Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/I80JFzZVdvJExyTW09r3x_rmaXw.roa
File:                     I80JFzZVdvJExyTW09r3x_rmaXw.roa (raw, json)
Hash identifier:          /aqtvADAZ97HGShYhadxgdi0eXE+EyizUJje97H60/s=
Subject key identifier:   23:CD:09:17:36:55:76:F2:44:C7:24:D6:D3:DA:F7:C7:FA:E6:69:7C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01941C6C7D0FDC9ACD62C395CA41682D69CF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/I80JFzZVdvJExyTW09r3x_rmaXw.roa
Signing time:             Tue 31 Dec 2024 11:14:19 +0000
ROA not before:           Tue 31 Dec 2024 11:14:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49600
IP address blocks:        185.121.12.0/24 maxlen: 24
                          185.121.15.0/24 maxlen: 24
                          185.196.43.0/24 maxlen: 24
                          185.230.54.0/23 maxlen: 23
                          185.230.55.0/24 maxlen: 24
                          185.232.205.0/24 maxlen: 24
                          193.17.183.0/24 maxlen: 24
                          193.37.64.0/24 maxlen: 24
                          193.37.65.0/24 maxlen: 24
                          194.35.41.0/24 maxlen: 24
                          194.35.42.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:6c:7d:0f:dc:9a:cd:62:c3:95:ca:41:68:2d:69:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec 31 11:14:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23cd0917365576f244c724d6d3daf7c7fae6697c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a9:76:86:46:67:50:08:43:08:56:a4:32:3c:
                    b2:67:be:11:6c:4d:22:8d:6c:39:cd:75:ed:65:3e:
                    2d:89:b2:59:05:7e:30:ac:3c:0a:2b:db:c3:91:1d:
                    4f:16:3d:66:b6:41:a1:24:20:de:65:f7:05:16:c2:
                    1e:55:16:6b:42:ca:5d:99:b4:e5:51:2c:16:1a:de:
                    11:8e:3a:f2:0c:f2:fb:09:3d:86:10:9c:04:dd:78:
                    ca:8b:30:78:3d:42:45:2f:35:3b:be:48:29:ac:6d:
                    33:48:b6:41:53:85:6c:f4:a1:59:fd:3a:05:aa:cd:
                    b6:89:a9:dc:d9:da:87:e0:33:cd:9f:ec:e0:22:d6:
                    2e:cf:c6:dd:65:d2:3a:b5:8b:50:83:7b:40:1a:cb:
                    ea:5d:bf:81:3e:65:9b:28:1b:fb:ec:49:9f:c3:d0:
                    9a:72:d0:f7:ba:66:a2:6e:39:2d:fe:90:04:ff:f7:
                    aa:d7:69:ac:3d:a4:9c:75:2b:af:1d:cc:91:8e:7b:
                    7f:cd:18:c7:47:ab:42:30:f7:ed:31:49:4c:5c:21:
                    a6:0d:0b:1a:fb:cd:1b:7d:5b:e0:7e:f1:d4:ab:1c:
                    ea:e3:db:6a:06:c9:12:8b:6f:68:98:c4:8c:eb:6f:
                    d1:22:5d:cf:a2:13:89:3c:d2:80:31:7d:87:95:50:
