Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8yQsRLsgIz1Fu_WJfGF3lXfC5YU.roa
File:                     8yQsRLsgIz1Fu_WJfGF3lXfC5YU.roa (raw, json)
Hash identifier:          g7EINw3fG85AVDEbtXwUIBEsK7X5qlJzBkAK+X8Ivho=
Subject key identifier:   F3:24:2C:44:BB:20:23:3D:45:BB:F5:89:7C:61:77:95:77:C2:E5:85
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01975835FC5E00A0BFFF2D1675C7A7844057
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8yQsRLsgIz1Fu_WJfGF3lXfC5YU.roa
Signing time:             Tue 10 Jun 2025 05:00:22 +0000
ROA not before:           Tue 10 Jun 2025 05:00:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        151.240.45.0/24 maxlen: 24
                          151.240.120.0/23 maxlen: 23
                          151.242.45.0/24 maxlen: 24
                          151.242.57.0/24 maxlen: 24
                          151.242.158.0/24 maxlen: 24
                          151.242.204.0/22 maxlen: 22
                          151.243.2.0/24 maxlen: 24
                          151.243.105.0/24 maxlen: 24
                          151.243.159.0/24 maxlen: 24
                          151.243.248.0/22 maxlen: 22
                          151.244.57.0/24 maxlen: 24
                          151.244.111.0/24 maxlen: 24
                          151.244.115.0/24 maxlen: 24
                          151.245.116.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Fri 13 Jun 2025 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:58:35:fc:5e:00:a0:bf:ff:2d:16:75:c7:a7:84:40:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 10 05:00:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3242c44bb20233d45bbf5897c61779577c2e585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:f8:22:17:33:80:b9:44:8a:b6:23:0c:6f:
                    82:48:1b:01:50:5a:ca:db:0c:a5:5d:e5:f5:e4:e8:
                    65:6a:a4:00:b1:55:17:d3:e7:b3:09:f8:c0:ee:f8:
                    d8:61:ae:76:4b:f6:31:a1:ab:fd:e9:e9:16:30:8a:
                    a1:48:7d:37:25:4d:85:41:5b:cc:f0:b2:d7:7b:98:
                    f2:e9:06:66:58:f8:9b:4a:e2:82:50:b1:99:4a:86:
                    eb:46:35:38:61:0f:bf:a1:dc:33:cc:41:42:04:45:
                    c7:57:75:66:fe:66:70:af:cf:61:2b:32:d3:ec:03:
                    8c:87:66:e9:55:8d:bb:c9:6e:3a:98:40:b7:6a:b3:
                    c4:50:87:0a:72:b8:61:ce:51:e3:ca:d2:63:c4:ec:
                    f2:21:df:24:7b:2e:b2:31:f4:0e:1a:c6:c9:08:0f:
                    35:79:bf:af:13:88:ba:98:3a:48:84:bc:82:01:71:
                    1b:39:d7:0a:be:c7:47:ce:bc:03:ae:77:e5:52:01:
                    7d:cb:52:26:53:bd:be:ce:d2:fa:5f:c1:79:ca:0f:
                    4e:89:1c:0f:22:dd:3c:99:6f:47:78:93:93:3f:da:
                    20:6c:2e:12:5a:a9:74:f5:bb:f0:5a:30:65:da:ca:
                    51:6f:36:b2:33:33:1a:d1:d5:ab:f7:b1:a2:d2:a9:
                    2d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:24:2C:44:BB:20:23:3D:45:BB:F5:89:7C:61:77:95:77:C2:E5:85
