Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/B_sty7hhb1pAwOP7phsKhCGyxO0.roa
File:                     B_sty7hhb1pAwOP7phsKhCGyxO0.roa (raw, json)
Hash identifier:          bNujpNAvr+UWR8seasmVcvN39iqwOaG7ZV++coOldH8=
Subject key identifier:   07:FB:2D:CB:B8:61:6F:5A:40:C0:E3:FB:A6:1B:0A:84:21:B2:C4:ED
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0197F51AE18DEA1BDEBCE2478FF9E9B2BDE4
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/B_sty7hhb1pAwOP7phsKhCGyxO0.roa
Signing time:             Thu 10 Jul 2025 16:11:08 +0000
ROA not before:           Thu 10 Jul 2025 16:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        14.102.226.0/23 maxlen: 24
                          14.102.227.0/24 maxlen: 24
                          77.111.96.0/22 maxlen: 22
                          77.111.102.0/23 maxlen: 24
                          77.111.105.0/24 maxlen: 24
                          94.229.212.0/24 maxlen: 24
                          94.229.222.0/24 maxlen: 24
                          103.47.59.0/24 maxlen: 24
                          194.36.33.0/24 maxlen: 24
                          194.36.34.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 16 Jul 2025 22:07:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:1a:e1:8d:ea:1b:de:bc:e2:47:8f:f9:e9:b2:bd:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 10 16:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07fb2dcbb8616f5a40c0e3fba61b0a8421b2c4ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:68:9b:8f:d8:39:f9:f9:f5:ee:27:b2:13:f9:
                    49:ee:97:cf:0c:ee:4a:22:1e:a6:fe:1f:8a:a8:90:
                    8b:21:d8:0a:ce:dd:81:79:a9:64:e9:f5:4f:b7:a1:
                    da:f4:3f:e5:9b:3e:6a:5c:1b:ff:97:50:5c:1c:85:
                    c1:ed:32:4a:b0:0b:6b:79:08:8e:79:a7:9e:a9:a8:
                    b0:7d:29:39:b7:84:5f:43:4a:5b:b9:f4:70:66:85:
                    82:4e:8e:5d:58:17:8a:2e:21:a3:e7:e5:71:bb:87:
                    88:ba:2e:27:cc:46:d6:bb:ca:64:41:a9:45:5b:af:
                    ac:da:36:55:97:32:0f:eb:97:ec:6c:9f:2c:fb:f3:
                    20:a3:99:a4:80:87:5c:e2:b5:65:de:f3:27:e4:9c:
                    b3:9b:7c:dc:1d:3b:0d:d7:0f:43:f3:b4:2e:f5:3c:
                    d1:79:97:aa:0d:74:25:3f:49:de:6c:6a:d8:4f:3a:
                    61:5f:b7:34:3d:c8:47:a6:d6:91:9b:56:dd:e4:16:
                    b9:9f:e5:fb:b5:e9:16:a0:46:a7:92:47:5a:ee:f6:
                    7d:2f:3d:16:6a:c4:a3:bc:57:e5:54:24:2c:34:85:
                    8e:69:54:d4:a5:e9:9b:16:27:52:35:84:ac:82:a6:
                    77:64:06:98:95:49:cd:7a:f6:53:e6:8a:c5:78:c7:
                    59:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FB:2D:CB:B8:61:6F:5A:40:C0:E3:FB:A6:1B:0A:84:21:B2:C4:ED
