Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Xafo75VZApBiGzKNz0LQYhOV31w.roa
File:                     Xafo75VZApBiGzKNz0LQYhOV31w.roa (raw, json)
Hash identifier:          4mbE6aob+/R+9ar5cGLXv4EJ4HE8a9UKeN8EEjaCx/Q=
Subject key identifier:   5D:A7:E8:EF:95:59:02:90:62:1B:32:8D:CF:42:D0:62:13:95:DF:5C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196C31D7A982A36992A6EDD4BD57D5D7BCC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Xafo75VZApBiGzKNz0LQYhOV31w.roa
Signing time:             Mon 12 May 2025 06:10:10 +0000
ROA not before:           Mon 12 May 2025 06:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        151.240.45.0/24 maxlen: 24
                          151.242.45.0/24 maxlen: 24
                          151.242.57.0/24 maxlen: 24
                          151.242.158.0/24 maxlen: 24
                          151.242.204.0/22 maxlen: 22
                          151.243.105.0/24 maxlen: 24
                          151.243.159.0/24 maxlen: 24
                          151.244.57.0/24 maxlen: 24
                          151.244.111.0/24 maxlen: 24
                          151.244.115.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 15 May 2025 19:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:1d:7a:98:2a:36:99:2a:6e:dd:4b:d5:7d:5d:7b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 12 06:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5da7e8ef95590290621b328dcf42d0621395df5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1b:1c:01:d6:bb:56:7b:1d:eb:09:fc:07:58:
                    8a:07:c1:ff:5c:f9:76:af:a9:0e:0a:fc:e8:55:57:
                    5c:15:87:ed:af:00:5f:98:73:08:05:93:06:33:93:
                    de:2d:6a:d4:73:a1:b4:e8:d8:45:de:9b:5a:1c:76:
                    5f:44:39:9b:ca:f5:9e:8b:ae:4f:d9:0a:7d:e5:6f:
                    cb:6e:88:3b:60:80:ff:d3:93:1f:b4:3d:e0:9d:a6:
                    51:5f:ba:25:21:91:c9:25:eb:2e:0d:95:af:21:69:
                    80:6f:82:05:bc:a4:69:7c:76:72:43:03:d9:60:88:
                    ad:ac:29:21:1c:17:e5:22:00:03:21:d5:c5:5a:0c:
                    9a:f7:98:31:b1:f4:ad:7d:39:ac:b5:56:c5:d6:64:
                    f4:c8:49:7b:de:4e:70:8d:7c:1a:e2:2d:27:67:90:
                    bb:bd:c7:22:12:10:15:4f:15:56:38:5d:4b:5f:8f:
                    6a:ab:56:01:33:ae:b4:8a:88:34:ad:29:fb:6b:8d:
                    0f:41:3f:b8:91:f6:fd:45:24:76:ff:b9:25:1d:87:
                    0e:45:da:40:7c:7d:eb:ed:10:ff:c4:a0:3a:d0:f5:
                    3f:11:e8:63:b2:ea:5d:bd:98:a2:be:c8:dd:c0:fe:
                    57:7f:db:ca:a3:48:b3:85:48:b6:a8:4f:a7:a7:a3:
                    eb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A7:E8:EF:95:59:02:90:62:1B:32:8D:CF:42:D0:62:13:95:DF:5C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Xafo75VZApBiGzKNz0LQYhOV31w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.45.0/24
                  151.242.45.0/24
                  151.242.57.0/24
                  151.242.158.0/24
                  151.242.204.0/22
                  151.243.105.0/24
                  151.243.159.0/24
                  151.244.57.0/24
                  151.244.111.0/24
                  151.244.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:78:76:6f:a4:fe:71:54:3b:1e:42:30:81:b2:d6:9d:a7:04:
         5f:10:7a:a5:d6:ed:c2:d7:ae:84:97:6f:6a:a5:b9:9b:c7:12:
         a6:ea:a6:0a:0f:44:b9:7a:b1:28:93:67:d1:9a:07:d1:17:66:
         ba:73:08:ca:d2:82:bc:f6:51:14:54:d2:13:11:60:18:3d:0b:
         6a:68:2a:5c:b1:5c:63:10:b9:69:3c:c0:85:c3:75:e2:7b:47:
         36:a8:19:27:38:e6:24:02:4d:79:8a:d9:17:2b:6c:5c:d2:66:
         85:bf:12:07:43:11:82:5d:9a:1a:4c:d3:cb:59:86:77:3a:52:
         ed:2d:21:ce:e8:03:16:cf:90:3b:db:7d:3c:eb:5c:66:82:a9:
         e8:1a:6c:e4:d9:5d:d5:74:cf:73:1d:7b:11:90:b9:4c:bb:ed:
         1e:6e:66:ce:a4:e1:02:7d:6a:3f:3b:39:6f:74:cf:62:68:dc:
         db:e3:1f:d7:df:db:43:d3:68:6b:69:21:e8:f4:d0:a6:d2:e4:
         bf:ae:fa:65:d6:6b:4f:e5:1e:68:a3:e1:1f:13:eb:81:1f:06:
         8c:b6:25:d8:aa:46:0b:12:e5:27:de:d7:d4:5b:40:ad:bb:2f:
         9d:f6:16:e3:5c:7a:46:21:50:fe:93:f7:f5:30:45:33:46:1a:
         52:81:76:2a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZbDHXqYKjaZKm7dS9V9XXvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTEyMDYxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE3ZThlZjk1NTkwMjkwNjIxYjMyOGRjZjQyZDA2MjEzOTVkZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhscAda7Vnsd6wn8B1iKB8H/XPl2
r6kOCvzoVVdcFYftrwBfmHMIBZMGM5PeLWrUc6G06NhF3ptaHHZfRDmbyvWei65P
2Qp95W/Lbog7YID/05MftD3gnaZRX7olIZHJJesuDZWvIWmAb4IFvKRpfHZyQwPZ
YIitrCkhHBflIgADIdXFWgya95gxsfStfTmstVbF1mT0yEl73k5wjXwa4i0nZ5C7
vcciEhAVTxVWOF1LX49qq1YBM660iog0rSn7a40PQT+4kfb9RSR2/7klHYcORdpA
fH3r7RD/xKA60PU/EehjsupdvZiivsjdwP5Xf9vKo0izhUi2qE+np6PrEQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFF2n6O+VWQKQYhsyjc9C0GITld9cMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWGFmbzc1VlpBcEJpR3pLTnowTFFZaE9WMzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAl/AtAwQA
l/ItAwQAl/I5AwQAl/KeAwQCl/LMAwQAl/NpAwQAl/OfAwQAl/Q5AwQAl/RvAwQA
l/RzMA0GCSqGSIb3DQEBCwUAA4IBAQAseHZvpP5xVDseQjCBstadpwRfEHql1u3C
166El29qpbmbxxKm6qYKD0S5erEok2fRmgfRF2a6cwjK0oK89lEUVNITEWAYPQtq
aCpcsVxjELlpPMCFw3Xie0c2qBknOOYkAk15itkXK2xc0maFvxIHQxGCXZoaTNPL
WYZ3OlLtLSHO6AMWz5A7230861xmgqnoGmzk2V3VdM9zHXsRkLlMu+0ebmbOpOEC
fWo/OzlvdM9iaNzb4x/X39tD02hraSHo9NCm0uS/rvpl1mtP5R5oo+EfE+uBHwaM
tiXYqkYLEuUn3tfUW0Ctuy+d9hbjXHpGIVD+k/f1MEUzRhpSgXYq
-----END CERTIFICATE-----