Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RJaWjV9jXNDpJtf62eYncfBJgB4.roa
File:                     RJaWjV9jXNDpJtf62eYncfBJgB4.roa (raw, json)
Hash identifier:          fsDQKKOZKQ5oxypKyvAv0flbBOzNNAEZEP/mbG0EY6s=
Subject key identifier:   44:96:96:8D:5F:63:5C:D0:E9:26:D7:FA:D9:E6:27:71:F0:49:80:1E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01954D70EA83F1BE6165DBD16EA8F5D9B3E9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RJaWjV9jXNDpJtf62eYncfBJgB4.roa
Signing time:             Fri 28 Feb 2025 16:43:20 +0000
ROA not before:           Fri 28 Feb 2025 16:43:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.242.192.0/20 maxlen: 24
                          151.243.16.0/20 maxlen: 20
                          151.243.97.0/24 maxlen: 24
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 01 Mar 2025 09:53:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4d:70:ea:83:f1:be:61:65:db:d1:6e:a8:f5:d9:b3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 28 16:43:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4496968d5f635cd0e926d7fad9e62771f049801e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:77:18:54:15:84:03:a7:8e:50:2d:94:b7:8d:
                    d9:0d:4d:62:ad:e6:91:b8:84:bc:d1:fe:c2:9b:f0:
                    43:bb:5a:a5:3b:b5:9d:df:05:71:5d:a2:0b:8d:d9:
                    25:ba:3f:88:9a:50:fc:bd:fc:bb:d3:3a:29:c4:30:
                    1b:44:a6:ac:ed:61:79:bc:bb:cf:60:37:99:52:4c:
                    dc:75:10:30:7e:d9:bd:8c:a6:93:f9:a8:58:ff:51:
                    60:d4:14:5f:0e:ce:75:6a:3b:24:05:2f:85:da:6a:
                    61:4c:69:a9:af:6d:e8:60:80:97:2b:ed:25:ca:a2:
                    fc:5c:fe:0f:fd:13:fa:90:09:c0:11:11:e7:9d:bc:
                    4d:45:39:41:e4:5c:b8:1d:ba:9a:db:d0:7c:ad:32:
                    73:a0:fc:44:64:37:53:03:e8:bc:6d:cc:1f:d8:1a:
                    3f:30:c8:26:73:fa:30:e9:77:64:69:4b:dd:0b:60:
                    ee:b9:ff:b5:2f:0c:9a:0e:e1:8b:22:cb:82:95:cc:
                    be:a1:f3:3d:b2:75:93:24:d4:c7:f5:9a:7f:24:7e:
                    a2:7c:6e:b0:ba:00:86:2c:07:8c:c6:df:7a:d4:c6:
                    15:1c:0d:0c:75:5c:a1:e1:8f:92:76:c4:db:c3:7f:
                    4b:3b:36:a3:bc:b1:24:d6:39:b1:65:78:e6:80:68:
                    1f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:96:96:8D:5F:63:5C:D0:E9:26:D7:FA:D9:E6:27:71:F0:49:80:1E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/RJaWjV9jXNDpJtf62eYncfBJgB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.242.192.0/20
                  151.243.16.0/20
                  151.243.97.0/24
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         71:81:ac:cf:60:41:ee:34:7e:c7:a8:87:49:74:14:5a:70:ac:
         3a:4b:03:00:a5:92:3c:9f:ef:ea:8b:53:d1:af:92:e8:76:b1:
         5b:bc:11:ce:d1:a9:ef:ec:f7:ae:65:cc:65:92:ca:31:53:b0:
         f5:63:5d:0d:74:b5:e5:cd:29:86:59:23:6f:86:db:68:9b:35:
         5b:13:86:9f:d1:1b:00:bb:b1:5c:84:5e:b8:00:e8:79:a0:8e:
         f8:b4:67:c7:57:7c:27:f0:e1:ad:05:35:b5:b5:9c:fb:26:dc:
         68:00:b5:4b:5f:a3:e4:4d:db:7b:ce:20:26:12:ee:a2:e5:08:
         a5:31:95:0f:3e:76:39:3f:4c:54:f2:1c:c4:81:b0:46:b3:d3:
         37:e8:bb:5e:65:5e:6b:c9:82:f8:30:35:f0:6b:6b:7e:c0:51:
         0b:79:03:18:8b:0f:f3:c8:be:86:6e:bc:36:6c:8f:c9:cd:71:
         cb:8b:be:75:2c:13:f7:39:96:7b:0b:f3:72:af:52:64:d0:26:
         b4:f8:69:dd:f5:16:39:6a:cd:95:0f:77:2c:60:80:de:a3:e5:
         01:c5:bb:e8:d2:d3:72:b4:bb:47:db:92:1b:0c:13:9d:47:0a:
         93:2b:13:30:d4:89:68:95:9d:75:e2:c2:c5:01:e5:03:37:ff:
         cf:bf:e3:71
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZVNcOqD8b5hZdvRbqj12bPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjI4MTY0MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDk2OTY4ZDVmNjM1Y2QwZTkyNmQ3ZmFkOWU2Mjc3MWYwNDk4MDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwncYVBWEA6eOUC2Ut43ZDU1ireaR
uIS80f7Cm/BDu1qlO7Wd3wVxXaILjdkluj+ImlD8vfy70zopxDAbRKas7WF5vLvP
YDeZUkzcdRAwftm9jKaT+ahY/1Fg1BRfDs51ajskBS+F2mphTGmpr23oYICXK+0l
yqL8XP4P/RP6kAnAERHnnbxNRTlB5Fy4Hbqa29B8rTJzoPxEZDdTA+i8bcwf2Bo/
MMgmc/ow6XdkaUvdC2Duuf+1LwyaDuGLIsuClcy+ofM9snWTJNTH9Zp/JH6ifG6w
ugCGLAeMxt961MYVHA0MdVyh4Y+SdsTbw39LOzajvLEk1jmxZXjmgGgfcQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFESWlo1fY1zQ6SbX+tnmJ3HwSYAeMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUkphV2pWOWpYTkRwSnRmNjJlWW5jZkJKZ0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQAJcrBMAwD
BAAlysMDBAElysgDBASX8sADBASX8xADBACX82EwDAMEAZfz9gMEAZfz/DANBgkq
hkiG9w0BAQsFAAOCAQEAcYGsz2BB7jR+x6iHSXQUWnCsOksDAKWSPJ/v6otT0a+S
6HaxW7wRztGp7+z3rmXMZZLKMVOw9WNdDXS15c0phlkjb4bbaJs1WxOGn9EbALux
XIReuADoeaCO+LRnx1d8J/DhrQU1tbWc+ybcaAC1S1+j5E3be84gJhLuouUIpTGV
Dz52OT9MVPIcxIGwRrPTN+i7XmVea8mC+DA18GtrfsBRC3kDGIsP88i+hm68NmyP
yc1xy4u+dSwT9zmWewvzcq9SZNAmtPhp3fUWOWrNlQ93LGCA3qPlAcW76NLTcrS7
R9uSGwwTnUcKkysTMNSJaJWddeLCxQHlAzf/z7/jcQ==
-----END CERTIFICATE-----