Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8Xp9orYIX-1zYU2A8U7rdnHZ5E0.roa
File:                     8Xp9orYIX-1zYU2A8U7rdnHZ5E0.roa (raw, json)
Hash identifier:          s+wiUsYxyOwaD+UdGz8TEjRvOr17YWYkVA6zsapYwUw=
Subject key identifier:   F1:7A:7D:A2:B6:08:5F:ED:73:61:4D:80:F1:4E:EB:76:71:D9:E4:4D
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C71AE156441BDB06FEA6218A67429
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8Xp9orYIX-1zYU2A8U7rdnHZ5E0.roa
Signing time:             Thu 02 Jan 2025 09:50:28 +0000
ROA not before:           Thu 02 Jan 2025 09:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35177
IP address blocks:        5.139.192.0/19 maxlen: 19
                          5.139.192.0/21 maxlen: 21
                          5.139.200.0/22 maxlen: 22
                          5.139.204.0/23 maxlen: 23
                          5.139.207.0/24 maxlen: 24
                          5.139.208.0/20 maxlen: 20
                          62.183.100.0/22 maxlen: 22
                          62.183.104.0/21 maxlen: 21
                          62.183.112.0/22 maxlen: 22
                          85.173.136.0/21 maxlen: 21
                          94.233.128.0/21 maxlen: 21
                          94.233.176.0/21 maxlen: 21
                          178.35.192.0/19 maxlen: 19
Validation:               Failed, certificate revoked on Mon 13 Jan 2025 04:54:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:71:ae:15:64:41:bd:b0:6f:ea:62:18:a6:74:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f17a7da2b6085fed73614d80f14eeb7671d9e44d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:95:52:b2:46:f5:d0:a3:19:29:f5:d1:e2:cc:
                    97:40:70:50:ce:0a:ba:16:b7:f4:f0:22:c3:cd:cd:
                    a3:3b:3b:f7:50:cd:9c:05:d5:8c:ec:5c:27:b0:5d:
                    54:eb:f6:22:f9:b0:d3:8e:c0:18:fa:a7:90:ff:b1:
                    38:33:9f:dc:1b:b8:7b:07:50:35:96:8c:95:ef:72:
                    a3:da:a2:31:4d:30:bc:85:58:bb:ec:15:18:01:f5:
                    b3:40:85:de:ca:1e:46:34:b8:77:70:16:fd:d8:74:
                    3e:d7:78:67:eb:82:c7:76:7e:13:5a:74:86:d4:38:
                    a6:6e:a0:e4:89:05:dc:f4:96:f2:5c:ca:17:7d:64:
                    ac:1f:6e:1a:86:34:e0:8a:a1:f3:b7:b1:2f:21:44:
                    21:d6:30:02:77:46:7f:89:6f:83:41:7f:6f:8a:fa:
                    64:c5:4c:13:ea:20:d9:0d:07:39:05:44:ed:ab:bd:
                    d0:ac:e3:07:96:20:2e:c2:bd:96:01:f1:40:63:68:
                    05:d7:9e:84:72:e2:f9:a7:00:3e:f8:be:40:b7:28:
                    00:c8:91:0c:1e:d6:0c:ab:3a:60:1b:2b:2b:51:36:
                    5c:47:32:1c:25:91:41:11:2d:85:6e:1f:92:89:45:
                    63:69:e6:fc:7b:16:28:75:f5:35:e4:95:5e:54:a4:
                    8a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7A:7D:A2:B6:08:5F:ED:73:61:4D:80:F1:4E:EB:76:71:D9:E4:4D
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8Xp9orYIX-1zYU2A8U7rdnHZ5E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.139.192.0/19
                  62.183.100.0-62.183.115.255
                  85.173.136.0/21
                  94.233.128.0/21
                  94.233.176.0/21
                  178.35.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1a:80:61:ff:09:33:70:af:0a:f7:ba:09:3e:23:3d:12:f5:82:
         83:a5:85:84:7f:90:70:2f:bf:65:53:5e:9a:81:12:0a:0d:04:
         43:0d:c0:37:d4:ad:c2:f2:1f:c4:e9:a2:3a:13:fd:ea:10:57:
         7d:d6:6b:69:c0:b2:e5:db:8f:48:65:e4:a8:66:a2:5d:45:80:
         13:db:81:f1:e4:31:80:e5:31:df:65:d7:0e:71:e9:40:55:38:
         03:ab:8d:08:7d:50:4a:d6:7d:af:0b:97:f6:51:8e:4d:32:d1:
         a1:64:f0:6d:93:8f:87:11:a1:f4:4c:7e:fc:1d:7c:21:00:d0:
         33:25:fa:50:93:ec:1b:c2:22:27:fb:66:71:0a:71:2a:81:4f:
         84:7d:ee:e7:c3:08:42:c5:4b:d3:2b:ce:e2:ab:4b:80:9e:5c:
         18:1c:ef:e0:e2:17:fc:cd:8d:ab:ab:d6:69:0b:45:52:36:1c:
         76:f0:2c:72:ff:bb:b5:6b:c1:ee:60:24:fe:12:b9:df:8d:fc:
         54:be:62:76:8e:dc:38:5c:70:bd:16:2f:e4:46:94:37:ed:ae:
         97:73:e4:4d:ac:b7:82:9b:af:55:a2:96:52:e3:67:74:1b:1e:
         e0:ec:01:9f:e5:57:8e:9c:7b:8e:8f:24:e5:23:9f:b4:74:cb:
         e7:0e:36:3e
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQmbHGuFWRBvbBv6mIYpnQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTdhN2RhMmI2MDg1ZmVkNzM2MTRkODBmMTRlZWI3NjcxZDllNDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05VSskb10KMZKfXR4syXQHBQzgq6
Frf08CLDzc2jOzv3UM2cBdWM7FwnsF1U6/Yi+bDTjsAY+qeQ/7E4M5/cG7h7B1A1
loyV73Kj2qIxTTC8hVi77BUYAfWzQIXeyh5GNLh3cBb92HQ+13hn64LHdn4TWnSG
1DimbqDkiQXc9JbyXMoXfWSsH24ahjTgiqHzt7EvIUQh1jACd0Z/iW+DQX9vivpk
xUwT6iDZDQc5BUTtq73QrOMHliAuwr2WAfFAY2gF156EcuL5pwA++L5AtygAyJEM
HtYMqzpgGysrUTZcRzIcJZFBES2Fbh+SiUVjaeb8exYodfU15JVeVKSKXwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFPF6faK2CF/tc2FNgPFO63Zx2eRNMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvOFhwOW9yWUlYLTF6WVUyQThVN3JkbkhaNUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQFBYvAMAwD
BAI+t2QDBAI+t3ADBANVrYgDBANe6YADBANe6bADBAWyI8AwDQYJKoZIhvcNAQEL
BQADggEBABqAYf8JM3CvCve6CT4jPRL1goOlhYR/kHAvv2VTXpqBEgoNBEMNwDfU
rcLyH8TpojoT/eoQV33Wa2nAsuXbj0hl5Khmol1FgBPbgfHkMYDlMd9l1w5x6UBV
OAOrjQh9UErWfa8Ll/ZRjk0y0aFk8G2Tj4cRofRMfvwdfCEA0DMl+lCT7BvCIif7
ZnEKcSqBT4R97ufDCELFS9MrzuKrS4CeXBgc7+DiF/zNjaur1mkLRVI2HHbwLHL/
u7Vrwe5gJP4Sud+N/FS+YnaO3DhccL0WL+RGlDftrpdz5E2st4Kbr1WillLjZ3Qb
HuDsAZ/lV46ce46PJOUjn7R0y+cONj4=
-----END CERTIFICATE-----