Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/3nwCzUIXp8aV0_Uvl42uaM2aQ38.roa
File:                     3nwCzUIXp8aV0_Uvl42uaM2aQ38.roa (raw, json)
Hash identifier:          QybkI++Czghd9P7mexSe1ms+qk49xGKLlyGa44kG+jc=
Subject key identifier:   DE:7C:02:CD:42:17:A7:C6:95:D3:F5:2F:97:8D:AE:68:CD:9A:43:7F
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       01969F4E4A9F341A4A8BA972B0B4DBD3D10A
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/3nwCzUIXp8aV0_Uvl42uaM2aQ38.roa
Signing time:             Mon 05 May 2025 07:17:10 +0000
ROA not before:           Mon 05 May 2025 07:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        107.150.162.0/23 maxlen: 23
                          162.222.88.0/23 maxlen: 23
                          167.160.4.0/24 maxlen: 24
                          167.160.11.0/24 maxlen: 24
                          167.160.19.0/24 maxlen: 24
                          167.160.21.0/24 maxlen: 24
                          167.160.27.0/24 maxlen: 24
                          167.160.30.0/24 maxlen: 24
                          185.4.224.0/23 maxlen: 23
                          185.162.72.0/23 maxlen: 23
                          185.165.47.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 05 May 2025 07:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:4e:4a:9f:34:1a:4a:8b:a9:72:b0:b4:db:d3:d1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: May  5 07:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de7c02cd4217a7c695d3f52f978dae68cd9a437f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d0:8e:21:c4:6f:0c:72:32:aa:61:df:c6:ea:
                    b3:50:11:41:4f:dd:69:f0:88:6c:27:09:a2:c1:79:
                    b8:e8:63:ef:50:a1:9b:30:dd:30:53:67:e1:f7:0d:
                    69:1f:ac:ea:77:3f:0c:01:cc:67:55:eb:94:02:ae:
                    b9:94:03:dd:78:aa:0c:bd:fa:73:9e:59:c9:e4:ce:
                    51:66:03:87:3d:98:9d:f8:ae:44:35:b4:fd:1a:ce:
                    e7:2f:27:5a:6e:84:3b:35:e1:8b:72:4b:a4:3b:19:
                    c1:18:0c:1e:93:0c:4f:e3:2c:ec:5d:6e:40:48:50:
                    23:5c:87:c5:a7:00:ed:81:f5:e4:ef:4d:e3:de:bf:
                    be:66:cc:3f:08:5c:dc:27:a3:31:0a:96:34:f1:df:
                    6e:55:12:4b:c6:63:5d:6a:e6:bb:6b:2f:f5:ac:66:
                    7d:3a:d0:9d:b5:c0:e5:31:d4:4c:99:58:b5:f6:cc:
                    55:54:ef:bb:a5:bb:b2:47:27:43:fb:91:40:ca:b7:
                    5a:c3:6d:35:87:4c:05:b5:6a:48:ab:f9:21:6e:d9:
                    d1:4b:fd:9c:2b:72:c4:47:0b:34:66:83:62:14:03:
                    80:79:9e:26:4e:de:2b:bd:ec:ee:41:22:78:e6:eb:
                    62:93:dc:b1:80:61:50:8e:63:de:65:eb:ec:fa:21:
                    49:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7C:02:CD:42:17:A7:C6:95:D3:F5:2F:97:8D:AE:68:CD:9A:43:7F