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/B_sty7hhb1pAwOP7phsKhCGyxO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.226.0/23
                  77.111.96.0/22
                  77.111.102.0/23
                  77.111.105.0/24
                  94.229.212.0/24
                  94.229.222.0/24
                  103.47.59.0/24
                  194.36.33.0-194.36.34.255

    Signature Algorithm: sha256WithRSAEncryption
         77:5b:05:6b:47:2e:16:da:64:12:13:84:eb:4b:40:d8:ec:33:
         1d:ed:06:da:4a:b0:47:ca:af:be:1a:9c:11:87:94:a4:d5:6f:
         f6:a8:ad:d8:7c:7e:c3:f4:15:5b:7e:f9:6c:f3:11:59:5c:ad:
         e4:31:74:6c:f3:3e:f4:e2:ef:c5:db:3b:1e:62:88:15:b7:f5:
         0e:75:dd:1f:73:ef:1e:3a:bd:61:3f:fd:4f:60:97:ab:1e:d9:
         f2:c7:c4:7b:43:7c:62:46:79:23:2c:21:1b:23:66:1b:f2:c3:
         c9:4b:a0:73:dc:23:74:6c:d9:5f:27:cc:66:c3:bb:89:42:b9:
         f8:9b:e2:f9:89:23:33:95:8f:68:c3:5d:9c:90:ff:82:1b:bd:
         b5:44:43:b6:9d:a2:dd:25:eb:a6:86:2d:20:d3:4d:04:5a:9f:
         f8:5a:52:5c:e7:45:f9:6d:9e:ae:b4:f6:c0:4d:e0:52:91:11:
         74:9f:15:97:b5:4a:59:52:4f:2a:34:d7:df:c9:ad:2d:b0:6c:
         e6:59:6c:bf:2d:12:8b:5f:07:6a:b0:5f:06:8b:bd:65:b2:31:
         83:8b:62:1e:e6:11:2d:c6:2f:40:f3:32:7b:c1:23:b4:d9:8f:
         32:50:59:35:73:b8:91:ef:3f:cf:19:08:f9:a6:82:b9:00:52:
         9b:c3:df:94
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZf1GuGN6hvevOJHj/npsr3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNzEwMTYxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZiMmRjYmI4NjE2ZjVhNDBjMGUzZmJhNjFiMGE4NDIxYjJjNGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWibj9g5+fn17ieyE/lJ7pfPDO5K
Ih6m/h+KqJCLIdgKzt2Bealk6fVPt6Ha9D/lmz5qXBv/l1BcHIXB7TJKsAtreQiO
eaeeqaiwfSk5t4RfQ0pbufRwZoWCTo5dWBeKLiGj5+Vxu4eIui4nzEbWu8pkQalF
W6+s2jZVlzIP65fsbJ8s+/Mgo5mkgIdc4rVl3vMn5Jyzm3zcHTsN1w9D87Qu9TzR
eZeqDXQlP0nebGrYTzphX7c0PchHptaRm1bd5Ba5n+X7tekWoEankkda7vZ9Lz0W
asSjvFflVCQsNIWOaVTUpembFidSNYSsgqZ3ZAaYlUnNevZT5orFeMdZIwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAf7Lcu4YW9aQMDj+6YbCoQhssTtMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQl9zdHk3aGhiMXBBd09QN3Boc0toQ0d5eE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBDmbiAwQC
TW9gAwQBTW9mAwQATW9pAwQAXuXUAwQAXuXeAwQAZy87MAwDBADCJCEDBADCJCIw
DQYJKoZIhvcNAQELBQADggEBAHdbBWtHLhbaZBIThOtLQNjsMx3tBtpKsEfKr74a
nBGHlKTVb/aordh8fsP0FVt++WzzEVlcreQxdGzzPvTi78XbOx5iiBW39Q513R9z
7x46vWE//U9gl6se2fLHxHtDfGJGeSMsIRsjZhvyw8lLoHPcI3Rs2V8nzGbDu4lC
ufib4vmJIzOVj2jDXZyQ/4IbvbVEQ7adot0l66aGLSDTTQRan/haUlznRfltnq60
9sBN4FKREXSfFZe1SllSTyo019/JrS2wbOZZbL8tEotfB2qwXwaLvWWyMYOLYh7m
ES3GL0DzMnvBI7TZjzJQWTVzuJHvP88ZCPmmgrkAUpvD35Q=
-----END CERTIFICATE-----