Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/gETJrtlpyfcgigz5UJqqbWmkc8o.roa
File:                     gETJrtlpyfcgigz5UJqqbWmkc8o.roa (raw, json)
Hash identifier:          llhNxnUKfG4znYCowGX+WKGdTVV8RFfh7E3RWjLQfaw=
Subject key identifier:   80:44:C9:AE:D9:69:C9:F7:20:8A:0C:F9:50:9A:AA:6D:69:A4:73:CA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019716570F85234DAA7DA7B2001DA182EA41
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/gETJrtlpyfcgigz5UJqqbWmkc8o.roa
Signing time:             Wed 28 May 2025 10:01:33 +0000
ROA not before:           Wed 28 May 2025 10:01:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        5.175.237.0/24 maxlen: 24
                          5.175.239.0/24 maxlen: 24
                          5.231.25.0/24 maxlen: 24
                          5.231.26.0/24 maxlen: 24
                          89.106.69.0/24 maxlen: 24
                          89.106.71.0/24 maxlen: 24
                          94.103.167.0/24 maxlen: 24
                          94.249.150.0/24 maxlen: 24
                          2a02:2fc0:11::/48 maxlen: 48
Validation:               Failed, certificate revoked on Sat 31 May 2025 13:13:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:57:0f:85:23:4d:aa:7d:a7:b2:00:1d:a1:82:ea:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 28 10:01:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8044c9aed969c9f7208a0cf9509aaa6d69a473ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:51:82:bd:7c:08:43:99:2f:38:ca:a3:ac:79:
                    3c:20:06:13:62:48:27:7e:24:40:f3:1a:4e:35:c6:
                    9f:55:4c:b0:c6:71:a9:16:fc:c4:ce:93:d1:43:a3:
                    d3:51:e6:64:30:36:87:04:06:59:8b:e3:e3:63:ad:
                    4a:23:52:a7:25:2e:48:6a:69:33:63:64:6a:71:77:
                    0d:11:e0:d7:45:f1:e1:bc:0f:d4:f3:0f:08:2e:5f:
                    c3:e9:93:24:ae:78:28:12:b1:53:c9:88:c3:5a:73:
                    9c:aa:cd:c9:aa:5c:e0:a0:3b:86:f8:97:32:39:c7:
                    2b:15:bc:c0:98:3f:32:8a:85:05:67:11:00:50:3b:
                    09:5c:73:68:96:38:59:10:5c:2d:7b:43:24:00:5a:
                    41:3c:41:36:88:79:d0:7c:72:12:74:e0:e0:08:18:
                    9c:a4:d8:80:ed:cc:c3:ae:3c:c0:0a:e7:a0:d6:92:
                    a2:0b:b4:ee:da:68:12:b4:7c:3a:c0:eb:82:d5:a9:
                    1e:bf:95:7e:a0:33:bc:04:7d:22:80:d1:9f:f0:f3:
                    d4:96:9d:1c:f4:59:36:b3:d1:22:c7:0d:58:77:9e:
                    64:03:13:ff:8f:20:3b:bb:dd:a9:e6:9c:5d:e2:8a:
                    fa:c1:1a:f1:eb:e2:24:5d:c4:95:03:43:25:21:2b:
                    a0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:44:C9:AE:D9:69:C9:F7:20:8A:0C:F9:50:9A:AA:6D:69:A4:73:CA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/gETJrtlpyfcgigz5UJqqbWmkc8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.237.0/24
