Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eKqVVgz2XXgbEhQPF3ZfkvrLpVc.roa
File:                     eKqVVgz2XXgbEhQPF3ZfkvrLpVc.roa (raw, json)
Hash identifier:          KWClZ0bnsU6LeGUaM0be2YB6lRckM3xmO1fPNs78hp8=
Subject key identifier:   78:AA:95:56:0C:F6:5D:78:1B:12:14:0F:17:76:5F:92:FA:CB:A5:57
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D4730060B627C5B03AAD371BE1F4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eKqVVgz2XXgbEhQPF3ZfkvrLpVc.roa
Signing time:             Wed 01 Jan 2025 09:48:00 +0000
ROA not before:           Wed 01 Jan 2025 09:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        80.240.88.0/21 maxlen: 24
                          81.168.122.0/24 maxlen: 24
                          82.152.131.0/24 maxlen: 24
                          82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.24.0/21 maxlen: 24
                          89.213.58.0/24 maxlen: 24
                          89.213.60.0/23 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.198.0/23 maxlen: 24
                          89.213.200.0/23 maxlen: 24
                          89.213.202.0/23 maxlen: 24
                          89.213.204.0/23 maxlen: 24
                          89.213.228.0/24 maxlen: 24
                          89.213.249.0/24 maxlen: 24
                          109.176.230.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 21 Jan 2025 11:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d4:73:00:60:b6:27:c5:b0:3a:ad:37:1b:e1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78aa95560cf65d781b12140f17765f92facba557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:94:d3:bb:81:57:a6:71:4c:97:b9:ad:ed:17:
                    11:f1:a1:dc:ff:a3:92:bd:8b:5f:63:64:d2:12:bf:
                    3a:b2:14:9f:02:40:58:c0:4b:36:de:66:a4:0f:b1:
                    67:0d:14:3c:59:cb:1c:76:61:9e:0d:c3:21:d3:2f:
                    a7:26:c6:9a:02:23:f4:dc:f1:a7:94:fd:ec:fc:5a:
                    51:14:a9:44:6b:4b:94:9d:c1:bc:fa:2c:c3:d0:48:
                    2a:5b:14:91:3e:14:ca:4d:9f:ad:71:4e:8d:39:b7:
                    48:4d:f1:ad:15:a3:a7:5c:82:ca:da:d4:91:98:b3:
                    c5:a9:fc:51:2f:e3:5b:db:e9:f9:22:c4:aa:14:2b:
                    3f:b4:c2:26:63:d1:f5:58:89:ab:0f:78:61:f4:5e:
                    92:91:9b:96:0f:86:3b:85:f5:cc:f0:19:d3:da:de:
                    94:d7:2c:6b:e3:9c:40:8d:4d:69:77:03:84:10:02:
                    ce:ab:06:6f:17:36:e6:aa:94:15:72:60:a0:3d:b0:
                    d6:ed:1b:9f:49:1b:d3:b2:4e:0a:ef:02:ea:b8:c1:
                    15:8b:77:d8:2d:a8:97:ca:bd:68:06:b5:e8:2a:a4:
                    ee:30:4a:36:50:62:f1:a1:2f:c1:11:00:db:b6:30:
                    51:ad:d0:20:66:6f:8c:b0:f3:0c:8d:65:b3:6a:21:
                    ad:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:AA:95:56:0C:F6:5D:78:1B:12:14:0F:17:76:5F:92:FA:CB:A5:57
