Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/vqUpbr5jt1EBe7uK3IJNFpwTjys.roa
File:                     vqUpbr5jt1EBe7uK3IJNFpwTjys.roa (raw, json)
Hash identifier:          VqBYH/3Jq4LeUhH4T5BgoELtJAPTkd3tC8Oa1ZjyUQY=
Subject key identifier:   BE:A5:29:6E:BE:63:B7:51:01:7B:BB:8A:DC:82:4D:16:9C:13:8F:2B
Certificate issuer:       /CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Certificate serial:       019541B5B713543AEC513797A5CDAC3DCFDC
Authority key identifier: 53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/vqUpbr5jt1EBe7uK3IJNFpwTjys.roa
Signing time:             Wed 26 Feb 2025 10:03:02 +0000
ROA not before:           Wed 26 Feb 2025 10:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200712
IP address blocks:        80.254.231.0/24 maxlen: 24
                          91.216.32.0/24 maxlen: 24
                          185.92.168.0/23 maxlen: 24
                          185.92.168.0/24 maxlen: 24
                          185.92.169.0/24 maxlen: 24
                          185.92.170.0/24 maxlen: 24
                          2001:67c:1084::/48 maxlen: 48
                          2a13:5240::/32 maxlen: 32
                          2a13:5243::/32 maxlen: 48
                          2a13:5245::/32 maxlen: 48
Validation:               Failed, certificate revoked on Wed 26 Feb 2025 11:34:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:b5:b7:13:54:3a:ec:51:37:97:a5:cd:ac:3d:cf:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
        Validity
            Not Before: Feb 26 10:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bea5296ebe63b751017bbb8adc824d169c138f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d7:f0:db:1e:a2:b9:4d:e8:86:85:c8:65:f1:
                    0e:35:68:1d:1c:b0:91:9a:de:86:1e:25:ec:b9:97:
                    67:32:37:64:dd:cf:4c:8f:9c:2a:7c:39:78:56:86:
                    44:1c:4f:97:f6:7d:a2:23:6f:1e:aa:43:0e:0e:5d:
                    82:0d:db:94:fb:c9:b9:89:af:94:70:53:21:f7:69:
                    57:fb:41:16:af:f6:54:29:2a:51:56:92:55:3a:17:
                    c5:eb:0d:6b:b5:7b:8a:9b:82:2d:13:53:60:e0:b6:
                    60:93:a4:49:1e:8c:67:27:b3:f5:78:d1:96:6a:b5:
                    32:48:e7:7c:81:c8:58:81:0b:cb:4f:b2:32:61:f4:
                    1c:b0:02:f4:ce:a8:d6:1b:64:c4:0a:5c:e4:c0:40:
                    6e:b4:e7:49:59:26:ef:80:4e:b4:56:d8:4f:15:57:
                    6f:94:5e:3b:ca:5a:88:62:e2:8c:6b:bd:fc:b2:93:
                    70:62:93:b6:84:e2:6a:ec:b9:49:f5:34:48:08:a4:
                    ec:7e:1e:1c:4f:7a:fa:9b:86:3e:05:af:65:4f:50:
                    6e:eb:79:cd:11:92:5f:b2:3b:15:e1:68:33:df:a3:
                    f1:9e:d4:15:4d:04:46:f3:4d:22:67:a6:2c:69:f1:
                    f8:c5:60:2e:f2:ca:37:30:b0:44:f7:f3:7c:81:a6:
                    a6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:A5:29:6E:BE:63:B7:51:01:7B:BB:8A:DC:82:4D:16:9C:13:8F:2B
            X509v3 Authority Key Identifier:
