Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ka3EhLeMRgXBAJBh_lcTAXQS_0g.roa
File:                     Ka3EhLeMRgXBAJBh_lcTAXQS_0g.roa (raw, json)
Hash identifier:          RpNU2lZvkaHjVWbXdJk6U6tykd8OCJhKfoA9DxCmJpQ=
Subject key identifier:   29:AD:C4:84:B7:8C:46:05:C1:00:90:61:FE:57:13:01:74:12:FF:48
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196B3D946F8BA30332FCB82E903B58A8420
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ka3EhLeMRgXBAJBh_lcTAXQS_0g.roa
Signing time:             Fri 09 May 2025 07:01:23 +0000
ROA not before:           Fri 09 May 2025 07:01:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        37.202.219.0/24 maxlen: 24
                          151.240.31.0/24 maxlen: 24
                          151.240.229.0/24 maxlen: 24
                          151.240.233.0/24 maxlen: 24
                          151.240.234.0/24 maxlen: 24
                          151.240.235.0/24 maxlen: 24
                          151.240.236.0/24 maxlen: 24
                          151.240.237.0/24 maxlen: 24
                          151.240.238.0/24 maxlen: 24
                          151.240.239.0/24 maxlen: 24
                          151.240.240.0/24 maxlen: 24
                          151.240.241.0/24 maxlen: 24
                          151.240.242.0/24 maxlen: 24
                          151.240.243.0/24 maxlen: 24
                          151.240.244.0/24 maxlen: 24
                          151.240.245.0/24 maxlen: 24
                          151.240.246.0/24 maxlen: 24
                          151.240.247.0/24 maxlen: 24
                          151.240.249.0/24 maxlen: 24
                          151.240.250.0/24 maxlen: 24
                          151.240.251.0/24 maxlen: 24
                          151.240.252.0/24 maxlen: 24
                          151.240.253.0/24 maxlen: 24
                          151.242.9.0/24 maxlen: 24
                          151.242.13.0/24 maxlen: 24
                          151.242.46.0/24 maxlen: 24
                          151.242.47.0/24 maxlen: 24
                          151.242.48.0/24 maxlen: 24
                          151.242.60.0/24 maxlen: 24
                          151.242.62.0/24 maxlen: 24
                          151.242.64.0/24 maxlen: 24
                          151.242.121.0/24 maxlen: 24
                          151.242.166.0/23 maxlen: 24
                          151.242.195.0/24 maxlen: 24
                          151.243.140.0/24 maxlen: 24
                          151.244.59.0/24 maxlen: 24
                          151.244.117.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 09 May 2025 07:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:d9:46:f8:ba:30:33:2f:cb:82:e9:03:b5:8a:84:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  9 07:01:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29adc484b78c4605c1009061fe5713017412ff48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4b:21:5a:8e:20:fc:0d:6d:05:80:5e:17:10:
                    ad:d7:12:01:03:53:10:c1:5e:a0:06:b3:53:01:36:
                    3b:78:ca:cb:22:4f:d7:1c:23:b6:f8:21:ff:cb:c2:
                    0e:82:0c:3f:ec:e5:cf:4c:94:61:98:39:2e:31:b6:
                    e9:49:38:70:f9:20:1f:e5:53:10:5f:be:88:a9:6e:
                    ac:7e:69:dc:a0:6b:7a:b5:77:07:19:25:87:52:2c:
                    ad:4a:c4:25:24:9d:90:fd:76:ed:f6:f2:07:c5:e0:
                    f1:c3:f6:20:01:f8:ed:1c:f7:bf:15:81:d6:5a:10:
                    ba:81:a9:9c:47:51:57:ab:ba:eb:36:c9:64:55:95:
                    1b:cc:07:84:2e:4b:3b:6b:1d:68:0c:be:ff:f7:2d:
                    cf:e5:69:ab:3c:19:8e:f7:49:61:44:df:bb:bf:4e:
                    71:cb:e9:21:80:77:10:5d:38:25:df:b6:57:e7:a1:
                    2e:47:59:bb:ab:2a:29:52:51:d6:65:27:04:83:fa:
                    1b:60:ee:b7:e5:4b:fd:fb:69:f3:51:20:a0:d6:f4:
                    fa:89:20:e7:5b:dc:2f:bb:28:9e:dc:29:7d:a5:e8:
                    d6:e1:cd:0d:f6:f2:45:cd:71:98:7c:db:8a:9d:30:
                    6a:91:51:b3:54:d4:18:ed:aa:b8:4f:fd:1e:bb:05:
                    7e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AD:C4:84:B7:8C:46:05:C1:00:90:61:FE:57:13:01:74:12:FF:48
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Ka3EhLeMRgXBAJBh_lcTAXQS_0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.219.0/24
                  151.240.31.0/24
                  151.240.229.0/24
                  151.240.233.0-151.240.247.255
                  151.240.249.0-151.240.253.255
                  151.242.9.0/24
                  151.242.13.0/24
                  151.242.46.0-151.242.48.255
                  151.242.60.0/24
                  151.242.62.0/24
                  151.242.64.0/24
                  151.242.121.0/24
                  151.242.166.0/23
                  151.242.195.0/24
                  151.243.140.0/24
                  151.244.59.0/24
                  151.244.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:9b:53:47:0a:17:01:73:54:8b:a9:d7:c8:ae:24:4d:d5:f5:
         af:c2:d2:a9:12:39:b7:f0:0b:e4:ab:50:54:97:81:d4:7c:5a:
         1e:0a:8e:f2:d1:fd:bc:cd:9d:d0:98:f5:59:2e:88:8b:2c:70:
         8a:c4:46:59:52:f1:64:7e:74:cb:6a:1d:ff:bd:2e:2b:96:08:
         f9:ca:51:4d:f8:c2:f0:ae:e1:a8:66:08:a8:0a:18:83:53:e6:
         4c:5e:d0:4b:59:7b:4a:5a:81:ce:29:36:00:ec:de:34:b4:7b:
         bc:63:21:de:c5:c4:d8:69:45:89:c1:73:c0:33:13:83:c3:01:
         9b:10:77:0a:d0:6a:34:a8:b3:02:66:17:2c:87:26:90:af:ab:
         a9:77:1b:68:a9:f8:af:51:3f:83:69:e3:a4:57:e6:8b:9c:d1:
         99:ff:e5:e0:bb:66:ba:1a:64:95:f4:f1:2f:c0:49:7d:5b:a4:
         28:26:97:2e:c6:32:ad:52:29:ec:04:59:06:c1:e3:77:eb:18:
         1e:a8:44:83:b0:ea:f6:42:94:06:3c:ae:d6:cf:c4:86:76:5e:
         92:e0:48:b5:af:28:e6:db:55:90:e3:13:41:f7:10:ff:91:ab:
         c5:72:16:b0:c0:ee:3f:3b:1c:71:b8:38:48:7a:9d:d2:6f:3d:
         bf:a3:8e:2a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZaz2Ub4ujAzL8uC6QO1ioQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTA5MDcwMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFkYzQ4NGI3OGM0NjA1YzEwMDkwNjFmZTU3MTMwMTc0MTJmZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkshWo4g/A1tBYBeFxCt1xIBA1MQ
wV6gBrNTATY7eMrLIk/XHCO2+CH/y8IOggw/7OXPTJRhmDkuMbbpSThw+SAf5VMQ
X76IqW6sfmncoGt6tXcHGSWHUiytSsQlJJ2Q/Xbt9vIHxeDxw/YgAfjtHPe/FYHW
WhC6gamcR1FXq7rrNslkVZUbzAeELks7ax1oDL7/9y3P5WmrPBmO90lhRN+7v05x
y+khgHcQXTgl37ZX56EuR1m7qyopUlHWZScEg/obYO635Uv9+2nzUSCg1vT6iSDn
W9wvuyie3Cl9pejW4c0N9vJFzXGYfNuKnTBqkVGzVNQY7aq4T/0euwV+DwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFCmtxIS3jEYFwQCQYf5XEwF0Ev9IMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvS2EzRWhMZU1SZ1hCQUpCaF9sY1RBWFFTXzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEACXK
2wMEAJfwHwMEAJfw5TAMAwQAl/DpAwQDl/DwMAwDBACX8PkDBAGX8PwDBACX8gkD
BACX8g0wDAMEAZfyLgMEAJfyMAMEAJfyPAMEAJfyPgMEAJfyQAMEAJfyeQMEAZfy
pgMEAJfywwMEAJfzjAMEAJf0OwMEAJf0dTANBgkqhkiG9w0BAQsFAAOCAQEAKZtT
RwoXAXNUi6nXyK4kTdX1r8LSqRI5t/AL5KtQVJeB1HxaHgqO8tH9vM2d0Jj1WS6I
iyxwisRGWVLxZH50y2od/70uK5YI+cpRTfjC8K7hqGYIqAoYg1PmTF7QS1l7SlqB
zik2AOzeNLR7vGMh3sXE2GlFicFzwDMTg8MBmxB3CtBqNKizAmYXLIcmkK+rqXcb
aKn4r1E/g2njpFfmi5zRmf/l4LtmuhpklfTxL8BJfVukKCaXLsYyrVIp7ARZBsHj
d+sYHqhEg7Dq9kKUBjyu1s/EhnZekuBIta8o5ttVkOMTQfcQ/5GrxXIWsMDuPzsc
cbg4SHqd0m89v6OOKg==
-----END CERTIFICATE-----
Generated at Tue Jun 10 11:54:38 2025 by rpki-client