                    12:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CD:09:17:36:55:76:F2:44:C7:24:D6:D3:DA:F7:C7:FA:E6:69:7C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/I80JFzZVdvJExyTW09r3x_rmaXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.12.0/24
                  185.121.15.0/24
                  185.196.43.0/24
                  185.230.54.0/23
                  185.232.205.0/24
                  193.17.183.0/24
                  193.37.64.0/23
                  194.35.41.0-194.35.42.255

    Signature Algorithm: sha256WithRSAEncryption
         42:f5:61:36:88:c9:38:26:19:c7:93:d6:f3:fc:82:03:c6:d4:
         0e:31:ac:12:cb:4c:56:f1:b4:3c:f0:b8:65:e7:6e:f7:02:57:
         28:44:6a:bb:b6:13:f1:cf:5a:eb:d8:91:96:70:ff:9a:a4:73:
         35:1f:5a:a0:e1:f0:b6:97:b4:60:4c:d0:ab:90:03:53:47:9b:
         e2:d8:23:4f:61:ec:2b:c1:5c:b5:da:35:e6:4e:db:1f:8b:79:
         9e:bf:b9:2e:e4:d9:df:fd:eb:73:56:60:07:00:eb:fa:5d:de:
         87:74:12:cd:16:44:93:d7:f3:62:10:0b:31:07:d7:a1:5a:72:
         e8:53:3b:64:3a:fe:40:ff:a5:b6:e7:58:02:3a:26:7e:2f:97:
         7e:15:29:8e:20:d9:45:ed:da:d4:fe:43:db:be:a5:98:cd:ce:
         fb:c1:a2:05:57:81:70:20:19:1b:6c:8c:b0:e4:49:b0:79:c8:
         7c:be:cc:a2:39:ad:8e:93:7d:f8:f8:7b:57:6c:55:41:d2:7d:
         fe:39:82:8a:6b:6d:f6:86:2c:65:a0:e6:ac:fc:7e:1b:ba:8a:
         0f:9d:0e:a8:12:af:96:ba:f2:85:de:b0:f2:41:af:e7:e6:40:
         1c:14:69:3e:09:ac:ca:0e:9b:08:15:1a:70:df:bb:aa:9d:b4:
         a8:be:d6:84
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQcbH0P3JrNYsOVykFoLWnPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMjMxMTExNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NkMDkxNzM2NTU3NmYyNDRjNzI0ZDZkM2RhZjdjN2ZhZTY2OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6l2hkZnUAhDCFakMjyyZ74RbE0i
jWw5zXXtZT4tibJZBX4wrDwKK9vDkR1PFj1mtkGhJCDeZfcFFsIeVRZrQspdmbTl
USwWGt4RjjryDPL7CT2GEJwE3XjKizB4PUJFLzU7vkgprG0zSLZBU4Vs9KFZ/ToF
qs22ianc2dqH4DPNn+zgItYuz8bdZdI6tYtQg3tAGsvqXb+BPmWbKBv77Emfw9Ca
ctD3umaibjkt/pAE//eq12msPaScdSuvHcyRjnt/zRjHR6tCMPftMUlMXCGmDQsa
+80bfVvgfvHUqxzq49tqBskSi29omMSM62/RIl3PohOJPNKAMX2HlVASjwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCPNCRc2VXbyRMck1tPa98f65ml8MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSTgwSkZ6WlZkdkpFeHlUVzA5cjN4X3JtYVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAuXkMAwQA
uXkPAwQAucQrAwQBueY2AwQAuejNAwQAwRG3AwQBwSVAMAwDBADCIykDBADCIyow
DQYJKoZIhvcNAQELBQADggEBAEL1YTaIyTgmGceT1vP8ggPG1A4xrBLLTFbxtDzw
uGXnbvcCVyhEaru2E/HPWuvYkZZw/5qkczUfWqDh8LaXtGBM0KuQA1NHm+LYI09h
7CvBXLXaNeZO2x+LeZ6/uS7k2d/963NWYAcA6/pd3od0Es0WRJPX82IQCzEH16Fa
cuhTO2Q6/kD/pbbnWAI6Jn4vl34VKY4g2UXt2tT+Q9u+pZjNzvvBogVXgXAgGRts
jLDkSbB5yHy+zKI5rY6Tffj4e1dsVUHSff45goprbfaGLGWg5qz8fhu6ig+dDqgS
r5a68oXesPJBr+fmQBwUaT4JrMoOmwgVGnDfu6qdtKi+1oQ=
-----END CERTIFICATE-----