Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gXm1RotTp52kLhoE7qf12hFrxmg.roa
File:                     gXm1RotTp52kLhoE7qf12hFrxmg.roa (raw, json)
Hash identifier:          GX8WaBD/B7l/KxvODoc8phrLG7y89yHeX0dZPgFO/Q0=
Subject key identifier:   81:79:B5:46:8B:53:A7:9D:A4:2E:1A:04:EE:A7:F5:DA:11:6B:C6:68
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019715E6C88BDFDC899FA904DAA3E5B90206
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gXm1RotTp52kLhoE7qf12hFrxmg.roa
Signing time:             Wed 28 May 2025 07:58:55 +0000
ROA not before:           Wed 28 May 2025 07:58:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214202
IP address blocks:        192.121.255.0/24 maxlen: 24
                          193.234.16.0/24 maxlen: 24
                          194.68.238.0/24 maxlen: 24
                          2a01:280:310::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 28 May 2025 12:14:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:e6:c8:8b:df:dc:89:9f:a9:04:da:a3:e5:b9:02:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: May 28 07:58:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8179b5468b53a79da42e1a04eea7f5da116bc668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f6:e3:84:79:0e:4b:c6:47:d2:54:17:b0:4d:
                    a4:e6:c7:2e:0c:df:9e:7e:e8:02:1b:99:ca:68:0c:
                    40:fd:aa:56:a1:be:09:11:82:8a:a7:04:a1:d1:5f:
                    93:9d:6a:34:60:3c:6b:12:68:12:e9:19:3e:37:75:
                    5a:7a:ac:98:c4:12:c4:77:ec:0b:b0:ca:2f:16:47:
                    d5:0d:1c:3f:18:a5:b7:5d:af:ea:69:99:35:02:b3:
                    b6:d3:d4:7e:28:9d:a2:44:69:1d:52:6f:dc:fb:2f:
                    9b:12:ca:c7:e4:af:79:f0:5e:9f:3d:7f:06:c4:27:
                    0f:c2:fd:1a:b7:8a:b6:03:75:35:08:28:a9:ca:65:
                    48:c3:da:0b:c8:94:f4:76:29:36:c5:6c:59:d0:4e:
                    7c:b5:f8:03:a1:f3:35:d1:ed:3f:be:10:f7:fb:8a:
                    7c:33:d7:ef:de:1a:5f:47:a5:f9:fc:ad:07:e4:9c:
                    b0:c0:76:e1:62:cf:d0:4b:27:7d:3c:34:75:f9:f9:
                    6a:53:03:f3:59:9a:e9:b9:a2:03:b9:e3:7c:27:eb:
                    72:a8:c3:0c:89:47:6c:24:18:24:c8:5e:73:d9:33:
                    b1:f4:c0:05:7a:74:bc:77:d0:34:7a:be:33:22:d1:
                    20:e2:98:b7:6a:11:81:e0:19:86:18:42:95:f9:e5:
                    5f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:79:B5:46:8B:53:A7:9D:A4:2E:1A:04:EE:A7:F5:DA:11:6B:C6:68
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gXm1RotTp52kLhoE7qf12hFrxmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.255.0/24
                  193.234.16.0/24
                  194.68.238.0/24
                IPv6:
                  2a01:280:310::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:20:ea:e0:36:10:fc:17:ca:05:5d:f8:16:73:65:7d:1d:0a:
         0e:2f:ba:3d:3d:61:88:d6:5f:c2:30:33:a5:ec:ba:e2:7c:fc:
         ba:d8:96:a4:0c:c7:ff:b9:f6:c5:d8:e8:aa:29:01:3f:ff:98:
         b0:e8:64:90:25:f4:fe:f1:90:da:a9:94:78:7f:5d:44:0b:2e:
         5b:14:61:97:53:02:6f:97:12:24:98:ad:6d:76:a7:8d:80:c7:
         67:33:ff:46:41:f4:6c:b5:77:a5:85:db:e2:3d:13:4b:c0:c5:
         71:a7:96:b5:c1:cc:56:63:54:2d:8f:ef:03:fb:7d:2c:37:0e:
         fd:d3:6f:01:81:93:49:9b:7f:7b:d0:f3:08:c8:32:52:45:e2:
         4d:0e:2a:44:b4:c6:6e:ea:b0:07:9c:34:cd:76:6b:06:51:63:
         69:fa:ad:90:80:90:2c:a4:b3:36:c2:36:7e:28:95:84:7c:9f:
         37:d5:48:7a:47:a3:90:ad:4a:96:ec:93:21:3d:0d:26:8f:82:
         5b:a2:29:4b:64:7d:46:41:3e:e7:5b:02:52:b0:70:9f:0a:70:
         6d:8c:ae:f2:63:75:d4:b8:ed:6a:bf:d4:ee:6e:1f:0d:fb:64:
         d2:98:1e:57:27:42:57:25:94:27:ba:6e:04:91:d1:98:a7:72:
         48:7a:e7:94
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZcV5siL39yJn6kE2qPluQIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNTI4MDc1ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTc5YjU0NjhiNTNhNzlkYTQyZTFhMDRlZWE3ZjVkYTExNmJjNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufbjhHkOS8ZH0lQXsE2k5scuDN+e
fugCG5nKaAxA/apWob4JEYKKpwSh0V+TnWo0YDxrEmgS6Rk+N3VaeqyYxBLEd+wL
sMovFkfVDRw/GKW3Xa/qaZk1ArO209R+KJ2iRGkdUm/c+y+bEsrH5K958F6fPX8G
xCcPwv0at4q2A3U1CCipymVIw9oLyJT0dik2xWxZ0E58tfgDofM10e0/vhD3+4p8
M9fv3hpfR6X5/K0H5JywwHbhYs/QSyd9PDR1+flqUwPzWZrpuaIDueN8J+tyqMMM
iUdsJBgkyF5z2TOx9MAFenS8d9A0er4zItEg4pi3ahGB4BmGGEKV+eVf1QIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIF5tUaLU6edpC4aBO6n9doRa8ZoMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZ1htMVJvdFRwNTJrTGhvRTdxZjEyaEZyeG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAwHn/AwQA
weoQAwQAwkTuMA8EAgACMAkDBwAqAQKAAxAwDQYJKoZIhvcNAQELBQADggEBAHUg
6uA2EPwXygVd+BZzZX0dCg4vuj09YYjWX8IwM6XsuuJ8/LrYlqQMx/+59sXY6Kop
AT//mLDoZJAl9P7xkNqplHh/XUQLLlsUYZdTAm+XEiSYrW12p42Ax2cz/0ZB9Gy1
d6WF2+I9E0vAxXGnlrXBzFZjVC2P7wP7fSw3Dv3TbwGBk0mbf3vQ8wjIMlJF4k0O
KkS0xm7qsAecNM12awZRY2n6rZCAkCykszbCNn4olYR8nzfVSHpHo5CtSpbskyE9
DSaPgluiKUtkfUZBPudbAlKwcJ8KcG2MrvJjddS47Wq/1O5uHw37ZNKYHlcnQlcl
lCe6bgSR0Zinckh655Q=
-----END CERTIFICATE-----
Generated at Tue Jun 10 21:29:38 2025 by rpki-client