Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pLUIg9pNz9SG_GZojMaY5b2rT6o.roa
File:                     pLUIg9pNz9SG_GZojMaY5b2rT6o.roa (raw, json)
Hash identifier:          +l9L1/EOfHBVzzVym9VZmZgZl21NI2cZrmF6DwQ1zmI=
Subject key identifier:   A4:B5:08:83:DA:4D:CF:D4:86:FC:66:68:8C:C6:98:E5:BD:AB:4F:AA
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01954C62D418FB7050614904C54FC1CDBDA6
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pLUIg9pNz9SG_GZojMaY5b2rT6o.roa
Signing time:             Fri 28 Feb 2025 11:48:20 +0000
ROA not before:           Fri 28 Feb 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44812
IP address blocks:        2a09:6284::/32 maxlen: 32
                          2a09:e5c0::/32 maxlen: 32
                          2a09:e5c1::/32 maxlen: 32
                          2a09:e5c2::/32 maxlen: 32
                          2a09:e5c3::/32 maxlen: 32
                          2a09:e5c4::/32 maxlen: 32
                          2a09:e5c5::/32 maxlen: 32
                          2a09:e5c6::/32 maxlen: 32
                          2a0e:b140::/29 maxlen: 29
                          2a10:4103::/32 maxlen: 32
                          2a10:4104::/32 maxlen: 32
                          2a11:4b47::/32 maxlen: 32
                          2a12:a343::/32 maxlen: 32
                          2a12:a344::/32 maxlen: 32
                          2a13:93c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 25 Mar 2025 10:43:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:62:d4:18:fb:70:50:61:49:04:c5:4f:c1:cd:bd:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Feb 28 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4b50883da4dcfd486fc66688cc698e5bdab4faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b3:c6:fa:cc:1e:66:b4:71:13:1a:21:b7:9f:
                    16:38:0d:49:d3:06:6e:92:b0:b9:53:21:3d:87:10:
                    d6:cc:5e:6d:0b:76:27:8d:83:f9:de:b1:fe:f4:3e:
                    97:7f:dc:11:8b:57:c4:b7:eb:ab:1c:b0:e7:df:52:
                    d2:8e:44:e6:7e:84:cb:0c:b5:01:75:7c:fb:32:a9:
                    92:dd:e4:c7:83:a7:e7:69:88:5c:4b:a6:b3:8b:1f:
                    f7:57:56:0f:3e:3d:65:d3:5f:07:1c:1c:e4:26:e0:
                    70:4c:d8:ca:f2:da:3d:cb:f5:54:44:9d:2c:b3:03:
                    7e:6d:57:63:ea:87:b9:32:5b:92:57:ec:c5:19:05:
                    22:75:92:d0:72:79:53:db:e3:10:78:48:4b:4e:e9:
                    31:3d:9b:b9:0a:fc:ae:15:e6:19:51:11:fc:1d:46:
                    70:d5:e0:cb:56:ef:22:93:f5:43:3a:fc:dc:b5:98:
                    cc:83:3f:88:af:ef:74:fe:34:72:df:9a:60:2e:fa:
                    94:b0:76:6a:08:5d:12:c1:69:1e:69:a4:5e:6d:08:
                    29:d4:3b:03:75:87:27:b9:d7:fb:24:97:59:74:03:
                    df:49:56:f4:de:1e:10:a4:58:9d:73:b3:a8:af:fc:
                    f3:66:75:c6:29:98:0c:94:b4:d1:06:8d:48:ae:82:
                    2c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B5:08:83:DA:4D:CF:D4:86:FC:66:68:8C:C6:98:E5:BD:AB:4F:AA
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pLUIg9pNz9SG_GZojMaY5b2rT6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6284::/32
                  2a09:e5c0::-2a09:e5c6:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0e:b140::/29
                  2a10:4103::-2a10:4104:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:4b47::/32
                  2a12:a343::-2a12:a344:ffff:ffff:ffff:ffff:ffff:ffff
                  2a13:93c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:8f:5c:0e:87:47:d6:41:ac:32:58:f0:10:d8:a1:e4:59:48:
         ed:ec:17:7e:8c:0a:e9:ec:2f:28:5d:3f:50:f3:d6:4b:42:0a:
         f8:7c:aa:cc:b3:4f:14:28:40:58:1b:90:92:64:97:73:c6:38:
         ec:8a:81:e7:84:25:44:f9:72:29:d2:85:dd:85:86:e0:1f:27:
         4c:db:a2:98:da:72:a1:8d:26:b2:ec:33:79:ba:71:de:fd:b6:
         9d:4b:ed:03:cd:5d:cc:33:12:62:ea:6a:88:67:7b:50:dd:88:
         d0:5a:46:bc:65:01:8a:07:fd:ba:81:1f:e1:f7:2c:dc:10:f1:
         9d:83:a4:19:95:a8:b6:e3:2a:e5:0f:ff:15:22:cc:9c:c5:9d:
         2d:39:05:4b:55:87:78:6a:e1:16:63:b1:58:9b:fa:aa:11:18:
         69:61:5c:3f:0b:38:3b:30:27:60:82:8e:bf:80:78:79:af:7d:
         7a:f5:ef:49:0d:24:60:6e:b8:ce:5b:a1:cc:b3:f0:24:f8:51:
         6b:7c:e3:a2:ae:39:ce:de:51:ac:a6:7c:b2:cb:b2:b2:79:af:
         61:52:4e:e1:26:5f:99:7f:02:93:12:c8:37:b9:76:c2:e1:b2:
         94:63:65:54:11:85:78:d1:46:af:72:b0:44:0c:c3:13:13:8c:
         3f:9a:81:ba
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZVMYtQY+3BQYUkExU/Bzb2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMjI4MTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGI1MDg4M2RhNGRjZmQ0ODZmYzY2Njg4Y2M2OThlNWJkYWI0ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLPG+sweZrRxExoht58WOA1J0wZu
krC5UyE9hxDWzF5tC3YnjYP53rH+9D6Xf9wRi1fEt+urHLDn31LSjkTmfoTLDLUB
dXz7MqmS3eTHg6fnaYhcS6azix/3V1YPPj1l018HHBzkJuBwTNjK8to9y/VURJ0s
swN+bVdj6oe5MluSV+zFGQUidZLQcnlT2+MQeEhLTukxPZu5CvyuFeYZURH8HUZw
1eDLVu8ik/VDOvzctZjMgz+Ir+90/jRy35pgLvqUsHZqCF0SwWkeaaRebQgp1DsD
dYcnudf7JJdZdAPfSVb03h4QpFidc7Oor/zzZnXGKZgMlLTRBo1IroIsrQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKS1CIPaTc/UhvxmaIzGmOW9q0+qMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvcExVSWc5cE56OVNHX0dab2pNYVk1YjJyVDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAwUAKglihDAO
AwUGKgnlwAMFACoJ5cYDBQMqDrFAMA4DBQAqEEEDAwUAKhBBBAMFACoRS0cwDgMF
ACoSo0MDBQAqEqNEAwUAKhOTwDANBgkqhkiG9w0BAQsFAAOCAQEAH49cDodH1kGs
MljwENih5FlI7ewXfowK6ewvKF0/UPPWS0IK+HyqzLNPFChAWBuQkmSXc8Y47IqB
54QlRPlyKdKF3YWG4B8nTNuimNpyoY0msuwzebpx3v22nUvtA81dzDMSYupqiGd7
UN2I0FpGvGUBigf9uoEf4fcs3BDxnYOkGZWotuMq5Q//FSLMnMWdLTkFS1WHeGrh
FmOxWJv6qhEYaWFcPws4OzAnYIKOv4B4ea99evXvSQ0kYG64zluhzLPwJPhRa3zj
oq45zt5RrKZ8ssuysnmvYVJO4SZfmX8CkxLIN7l2wuGylGNlVBGFeNFGr3KwRAzD
ExOMP5qBug==
-----END CERTIFICATE-----