Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ofrVDSZWu1eIlDIL-Uzgq6Ab7Sg.roa
File:                     ofrVDSZWu1eIlDIL-Uzgq6Ab7Sg.roa (raw, json)
Hash identifier:          anTwzrScEjXVQh5MgxiO7aZtO4j3GvviD6DOxylOc8Y=
Subject key identifier:   A1:FA:D5:0D:26:56:BB:57:88:94:32:0B:F9:4C:E0:AB:A0:1B:ED:28
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       0195A848AF2D5D2B87D8353CB0ECCE9DE808
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ofrVDSZWu1eIlDIL-Uzgq6Ab7Sg.roa
Signing time:             Tue 18 Mar 2025 08:04:50 +0000
ROA not before:           Tue 18 Mar 2025 08:04:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50810
IP address blocks:        37.98.64.0/19 maxlen: 22
                          37.98.104.0/21 maxlen: 22
                          37.98.112.0/20 maxlen: 22
                          37.98.114.0/24 maxlen: 24
                          93.117.176.0/20 maxlen: 24
                          93.119.208.0/20 maxlen: 24
                          178.131.0.0/18 maxlen: 24
                          178.131.4.0/24 maxlen: 24
                          178.131.64.0/19 maxlen: 22
                          178.131.96.0/20 maxlen: 22
                          178.131.112.0/21 maxlen: 22
                          178.131.128.0/18 maxlen: 24
                          188.211.0.0/20 maxlen: 24
                          188.211.15.0/24 maxlen: 24
                          188.212.240.0/21 maxlen: 24
                          188.213.192.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Tue 18 Mar 2025 10:14:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:48:af:2d:5d:2b:87:d8:35:3c:b0:ec:ce:9d:e8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Mar 18 08:04:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1fad50d2656bb578894320bf94ce0aba01bed28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f9:22:79:d1:e2:66:7e:b9:2e:ed:6a:b0:29:
                    e1:14:33:0e:8c:50:77:06:23:cd:a6:66:3f:2b:08:
                    ee:77:49:b9:54:06:c9:0e:07:34:b3:92:6d:2e:c9:
                    1d:a0:f2:96:41:1d:d8:8a:44:ff:89:93:2c:3c:67:
                    b9:b2:97:99:c3:1b:f8:31:de:08:d8:73:b1:3c:f9:
                    ab:a3:19:e6:2c:1b:40:11:3b:25:d2:be:b2:5e:cd:
                    66:fc:bc:68:4f:ec:a2:e8:32:59:5e:80:e2:ac:01:
                    fc:1d:b1:59:a9:29:f3:31:6c:dc:eb:20:ad:d0:b8:
                    5e:a3:6c:a9:e6:7d:33:02:d7:fc:7d:b9:4e:84:52:
                    55:eb:e8:49:db:fc:64:b3:68:36:59:b5:83:f9:dd:
                    93:30:34:70:49:d3:03:58:05:11:72:01:10:f5:ff:
                    4e:ce:02:0d:3a:35:ab:c8:b9:1c:50:d7:6a:9b:f9:
                    e8:30:12:10:5a:64:dc:7c:1f:bb:8c:5a:59:93:35:
                    7d:13:d2:77:b0:26:4c:f6:3f:41:7a:83:cd:65:59:
                    7c:80:fa:f6:6f:53:82:21:d4:48:10:40:f6:6c:34:
                    85:1e:b4:31:b2:38:39:d2:60:ec:bb:8b:f4:95:fe:
                    91:17:5f:d0:c2:09:18:61:60:ac:5a:25:6b:70:3a:
                    cf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FA:D5:0D:26:56:BB:57:88:94:32:0B:F9:4C:E0:AB:A0:1B:ED:28
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ofrVDSZWu1eIlDIL-Uzgq6Ab7Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.64.0/19
                  37.98.104.0-37.98.127.255
                  93.117.176.0/20
                  93.119.208.0/20
                  178.131.0.0-178.131.119.255
                  178.131.128.0/18
                  188.211.0.0/20
                  188.212.240.0/21
                  188.213.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:99:61:13:76:66:d5:d4:4f:7b:b4:47:09:79:5f:57:e9:3b:
         64:c9:ae:67:e5:8f:2a:40:67:4a:2a:5d:78:8d:31:32:6a:1b:
         e6:90:a9:82:5d:52:e8:b1:65:0b:76:eb:cf:c2:d7:18:e8:7d:
         c9:6d:fa:39:d9:7c:ea:af:bd:13:29:c4:53:91:8e:c5:f9:96:
         87:6c:2d:4e:ff:2c:f4:6c:97:9d:1a:14:8e:0b:07:cb:7c:14:
         ca:71:df:7f:18:08:23:14:54:7d:8d:c5:2b:12:dc:d2:e1:63:
         f4:e9:ce:5c:db:35:17:c9:48:44:7f:25:69:dd:fa:d0:96:0e:
         8e:09:79:5a:e2:6a:df:60:40:fa:b2:89:9c:e7:1a:76:a6:31:
         54:53:11:4f:61:16:ec:ed:bf:84:2a:4a:0d:85:5b:62:ae:b2:
         fa:bd:13:0d:38:e2:ee:18:21:fa:cc:86:66:85:d2:b1:bd:61:
         d7:fc:85:ef:40:d2:1c:e9:b5:01:3b:cd:cc:1b:86:99:39:be:
         4d:c8:aa:7e:29:3c:73:8a:4f:99:6c:10:9d:73:95:7a:62:56:
         29:06:b2:cb:09:84:ac:53:0d:e9:2d:56:f8:d2:b6:0b:ca:fd:
         5d:1b:c2:94:02:16:55:d5:65:b0:80:6d:9f:ac:a0:c2:e9:b3:
         50:63:b6:c1
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZWoSK8tXSuH2DU8sOzOnegIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjUwMzE4MDgwNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZhZDUwZDI2NTZiYjU3ODg5NDMyMGJmOTRjZTBhYmEwMWJlZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/kiedHiZn65Lu1qsCnhFDMOjFB3
BiPNpmY/Kwjud0m5VAbJDgc0s5JtLskdoPKWQR3YikT/iZMsPGe5speZwxv4Md4I
2HOxPPmroxnmLBtAETsl0r6yXs1m/LxoT+yi6DJZXoDirAH8HbFZqSnzMWzc6yCt
0Lheo2yp5n0zAtf8fblOhFJV6+hJ2/xks2g2WbWD+d2TMDRwSdMDWAURcgEQ9f9O
zgINOjWryLkcUNdqm/noMBIQWmTcfB+7jFpZkzV9E9J3sCZM9j9BeoPNZVl8gPr2
b1OCIdRIEED2bDSFHrQxsjg50mDsu4v0lf6RF1/QwgkYYWCsWiVrcDrPcQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKH61Q0mVrtXiJQyC/lM4KugG+0oMB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvb2ZyVkRTWld1MWVJbERJTC1VemdxNkFiN1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFAwQFJWJAMAwD
BAMlYmgDBAclYgADBARddbADBARdd9AwCwMDALKDAwQDsoNwAwQGsoOAAwQEvNMA
AwQDvNTwAwQCvNXAMA0GCSqGSIb3DQEBCwUAA4IBAQBEmWETdmbV1E97tEcJeV9X
6Ttkya5n5Y8qQGdKKl14jTEyahvmkKmCXVLosWULduvPwtcY6H3Jbfo52Xzqr70T
KcRTkY7F+ZaHbC1O/yz0bJedGhSOCwfLfBTKcd9/GAgjFFR9jcUrEtzS4WP06c5c
2zUXyUhEfyVp3frQlg6OCXla4mrfYED6somc5xp2pjFUUxFPYRbs7b+EKkoNhVti
rrL6vRMNOOLuGCH6zIZmhdKxvWHX/IXvQNIc6bUBO83MG4aZOb5NyKp+KTxzik+Z
bBCdc5V6YlYpBrLLCYSsUw3pLVb40rYLyv1dG8KUAhZV1WWwgG2frKDC6bNQY7bB
-----END CERTIFICATE-----