Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kRyKycqlrnXoPmeXCen0YannZHg.roa
File:                     kRyKycqlrnXoPmeXCen0YannZHg.roa (raw, json)
Hash identifier:          p2+8kraHqMsEZn5eWJHNFVotGMmeeX73DKWzRW7FFzM=
Subject key identifier:   91:1C:8A:C9:CA:A5:AE:75:E8:3E:67:97:09:E9:F4:61:A9:E7:64:78
Certificate issuer:       /CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Certificate serial:       019691E07D403BBEB97D8CFD5E4809BEC8FC
Authority key identifier: 8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kRyKycqlrnXoPmeXCen0YannZHg.roa
Signing time:             Fri 02 May 2025 16:42:10 +0000
ROA not before:           Fri 02 May 2025 16:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206119
IP address blocks:        185.213.169.0/24 maxlen: 24
                          185.213.170.0/24 maxlen: 24
                          185.213.171.0/24 maxlen: 24
                          194.0.207.0/24 maxlen: 24
                          2a0b:8b41::/32 maxlen: 32
                          2a0b:8b42::/32 maxlen: 32
                          2a0b:8b43::/32 maxlen: 32
                          2a0b:8b44::/32 maxlen: 32
                          2a0b:8b45::/32 maxlen: 32
                          2a0b:8b46::/32 maxlen: 32
                          2a0b:8b47::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 02 May 2025 20:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:e0:7d:40:3b:be:b9:7d:8c:fd:5e:48:09:be:c8:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
        Validity
            Not Before: May  2 16:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=911c8ac9caa5ae75e83e679709e9f461a9e76478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fe:70:5a:25:54:00:a9:98:8f:8c:f6:4d:55:
                    02:ce:0c:f9:21:b7:c0:40:e8:17:07:d3:d8:ec:29:
                    1e:6f:11:a1:0d:7d:69:35:4b:26:26:29:1f:eb:a4:
                    b6:3f:4b:b9:da:a4:ba:f3:d1:23:b0:7e:38:e1:7e:
                    db:7b:8d:7b:fe:b3:19:10:1a:bf:28:fb:ee:5d:09:
                    c8:34:96:dd:93:7b:cb:2d:52:d8:a2:15:d3:18:9f:
                    89:8f:d1:fd:26:89:7a:75:e1:1f:d1:b5:78:24:c8:
                    76:36:a8:e3:d0:47:0e:8a:68:85:b8:4a:01:6c:17:
                    51:6a:92:d7:fb:7d:39:b5:10:ca:af:fd:20:57:ec:
                    97:a0:d8:29:e3:b8:2a:ca:35:b8:c5:7f:27:8b:bb:
                    e9:de:4f:38:e1:af:6c:1b:49:fb:8b:62:7c:d4:b8:
                    57:fb:a7:21:d9:27:9b:cb:7a:75:c2:ac:92:86:ab:
                    19:b9:74:aa:aa:0b:09:d4:39:11:fc:ab:7f:6f:65:
                    46:34:04:8f:f2:22:b8:63:d9:11:a0:bb:b5:3b:b1:
                    fd:fd:f7:c0:b0:35:ad:3f:8b:91:43:c9:6b:0d:bb:
                    19:93:12:9e:e9:b0:9e:00:4d:32:f3:9a:f0:73:fb:
                    fe:54:d8:0e:8d:03:9b:5a:d9:c0:ff:31:21:22:56:
                    d4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1C:8A:C9:CA:A5:AE:75:E8:3E:67:97:09:E9:F4:61:A9:E7:64:78
