Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/YKOTAPdWN4G0bMjzhn3BqQUERM0.roa
File:                     YKOTAPdWN4G0bMjzhn3BqQUERM0.roa (raw, json)
Hash identifier:          JMnCgkD3M48m1IFEn3e+dc2+21GZx4QSkwQOmlMSQFI=
Subject key identifier:   60:A3:93:00:F7:56:37:81:B4:6C:C8:F3:86:7D:C1:A9:05:04:44:CD
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       01958E34A5AB1AAD167ACAE85BC023E6DA40
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/YKOTAPdWN4G0bMjzhn3BqQUERM0.roa
Signing time:             Thu 13 Mar 2025 06:32:49 +0000
ROA not before:           Thu 13 Mar 2025 06:32:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        5.182.192.0/24 maxlen: 24
                          31.132.52.0/24 maxlen: 24
                          45.248.52.0/24 maxlen: 24
                          45.248.55.0/24 maxlen: 24
                          92.249.31.0/24 maxlen: 24
                          94.154.177.0/24 maxlen: 24
                          94.154.182.0/24 maxlen: 24
                          147.78.205.0/24 maxlen: 24
                          147.78.206.0/24 maxlen: 24
                          162.218.90.0/24 maxlen: 24
                          185.187.212.0/24 maxlen: 24
                          185.205.205.0/24 maxlen: 24
                          185.253.122.0/24 maxlen: 24
                          192.145.71.0/24 maxlen: 24
                          212.60.15.0/24 maxlen: 24
                          217.197.169.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 28 Mar 2025 05:38:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:34:a5:ab:1a:ad:16:7a:ca:e8:5b:c0:23:e6:da:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Mar 13 06:32:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60a39300f7563781b46cc8f3867dc1a9050444cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b5:c7:20:d6:45:ae:88:92:75:84:c0:e6:c1:
                    65:54:61:48:1c:33:10:27:b3:95:83:32:81:6e:ae:
                    6c:cb:4d:35:6f:e0:f6:ef:72:f7:67:55:89:4f:19:
                    1f:a9:de:89:41:ef:a2:f7:86:99:58:17:cf:1f:77:
                    58:3e:a3:8c:79:51:f0:86:7a:ec:98:a4:b8:95:7b:
                    46:47:75:f8:90:ad:fa:f4:9d:0e:26:30:a9:fc:9a:
                    32:66:7e:ae:21:8b:d0:b5:01:5f:a1:19:96:f2:9a:
                    99:91:9a:38:09:c2:49:5c:00:c8:98:e3:bd:78:93:
                    39:98:de:26:f1:2e:51:6e:58:3a:0d:0b:2f:ec:e8:
                    e0:2d:48:a1:a0:f6:a8:91:be:5f:cd:f2:6c:16:75:
                    84:34:ef:77:70:be:d4:18:2d:3e:e5:86:f2:6b:2f:
                    3e:96:ad:29:21:a1:3c:49:63:13:a3:ae:38:4e:e2:
                    08:98:23:ed:69:4d:e8:77:d1:d1:d5:b6:59:37:65:
                    18:f7:3e:db:7d:4b:86:39:1b:25:3d:c2:ca:dd:96:
                    10:65:1e:a5:e6:e9:19:23:04:d9:81:d8:b1:f9:6a:
                    98:16:ac:51:ef:9d:f6:28:a3:7a:4e:d0:35:e3:ae:
                    0a:58:e6:09:9d:67:82:43:8a:62:fa:ac:e3:19:ba:
                    3b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A3:93:00:F7:56:37:81:B4:6C:C8:F3:86:7D:C1:A9:05:04:44:CD
