Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XEsnZ2ly-RIuBRvbUTWltkfkxXM.roa
File:                     XEsnZ2ly-RIuBRvbUTWltkfkxXM.roa (raw, json)
Hash identifier:          scOGEU2GDpqwMD9Gnj3obBvZXfHkWsWevtDlcQY7mCs=
Subject key identifier:   5C:4B:27:67:69:72:F9:12:2E:05:1B:DB:51:35:A5:B6:47:E4:C5:73
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01961DE29B08632709E43301E158794304FD
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XEsnZ2ly-RIuBRvbUTWltkfkxXM.roa
Signing time:             Thu 10 Apr 2025 04:08:32 +0000
ROA not before:           Thu 10 Apr 2025 04:08:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        5.83.138.0/24 maxlen: 24
                          5.175.238.0/24 maxlen: 24
                          5.231.61.0/24 maxlen: 24
                          5.231.79.0/24 maxlen: 24
                          85.93.5.0/24 maxlen: 24
                          85.93.31.0/24 maxlen: 24
                          89.144.5.0/24 maxlen: 24
                          89.144.11.0/24 maxlen: 24
                          94.249.168.0/24 maxlen: 24
                          94.249.169.0/24 maxlen: 24
                          94.249.237.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 11 Apr 2025 02:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1d:e2:9b:08:63:27:09:e4:33:01:e1:58:79:43:04:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 10 04:08:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c4b27676972f9122e051bdb5135a5b647e4c573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6c:d8:61:c9:01:fd:92:4b:fc:60:fd:5e:46:
                    e1:d5:23:bd:33:8b:2f:41:0b:e6:75:d1:47:60:e9:
                    34:7e:78:08:8b:5d:dd:5b:f7:2b:11:f3:e8:96:19:
                    6d:da:e3:43:4b:7c:e8:e8:53:a8:3e:21:31:aa:a1:
                    2c:6b:4b:ca:28:fd:98:da:f4:15:b8:1a:af:72:02:
                    e8:af:cd:b3:e3:d6:80:ce:88:1a:66:cb:6b:24:00:
                    16:71:bb:09:34:0a:58:1f:86:3b:06:56:68:50:3d:
                    3d:db:a8:9f:dd:c4:ce:9c:6f:b3:6f:64:28:4c:25:
                    20:33:de:7b:04:4c:43:fd:89:6c:f8:08:b0:97:08:
                    72:32:95:b9:3d:16:e0:3e:0a:6d:dd:1b:66:c5:85:
                    58:cb:91:7c:10:2d:3b:11:e3:54:d9:e7:9d:b2:4b:
                    9a:df:53:13:29:1c:7a:56:5d:6c:c9:3b:64:0e:0d:
                    31:fc:24:b9:9a:f1:c8:c4:3d:b5:7c:29:06:d9:0a:
                    42:1c:22:de:5d:16:a5:ba:19:88:4c:c2:72:fe:be:
                    a5:1e:70:d4:0c:2c:7d:23:78:fa:ce:08:1a:3a:0e:
                    19:62:33:8f:c0:44:c8:78:35:58:23:d1:3e:44:ce:
                    bc:fb:7e:ea:86:bb:90:51:89:aa:e5:9b:1d:6c:d1:
                    7a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4B:27:67:69:72:F9:12:2E:05:1B:DB:51:35:A5:B6:47:E4:C5:73
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/XEsnZ2ly-RIuBRvbUTWltkfkxXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.138.0/24
                  5.175.238.0/24
                  5.231.61.0/24
                  5.231.79.0/24
                  85.93.5.0/24
                  85.93.31.0/24
                  89.144.5.0/24
                  89.144.11.0/24
                  94.249.168.0/23
                  94.249.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:55:7d:56:4a:dd:d0:10:a7:70:e5:84:6d:1b:3d:8f:03:5d:
         46:9d:b9:77:7a:90:ae:f7:0c:42:e9:a8:8e:10:1a:f9:dd:a2:
         3e:d2:57:86:7a:c4:27:66:43:e2:61:b2:51:ad:4c:28:f9:0a:
         56:66:ad:a5:fc:60:99:d7:a2:50:5f:fd:d1:8b:fd:51:50:cf:
         19:69:52:2d:11:53:aa:ee:a3:42:85:4d:3b:67:46:98:8f:4e:
         83:ba:80:6f:48:70:f7:7e:4c:1c:71:4a:84:b1:b4:b2:95:f4:
         ef:db:48:d1:a9:7b:df:e8:7b:96:63:7d:4f:0f:09:d1:f7:4d:
         c7:f7:74:8a:82:87:84:b8:e9:7a:9d:94:1f:b9:cc:8b:07:42:
         b7:f4:bc:61:77:a2:f1:86:a2:55:49:a4:3a:fb:3a:31:2d:df:
         bf:04:1c:c3:6c:4a:84:1a:c0:99:aa:e1:b8:6a:eb:47:70:e6:
         1c:5b:65:fb:60:38:8f:80:ad:bf:10:fb:92:bc:00:25:a2:55:
         a4:df:cf:d0:99:46:ea:d7:4b:a3:48:fb:06:70:c0:72:53:a3:
         0a:52:d5:83:67:50:b8:0a:52:d8:8b:3c:ca:55:0d:86:35:9b:
         0c:37:42:1b:36:79:03:57:56:0c:f7:72:40:23:42:ac:72:4f:
         15:85:bd:7e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZYd4psIYycJ5DMB4Vh5QwT9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDEwMDQwODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRiMjc2NzY5NzJmOTEyMmUwNTFiZGI1MTM1YTViNjQ3ZTRjNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2zYYckB/ZJL/GD9Xkbh1SO9M4sv
QQvmddFHYOk0fngIi13dW/crEfPolhlt2uNDS3zo6FOoPiExqqEsa0vKKP2Y2vQV
uBqvcgLor82z49aAzogaZstrJAAWcbsJNApYH4Y7BlZoUD0926if3cTOnG+zb2Qo
TCUgM957BExD/Yls+AiwlwhyMpW5PRbgPgpt3RtmxYVYy5F8EC07EeNU2eedskua
31MTKRx6Vl1syTtkDg0x/CS5mvHIxD21fCkG2QpCHCLeXRaluhmITMJy/r6lHnDU
DCx9I3j6zggaOg4ZYjOPwETIeDVYI9E+RM68+37qhruQUYmq5ZsdbNF6fQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFxLJ2dpcvkSLgUb21E1pbZH5MVzMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWEVzbloybHktUkl1QlJ2YlVUV2x0a2ZreFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABVOKAwQA
Ba/uAwQABec9AwQABedPAwQAVV0FAwQAVV0fAwQAWZAFAwQAWZALAwQBXvmoAwQA
XvntMA0GCSqGSIb3DQEBCwUAA4IBAQDPVX1WSt3QEKdw5YRtGz2PA11Gnbl3epCu
9wxC6aiOEBr53aI+0leGesQnZkPiYbJRrUwo+QpWZq2l/GCZ16JQX/3Ri/1RUM8Z
aVItEVOq7qNChU07Z0aYj06DuoBvSHD3fkwccUqEsbSylfTv20jRqXvf6HuWY31P
DwnR903H93SKgoeEuOl6nZQfucyLB0K39Lxhd6LxhqJVSaQ6+zoxLd+/BBzDbEqE
GsCZquG4autHcOYcW2X7YDiPgK2/EPuSvAAlolWk38/QmUbq10ujSPsGcMByU6MK
UtWDZ1C4ClLYizzKVQ2GNZsMN0IbNnkDV1YM93JAI0Ksck8Vhb1+
-----END CERTIFICATE-----