfOK5l50/XBXbxI
sCfSZ0TwiP9YTiGY1kHGqXda+4Rg+uHY/KIz1PUDrFTjm7Q5+/p3gns0ebzaF/6K
ehsiZVlfk50VUlEMqHXRxryqSRNn4jyAp9sZvA5TPuIuizfNlO5McqHy7dtXT/SH
NBNoeCs/3EItx8GO3Uptroxg8BzWazCREbtXNEbzFIRu23J2Z2P3hh5OQBQrMa/s
BpXcmZmF5/M7uswjMA7miJ6uZJKs/ZENIYByw12m/fRl
-----END CERTIFICATE-----
Generated at Tue Jun 10 09:49:41 2025 by rpki-client