Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/KEVsze6fcisISL1NRs4g9pkLeVU.roa
File:                     KEVsze6fcisISL1NRs4g9pkLeVU.roa (raw, json)
Hash identifier:          BtmFZYOq9RN2YKAlM+h6IUIvpjmJOXuPrzGDj+X175g=
Subject key identifier:   28:45:6C:CD:EE:9F:72:2B:08:48:BD:4D:46:CE:20:F6:99:0B:79:55
Certificate issuer:       /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial:       0195A88259C2043CFF9808567C29E811A111
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/KEVsze6fcisISL1NRs4g9pkLeVU.roa
Signing time:             Tue 18 Mar 2025 09:07:49 +0000
ROA not before:           Tue 18 Mar 2025 09:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31515
IP address blocks:        161.30.0.0/16 maxlen: 16
                          161.30.5.0/24 maxlen: 24
                          161.30.7.0/24 maxlen: 24
                          161.30.8.0/24 maxlen: 24
                          161.30.9.0/24 maxlen: 24
                          161.30.10.0/24 maxlen: 24
                          161.30.12.0/22 maxlen: 22
                          161.30.16.0/22 maxlen: 22
                          161.30.20.0/24 maxlen: 24
                          161.30.22.0/23 maxlen: 23
                          161.30.28.0/24 maxlen: 24
                          161.30.29.0/24 maxlen: 24
                          161.30.33.0/24 maxlen: 24
                          161.30.40.0/23 maxlen: 23
                          161.30.42.0/23 maxlen: 24
                          161.30.44.0/23 maxlen: 24
                          161.30.112.0/23 maxlen: 23
                          161.30.114.0/23 maxlen: 23
                          161.30.115.0/24 maxlen: 24
                          161.30.116.0/23 maxlen: 23
                          161.30.118.0/24 maxlen: 24
                          161.30.119.0/24 maxlen: 24
                          161.30.120.0/24 maxlen: 24
                          161.30.121.0/24 maxlen: 24
                          161.30.124.0/23 maxlen: 23
                          161.30.126.0/23 maxlen: 23
                          161.30.128.0/23 maxlen: 23
                          161.30.129.0/24 maxlen: 24
                          161.30.130.0/24 maxlen: 24
                          161.30.155.0/24 maxlen: 24
                          161.30.164.0/24 maxlen: 24
                          161.30.165.0/24 maxlen: 24
                          161.30.166.0/24 maxlen: 24
                          161.30.169.0/24 maxlen: 24
                          161.30.171.0/24 maxlen: 24
                          161.30.176.0/20 maxlen: 20
                          161.30.193.0/24 maxlen: 24
                          161.30.194.0/23 maxlen: 23
                          161.30.201.0/24 maxlen: 24
                          161.30.202.0/24 maxlen: 24
                          161.30.203.0/24 maxlen: 24
                          161.30.220.0/24 maxlen: 24
                          161.30.221.0/24 maxlen: 24
                          161.30.236.0/22 maxlen: 24
                          161.30.236.0/24 maxlen: 24
                          161.30.237.0/24 maxlen: 24
                          161.30.238.0/24 maxlen: 24
                          161.30.239.0/24 maxlen: 24
                          161.30.240.0/24 maxlen: 24
                          161.30.246.0/24 maxlen: 24
                          161.30.250.0/24 maxlen: 24
                          161.30.251.0/24 maxlen: 24
                          2a11:ae00::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 20 Mar 2025 13:30:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:82:59:c2:04:3c:ff:98:08:56:7c:29:e8:11:a1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
        Validity
            Not Before: Mar 18 09:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28456ccdee9f722b0848bd4d46ce20f6990b7955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:30:26:e7:0c:71:eb:b4:f5:42:e2:fd:16:8a:
                    7f:24:46:1b:7a:8c:83:cd:b0:18:9b:41:4a:23:c2:
                    d9:bd:11:0e:d9:e3:d6:5a:79:c3:63:ac:4e:5e:54:
                    de:2e:a7:d3:a3:78:9a:8e:0a:ff:48:ec:4e:50:c7:
                    af:35:65:fb:45:8d:cc:79:29:74:69:5a:16:34:4a:
                    f1:35:5b:a8:3c:89:10:29:c9:d2:4a:a2:67:b5:d9:
                    f3:d0:8f:75:0e:3b:33:82:b5:64:0a:70:44:0c:72:
                    57:59:a6:39:72:c9:33:09:57:82:59:0f:43:9a:a8:
                    d0:76:3d:69:ac:35:a2:6f:8e:77:9f:43:cb:19:6a:
                    aa:05:bd:14:71:16:14:bb:e9:6a:85:33:2b:86:5c:
                    21:1a:be:af:4e:51:b5:ff:d4:14:da:c9:b5:cc:25:
                    66:f6:e9:09:1d:be:e9:ec:9b:92:79:8b:fd:58:0c:
                    18:a6:7c:5a:f7:ee:26:04:1b:61:7f:2b:44:22:43:
                    d6:d5:8e:10:c7:19:e3:6f:10:56:17:1a:fa:a9:0d:
                    4e:0c:69:8c:60:7e:f5:7f:e2:5d:bb:a3:6b:22:59:
                    72:ff:ff:c9:1a:4d:47:51:1b:a6:8e:df:4c:1b:9f:
                    71:d2:18:50:ce:0f:cb:0c:3f:33:a6:fe:c0:6a:ca:
                    1b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:45:6C:CD:EE:9F:72:2B:08:48:BD:4D:46:CE:20:F6:99:0B:79:55
            X509v3 Authority Key Identifier:
                keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/KEVsze6fcisISL1NRs4g9pkLeVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.30.0.0/16
                IPv6:
                  2a11:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:bb:0d:0c:77:c9:28:76:a3:c8:f4:82:6d:a9:f1:ca:ce:f8:
         e0:e7:33:1d:e8:3f:7a:fb:52:c8:42:2d:9c:61:f2:f2:fc:b6:
         64:24:19:2a:87:7a:0c:8b:c1:a8:c4:c7:df:2b:3c:db:5b:50:
         a8:2f:5c:94:48:d7:4d:b9:8b:37:44:48:c9:aa:ba:a6:2d:17:
         87:85:d6:3a:f0:dc:df:1a:14:bc:e6:3b:4f:0f:66:bd:d1:d6:
         67:b8:07:8e:57:30:fa:47:9b:a9:ea:1e:72:3e:aa:41:26:5e:
         5f:58:9b:8c:fc:41:6f:2e:89:92:85:71:68:25:9e:3d:80:9c:
         e2:08:37:ed:18:8a:13:4b:47:fd:c2:46:0d:8a:1a:96:58:19:
         17:28:26:8f:7a:2c:de:60:93:52:fc:2f:49:7b:e7:ae:93:ea:
         3a:22:22:8c:8f:2c:f9:5d:ab:d0:fd:0f:af:b9:bb:83:7d:e3:
         86:bc:b2:35:f0:5d:fc:93:65:0f:39:81:1f:b7:37:ac:f2:89:
         ca:cf:41:fe:e9:ab:8c:3f:46:e7:bb:d8:a0:37:4c:12:b2:ba:
         ae:9f:1b:cf:40:c2:51:23:e9:c7:5e:12:c6:9f:93:ee:e2:da:
         ac:ec:a3:c3:81:76:36:4d:8c:91:01:b9:61:4b:fe:81:38:f5:
         b2:7f:25:57
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZWoglnCBDz/mAhWfCnoEaERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjUwMzE4MDkwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQ1NmNjZGVlOWY3MjJiMDg0OGJkNGQ0NmNlMjBmNjk5MGI3OTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDAm5wxx67T1QuL9Fop/JEYbeoyD
zbAYm0FKI8LZvREO2ePWWnnDY6xOXlTeLqfTo3iajgr/SOxOUMevNWX7RY3MeSl0
aVoWNErxNVuoPIkQKcnSSqJntdnz0I91DjszgrVkCnBEDHJXWaY5cskzCVeCWQ9D
mqjQdj1prDWib453n0PLGWqqBb0UcRYUu+lqhTMrhlwhGr6vTlG1/9QU2sm1zCVm
9ukJHb7p7JuSeYv9WAwYpnxa9+4mBBthfytEIkPW1Y4QxxnjbxBWFxr6qQ1ODGmM
YH71f+Jdu6NrIlly///JGk1HURumjt9MG59x0hhQzg/LDD8zpv7Aasob8QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFChFbM3un3IrCEi9TUbOIPaZC3lVMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvS0VWc3plNmZjaXNJU0wxTlJzNGc5cGtMZVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoR4wDQQC
AAIwBwMFACoRrgAwDQYJKoZIhvcNAQELBQADggEBADy7DQx3ySh2o8j0gm2p8crO
+ODnMx3oP3r7UshCLZxh8vL8tmQkGSqHegyLwajEx98rPNtbUKgvXJRI1025izdE
SMmquqYtF4eF1jrw3N8aFLzmO08PZr3R1me4B45XMPpHm6nqHnI+qkEmXl9Ym4z8
QW8uiZKFcWglnj2AnOIIN+0YihNLR/3CRg2KGpZYGRcoJo96LN5gk1L8L0l7566T
6joiIoyPLPldq9D9D6+5u4N944a8sjXwXfyTZQ85gR+3N6zyicrPQf7pq4w/Rue7
2KA3TBKyuq6fG89AwlEj6cdeEsafk+7i2qzso8OBdjZNjJEBuWFL/oE49bJ/JVc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 13:02:27 2025 by rpki-client