                  5.175.239.0/24
                  5.231.25.0-5.231.26.255
                  89.106.69.0/24
                  89.106.71.0/24
                  94.103.167.0/24
                  94.249.150.0/24
                IPv6:
                  2a02:2fc0:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:a8:9a:27:33:58:45:10:11:3a:f0:97:3c:7b:d3:fc:ee:44:
         bc:ef:9e:f6:c8:37:f5:69:8b:19:d0:4a:d8:a7:e3:bc:37:79:
         fa:8c:6b:56:d7:e0:dd:68:31:38:4a:81:f2:35:88:1d:c7:a4:
         e6:c4:8c:27:47:80:9d:71:dc:b5:1e:d0:f9:fa:22:b4:23:8c:
         f2:a0:5d:54:e5:08:e6:c0:71:2a:64:9b:5d:2d:c0:eb:4b:af:
         af:83:14:53:37:08:0f:0d:fb:72:fa:0f:45:76:79:73:9b:3c:
         a3:c5:a1:a7:28:7d:f5:13:08:5e:99:7a:ec:24:55:f8:f2:26:
         f2:23:62:e4:21:b9:f5:13:d1:0e:3c:58:73:ef:08:41:46:57:
         8f:ed:e6:b9:f5:e8:af:7d:19:7d:20:5b:01:8d:13:73:18:62:
         06:b2:47:7c:1d:30:5d:08:6b:c6:cd:71:61:3d:1c:53:e5:f9:
         b3:a6:c4:a4:c2:7f:1c:64:12:81:dc:ae:9e:6b:74:c1:24:96:
         7d:72:cb:50:d7:61:68:98:3a:ac:38:c3:99:a7:1f:56:f8:71:
         57:d4:ff:0f:9a:28:47:ca:79:49:74:c5:2c:13:6f:9e:41:ec:
         b0:17:dd:5d:ad:81:72:0e:42:b8:d7:86:55:da:bc:df:b9:f8:
         d5:71:92:32
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZcWVw+FI02qfaeyAB2hgupBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTI4MTAwMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDQ0YzlhZWQ5NjljOWY3MjA4YTBjZjk1MDlhYWE2ZDY5YTQ3M2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lGCvXwIQ5kvOMqjrHk8IAYTYkgn
fiRA8xpONcafVUywxnGpFvzEzpPRQ6PTUeZkMDaHBAZZi+PjY61KI1KnJS5Iamkz
Y2RqcXcNEeDXRfHhvA/U8w8ILl/D6ZMkrngoErFTyYjDWnOcqs3JqlzgoDuG+Jcy
OccrFbzAmD8yioUFZxEAUDsJXHNoljhZEFwte0MkAFpBPEE2iHnQfHISdODgCBic
pNiA7czDrjzACueg1pKiC7Tu2mgStHw6wOuC1akev5V+oDO8BH0igNGf8PPUlp0c
9Fk2s9Eixw1Yd55kAxP/jyA7u92p5pxd4or6wRrx6+IkXcSVA0MlISugHwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFIBEya7Zacn3IIoM+VCaqm1ppHPKMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZ0VUSnJ0bHB5ZmNnaWd6NVVKcXFiV21rYzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA4BAIAATAyAwQABa/tAwQA
Ba/vMAwDBAAF5xkDBAAF5xoDBABZakUDBABZakcDBABeZ6cDBABe+ZYwDwQCAAIw
CQMHACoCL8AAETANBgkqhkiG9w0BAQsFAAOCAQEAuaiaJzNYRRAROvCXPHvT/O5E
vO+e9sg39WmLGdBK2KfjvDd5+oxrVtfg3WgxOEqB8jWIHcek5sSMJ0eAnXHctR7Q
+foitCOM8qBdVOUI5sBxKmSbXS3A60uvr4MUUzcIDw37cvoPRXZ5c5s8o8Whpyh9
9RMIXpl67CRV+PIm8iNi5CG59RPRDjxYc+8IQUZXj+3mufXor30ZfSBbAY0Tcxhi
BrJHfB0wXQhrxs1xYT0cU+X5s6bEpMJ/HGQSgdyunmt0wSSWfXLLUNdhaJg6rDjD
macfVvhxV9T/D5ooR8p5SXTFLBNvnkHssBfdXa2Bcg5CuNeGVdq837n41XGSMg==
-----END CERTIFICATE-----