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eKqVVgz2XXgbEhQPF3ZfkvrLpVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.88.0/21
                  81.168.122.0/24
                  82.152.131.0/24
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.24.0/21
                  89.213.58.0/24
                  89.213.60.0/23
                  89.213.147.0/24
                  89.213.198.0-89.213.205.255
                  89.213.228.0/24
                  89.213.249.0/24
                  109.176.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:93:6b:0d:f5:37:a4:7c:80:17:2b:26:8e:57:84:55:25:7d:
         a5:b9:c0:4b:53:3a:7c:0e:c6:0e:e1:31:c0:7f:02:87:0b:8a:
         1a:53:9c:d2:c4:df:9d:43:e9:8f:40:bd:cc:a7:1d:ff:17:8d:
         2b:c1:da:3a:63:ce:1e:68:9c:a1:0f:5e:bf:6e:fe:0d:79:07:
         30:d4:93:3c:ce:67:d5:89:27:da:a3:52:38:58:68:fe:1e:ea:
         eb:7a:1b:c9:41:af:8d:55:48:df:ea:b0:88:1b:3c:d7:38:82:
         ae:b0:90:ac:c5:68:2e:18:9b:b9:fa:29:bd:f4:fd:72:7b:d2:
         31:8a:f8:7f:4e:98:df:d6:0c:3c:a6:b7:23:f8:1e:65:ca:e3:
         06:7e:8f:b4:8f:67:6f:3e:8c:6e:e6:dc:28:6c:ce:92:95:30:
         8f:15:c5:7b:7c:ed:c6:3b:8c:69:45:c0:49:cf:71:cc:6f:47:
         50:24:4a:5b:9b:60:c8:27:03:6e:44:ca:bc:8d:4c:d4:0b:bd:
         45:80:52:b0:83:bf:de:2a:ed:76:a0:c7:64:ce:16:37:4a:03:
         ef:a7:9e:44:72:76:7c:fe:11:54:6f:51:d0:1e:9d:0b:ef:d4:
         4b:2a:83:66:44:cb:32:84:3a:08:df:e4:b0:1b:b0:63:3b:43:
         84:b8:a8:cb
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZQhQ9RzAGC2J8WwOq03G+H0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGFhOTU1NjBjZjY1ZDc4MWIxMjE0MGYxNzc2NWY5MmZhY2JhNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5TTu4FXpnFMl7mt7RcR8aHc/6OS
vYtfY2TSEr86shSfAkBYwEs23makD7FnDRQ8WcscdmGeDcMh0y+nJsaaAiP03PGn
lP3s/FpRFKlEa0uUncG8+izD0EgqWxSRPhTKTZ+tcU6NObdITfGtFaOnXILK2tSR
mLPFqfxRL+Nb2+n5IsSqFCs/tMImY9H1WImrD3hh9F6SkZuWD4Y7hfXM8BnT2t6U
1yxr45xAjU1pdwOEEALOqwZvFzbmqpQVcmCgPbDW7RufSRvTsk4K7wLquMEVi3fY
LaiXyr1oBrXoKqTuMEo2UGLxoS/BEQDbtjBRrdAgZm+MsPMMjWWzaiGtoQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFHiqlVYM9l14GxIUDxd2X5L6y6VXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZUtxVlZnejJYWGdiRWhRUEYzWmZrdnJMcFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQDUPBYAwQA
Uah6AwQAUpiDAwQBUpiuAwQCUpnQAwQDUqMYAwQAWdU6AwQBWdU8AwQAWdWTMAwD
BAFZ1cYDBAFZ1cwDBABZ1eQDBABZ1fkDBABtsOYwDQYJKoZIhvcNAQELBQADggEB
AKmTaw31N6R8gBcrJo5XhFUlfaW5wEtTOnwOxg7hMcB/AocLihpTnNLE351D6Y9A
vcynHf8XjSvB2jpjzh5onKEPXr9u/g15BzDUkzzOZ9WJJ9qjUjhYaP4e6ut6G8lB
r41VSN/qsIgbPNc4gq6wkKzFaC4Ym7n6Kb30/XJ70jGK+H9OmN/WDDymtyP4HmXK
4wZ+j7SPZ28+jG7m3ChszpKVMI8VxXt87cY7jGlFwEnPccxvR1AkSlubYMgnA25E
yryNTNQLvUWAUrCDv94q7Xagx2TOFjdKA++nnkRydnz+EVRvUdAenQvv1Esqg2ZE
yzKEOgjf5LAbsGM7Q4S4qMs=
-----END CERTIFICATE-----