                keyid:53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/vqUpbr5jt1EBe7uK3IJNFpwTjys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.231.0/24
                  91.216.32.0/24
                  185.92.168.0-185.92.170.255
                IPv6:
                  2001:67c:1084::/48
                  2a13:5240::/32
                  2a13:5243::/32
                  2a13:5245::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:96:73:b3:4e:18:50:f0:51:27:81:4b:ec:5b:22:52:73:7d:
         63:7d:7c:55:96:58:ee:88:c9:a3:49:ea:65:06:02:74:f1:7d:
         d6:be:1e:ec:23:2f:58:ab:b7:80:e9:6b:4a:08:12:f7:e5:fb:
         23:f0:76:f7:5c:53:45:48:2d:49:24:11:06:34:91:1f:6d:85:
         fe:ef:44:96:e3:99:23:af:97:b1:84:d1:ea:ef:d7:88:bf:a0:
         a9:12:d3:f3:92:88:71:97:99:74:47:5a:2f:51:c7:4e:25:3d:
         55:50:ea:67:fe:64:6f:20:c8:1e:ca:65:95:44:c4:3b:bf:c0:
         c7:69:37:ec:28:68:41:12:27:de:06:c5:ee:2f:3c:5c:d0:7a:
         05:dc:4c:27:9d:9d:19:3a:a9:11:c4:80:ab:a4:06:d8:fa:ba:
         97:67:a7:9c:49:d0:ed:93:01:d6:a2:fd:af:24:4a:25:6d:04:
         e1:4e:6e:5e:b3:ba:85:8b:83:61:48:3d:bc:d9:dd:4b:29:4c:
         ef:49:d0:9d:b7:c4:63:66:74:de:09:ff:db:ed:04:03:df:a6:
         60:8c:77:30:5c:1e:cc:db:db:0d:1f:1f:c6:9f:1c:b5:4c:aa:
         41:97:4c:99:73:c4:6d:fe:89:46:e8:14:fc:e8:aa:b7:72:fd:
         56:10:f1:ac
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZVBtbcTVDrsUTeXpc2sPc/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQ2YWI3OWI5ZmM1OGY1ZGM0Y2YyOWQ3MmRjNTI2N2Vj
M2VkZGUwHhcNMjUwMjI2MTAwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWE1Mjk2ZWJlNjNiNzUxMDE3YmJiOGFkYzgyNGQxNjljMTM4ZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtfw2x6iuU3ohoXIZfEONWgdHLCR
mt6GHiXsuZdnMjdk3c9Mj5wqfDl4VoZEHE+X9n2iI28eqkMODl2CDduU+8m5ia+U
cFMh92lX+0EWr/ZUKSpRVpJVOhfF6w1rtXuKm4ItE1Ng4LZgk6RJHoxnJ7P1eNGW
arUySOd8gchYgQvLT7IyYfQcsAL0zqjWG2TEClzkwEButOdJWSbvgE60VthPFVdv
lF47ylqIYuKMa738spNwYpO2hOJq7LlJ9TRICKTsfh4cT3r6m4Y+Ba9lT1Bu63nN
EZJfsjsV4Wgz36PxntQVTQRG800iZ6YsafH4xWAu8so3MLBE9/N8gaamJwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFL6lKW6+Y7dRAXu7ityCTRacE48rMB8GA1UdIwQY
MBaAFFO0arebn8WPXcTPKdctxSZ+w+3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQt
MDYwYTQ3MzgwOTFkLzEvdnFVcGJyNWp0MUVCZTd1SzNJSk5GcHdUanlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQtMDYwYTQ3MzgwOTFk
LzEvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAgBAIAATAaAwQAUP7nAwQA
W9ggMAwDBAO5XKgDBAC5XKowJAQCAAIwHgMHACABBnwQhAMFACoTUkADBQAqE1JD
AwUAKhNSRTANBgkqhkiG9w0BAQsFAAOCAQEAtpZzs04YUPBRJ4FL7FsiUnN9Y318
VZZY7ojJo0nqZQYCdPF91r4e7CMvWKu3gOlrSggS9+X7I/B291xTRUgtSSQRBjSR
H22F/u9EluOZI6+XsYTR6u/XiL+gqRLT85KIcZeZdEdaL1HHTiU9VVDqZ/5kbyDI
HspllUTEO7/Ax2k37ChoQRIn3gbF7i88XNB6BdxMJ52dGTqpEcSAq6QG2Pq6l2en
nEnQ7ZMB1qL9ryRKJW0E4U5uXrO6hYuDYUg9vNndSylM70nQnbfEY2Z03gn/2+0E
A9+mYIx3MFwezNvbDR8fxp8ctUyqQZdMmXPEbf6JRugU/Oiqt3L9VhDxrA==
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:19:21 2025 by rpki-client