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/YKOTAPdWN4G0bMjzhn3BqQUERM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.192.0/24
                  31.132.52.0/24
                  45.248.52.0/24
                  45.248.55.0/24
                  92.249.31.0/24
                  94.154.177.0/24
                  94.154.182.0/24
                  147.78.205.0-147.78.206.255
                  162.218.90.0/24
                  185.187.212.0/24
                  185.205.205.0/24
                  185.253.122.0/24
                  192.145.71.0/24
                  212.60.15.0/24
                  217.197.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:19:58:6c:f3:a0:02:76:20:a9:ac:b3:11:1f:73:39:d1:fe:
         9d:22:21:83:b4:3f:69:bc:1e:c0:3d:45:09:0f:e3:62:92:81:
         02:94:c7:06:06:43:97:5d:08:5b:5e:f8:d4:40:8b:b1:99:66:
         4f:84:b2:70:17:39:4c:d8:59:03:72:84:41:de:86:07:61:16:
         13:09:0b:69:a2:ee:dc:98:09:33:ae:fa:11:bd:7f:94:5c:49:
         8e:07:66:18:d0:21:fd:1a:3c:f4:5a:55:eb:33:1a:14:3c:b5:
         c8:5d:ed:66:eb:32:ef:2d:77:61:ad:b3:e3:0a:1b:b1:3a:25:
         d5:63:b0:a3:cc:7a:e4:9f:af:83:59:d4:e5:cc:bf:46:dc:0b:
         0f:bf:aa:d0:d6:28:53:e2:61:9e:1f:c8:b1:8a:01:aa:30:60:
         4c:f0:12:c3:7d:aa:0c:57:79:3a:26:d5:c2:26:cb:32:32:92:
         17:09:ce:f1:f6:37:2c:c7:b0:d5:9a:fe:fe:3a:ef:a1:eb:bc:
         63:4e:14:03:5d:64:98:1b:b3:12:55:b9:6f:e4:a0:82:e5:25:
         5b:58:83:e5:75:06:d3:83:f3:d3:04:5e:6a:88:db:eb:ac:43:
         7b:3c:fd:8c:91:36:27:02:24:b8:1c:bd:55:a5:7e:81:54:29:
         9b:c8:5a:5e
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZWONKWrGq0WesroW8Aj5tpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMzEzMDYzMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGEzOTMwMGY3NTYzNzgxYjQ2Y2M4ZjM4NjdkYzFhOTA1MDQ0NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrXHINZFroiSdYTA5sFlVGFIHDMQ
J7OVgzKBbq5sy001b+D273L3Z1WJTxkfqd6JQe+i94aZWBfPH3dYPqOMeVHwhnrs
mKS4lXtGR3X4kK369J0OJjCp/JoyZn6uIYvQtQFfoRmW8pqZkZo4CcJJXADImOO9
eJM5mN4m8S5Rblg6DQsv7OjgLUihoPaokb5fzfJsFnWENO93cL7UGC0+5Ybyay8+
lq0pIaE8SWMTo644TuIImCPtaU3od9HR1bZZN2UY9z7bfUuGORslPcLK3ZYQZR6l
5ukZIwTZgdix+WqYFqxR7532KKN6TtA1464KWOYJnWeCQ4pi+qzjGbo7iQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFGCjkwD3VjeBtGzI84Z9wakFBETNMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvWUtPVEFQZFdONEcwYk1qemhuM0JxUVVFUk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQABbbAAwQA
H4Q0AwQALfg0AwQALfg3AwQAXPkfAwQAXpqxAwQAXpq2MAwDBACTTs0DBACTTs4D
BACi2loDBAC5u9QDBAC5zc0DBAC5/XoDBADAkUcDBADUPA8DBADZxakwDQYJKoZI
hvcNAQELBQADggEBADoZWGzzoAJ2IKmssxEfcznR/p0iIYO0P2m8HsA9RQkP42KS
gQKUxwYGQ5ddCFte+NRAi7GZZk+EsnAXOUzYWQNyhEHehgdhFhMJC2mi7tyYCTOu
+hG9f5RcSY4HZhjQIf0aPPRaVeszGhQ8tchd7WbrMu8td2Gts+MKG7E6JdVjsKPM
euSfr4NZ1OXMv0bcCw+/qtDWKFPiYZ4fyLGKAaowYEzwEsN9qgxXeTom1cImyzIy
khcJzvH2NyzHsNWa/v4676HrvGNOFANdZJgbsxJVuW/koILlJVtYg+V1BtOD89ME
XmqI2+usQ3s8/YyRNicCJLgcvVWlfoFUKZvIWl4=
-----END CERTIFICATE-----