Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/99fd41-7ed8-4b25-8d56-c7ac26bcc2da/1/StVAWMlPNt7DdY6XM8SxR-gpFGM.roa
File:                     StVAWMlPNt7DdY6XM8SxR-gpFGM.roa (raw, json)
Hash identifier:          lnuvbbLVVnT7rp0jCtoc/gZ/u8GNDeRTOQs6sXAuTkQ=
Subject key identifier:   4A:D5:40:58:C9:4F:36:DE:C3:75:8E:97:33:C4:B1:47:E8:29:14:63
Certificate issuer:       /CN=fd8eff201218a5a823cbe85336853e3db4dd16eb
Certificate serial:       0194A5FCF85E4DAECB7814E5587BB465B9F5
Authority key identifier: FD:8E:FF:20:12:18:A5:A8:23:CB:E8:53:36:85:3E:3D:B4:DD:16:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Y7_IBIYpagjy-hTNoU-PbTdFus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/99fd41-7ed8-4b25-8d56-c7ac26bcc2da/1/StVAWMlPNt7DdY6XM8SxR-gpFGM.roa
Signing time:             Mon 27 Jan 2025 04:20:06 +0000
ROA not before:           Mon 27 Jan 2025 04:20:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        45.149.76.0/24 maxlen: 24
                          45.149.77.0/24 maxlen: 24
                          45.149.78.0/24 maxlen: 24
                          45.149.79.0/24 maxlen: 24
                          158.255.74.0/24 maxlen: 24
                          171.22.24.0/24 maxlen: 24
                          171.22.25.0/24 maxlen: 24
                          171.22.26.0/24 maxlen: 24
                          171.22.27.0/24 maxlen: 24
                          176.97.218.0/24 maxlen: 24
                          178.211.145.0/24 maxlen: 24
                          185.190.39.0/24 maxlen: 24
                          193.105.234.0/24 maxlen: 24
                          212.23.201.0/24 maxlen: 24
                          2a0e:b080::/32 maxlen: 32
                          2a0e:b081::/32 maxlen: 32
                          2a0e:b082::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 27 Jan 2025 04:21:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a5:fc:f8:5e:4d:ae:cb:78:14:e5:58:7b:b4:65:b9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd8eff201218a5a823cbe85336853e3db4dd16eb
        Validity
            Not Before: Jan 27 04:20:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ad54058c94f36dec3758e9733c4b147e8291463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:93:9d:7a:68:6f:5f:cb:cf:bb:c5:6d:26:68:
                    90:e6:b2:52:31:ba:bb:56:5d:38:dd:44:b8:af:a8:
                    28:72:f6:24:6e:27:ba:29:e4:6f:45:15:0e:69:8a:
                    d3:4a:bc:f3:90:ed:04:87:6e:d0:f5:b0:b7:c3:2c:
                    c7:1d:50:a7:da:8e:ef:cf:db:fa:d5:94:d5:f4:11:
                    f9:f0:a0:22:ab:5d:2a:dd:f8:eb:88:b0:bb:90:72:
                    be:32:98:68:4a:61:2b:c1:a1:92:f1:a5:48:69:47:
                    9b:c5:6f:2d:5a:6a:20:e5:f0:cc:90:70:92:3b:f0:
                    bd:97:db:6a:ff:54:6a:cd:e6:b1:ab:de:0a:37:bb:
                    aa:f9:54:1a:0a:91:62:ed:bf:1a:66:94:c5:25:e3:
                    07:86:62:a6:7b:e0:cd:30:ed:f8:ac:2a:fb:18:5a:
                    d0:8a:ea:29:79:1d:0f:77:e6:f4:16:17:45:c3:cd:
                    65:73:41:7b:07:d6:80:4e:b2:8a:51:5f:7d:88:ef:
                    0a:1e:c2:17:9b:87:e2:9d:02:5e:ee:59:56:33:0e:
                    75:5c:c4:be:0a:5e:f3:bd:51:13:08:fe:05:02:8d:
                    c0:47:34:73:3f:a6:1e:3e:c6:cd:f6:2c:e2:61:7a:
                    44:d1:60:dc:39:e3:d0:86:ae:00:93:1b:9d:91:ed:
                    e3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:D5:40:58:C9:4F:36:DE:C3:75:8E:97:33:C4:B1:47:E8:29:14:63
