Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/x2-7LytVizAPNkMoRPp6kO1JD2U.roa
File:                     x2-7LytVizAPNkMoRPp6kO1JD2U.roa (raw, json)
Hash identifier:          ZkEbSQ8ud79XrdfKOUelt3PG1LD8070bFGOIFjWkRs0=
Subject key identifier:   C7:6F:BB:2F:2B:55:8B:30:0F:36:43:28:44:FA:7A:90:ED:49:0F:65
Certificate issuer:       /CN=27bb32aa8c9f8d05c517be2ad6652f66550a8d57
Certificate serial:       019423695A6638E05F07249518ADB6FA13F9
Authority key identifier: 27:BB:32:AA:8C:9F:8D:05:C5:17:BE:2A:D6:65:2F:66:55:0A:8D:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7syqoyfjQXFF74q1mUvZlUKjVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/x2-7LytVizAPNkMoRPp6kO1JD2U.roa
Signing time:             Wed 01 Jan 2025 19:48:14 +0000
ROA not before:           Wed 01 Jan 2025 19:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61049
IP address blocks:        185.20.52.0/24 maxlen: 24
                          185.20.53.0/24 maxlen: 24
                          185.20.54.0/24 maxlen: 24
                          185.20.55.0/24 maxlen: 24
                          185.195.116.0/24 maxlen: 24
                          185.195.117.0/24 maxlen: 24
                          185.195.118.0/24 maxlen: 24
                          185.195.119.0/24 maxlen: 24
                          185.231.216.0/24 maxlen: 24
                          185.231.217.0/24 maxlen: 24
                          185.231.218.0/24 maxlen: 24
                          2a04:13c0::/32 maxlen: 32
                          2a04:13c1::/32 maxlen: 32
                          2a04:13c5::/32 maxlen: 32
                          2a0c:8301::/32 maxlen: 32
                          2a0c:8305::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 09 Jan 2025 22:42:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:5a:66:38:e0:5f:07:24:95:18:ad:b6:fa:13:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27bb32aa8c9f8d05c517be2ad6652f66550a8d57
        Validity
            Not Before: Jan  1 19:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c76fbb2f2b558b300f36432844fa7a90ed490f65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f9:4a:43:29:df:db:a3:91:aa:b1:ef:fa:a3:
                    d1:a8:9e:c3:ec:12:0d:9f:11:ba:ea:da:b1:c7:8d:
                    a6:98:38:ee:f6:cc:12:1b:7a:d3:42:d6:a4:19:f1:
                    ac:cb:54:84:ea:9e:e7:d3:5b:9a:82:78:49:ab:44:
                    42:7b:45:81:44:83:2f:7b:26:1a:75:95:bd:7d:a3:
                    59:50:67:ef:c6:4f:d4:39:ac:90:35:7d:ab:7b:98:
                    2a:17:5c:b1:c2:a7:b7:05:97:55:d5:65:db:d2:83:
                    7b:6c:0d:8d:ae:c4:c2:64:21:9f:0c:5c:aa:1c:f4:
                    45:b6:ec:b2:01:8d:38:a7:e1:40:1a:5e:fd:0d:09:
                    25:90:51:4b:5e:6c:48:fe:e4:d4:59:64:45:dc:e3:
                    1f:19:b6:3a:f1:ba:fa:24:74:45:d2:85:98:ce:22:
                    0b:be:c5:ee:a6:69:af:a7:bf:5f:8f:60:86:ae:e8:
                    e6:8b:80:e6:c4:a6:39:aa:02:92:5f:ab:74:34:1f:
                    f4:1d:a0:ef:69:bd:67:61:7b:b0:17:63:3d:7f:c8:
                    cc:bd:28:8b:4d:f3:a8:aa:bf:26:5b:4a:bc:83:6d:
                    6e:28:85:af:73:67:3f:1d:37:be:c8:6a:a0:dd:1b:
                    b9:a0:16:a5:aa:66:f1:97:e2:ca:00:bc:75:77:d0:
                    be:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:6F:BB:2F:2B:55:8B:30:0F:36:43:28:44:FA:7A:90:ED:49:0F:65
