Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yUlmsQlHg-PT3LFx9vRW1kXYKP8.roa
File:                     yUlmsQlHg-PT3LFx9vRW1kXYKP8.roa (raw, json)
Hash identifier:          KA/QaSIdbOubiUXhf83FVkuxTlaTmF8T+24eLoqGNGc=
Subject key identifier:   C9:49:66:B1:09:47:83:E3:D3:DC:B1:71:F6:F4:56:D6:45:D8:28:FF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196E7D9C5FFDCD231CE416DCFA0B59711BC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yUlmsQlHg-PT3LFx9vRW1kXYKP8.roa
Signing time:             Mon 19 May 2025 09:22:11 +0000
ROA not before:           Mon 19 May 2025 09:22:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        37.202.202.0/24 maxlen: 24
                          151.240.17.0/24 maxlen: 24
                          151.240.100.0/24 maxlen: 24
                          151.241.76.0/24 maxlen: 24
                          151.242.39.0/24 maxlen: 24
                          151.242.67.0/24 maxlen: 24
                          151.242.117.0/24 maxlen: 24
                          151.242.159.0/24 maxlen: 24
                          151.243.6.0/24 maxlen: 24
                          151.243.50.0/24 maxlen: 24
                          151.243.88.0/24 maxlen: 24
                          151.243.160.0/22 maxlen: 22
                          151.245.112.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 20 May 2025 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:d9:c5:ff:dc:d2:31:ce:41:6d:cf:a0:b5:97:11:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 19 09:22:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c94966b1094783e3d3dcb171f6f456d645d828ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a0:8e:56:ac:ce:bf:2a:88:f0:99:94:c9:d1:
                    0f:dd:de:8f:fb:4e:7d:84:19:21:bc:69:c9:ec:8d:
                    33:2b:9f:e0:d6:9a:5a:38:f4:c5:16:8b:91:85:74:
                    a8:6b:d8:e0:31:2d:6b:eb:a2:6e:d3:40:03:6c:99:
                    08:89:7b:55:c8:11:82:9f:33:dd:55:06:95:0b:7a:
                    a1:b1:ab:33:f5:5d:af:a0:a3:7d:a7:63:e5:ac:74:
                    08:6b:76:6d:72:d4:3f:d2:b7:33:ad:28:d1:4a:3e:
                    0b:61:0f:e7:a6:3a:fa:68:85:41:e9:8d:2c:87:dc:
                    17:c2:6a:be:fd:b8:08:ec:2e:15:a6:7e:b8:67:eb:
                    4e:63:f1:3d:a1:a8:1d:66:b2:81:7e:d1:d8:d4:f2:
                    f1:58:8b:59:de:17:b4:9c:49:a0:8b:50:04:1a:86:
                    86:c4:ba:e9:3c:ee:e4:d4:80:20:1a:04:e9:c5:5a:
                    be:57:4b:2f:00:b6:36:c8:6b:0b:ca:e8:62:5a:ba:
                    a2:7f:57:b1:a1:42:f8:bd:81:11:4a:84:99:4c:ab:
                    7b:1a:46:c3:4b:1a:26:a1:62:c6:04:84:6d:56:f8:
                    e5:ce:2d:85:10:80:a4:1d:be:b8:db:9f:47:fd:c3:
                    fe:09:b8:3c:e1:e5:84:26:e3:ca:69:0a:93:16:34:
                    06:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:49:66:B1:09:47:83:E3:D3:DC:B1:71:F6:F4:56:D6:45:D8:28:FF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yUlmsQlHg-PT3LFx9vRW1kXYKP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.202.0/24
