Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bKlLrB5W9E2X6vwcen2LJRvpEcs.roa
File:                     bKlLrB5W9E2X6vwcen2LJRvpEcs.roa (raw, json)
Hash identifier:          dNF7N3MGqIZy1q24ed5HhL3anfjHQGZ8SV8idKsfgJg=
Subject key identifier:   6C:A9:4B:AC:1E:56:F4:4D:97:EA:FC:1C:7A:7D:8B:25:1B:E9:11:CB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01941C417514E0E9F56C9968401E561396E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bKlLrB5W9E2X6vwcen2LJRvpEcs.roa
Signing time:             Tue 31 Dec 2024 10:27:19 +0000
ROA not before:           Tue 31 Dec 2024 10:27:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        80.240.88.0/21 maxlen: 24
                          81.168.122.0/24 maxlen: 24
                          82.152.131.0/24 maxlen: 24
                          82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.24.0/21 maxlen: 24
                          89.213.58.0/24 maxlen: 24
                          89.213.60.0/23 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.198.0/23 maxlen: 24
                          89.213.200.0/23 maxlen: 24
                          89.213.202.0/23 maxlen: 24
                          89.213.204.0/23 maxlen: 24
                          89.213.228.0/24 maxlen: 24
                          89.213.249.0/24 maxlen: 24
                          109.176.230.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 09:47:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:41:75:14:e0:e9:f5:6c:99:68:40:1e:56:13:96:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 31 10:27:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ca94bac1e56f44d97eafc1c7a7d8b251be911cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a1:ad:13:ce:39:bd:e1:0f:13:c8:ce:8e:a2:
                    9a:d9:e8:c8:71:63:4e:6e:81:9a:da:ad:df:a1:ca:
                    45:3b:df:f0:82:57:e5:e7:09:31:41:bd:f9:01:ad:
                    52:63:28:55:9e:58:16:c9:11:b5:03:db:4d:e8:8f:
                    16:7f:a7:e4:d0:28:c7:3f:a6:ee:fc:33:3d:1e:d2:
                    34:bc:80:91:f6:06:60:f5:ef:49:72:de:8b:98:62:
                    50:1c:a1:c4:ad:37:99:86:fa:fc:ee:67:4f:d7:c8:
                    ec:73:d7:a7:b0:a8:cc:51:b9:33:3b:ef:b4:5b:c3:
                    7b:1c:04:55:0e:f8:b6:19:4b:08:d7:d7:a5:91:89:
                    c1:a5:48:4f:fb:fb:58:28:13:ff:3b:43:0c:0c:f3:
                    9d:27:36:2d:f6:12:0f:6c:7e:27:9c:b8:40:40:6f:
                    2f:3d:77:c3:d6:1d:cd:34:a7:68:ef:28:05:50:80:
                    32:c4:73:f6:47:1e:62:5a:c8:e6:d7:9c:1f:96:7b:
                    02:7f:11:81:dd:74:b2:d0:24:53:02:80:26:f7:71:
                    3e:37:49:7d:44:82:2a:00:80:ad:34:06:e1:ca:e6:
                    0a:42:e4:9d:d8:19:3e:ad:64:f9:cd:f0:65:80:db:
                    f9:09:58:7f:a3:8d:ed:f6:d7:18:80:be:46:55:46:
                    f7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A9:4B:AC:1E:56:F4:4D:97:EA:FC:1C:7A:7D:8B:25:1B:E9:11:CB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bKlLrB5W9E2X6vwcen2LJRvpEcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.88.0/21
                  81.168.122.0/24
                  82.152.131.0/24
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.24.0/21
                  89.213.58.0/24
                  89.213.60.0/23
                  89.213.147.0/24
                  89.213.198.0-89.213.205.255
                  89.213.228.0/24
                  89.213.249.0/24
                  109.176.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:56:39:0b:55:d1:97:cf:a0:40:77:40:2b:76:b6:47:0f:64:
         34:7f:7b:a4:6e:58:46:b0:95:e3:d2:70:0f:f6:fb:cb:31:83:
         c7:19:54:40:5c:af:e6:ba:e5:27:8e:ba:21:15:00:f8:5c:25:
         b5:1b:10:b6:52:3a:8d:ef:7a:1a:69:09:47:06:61:80:8a:d3:
         ca:a3:71:c1:67:3d:e1:c0:07:37:a2:41:78:c1:82:50:0f:5a:
         a4:ee:fc:ca:1e:23:71:15:49:fa:7f:bb:d6:c8:2c:bc:e4:27:
         b0:35:92:be:06:50:31:18:b7:2a:cc:67:84:86:e7:31:68:c5:
         ea:d0:32:a0:df:34:7e:47:19:35:21:29:07:73:c8:51:22:25:
         28:78:1f:4d:54:ba:18:9f:1c:c4:63:bc:d7:29:5c:b4:f8:62:
         76:f7:05:95:e3:c6:43:a3:88:e9:e6:4f:16:24:08:8f:b2:b4:
         34:35:af:0f:00:92:02:da:17:4b:2c:1e:cd:1f:8f:22:51:f8:
         c4:37:a2:11:b9:37:3f:58:77:63:33:5c:01:4d:84:e2:81:23:
         83:c6:62:fd:5d:1e:1a:7e:bb:38:de:fb:15:8c:d4:c4:02:d0:
         ec:d0:61:f2:2d:28:b2:25:93:1d:da:92:c4:1c:28:fc:76:39:
         9a:40:e5:bb
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQcQXUU4On1bJloQB5WE5bmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMjMxMTAyNzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E5NGJhYzFlNTZmNDRkOTdlYWZjMWM3YTdkOGIyNTFiZTkxMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06GtE845veEPE8jOjqKa2ejIcWNO
boGa2q3focpFO9/wglfl5wkxQb35Aa1SYyhVnlgWyRG1A9tN6I8Wf6fk0CjHP6bu
/DM9HtI0vICR9gZg9e9Jct6LmGJQHKHErTeZhvr87mdP18jsc9ensKjMUbkzO++0
W8N7HARVDvi2GUsI19elkYnBpUhP+/tYKBP/O0MMDPOdJzYt9hIPbH4nnLhAQG8v
PXfD1h3NNKdo7ygFUIAyxHP2Rx5iWsjm15wflnsCfxGB3XSy0CRTAoAm93E+N0l9
RIIqAICtNAbhyuYKQuSd2Bk+rWT5zfBlgNv5CVh/o43t9tcYgL5GVUb36wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGypS6weVvRNl+r8HHp9iyUb6RHLMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYktsTHJCNVc5RTJYNnZ3Y2VuMkxKUnZwRWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQDUPBYAwQA
Uah6AwQAUpiDAwQBUpiuAwQCUpnQAwQDUqMYAwQAWdU6AwQBWdU8AwQAWdWTMAwD
BAFZ1cYDBAFZ1cwDBABZ1eQDBABZ1fkDBABtsOYwDQYJKoZIhvcNAQELBQADggEB
AG1WOQtV0ZfPoEB3QCt2tkcPZDR/e6RuWEawlePScA/2+8sxg8cZVEBcr+a65SeO
uiEVAPhcJbUbELZSOo3vehppCUcGYYCK08qjccFnPeHABzeiQXjBglAPWqTu/Moe
I3EVSfp/u9bILLzkJ7A1kr4GUDEYtyrMZ4SG5zFoxerQMqDfNH5HGTUhKQdzyFEi
JSh4H01UuhifHMRjvNcpXLT4Ynb3BZXjxkOjiOnmTxYkCI+ytDQ1rw8AkgLaF0ss
Hs0fjyJR+MQ3ohG5Nz9Yd2MzXAFNhOKBI4PGYv1dHhp+uzje+xWM1MQC0OzQYfIt
KLIlkx3aksQcKPx2OZpA5bs=
-----END CERTIFICATE-----