            X509v3 Authority Key Identifier:
                keyid:27:BB:32:AA:8C:9F:8D:05:C5:17:BE:2A:D6:65:2F:66:55:0A:8D:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7syqoyfjQXFF74q1mUvZlUKjVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/x2-7LytVizAPNkMoRPp6kO1JD2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a7dceb-ff54-436a-9415-484221a1f285/1/J7syqoyfjQXFF74q1mUvZlUKjVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.52.0/22
                  185.195.116.0/22
                  185.231.216.0-185.231.218.255
                IPv6:
                  2a04:13c0::/31
                  2a04:13c5::/32
                  2a0c:8301::/32
                  2a0c:8305::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:6b:ff:11:5b:28:49:3d:6c:08:e9:de:76:56:5b:cf:ba:bd:
         a3:a7:2f:e2:63:63:6b:f1:25:ca:3b:42:4b:57:68:84:b3:ea:
         ce:67:f6:01:db:71:49:21:47:47:4b:08:9c:8a:b5:7a:b7:4d:
         f2:b3:88:6e:75:5d:9a:cf:c4:b5:9b:e7:45:ea:23:fc:d8:de:
         86:d9:2e:5a:40:a0:f3:7e:25:36:10:db:af:d7:80:87:46:c0:
         39:c8:c9:83:33:bd:42:8e:e2:27:db:65:af:8f:ee:30:e1:9b:
         bf:66:a8:c0:e3:77:01:da:0f:f8:e4:d2:57:59:16:05:af:f2:
         92:02:4b:c2:a4:79:61:4f:5d:d4:1e:25:4a:d1:9a:d9:cd:0c:
         80:5d:3f:a9:a3:62:fc:b2:2b:59:0b:ed:08:88:42:c1:eb:99:
         f7:72:3e:8c:8d:b5:46:b4:67:24:7c:a1:55:94:30:32:db:42:
         93:46:89:ad:d7:ef:8c:83:e3:cd:e4:3b:d7:15:15:d9:6a:9c:
         e6:54:34:8e:e9:ba:b3:34:39:63:53:7f:34:31:ab:76:1f:da:
         e5:08:a5:66:22:43:6a:e5:ae:9e:27:3f:37:83:c0:21:9a:fc:
         ee:44:a5:41:d9:e4:2c:fb:17:39:4a:23:f4:c6:51:5d:23:60:
         2e:9c:b0:22
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQjaVpmOOBfBySVGK22+hP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YmIzMmFhOGM5ZjhkMDVjNTE3YmUyYWQ2NjUyZjY2NTUw
YThkNTcwHhcNMjUwMTAxMTk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzZmYmIyZjJiNTU4YjMwMGYzNjQzMjg0NGZhN2E5MGVkNDkwZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vlKQynf26ORqrHv+qPRqJ7D7BIN
nxG66tqxx42mmDju9swSG3rTQtakGfGsy1SE6p7n01uagnhJq0RCe0WBRIMveyYa
dZW9faNZUGfvxk/UOayQNX2re5gqF1yxwqe3BZdV1WXb0oN7bA2NrsTCZCGfDFyq
HPRFtuyyAY04p+FAGl79DQklkFFLXmxI/uTUWWRF3OMfGbY68br6JHRF0oWYziIL
vsXupmmvp79fj2CGrujmi4DmxKY5qgKSX6t0NB/0HaDvab1nYXuwF2M9f8jMvSiL
TfOoqr8mW0q8g21uKIWvc2c/HTe+yGqg3Ru5oBalqmbxl+LKALx1d9C+lwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMdvuy8rVYswDzZDKET6epDtSQ9lMB8GA1UdIwQY
MBaAFCe7MqqMn40FxRe+KtZlL2ZVCo1XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdzeXFveWZqUVhGRjc0cTFtVXZabFVLalZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hN2RjZWItZmY1NC00MzZhLTk0MTUt
NDg0MjIxYTFmMjg1LzEveDItN0x5dFZpekFQTmtNb1JQcDZrTzFKRDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hN2RjZWItZmY1NC00MzZhLTk0MTUtNDg0MjIxYTFmMjg1
LzEvSjdzeXFveWZqUVhGRjc0cTFtVXZabFVLalZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAgBAIAATAaAwQCuRQ0AwQC
ucN0MAwDBAO559gDBAC559owIgQCAAIwHAMFASoEE8ADBQAqBBPFAwUAKgyDAQMF
ACoMgwUwDQYJKoZIhvcNAQELBQADggEBAK9r/xFbKEk9bAjp3nZWW8+6vaOnL+Jj
Y2vxJco7QktXaISz6s5n9gHbcUkhR0dLCJyKtXq3TfKziG51XZrPxLWb50XqI/zY
3obZLlpAoPN+JTYQ26/XgIdGwDnIyYMzvUKO4ifbZa+P7jDhm79mqMDjdwHaD/jk
0ldZFgWv8pICS8KkeWFPXdQeJUrRmtnNDIBdP6mjYvyyK1kL7QiIQsHrmfdyPoyN
tUa0ZyR8oVWUMDLbQpNGia3X74yD483kO9cVFdlqnOZUNI7purM0OWNTfzQxq3Yf
2uUIpWYiQ2rlrp4nPzeDwCGa/O5EpUHZ5Cz7FzlKI/TGUV0jYC6csCI=
-----END CERTIFICATE-----