Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pmFKlK4_NLnPgqh-pcrBzDAaErE.roa
File:                     pmFKlK4_NLnPgqh-pcrBzDAaErE.roa (raw, json)
Hash identifier:          Hh2y2vyVwbEPmffWLhiDl8/Fu83ekUX3vfI+VK8VI7Q=
Subject key identifier:   A6:61:4A:94:AE:3F:34:B9:CF:82:A8:7E:A5:CA:C1:CC:30:1A:12:B1
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0196EE07CB8F102443EA42B5D13E41BCBD0D
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pmFKlK4_NLnPgqh-pcrBzDAaErE.roa
Signing time:             Tue 20 May 2025 14:10:10 +0000
ROA not before:           Tue 20 May 2025 14:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        93.152.0.0/23 maxlen: 24
                          93.152.10.0/23 maxlen: 24
                          93.152.12.0/22 maxlen: 24
                          93.152.48.0/22 maxlen: 24
                          93.152.64.0/22 maxlen: 24
                          93.152.116.0/22 maxlen: 24
                          109.204.0.0/22 maxlen: 24
                          109.204.16.0/22 maxlen: 24
                          109.204.24.0/22 maxlen: 24
                          109.204.96.0/22 maxlen: 24
                          109.204.124.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Thu 22 May 2025 10:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:07:cb:8f:10:24:43:ea:42:b5:d1:3e:41:bc:bd:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 20 14:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6614a94ae3f34b9cf82a87ea5cac1cc301a12b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:d3:b6:fd:38:2a:74:ff:74:4c:89:99:98:
                    72:af:b2:18:45:11:1e:b0:05:cc:50:9f:13:a6:87:
                    96:d4:9b:d1:96:d6:a0:4f:7c:85:77:5c:e6:41:b3:
                    d1:12:ba:9c:9a:f7:47:c0:8f:23:16:88:17:2b:db:
                    06:ba:17:6a:9b:ee:1d:ac:00:7d:04:9d:f8:02:a5:
                    a7:94:d2:c4:85:ff:61:a0:bf:4e:ef:18:6d:81:20:
                    a0:89:64:75:10:fe:09:4c:1c:01:82:d5:b6:0e:c3:
                    3d:2b:6b:d5:1e:85:2b:b5:2c:ef:22:a8:08:a8:27:
                    0c:68:c8:3a:2f:aa:b3:67:07:45:4a:f9:1e:66:f4:
                    ba:4e:d2:4e:bd:eb:88:6a:a7:7c:16:85:d4:09:3b:
                    10:c3:bd:81:e4:bc:45:ad:4a:7a:0c:10:9e:37:ae:
                    a9:63:5d:d8:ec:50:da:09:f7:7d:e8:43:fa:95:d6:
                    28:66:d2:73:1d:e4:98:23:e0:da:92:fe:df:36:a6:
                    53:ef:5e:75:76:dc:bf:0b:58:70:f4:3e:15:4a:c2:
                    c8:95:41:9e:ea:27:b4:f6:84:05:4a:48:11:11:5f:
                    15:ff:0b:b6:f4:29:59:cf:71:9f:e0:e5:f0:f3:a9:
                    d8:e5:5b:ca:dc:da:1d:00:db:1a:e1:45:52:d1:42:
                    11:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:61:4A:94:AE:3F:34:B9:CF:82:A8:7E:A5:CA:C1:CC:30:1A:12:B1
