Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kbck6k38EKhByXclLvmjqpQzArc.roa
File:                     kbck6k38EKhByXclLvmjqpQzArc.roa (raw, json)
Hash identifier:          mGfJrS1jQhP/YnN3k+5C4wL4xpNjczZe26ZuDM2JxbU=
Subject key identifier:   91:B7:24:EA:4D:FC:10:A8:41:C9:77:25:2E:F9:A3:AA:94:33:02:B7
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01970080427D99D67DFB168849A0828744CA
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kbck6k38EKhByXclLvmjqpQzArc.roa
Signing time:             Sat 24 May 2025 04:14:55 +0000
ROA not before:           Sat 24 May 2025 04:14:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        5.83.145.0/24 maxlen: 24
                          77.90.3.0/24 maxlen: 24
                          77.90.28.0/24 maxlen: 24
                          89.106.78.0/24 maxlen: 24
                          89.106.79.0/24 maxlen: 24
                          89.106.80.0/24 maxlen: 24
                          89.106.81.0/24 maxlen: 24
                          89.106.82.0/24 maxlen: 24
                          89.106.83.0/24 maxlen: 24
                          89.106.84.0/24 maxlen: 24
                          89.106.85.0/24 maxlen: 24
                          89.106.86.0/24 maxlen: 24
                          89.106.87.0/24 maxlen: 24
                          89.144.30.0/24 maxlen: 24
                          89.144.31.0/24 maxlen: 24
                          89.144.33.0/24 maxlen: 24
                          89.144.42.0/24 maxlen: 24
                          89.144.43.0/24 maxlen: 24
                          89.144.44.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 25 May 2025 21:49:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:00:80:42:7d:99:d6:7d:fb:16:88:49:a0:82:87:44:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 24 04:14:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91b724ea4dfc10a841c977252ef9a3aa943302b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:56:f6:92:cc:29:28:b2:7e:84:ce:e7:c5:46:
                    c5:ea:8d:86:b9:a0:9e:c0:51:84:7e:14:b7:e4:d6:
                    3a:e7:1a:51:a3:2d:32:bc:0e:87:72:c3:b5:e1:2a:
                    23:a6:13:a8:c1:62:bf:90:b7:66:82:43:27:53:12:
                    64:cf:d4:41:03:cc:7c:85:d9:46:d2:42:c4:7f:a2:
                    24:b1:fe:a3:f2:5e:a4:67:31:bc:da:a7:db:04:02:
                    71:bf:9a:4e:a5:70:a7:33:43:f7:c0:a8:13:3e:13:
                    3f:90:e4:58:7c:07:62:54:d7:5a:19:d1:b6:2e:37:
                    79:05:cf:67:5d:f7:e5:7d:33:bc:3a:e2:81:86:e3:
                    ef:13:24:d5:e7:56:a3:a0:f8:02:7e:c0:63:80:11:
                    a2:75:cc:29:af:c8:f6:1f:a0:28:5a:a2:71:fb:d6:
                    21:0d:ab:c4:4b:69:35:ef:2c:57:9f:5d:7a:f0:39:
                    34:13:84:a8:d6:7d:9f:a6:bd:6b:1b:94:89:a4:ec:
                    50:e0:7b:1b:24:98:75:df:ee:ae:8a:c3:3c:9b:2d:
                    e5:4f:19:38:58:1d:71:b4:20:30:c1:3c:7e:8a:8b:
                    d1:52:7c:d0:b0:58:84:75:50:1c:67:6d:ff:17:98:
                    20:7d:83:4a:d4:63:c3:b5:54:5c:40:bd:6c:a4:4e:
                    06:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B7:24:EA:4D:FC:10:A8:41:C9:77:25:2E:F9:A3:AA:94:33:02:B7
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kbck6k38EKhByXclLvmjqpQzArc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.145.0/24
                  77.90.3.0/24
                  77.90.28.0/24
                  89.106.78.0-89.106.87.255
                  89.144.30.0/23
                  89.144.33.0/24
                  89.144.42.0-89.144.44.255

    Signature Algorithm: sha256WithRSAEncryption
         bd:04:c5:99:de:7c:a6:14:1f:b5:62:d5:fa:6c:5b:13:d3:0d:
         61:a8:0f:7f:c5:77:9d:b8:da:c1:fa:54:97:29:0e:b8:22:c4:
         a0:bc:d8:98:39:77:52:ce:65:47:4f:87:55:4c:12:d8:b3:0c:
         51:2c:0c:ca:87:df:97:39:af:c3:e4:e3:6d:16:c3:d1:49:d9:
         76:5a:c6:3f:96:4a:8d:42:a2:91:d4:6b:62:1e:2e:8a:7a:60:
         2a:c5:0d:52:c6:67:87:85:cc:64:71:12:2a:0f:52:3e:49:bf:
         88:2e:00:f4:d4:9d:26:8c:54:23:d7:be:fd:0e:dd:86:40:9f:
         59:66:14:6e:31:5a:83:68:86:95:0e:6f:d4:0e:c8:51:24:bd:
         b2:94:19:78:90:01:16:a2:99:e5:ec:ef:51:32:e6:55:4d:56:
         a3:1d:d7:6b:6b:fc:1b:dc:29:ac:ab:b6:dc:9a:21:48:fb:72:
         28:90:18:c9:e7:b2:1e:d3:a3:b9:92:c3:cf:25:2b:28:88:7a:
         94:fc:7a:cd:3f:57:54:8a:46:d2:69:07:f6:c0:a7:a2:3d:06:
         94:a5:eb:ef:69:a3:8a:cd:6c:3b:8e:f9:48:97:60:47:50:f3:
         cc:d7:da:7f:1b:30:76:b2:db:81:1b:6b:e9:df:c2:9a:26:03:
         fe:10:e7:75
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZcAgEJ9mdZ9+xaISaCCh0TKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTI0MDQxNDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWI3MjRlYTRkZmMxMGE4NDFjOTc3MjUyZWY5YTNhYTk0MzMwMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlb2kswpKLJ+hM7nxUbF6o2GuaCe
wFGEfhS35NY65xpRoy0yvA6HcsO14SojphOowWK/kLdmgkMnUxJkz9RBA8x8hdlG
0kLEf6Iksf6j8l6kZzG82qfbBAJxv5pOpXCnM0P3wKgTPhM/kORYfAdiVNdaGdG2
Ljd5Bc9nXfflfTO8OuKBhuPvEyTV51ajoPgCfsBjgBGidcwpr8j2H6AoWqJx+9Yh
DavES2k17yxXn1168Dk0E4So1n2fpr1rG5SJpOxQ4HsbJJh13+6uisM8my3lTxk4
WB1xtCAwwTx+iovRUnzQsFiEdVAcZ23/F5ggfYNK1GPDtVRcQL1spE4G2wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFJG3JOpN/BCoQcl3JS75o6qUMwK3MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEva2JjazZrMzhFS2hCeVhjbEx2bWpxcFF6QXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQABVORAwQA
TVoDAwQATVocMAwDBAFZak4DBANZalADBAFZkB4DBABZkCEwDAMEAVmQKgMEAFmQ
LDANBgkqhkiG9w0BAQsFAAOCAQEAvQTFmd58phQftWLV+mxbE9MNYagPf8V3nbja
wfpUlykOuCLEoLzYmDl3Us5lR0+HVUwS2LMMUSwMyofflzmvw+TjbRbD0UnZdlrG
P5ZKjUKikdRrYh4uinpgKsUNUsZnh4XMZHESKg9SPkm/iC4A9NSdJoxUI9e+/Q7d
hkCfWWYUbjFag2iGlQ5v1A7IUSS9spQZeJABFqKZ5ezvUTLmVU1Wox3Xa2v8G9wp
rKu23JohSPtyKJAYyeeyHtOjuZLDzyUrKIh6lPx6zT9XVIpG0mkH9sCnoj0GlKXr
72mjis1sO475SJdgR1DzzNfafxswdrLbgRtr6d/CmiYD/hDndQ==
-----END CERTIFICATE-----