Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/F3bufzfJED93Rq20f3zc1IJMm5s.roa
File:                     F3bufzfJED93Rq20f3zc1IJMm5s.roa (raw, json)
Hash identifier:          cIYsCNfIALM6f2+x1bPIQ/pFDeEMmhfBj1MIiucfFRc=
Subject key identifier:   17:76:EE:7F:37:C9:10:3F:77:46:AD:B4:7F:7C:DC:D4:82:4C:9B:9B
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       0196F618132870E3F4F93A37ADFFC7C06B80
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/F3bufzfJED93Rq20f3zc1IJMm5s.roa
Signing time:             Thu 22 May 2025 03:44:54 +0000
ROA not before:           Thu 22 May 2025 03:44:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        5.129.207.0/24 maxlen: 24
                          5.129.208.0/24 maxlen: 24
                          5.129.209.0/24 maxlen: 24
                          5.129.210.0/24 maxlen: 24
                          5.129.211.0/24 maxlen: 24
                          5.129.212.0/24 maxlen: 24
                          5.129.213.0/24 maxlen: 24
                          5.129.214.0/24 maxlen: 24
                          5.129.215.0/24 maxlen: 24
                          5.129.216.0/24 maxlen: 24
                          5.129.217.0/24 maxlen: 24
                          5.129.218.0/24 maxlen: 24
                          5.129.219.0/24 maxlen: 24
                          5.129.220.0/24 maxlen: 24
                          5.129.221.0/24 maxlen: 24
                          5.129.222.0/24 maxlen: 24
                          5.129.223.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 22 May 2025 09:03:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f6:18:13:28:70:e3:f4:f9:3a:37:ad:ff:c7:c0:6b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: May 22 03:44:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1776ee7f37c9103f7746adb47f7cdcd4824c9b9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c4:bc:5b:e6:2a:17:5b:f1:01:80:21:db:3a:
                    79:d6:12:f6:fb:5c:4e:f9:69:5c:76:02:30:9b:be:
                    70:09:6c:30:26:b4:41:99:5f:f4:12:7d:a6:20:fd:
                    88:d3:3d:b8:7e:30:0a:ad:d5:98:14:7c:31:5e:af:
                    f0:8a:f9:78:c4:4e:a1:92:92:bb:97:e7:a4:9c:49:
                    d7:b6:1f:1f:9b:bd:94:7d:de:ff:25:5e:65:91:01:
                    73:26:d5:80:f0:24:ae:0b:1c:cf:a6:8c:1c:b0:62:
                    e1:49:70:41:89:e2:8d:14:18:c5:77:80:95:89:76:
                    40:f3:91:f6:8f:8e:db:36:16:46:e7:a9:7b:d7:f4:
                    8b:12:fa:5e:49:03:9a:5c:b3:4c:03:e9:83:ec:e9:
                    ce:ae:e3:d0:03:8b:03:74:94:d2:51:62:5f:70:12:
                    66:06:fe:2b:7a:ef:e9:ee:cb:36:bf:26:31:0f:9a:
                    6a:47:a9:cc:fa:cd:7a:89:93:03:6b:84:38:58:3b:
                    14:01:8c:8d:04:ff:64:c9:21:dd:dd:ad:d9:da:69:
                    de:25:72:ab:37:21:93:1c:d2:bb:08:53:be:66:92:
                    ee:48:af:9b:d7:b6:a6:0d:09:dd:7a:c5:b5:57:3d:
                    c8:af:e5:bb:90:9d:63:cf:89:50:98:b2:43:a1:27:
                    37:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:76:EE:7F:37:C9:10:3F:77:46:AD:B4:7F:7C:DC:D4:82:4C:9B:9B
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/F3bufzfJED93Rq20f3zc1IJMm5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.207.0-5.129.223.255

    Signature Algorithm: sha256WithRSAEncryption
         89:a5:c6:46:aa:b4:d3:5b:73:13:35:c2:63:ce:72:21:2b:c5:
         57:ba:ca:7c:29:ea:fe:05:7b:b4:ed:1e:0f:a0:a2:30:dd:32:
         ee:88:95:39:f8:4b:82:3d:93:2f:7c:8b:2a:80:36:ed:4b:8f:
         53:52:2e:c7:72:c5:ca:f5:3d:84:f3:04:48:88:b0:bd:f1:6d:
         34:96:ec:fd:43:3e:b2:68:6d:72:f1:43:f3:db:ff:86:4c:76:
         f6:9e:e7:53:92:f8:81:4e:ec:c6:4b:68:7c:66:e3:77:a0:ff:
         26:17:9f:ca:c8:e7:58:c4:f7:92:51:4a:9f:5a:6a:15:11:64:
         c1:fa:03:1a:66:d4:de:57:42:ee:11:c0:ed:bc:a5:24:44:8e:
         17:76:3c:31:7c:d4:ef:6e:9c:9d:9a:07:43:af:19:77:d5:76:
         f5:f6:ed:8d:8b:8c:d9:92:59:95:64:c6:c5:b8:d7:00:78:63:
         de:59:79:51:81:d6:ef:30:1e:5a:54:c6:8d:1c:6f:06:47:d6:
         18:38:8a:1a:55:32:11:40:55:08:34:d2:51:fa:26:96:8c:47:
         4a:d0:13:52:be:0e:92:9f:16:14:68:f2:3a:d6:da:d1:54:21:
         5a:4d:fa:53:26:f4:04:33:b9:d3:86:a8:8e:75:85:4e:ac:00:
         cf:da:e4:bd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZb2GBMocOP0+To3rf/HwGuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjUwNTIyMDM0NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzc2ZWU3ZjM3YzkxMDNmNzc0NmFkYjQ3ZjdjZGNkNDgyNGM5YjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsS8W+YqF1vxAYAh2zp51hL2+1xO
+WlcdgIwm75wCWwwJrRBmV/0En2mIP2I0z24fjAKrdWYFHwxXq/wivl4xE6hkpK7
l+eknEnXth8fm72Ufd7/JV5lkQFzJtWA8CSuCxzPpowcsGLhSXBBieKNFBjFd4CV
iXZA85H2j47bNhZG56l71/SLEvpeSQOaXLNMA+mD7OnOruPQA4sDdJTSUWJfcBJm
Bv4reu/p7ss2vyYxD5pqR6nM+s16iZMDa4Q4WDsUAYyNBP9kySHd3a3Z2mneJXKr
NyGTHNK7CFO+ZpLuSK+b17amDQndesW1Vz3Ir+W7kJ1jz4lQmLJDoSc3ZwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBd27n83yRA/d0attH983NSCTJubMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvRjNidWZ6ZkpFRDkzUnEyMGYzemMxSUpNbTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFgc8D
BAUFgcAwDQYJKoZIhvcNAQELBQADggEBAImlxkaqtNNbcxM1wmPOciErxVe6ynwp
6v4Fe7TtHg+gojDdMu6IlTn4S4I9ky98iyqANu1Lj1NSLsdyxcr1PYTzBEiIsL3x
bTSW7P1DPrJobXLxQ/Pb/4ZMdvae51OS+IFO7MZLaHxm43eg/yYXn8rI51jE95JR
Sp9aahURZMH6Axpm1N5XQu4RwO28pSREjhd2PDF81O9unJ2aB0OvGXfVdvX27Y2L
jNmSWZVkxsW41wB4Y95ZeVGB1u8wHlpUxo0cbwZH1hg4ihpVMhFAVQg00lH6JpaM
R0rQE1K+DpKfFhRo8jrW2tFUIVpN+lMm9AQzudOGqI51hU6sAM/a5L0=
-----END CERTIFICATE-----