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/pmFKlK4_NLnPgqh-pcrBzDAaErE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.0.0/23
                  93.152.10.0-93.152.15.255
                  93.152.48.0/22
                  93.152.64.0/22
                  93.152.116.0/22
                  109.204.0.0/22
                  109.204.16.0/22
                  109.204.24.0/22
                  109.204.96.0/22
                  109.204.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:da:4b:89:29:e2:23:05:bc:d9:55:7f:83:52:6b:f3:d5:7c:
         e4:08:9f:60:2a:14:02:54:f0:6b:ac:13:05:3c:90:04:22:a2:
         b9:1d:4c:5f:82:e1:4e:0e:2c:98:c9:4c:78:0a:c0:31:02:f4:
         99:44:e5:fd:62:25:47:6c:7b:b7:ea:ca:94:d7:66:92:f6:4b:
         38:e1:c9:88:f7:e0:e7:ec:4d:e0:20:bc:d8:df:6f:c3:58:6c:
         80:dd:0d:06:00:07:4b:a9:18:7d:4a:20:c9:e4:db:44:77:8a:
         87:5d:aa:65:1c:34:7d:9b:57:cc:b6:36:59:87:11:c0:49:3b:
         51:77:e1:4c:d6:a6:15:7f:0c:4c:c7:be:3e:8f:06:b8:f5:1f:
         9a:e5:6d:e1:88:2c:a1:eb:77:e3:da:75:81:ed:d6:29:54:b1:
         f0:64:19:2c:77:06:ac:21:94:90:8f:c9:76:d4:79:f7:b0:14:
         3b:3c:fb:3b:dc:eb:8d:ae:8e:71:f3:1f:ed:ac:fa:e4:76:00:
         86:d4:4b:8a:de:1e:b2:41:8d:80:c4:7e:8f:2e:98:29:c1:e8:
         71:72:54:8c:93:60:37:14:e6:20:31:17:d7:37:58:ed:f1:ed:
         bb:e2:36:20:5f:00:5a:bf:fe:89:ea:30:76:ee:49:9c:ea:7b:
         c0:18:fd:be
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZbuB8uPECRD6kK10T5BvL0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwNTIwMTQxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjYxNGE5NGFlM2YzNGI5Y2Y4MmE4N2VhNWNhYzFjYzMwMWExMmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/jTtv04KnT/dEyJmZhyr7IYRREe
sAXMUJ8TpoeW1JvRltagT3yFd1zmQbPRErqcmvdHwI8jFogXK9sGuhdqm+4drAB9
BJ34AqWnlNLEhf9hoL9O7xhtgSCgiWR1EP4JTBwBgtW2DsM9K2vVHoUrtSzvIqgI
qCcMaMg6L6qzZwdFSvkeZvS6TtJOveuIaqd8FoXUCTsQw72B5LxFrUp6DBCeN66p
Y13Y7FDaCfd96EP6ldYoZtJzHeSYI+Dakv7fNqZT7151dty/C1hw9D4VSsLIlUGe
6ie09oQFSkgREV8V/wu29ClZz3Gf4OXw86nY5VvK3NodANsa4UVS0UIRawIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKZhSpSuPzS5z4KofqXKwcwwGhKxMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvcG1GS2xLNF9OTG5QZ3FoLXBjckJ6REFhRXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBXZgAMAwD
BAFdmAoDBARdmAADBAJdmDADBAJdmEADBAJdmHQDBAJtzAADBAJtzBADBAJtzBgD
BAJtzGADBAFtzHwwDQYJKoZIhvcNAQELBQADggEBADzaS4kp4iMFvNlVf4NSa/PV
fOQIn2AqFAJU8GusEwU8kAQiorkdTF+C4U4OLJjJTHgKwDEC9JlE5f1iJUdse7fq
ypTXZpL2SzjhyYj34OfsTeAgvNjfb8NYbIDdDQYAB0upGH1KIMnk20R3ioddqmUc
NH2bV8y2NlmHEcBJO1F34UzWphV/DEzHvj6PBrj1H5rlbeGILKHrd+PadYHt1ilU
sfBkGSx3BqwhlJCPyXbUefewFDs8+zvc642ujnHzH+2s+uR2AIbUS4reHrJBjYDE
fo8umCnB6HFyVIyTYDcU5iAxF9c3WO3x7bviNiBfAFq//onqMHbuSZzqe8AY/b4=
-----END CERTIFICATE-----