            X509v3 Authority Key Identifier:
                keyid:8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kRyKycqlrnXoPmeXCen0YannZHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.169.0-185.213.171.255
                  194.0.207.0/24
                IPv6:
                  2a0b:8b41::-2a0b:8b47:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3e:91:e6:93:50:f9:b6:ce:0e:1a:df:23:0a:76:fa:49:03:8a:
         ae:b6:8f:7d:7a:08:fb:c5:e8:b5:80:11:15:a4:79:c0:b5:01:
         d6:0a:4a:a2:bd:d5:3d:e5:48:93:2b:3a:ef:13:0e:25:5c:9a:
         a7:31:1c:7e:62:6a:6a:37:15:34:8c:c9:d0:1b:8d:9d:96:66:
         fb:a0:13:e8:bf:10:e9:37:ec:6b:cd:60:3f:1c:92:f4:35:2a:
         46:a4:c2:dd:97:cc:67:20:19:83:c3:b3:9e:9c:f4:03:c2:dc:
         b7:3a:6f:b7:8e:c1:d6:6e:e0:f4:c0:75:f2:b2:33:2f:9a:eb:
         30:cf:75:29:e4:1c:43:9f:fa:8e:42:2a:72:a1:72:f8:00:de:
         ba:b7:eb:3d:78:a8:fd:67:d4:4a:19:a0:ac:56:7b:dd:7e:ec:
         b3:bd:a5:57:da:da:5a:a1:e3:a3:78:a9:c5:a2:01:d2:4d:ac:
         f9:6c:13:fb:b3:50:d5:23:b8:00:25:b4:73:e2:84:8c:a5:4a:
         f2:ed:8f:f0:e3:a9:f2:c3:ec:d2:bb:aa:66:55:8d:ba:f7:ae:
         f7:c2:eb:60:ea:85:1f:a9:e0:f3:93:b7:90:0a:59:14:e4:d8:
         3a:16:a9:a5:7c:03:63:bf:7c:6e:b2:f0:72:83:19:c2:10:ca:
         74:5a:7c:93
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZaR4H1AO765fYz9XkgJvsj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyMjNjMWYzMzVjMGNjNTY5MzU5ZmEyZGRhMzQ5YTIy
MzZjY2IwHhcNMjUwNTAyMTY0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFjOGFjOWNhYTVhZTc1ZTgzZTY3OTcwOWU5ZjQ2MWE5ZTc2NDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1P5wWiVUAKmYj4z2TVUCzgz5IbfA
QOgXB9PY7CkebxGhDX1pNUsmJikf66S2P0u52qS689EjsH444X7be417/rMZEBq/
KPvuXQnINJbdk3vLLVLYohXTGJ+Jj9H9Jol6deEf0bV4JMh2Nqjj0EcOimiFuEoB
bBdRapLX+305tRDKr/0gV+yXoNgp47gqyjW4xX8ni7vp3k844a9sG0n7i2J81LhX
+6ch2Seby3p1wqyShqsZuXSqqgsJ1DkR/Kt/b2VGNASP8iK4Y9kRoLu1O7H9/ffA
sDWtP4uRQ8lrDbsZkxKe6bCeAE0y85rwc/v+VNgOjQObWtnA/zEhIlbUPQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFJEcisnKpa516D5nlwnp9GGp52R4MB8GA1UdIwQY
MBaAFI2JIjwfM1wMxWk1n6Ldo0miI2zLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAt
YTEwMjhlZGE2MzgzLzEva1J5S3ljcWxyblhvUG1lWENlbjBZYW5uWkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAtYTEwMjhlZGE2Mzgz
LzEvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAaBAIAATAUMAwDBAC51akD
BAK51agDBADCAM8wFgQCAAIwEDAOAwUAKguLQQMFAyoLi0AwDQYJKoZIhvcNAQEL
BQADggEBAD6R5pNQ+bbODhrfIwp2+kkDiq62j316CPvF6LWAERWkecC1AdYKSqK9
1T3lSJMrOu8TDiVcmqcxHH5iamo3FTSMydAbjZ2WZvugE+i/EOk37GvNYD8ckvQ1
Kkakwt2XzGcgGYPDs56c9APC3Lc6b7eOwdZu4PTAdfKyMy+a6zDPdSnkHEOf+o5C
KnKhcvgA3rq36z14qP1n1EoZoKxWe91+7LO9pVfa2lqh46N4qcWiAdJNrPlsE/uz
UNUjuAAltHPihIylSvLtj/DjqfLD7NK7qmZVjbr3rvfC62DqhR+p4POTt5AKWRTk
2DoWqaV8A2O/fG6y8HKDGcIQynRafJM=
-----END CERTIFICATE-----