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/3nwCzUIXp8aV0_Uvl42uaM2aQ38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.162.0/23
                  162.222.88.0/23
                  167.160.4.0/24
                  167.160.11.0/24
                  167.160.19.0/24
                  167.160.21.0/24
                  167.160.27.0/24
                  167.160.30.0/24
                  185.4.224.0/23
                  185.162.72.0/23
                  185.165.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:c7:51:00:25:c9:80:27:a4:47:3c:10:89:d2:ed:e3:84:63:
         01:46:c6:e1:46:19:a4:db:21:bf:74:17:d4:37:4c:bc:60:b1:
         f0:2c:0d:b5:7a:d2:35:ec:fe:3c:d5:5c:4a:8a:b3:21:bd:b2:
         6e:2c:4d:32:57:4e:ae:70:dd:0b:15:f8:f6:49:c6:dc:db:4a:
         57:f9:fe:06:6f:68:fc:81:ce:b3:37:f3:7f:4e:71:22:f7:fb:
         f6:6e:47:c6:57:3f:94:1e:df:a9:f6:76:f4:bd:9f:be:1c:c0:
         dd:21:0e:f5:31:0b:33:22:9b:4d:9c:54:cc:20:aa:ae:82:5d:
         16:df:9e:43:6e:ea:bd:df:40:8c:5c:b1:14:4e:8f:32:0f:a9:
         7d:02:85:d3:ca:c8:ff:07:10:c4:dc:df:80:68:66:13:57:87:
         3a:6b:97:25:c1:33:fa:0d:96:c7:5c:9c:f4:e5:ec:a7:73:81:
         3e:1c:92:e3:2f:34:dc:07:ed:3a:5a:b2:29:e6:c9:82:1d:98:
         5b:d9:70:48:94:ac:73:9d:8d:fa:84:ba:ca:ac:45:35:f7:58:
         73:25:79:43:39:a4:fe:ad:40:df:03:63:22:e6:bd:79:bc:52:
         e6:72:12:7a:52:30:c1:a6:80:ed:13:4f:e1:37:1e:f4:b6:ac:
         c2:85:e3:f9
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZafTkqfNBpKi6lysLTb09EKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwNTA1MDcxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdjMDJjZDQyMTdhN2M2OTVkM2Y1MmY5NzhkYWU2OGNkOWE0MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNCOIcRvDHIyqmHfxuqzUBFBT91p
8IhsJwmiwXm46GPvUKGbMN0wU2fh9w1pH6zqdz8MAcxnVeuUAq65lAPdeKoMvfpz
nlnJ5M5RZgOHPZid+K5ENbT9Gs7nLydaboQ7NeGLckukOxnBGAwekwxP4yzsXW5A
SFAjXIfFpwDtgfXk703j3r++Zsw/CFzcJ6MxCpY08d9uVRJLxmNdaua7ay/1rGZ9
OtCdtcDlMdRMmVi19sxVVO+7pbuyRydD+5FAyrdaw201h0wFtWpIq/khbtnRS/2c
K3LERws0ZoNiFAOAeZ4mTt4rvezuQSJ45utik9yxgGFQjmPeZevs+iFJbwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFN58As1CF6fGldP1L5eNrmjNmkN/MB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvM253Q3pVSVhwOGFWMF9Vdmw0MnVhTTJhUTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBa5aiAwQB
ot5YAwQAp6AEAwQAp6ALAwQAp6ATAwQAp6AVAwQAp6AbAwQAp6AeAwQBuQTgAwQB
uaJIAwQAuaUvMA0GCSqGSIb3DQEBCwUAA4IBAQCUx1EAJcmAJ6RHPBCJ0u3jhGMB
RsbhRhmk2yG/dBfUN0y8YLHwLA21etI17P481VxKirMhvbJuLE0yV06ucN0LFfj2
Scbc20pX+f4Gb2j8gc6zN/N/TnEi9/v2bkfGVz+UHt+p9nb0vZ++HMDdIQ71MQsz
IptNnFTMIKqugl0W355Dbuq930CMXLEUTo8yD6l9AoXTysj/BxDE3N+AaGYTV4c6
a5clwTP6DZbHXJz05eync4E+HJLjLzTcB+06WrIp5smCHZhb2XBIlKxznY36hLrK
rEU191hzJXlDOaT+rUDfA2Mi5r15vFLmchJ6UjDBpoDtE0/hNx70tqzCheP5
-----END CERTIFICATE-----