Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/sljsUayxMUA1dLpmVxDrmlPWvvE.roa
File:                     sljsUayxMUA1dLpmVxDrmlPWvvE.roa (raw, json)
Hash identifier:          eU+uEXchn9kSlix+zzM9qmTDHiNzUoMwMi57XM6g0pc=
Subject key identifier:   B2:58:EC:51:AC:B1:31:40:35:74:BA:66:57:10:EB:9A:53:D6:BE:F1
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01966C2D06C58C65FBA70BFB876632E5A35D
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/sljsUayxMUA1dLpmVxDrmlPWvvE.roa
Signing time:             Fri 25 Apr 2025 09:00:11 +0000
ROA not before:           Fri 25 Apr 2025 09:00:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35179
IP address blocks:        79.110.192.0/20 maxlen: 24
                          83.168.64.0/22 maxlen: 22
                          83.168.71.0/24 maxlen: 24
                          83.168.72.0/21 maxlen: 24
                          83.168.80.0/21 maxlen: 21
                          83.168.88.0/22 maxlen: 22
                          83.168.100.0/22 maxlen: 24
                          83.168.108.0/23 maxlen: 23
                          83.168.114.0/23 maxlen: 23
                          83.168.116.0/23 maxlen: 23
                          83.168.120.0/23 maxlen: 23
                          83.168.126.0/23 maxlen: 23
                          185.49.29.0/24 maxlen: 24
                          185.49.30.0/23 maxlen: 23
                          193.239.56.0/22 maxlen: 24
                          2a01:96e0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 25 Apr 2025 11:15:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:2d:06:c5:8c:65:fb:a7:0b:fb:87:66:32:e5:a3:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Apr 25 09:00:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b258ec51acb131403574ba665710eb9a53d6bef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8c:33:c7:67:d8:60:f0:06:9d:7d:35:dc:90:
                    92:76:2a:92:37:dc:44:3c:0b:e7:96:dd:49:82:b1:
                    75:6c:d6:41:7a:3a:6e:74:62:10:4d:91:eb:da:5d:
                    eb:df:e1:e3:0d:ef:70:8c:56:5b:58:cc:05:92:98:
                    0b:85:35:de:3d:16:09:b4:2c:29:34:de:12:1d:93:
                    4d:f4:5a:3c:4c:bd:00:5b:f5:ba:a4:88:e7:d9:54:
                    78:3e:78:e6:b5:08:26:17:35:0a:31:76:a6:3e:02:
                    d0:99:6c:64:5d:13:64:47:2b:79:0e:1e:d2:43:55:
                    aa:b1:6b:01:d4:18:9d:2d:fc:7e:fb:ed:2c:87:80:
                    0a:0b:79:70:5f:44:dd:50:31:f6:bd:83:f1:81:e6:
                    ab:38:36:21:c5:73:c4:ae:43:c6:ce:d8:ed:cf:58:
                    24:bc:76:06:8e:ad:ce:0f:91:2e:88:5e:c8:3f:a0:
                    be:a1:89:64:54:57:3d:99:6a:e1:7b:a0:6e:6a:62:
                    e6:73:10:b3:10:ae:59:21:05:cf:92:c8:46:db:47:
                    fc:2b:c5:94:f5:e1:6f:e3:5a:e0:76:8f:27:a6:de:
                    ca:0c:4c:a0:9d:0c:90:8e:e2:56:7d:29:f3:48:a1:
                    c9:14:58:20:8f:4e:2d:65:f9:5e:86:1d:0b:57:0b:
                    49:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:58:EC:51:AC:B1:31:40:35:74:BA:66:57:10:EB:9A:53:D6:BE:F1
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/sljsUayxMUA1dLpmVxDrmlPWvvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.192.0/20
                  83.168.64.0/22
                  83.168.71.0-83.168.91.255
                  83.168.100.0/22
                  83.168.108.0/23
                  83.168.114.0-83.168.117.255
                  83.168.120.0/23
                  83.168.126.0/23
                  185.49.29.0-185.49.31.255
                  193.239.56.0/22
                IPv6:
                  2a01:96e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:89:7d:99:0a:cb:45:d0:92:cd:00:19:4a:b5:44:20:74:2e:
         5b:b6:e3:b2:0d:e0:1d:cf:d0:ec:3c:dc:59:7a:91:cd:72:bb:
         2c:c5:37:58:d6:e3:23:a2:3a:27:45:66:48:cd:df:ba:6a:ed:
         d2:fc:9b:e3:89:57:97:d5:fb:22:d8:3d:24:a7:6d:ed:91:1b:
         1b:87:04:d7:32:fb:1b:f7:62:25:ea:28:81:07:37:02:be:e9:
         9e:eb:83:35:68:cd:48:fe:cf:09:40:31:63:c6:95:e3:a4:1f:
         71:c8:c3:49:7a:e5:b4:71:7d:b4:c5:bb:71:d6:c7:c7:94:45:
         5c:1b:ac:11:9f:83:97:35:35:82:90:b3:7a:8b:e4:c3:8e:d8:
         f2:7a:7b:c3:02:87:fa:a9:0e:2b:0b:23:f8:97:8e:40:bb:65:
         c1:3d:94:19:8c:56:83:23:ac:c0:9c:cc:28:d6:29:c9:b4:5f:
         f0:c3:8f:d8:07:44:b1:db:95:ab:9d:ff:a5:b5:41:3d:d4:6e:
         c0:51:7f:29:b9:5a:68:eb:ab:cd:27:23:0f:54:be:5c:94:6f:
         3c:2d:61:fa:74:d0:2c:8c:1c:8d:c0:ac:f0:4e:53:c9:28:ee:
         93:b7:96:c6:85:88:c7:c1:c4:ec:fa:d9:03:f7:cc:22:8b:77:
         c9:bd:4c:01
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZZsLQbFjGX7pwv7h2Yy5aNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjUwNDI1MDkwMDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjU4ZWM1MWFjYjEzMTQwMzU3NGJhNjY1NzEwZWI5YTUzZDZiZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4wzx2fYYPAGnX013JCSdiqSN9xE
PAvnlt1JgrF1bNZBejpudGIQTZHr2l3r3+HjDe9wjFZbWMwFkpgLhTXePRYJtCwp
NN4SHZNN9Fo8TL0AW/W6pIjn2VR4PnjmtQgmFzUKMXamPgLQmWxkXRNkRyt5Dh7S
Q1WqsWsB1BidLfx+++0sh4AKC3lwX0TdUDH2vYPxgearODYhxXPErkPGztjtz1gk
vHYGjq3OD5EuiF7IP6C+oYlkVFc9mWrhe6BuamLmcxCzEK5ZIQXPkshG20f8K8WU
9eFv41rgdo8npt7KDEygnQyQjuJWfSnzSKHJFFggj04tZflehh0LVwtJcQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFLJY7FGssTFANXS6ZlcQ65pT1r7xMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvc2xqc1VheXhNVUExZExwbVZ4RHJtbFBXdnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQET27AAwQC
U6hAMAwDBABTqEcDBAJTqFgDBAJTqGQDBAFTqGwwDAMEAVOocgMEAVOodAMEAVOo
eAMEAVOofjAMAwQAuTEdAwQFuTEAAwQCwe84MA0EAgACMAcDBQAqAZbgMA0GCSqG
SIb3DQEBCwUAA4IBAQBAiX2ZCstF0JLNABlKtUQgdC5btuOyDeAdz9DsPNxZepHN
crssxTdY1uMjojonRWZIzd+6au3S/JvjiVeX1fsi2D0kp23tkRsbhwTXMvsb92Il
6iiBBzcCvume64M1aM1I/s8JQDFjxpXjpB9xyMNJeuW0cX20xbtx1sfHlEVcG6wR
n4OXNTWCkLN6i+TDjtjyenvDAof6qQ4rCyP4l45Au2XBPZQZjFaDI6zAnMwo1inJ
tF/ww4/YB0Sx25Wrnf+ltUE91G7AUX8puVpo66vNJyMPVL5clG88LWH6dNAsjByN
wKzwTlPJKO6Tt5bGhYjHwcTs+tkD98wii3fJvUwB
-----END CERTIFICATE-----