Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GkWXwQO-BwJvRFU3o_wGK9ZM544.roa
File:                     GkWXwQO-BwJvRFU3o_wGK9ZM544.roa (raw, json)
Hash identifier:          tX09PvSARLs1Bgx63Kbt6MNKASOJEa4f57UaSPYdNLo=
Subject key identifier:   1A:45:97:C1:03:BE:07:02:6F:44:55:37:A3:FC:06:2B:D6:4C:E7:8E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01969E86B5EB6D43BC29FBCF39CE7FE2E3A7
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GkWXwQO-BwJvRFU3o_wGK9ZM544.roa
Signing time:             Mon 05 May 2025 03:39:10 +0000
ROA not before:           Mon 05 May 2025 03:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        151.242.40.0/24 maxlen: 24
                          151.242.170.0/24 maxlen: 24
                          151.242.171.0/24 maxlen: 24
                          151.242.172.0/24 maxlen: 24
                          151.242.173.0/24 maxlen: 24
                          151.242.242.0/24 maxlen: 24
                          151.243.61.0/24 maxlen: 24
                          151.243.62.0/24 maxlen: 24
                          151.243.63.0/24 maxlen: 24
                          151.243.88.0/24 maxlen: 24
                          151.243.89.0/24 maxlen: 24
                          151.243.115.0/24 maxlen: 24
                          151.243.120.0/24 maxlen: 24
                          151.244.4.0/24 maxlen: 24
                          151.244.5.0/24 maxlen: 24
                          151.244.6.0/24 maxlen: 24
                          151.244.56.0/24 maxlen: 24
                          151.244.58.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 06 May 2025 06:06:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9e:86:b5:eb:6d:43:bc:29:fb:cf:39:ce:7f:e2:e3:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  5 03:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a4597c103be07026f445537a3fc062bd64ce78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c0:4b:c7:11:5d:a6:92:64:9d:66:01:1d:e8:
                    a9:77:e1:72:c3:1c:7b:74:3d:5c:63:17:84:5e:a2:
                    7f:04:ae:31:f8:08:b3:eb:c6:67:2b:6b:74:ce:02:
                    3b:a5:9e:dd:8c:0c:d0:4c:14:32:52:e7:f9:d4:c6:
                    8b:da:21:29:b2:ab:ea:81:b0:96:1b:08:b4:d1:bd:
                    38:c3:ba:3b:00:28:d7:6f:8e:22:17:98:e5:f6:8b:
                    ee:0a:a9:8d:e3:42:3b:1e:85:aa:67:c2:48:0b:e9:
                    39:ab:24:ce:93:75:3b:6f:3d:f6:58:00:84:e6:76:
                    e7:4f:ce:26:11:ac:43:82:b7:01:57:a6:ac:66:a9:
                    8b:5c:9c:ec:cb:17:50:74:7e:bb:73:8d:0f:0c:a6:
                    bc:69:6b:9d:e7:2c:0a:bc:ec:81:bb:a0:61:d9:3b:
                    83:33:3f:91:05:40:f9:14:2d:3a:96:8b:c1:0d:8e:
                    da:71:d3:8b:1a:85:b0:c8:c8:9a:06:e0:a7:79:9b:
                    99:b5:5c:67:77:fa:79:84:73:f4:55:75:fa:74:8a:
                    92:08:27:82:0c:a8:0d:3e:bd:52:ee:42:61:ce:7f:
                    e8:4b:9a:94:7d:ae:39:71:f4:e9:79:e3:5c:ba:c0:
                    91:c1:ba:0e:51:24:88:3d:96:8c:c9:c8:2a:b0:ec:
                    77:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:45:97:C1:03:BE:07:02:6F:44:55:37:A3:FC:06:2B:D6:4C:E7:8E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/GkWXwQO-BwJvRFU3o_wGK9ZM544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.40.0/24
                  151.242.170.0-151.242.173.255
                  151.242.242.0/24
                  151.243.61.0-151.243.63.255
                  151.243.88.0/23
                  151.243.115.0/24
                  151.243.120.0/24
                  151.244.4.0-151.244.6.255
                  151.244.56.0/24
                  151.244.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0d:cf:d8:5e:f3:94:9b:4e:31:49:80:1b:04:35:92:8d:f3:
         72:b7:2c:b9:9b:92:d3:9b:de:54:15:3c:c4:77:13:13:b1:0a:
         99:e6:44:1a:2d:94:0a:fc:58:b4:df:bf:27:28:f1:8a:2a:c9:
         ac:d2:80:5a:27:e3:e4:04:58:b2:d5:8f:26:d8:d5:35:ab:80:
         e2:36:4e:d8:ba:1d:82:18:69:1d:4d:21:a7:d5:9c:66:7d:dc:
         a0:1c:b6:ab:96:e8:df:e5:54:e2:eb:7a:d7:26:76:73:8c:b7:
         dd:8b:a4:19:9d:7f:22:56:4e:82:e1:e9:53:ad:70:29:00:7e:
         79:3a:32:14:e0:f6:4d:43:11:de:18:d5:e8:ca:78:dd:bb:83:
         b5:cc:6c:c0:ec:60:cb:5c:b9:df:e2:b5:ed:d1:0e:62:23:5e:
         65:2f:b4:d5:c0:3c:cf:a1:30:87:b1:92:ea:39:bd:c2:ab:03:
         d7:91:e1:19:ce:91:ab:d1:e3:bf:d8:40:83:4a:aa:10:fc:8f:
         60:24:40:5c:cf:37:cb:a5:ff:4e:4f:46:9e:b7:09:ae:f4:1b:
         3e:02:de:cd:8b:08:c9:6d:f4:68:56:23:90:a0:eb:01:d2:f3:
         a3:42:ab:15:4f:85:49:a6:06:a1:27:3c:46:3d:a4:ff:53:e4:
         26:11:f0:f6
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZaehrXrbUO8KfvPOc5/4uOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA1MDMzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQ1OTdjMTAzYmUwNzAyNmY0NDU1MzdhM2ZjMDYyYmQ2NGNlNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMBLxxFdppJknWYBHeipd+Fywxx7
dD1cYxeEXqJ/BK4x+Aiz68ZnK2t0zgI7pZ7djAzQTBQyUuf51MaL2iEpsqvqgbCW
Gwi00b04w7o7ACjXb44iF5jl9ovuCqmN40I7HoWqZ8JIC+k5qyTOk3U7bz32WACE
5nbnT84mEaxDgrcBV6asZqmLXJzsyxdQdH67c40PDKa8aWud5ywKvOyBu6Bh2TuD
Mz+RBUD5FC06lovBDY7acdOLGoWwyMiaBuCneZuZtVxnd/p5hHP0VXX6dIqSCCeC
DKgNPr1S7kJhzn/oS5qUfa45cfTpeeNcusCRwboOUSSIPZaMycgqsOx36QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFBpFl8EDvgcCb0RVN6P8BivWTOeOMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR2tXWHdRTy1Cd0p2UkZVM29fd0dLOVpNNTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAl/IoMAwD
BAGX8qoDBAGX8qwDBACX8vIwDAMEAJfzPQMEBpfzAAMEAZfzWAMEAJfzcwMEAJfz
eDAMAwQCl/QEAwQAl/QGAwQAl/Q4AwQAl/Q6MA0GCSqGSIb3DQEBCwUAA4IBAQAI
Dc/YXvOUm04xSYAbBDWSjfNytyy5m5LTm95UFTzEdxMTsQqZ5kQaLZQK/Fi0378n
KPGKKsms0oBaJ+PkBFiy1Y8m2NU1q4DiNk7Yuh2CGGkdTSGn1ZxmfdygHLarlujf
5VTi63rXJnZzjLfdi6QZnX8iVk6C4elTrXApAH55OjIU4PZNQxHeGNXoynjdu4O1
zGzA7GDLXLnf4rXt0Q5iI15lL7TVwDzPoTCHsZLqOb3CqwPXkeEZzpGr0eO/2ECD
SqoQ/I9gJEBczzfLpf9OT0aetwmu9Bs+At7NiwjJbfRoViOQoOsB0vOjQqsVT4VJ
pgahJzxGPaT/U+QmEfD2
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:54:57 2025 by rpki-client