            X509v3 Authority Key Identifier:
                keyid:FD:8E:FF:20:12:18:A5:A8:23:CB:E8:53:36:85:3E:3D:B4:DD:16:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Y7_IBIYpagjy-hTNoU-PbTdFus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/99fd41-7ed8-4b25-8d56-c7ac26bcc2da/1/StVAWMlPNt7DdY6XM8SxR-gpFGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/99fd41-7ed8-4b25-8d56-c7ac26bcc2da/1/_Y7_IBIYpagjy-hTNoU-PbTdFus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.76.0/22
                  158.255.74.0/24
                  171.22.24.0/22
                  176.97.218.0/24
                  178.211.145.0/24
                  185.190.39.0/24
                  193.105.234.0/24
                  212.23.201.0/24
                IPv6:
                  2a0e:b080::-2a0e:b082:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         88:f4:c4:39:ed:f9:ce:c2:c4:f2:2c:ca:2a:34:a2:76:ee:ae:
         26:b9:16:2e:93:ea:49:1f:45:23:ab:36:bc:86:05:43:8f:95:
         02:bc:26:94:fb:00:75:31:24:d0:ff:fd:75:76:27:46:80:d4:
         b7:6e:99:41:4a:51:4e:57:59:ff:5d:06:65:1b:d1:81:a0:56:
         c1:c7:e4:02:26:dd:aa:c0:2a:30:fb:4f:27:76:9d:7e:ab:f7:
         d5:22:99:98:fc:4b:e9:bb:ea:ca:f5:fa:b0:f4:e9:0a:fe:47:
         3b:63:47:03:82:2f:63:ac:07:90:45:35:76:e5:a2:0b:21:50:
         d6:54:cd:3f:dd:bc:20:40:30:d9:5e:d4:0c:f7:2a:07:0b:52:
         f3:66:53:e3:b6:03:d7:ed:d1:60:15:60:c6:f7:8a:cb:54:58:
         68:4c:ea:d2:1e:96:44:33:9a:75:f4:59:71:ac:c0:f4:26:e0:
         c7:e1:db:c0:f5:0c:ca:c3:72:ce:4f:15:6a:2c:1a:b3:83:90:
         c0:ad:d4:43:d7:9a:3c:84:58:64:8c:f4:88:76:7b:79:0f:b8:
         de:24:15:db:82:2c:27:c8:cf:ba:69:35:1b:87:cb:dd:f6:4a:
         12:89:cf:76:c5:13:43:a2:0b:42:d9:59:3b:cd:0b:bf:ef:3c:
         d3:87:e0:c9
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZSl/PheTa7LeBTlWHu0Zbn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkOGVmZjIwMTIxOGE1YTgyM2NiZTg1MzM2ODUzZTNkYjRk
ZDE2ZWIwHhcNMjUwMTI3MDQyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWQ1NDA1OGM5NGYzNmRlYzM3NThlOTczM2M0YjE0N2U4MjkxNDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5OdemhvX8vPu8VtJmiQ5rJSMbq7
Vl043US4r6gocvYkbie6KeRvRRUOaYrTSrzzkO0Eh27Q9bC3wyzHHVCn2o7vz9v6
1ZTV9BH58KAiq10q3fjriLC7kHK+MphoSmErwaGS8aVIaUebxW8tWmog5fDMkHCS
O/C9l9tq/1Rqzeaxq94KN7uq+VQaCpFi7b8aZpTFJeMHhmKme+DNMO34rCr7GFrQ
iuopeR0Pd+b0FhdFw81lc0F7B9aATrKKUV99iO8KHsIXm4finQJe7llWMw51XMS+
Cl7zvVETCP4FAo3ARzRzP6YePsbN9iziYXpE0WDcOePQhq4Akxudke3jyQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFErVQFjJTzbew3WOlzPEsUfoKRRjMB8GA1UdIwQY
MBaAFP2O/yASGKWoI8voUzaFPj203RbrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1k3X0lCSVlwYWdqeS1oVE5vVS1QYlRkRnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85OWZkNDEtN2VkOC00YjI1LThkNTYt
YzdhYzI2YmNjMmRhLzEvU3RWQVdNbFBOdDdEZFk2WE04U3hSLWdwRkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85OWZkNDEtN2VkOC00YjI1LThkNTYtYzdhYzI2YmNjMmRh
LzEvX1k3X0lCSVlwYWdqeS1oVE5vVS1QYlRkRnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA2BAIAATAwAwQCLZVMAwQA
nv9KAwQCqxYYAwQAsGHaAwQAstORAwQAub4nAwQAwWnqAwQA1BfJMBYEAgACMBAw
DgMFByoOsIADBQAqDrCCMA0GCSqGSIb3DQEBCwUAA4IBAQCI9MQ57fnOwsTyLMoq
NKJ27q4muRYuk+pJH0Ujqza8hgVDj5UCvCaU+wB1MSTQ//11didGgNS3bplBSlFO
V1n/XQZlG9GBoFbBx+QCJt2qwCow+08ndp1+q/fVIpmY/Evpu+rK9fqw9OkK/kc7
Y0cDgi9jrAeQRTV25aILIVDWVM0/3bwgQDDZXtQM9yoHC1LzZlPjtgPX7dFgFWDG
94rLVFhoTOrSHpZEM5p19FlxrMD0JuDH4dvA9QzKw3LOTxVqLBqzg5DArdRD15o8
hFhkjPSIdnt5D7jeJBXbgiwnyM+6aTUbh8vd9koSic92xRNDogtC2Vk7zQu/7zzT
h+DJ
-----END CERTIFICATE-----