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8yQsRLsgIz1Fu_WJfGF3lXfC5YU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.45.0/24
                  151.240.120.0/23
                  151.242.45.0/24
                  151.242.57.0/24
                  151.242.158.0/24
                  151.242.204.0/22
                  151.243.2.0/24
                  151.243.105.0/24
                  151.243.159.0/24
                  151.243.248.0/22
                  151.244.57.0/24
                  151.244.111.0/24
                  151.244.115.0/24
                  151.245.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:20:01:f8:c5:1d:65:b5:9d:c5:06:50:93:d2:b1:9c:c5:5c:
         9d:46:56:f1:c5:4e:74:6d:4e:69:36:c7:bd:d1:a5:71:49:36:
         0f:26:5a:17:f4:77:e0:09:55:99:17:50:cb:88:36:d0:34:37:
         43:fa:af:1d:72:f7:8b:44:e4:c4:4c:53:53:1b:65:ef:54:9b:
         2e:0b:ce:22:d2:d1:34:61:ea:c3:ce:75:42:39:16:1c:04:d0:
         fc:49:a5:8f:34:66:94:2f:54:d1:ef:af:a8:b9:c6:88:f0:b4:
         02:ec:2c:b5:f5:40:4b:04:43:0e:80:89:c3:a5:34:05:11:fb:
         e7:9f:06:32:79:91:42:37:2b:5e:93:f8:fa:6e:b0:1d:be:ce:
         a1:43:15:3a:32:44:a4:ce:66:72:28:c2:1c:23:34:53:3c:d7:
         e3:6f:b8:d0:29:eb:08:3d:89:31:70:c2:6c:dc:95:fb:f9:33:
         fc:02:a1:3f:13:c0:73:a4:bf:35:20:8d:da:b6:57:b1:71:ea:
         de:de:68:da:78:1b:32:a7:45:34:2a:e0:f8:6d:28:e1:ec:53:
         82:d3:d2:26:de:58:47:18:ab:c6:45:91:f7:b4:62:c7:49:6f:
         de:7e:c2:0e:ef:fd:aa:2c:35:e5:29:41:0e:6e:e7:d5:df:25:
         57:f9:82:e0
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZdYNfxeAKC//y0WdcenhEBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjEwMDUwMDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzI0MmM0NGJiMjAyMzNkNDViYmY1ODk3YzYxNzc5NTc3YzJlNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBn4IhczgLlEirYjDG+CSBsBUFrK
2wylXeX15OhlaqQAsVUX0+ezCfjA7vjYYa52S/Yxoav96ekWMIqhSH03JU2FQVvM
8LLXe5jy6QZmWPibSuKCULGZSobrRjU4YQ+/odwzzEFCBEXHV3Vm/mZwr89hKzLT
7AOMh2bpVY27yW46mEC3arPEUIcKcrhhzlHjytJjxOzyId8key6yMfQOGsbJCA81
eb+vE4i6mDpIhLyCAXEbOdcKvsdHzrwDrnflUgF9y1ImU72+ztL6X8F5yg9OiRwP
It08mW9HeJOTP9ogbC4SWql09bvwWjBl2spRbzayMzMa0dWr97Gi0qktAwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFPMkLES7ICM9Rbv1iXxhd5V3wuWFMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOHlRc1JMc2dJejFGdV9XSmZHRjNsWGZDNVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAl/AtAwQB
l/B4AwQAl/ItAwQAl/I5AwQAl/KeAwQCl/LMAwQAl/MCAwQAl/NpAwQAl/OfAwQC
l/P4AwQAl/Q5AwQAl/RvAwQAl/RzAwQCl/V0MA0GCSqGSIb3DQEBCwUAA4IBAQCa
IAH4xR1ltZ3FBlCT0rGcxVydRlbxxU50bU5pNse90aVxSTYPJloX9HfgCVWZF1DL
iDbQNDdD+q8dcveLROTETFNTG2XvVJsuC84i0tE0YerDznVCORYcBND8SaWPNGaU
L1TR76+oucaI8LQC7Cy19UBLBEMOgInDpTQFEfvnnwYyeZFCNytek/j6brAdvs6h
QxU6MkSkzmZyKMIcIzRTPNfjb7jQKesIPYkxcMJs3JX7+TP8AqE/E8BzpL81II3a
tlexcere3mjaeBsyp0U0KuD4bSjh7FOC09Im3lhHGKvGRZH3tGLHSW/efsIO7/2q
LDXlKUEObufV3yVX+YLg
-----END CERTIFICATE-----