                  151.240.17.0/24
                  151.240.100.0/24
                  151.241.76.0/24
                  151.242.39.0/24
                  151.242.67.0/24
                  151.242.117.0/24
                  151.242.159.0/24
                  151.243.6.0/24
                  151.243.50.0/24
                  151.243.88.0/24
                  151.243.160.0/22
                  151.245.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2e:55:05:00:fd:d1:18:ac:fa:f2:74:2d:c4:07:2b:81:e7:
         3f:af:53:e0:e8:e2:2f:1b:08:24:7b:10:57:b3:57:f5:54:98:
         4a:34:c2:19:78:18:52:c0:db:08:65:de:fd:49:af:70:f4:37:
         94:78:c3:54:ae:ca:da:2a:9f:da:cd:2b:9d:39:ef:c1:c4:96:
         19:8e:fd:67:60:49:e1:92:c9:53:f2:09:6c:ea:b0:59:4b:08:
         7f:6a:63:1c:d8:f9:f2:d4:b0:f1:3a:af:91:a9:70:d1:be:58:
         03:00:9e:be:9f:09:a5:43:c6:52:16:e3:93:33:59:0e:a8:09:
         c3:9d:36:65:d1:d3:71:29:8e:54:d4:49:e2:84:2f:af:c2:43:
         e2:aa:db:2c:4e:16:7a:ee:a7:cc:bd:38:c9:20:0d:58:56:8a:
         11:b4:d9:46:77:e2:8d:6a:7c:f7:df:97:fd:10:cb:e9:b3:65:
         1c:62:ca:e5:67:8f:ee:65:8e:00:a4:4d:95:5a:d6:ca:0a:01:
         68:34:e0:b1:8c:7a:bf:06:e0:be:e4:05:f1:bb:34:ac:42:d5:
         33:63:62:ad:5c:99:4b:7a:7a:13:92:de:1d:5f:be:62:88:ef:
         97:21:f4:b0:1c:83:48:05:27:3b:3c:34:0c:e9:95:c9:24:84:
         72:82:11:f1
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZbn2cX/3NIxzkFtz6C1lxG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE5MDkyMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTQ5NjZiMTA5NDc4M2UzZDNkY2IxNzFmNmY0NTZkNjQ1ZDgyOGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaCOVqzOvyqI8JmUydEP3d6P+059
hBkhvGnJ7I0zK5/g1ppaOPTFFouRhXSoa9jgMS1r66Ju00ADbJkIiXtVyBGCnzPd
VQaVC3qhsasz9V2voKN9p2PlrHQIa3ZtctQ/0rczrSjRSj4LYQ/npjr6aIVB6Y0s
h9wXwmq+/bgI7C4Vpn64Z+tOY/E9oagdZrKBftHY1PLxWItZ3he0nEmgi1AEGoaG
xLrpPO7k1IAgGgTpxVq+V0svALY2yGsLyuhiWrqif1exoUL4vYERSoSZTKt7GkbD
SxomoWLGBIRtVvjlzi2FEICkHb64259H/cP+Cbg84eWEJuPKaQqTFjQGBQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMlJZrEJR4Pj09yxcfb0VtZF2Cj/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveVVsbXNRbEhnLVBUM0xGeDl2Ulcxa1hZS1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAJcrKAwQA
l/ARAwQAl/BkAwQAl/FMAwQAl/InAwQAl/JDAwQAl/J1AwQAl/KfAwQAl/MGAwQA
l/MyAwQAl/NYAwQCl/OgAwQAl/VwMA0GCSqGSIb3DQEBCwUAA4IBAQAtLlUFAP3R
GKz68nQtxAcrgec/r1Pg6OIvGwgkexBXs1f1VJhKNMIZeBhSwNsIZd79Sa9w9DeU
eMNUrsraKp/azSudOe/BxJYZjv1nYEnhkslT8gls6rBZSwh/amMc2Pny1LDxOq+R
qXDRvlgDAJ6+nwmlQ8ZSFuOTM1kOqAnDnTZl0dNxKY5U1EnihC+vwkPiqtssThZ6
7qfMvTjJIA1YVooRtNlGd+KNanz335f9EMvps2UcYsrlZ4/uZY4ApE2VWtbKCgFo
NOCxjHq/BuC+5AXxuzSsQtUzY2KtXJlLenoTkt4dX75iiO+XIfSwHINIBSc7PDQM
6ZXJJIRyghHx
-----END CERTIFICATE-----
Generated at Fri Jun 13 21:17:02 2025 by rpki-client