Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WNQwYA3YmfFg7Qh43NE52iNlw1M.roa
File:                     WNQwYA3YmfFg7Qh43NE52iNlw1M.roa (raw, json)
Hash identifier:          /worGqDhyxWk4hvJrxNzFA4MxPrLeCRUOyatvcFuQxc=
Subject key identifier:   58:D4:30:60:0D:D8:99:F1:60:ED:08:78:DC:D1:39:DA:23:65:C3:53
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019859940857F66C206AA8B89ACA207690B9
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WNQwYA3YmfFg7Qh43NE52iNlw1M.roa
Signing time:             Wed 30 Jul 2025 04:25:30 +0000
ROA not before:           Wed 30 Jul 2025 04:25:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        151.240.128.0/21 maxlen: 24
                          151.240.136.0/21 maxlen: 24
                          151.240.171.0/24 maxlen: 24
                          151.241.132.0/22 maxlen: 22
                          151.241.232.0/21 maxlen: 24
                          151.242.56.0/24 maxlen: 24
                          151.243.8.0/23 maxlen: 23
                          151.243.204.0/23 maxlen: 23
                          151.244.16.0/21 maxlen: 21
                          151.245.56.0/22 maxlen: 22
                          151.245.187.0/24 maxlen: 24
                          151.245.188.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 06 Aug 2025 04:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:59:94:08:57:f6:6c:20:6a:a8:b8:9a:ca:20:76:90:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 30 04:25:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58d430600dd899f160ed0878dcd139da2365c353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:46:f8:de:ef:1f:c0:39:75:69:23:7f:1d:5b:
                    03:58:24:b0:bb:04:82:da:e5:cc:d7:e7:77:3b:1d:
                    43:31:98:65:24:69:0b:ea:bc:03:4b:9a:08:5a:3a:
                    d7:5d:8e:19:de:1d:7c:2d:00:b5:fa:78:37:2d:57:
                    c6:74:3c:ef:84:c4:92:a6:7e:5d:76:09:f5:30:1b:
                    29:54:df:83:59:2f:60:5d:0c:93:ef:13:bb:66:42:
                    fd:bd:3f:b4:b2:6c:9d:87:d6:2c:00:4a:39:aa:32:
                    c5:fe:87:21:17:59:a7:39:fd:ad:3f:aa:72:e2:12:
                    68:0e:17:ae:7a:8e:12:0c:5b:4c:d0:dc:ab:ba:be:
                    4e:ae:89:55:7f:55:33:86:eb:92:99:b2:a4:d1:8c:
                    ad:30:5f:f1:54:d0:d3:33:6c:21:ca:88:25:c3:ad:
                    51:ff:94:5b:5f:86:5d:28:3a:c4:de:aa:ca:9a:e9:
                    08:7b:d8:1b:6b:93:7f:e4:1f:35:64:2d:43:06:43:
                    bf:47:ff:85:1b:e0:3c:cd:d3:96:88:cc:88:45:5f:
                    2e:61:3b:04:bd:00:29:64:65:f7:62:5c:d7:67:54:
                    24:24:d0:83:5f:ba:bb:9c:3b:14:14:f0:78:24:4d:
                    9f:06:47:93:cf:d0:49:98:c7:80:dc:f6:c2:4c:3f:
                    53:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D4:30:60:0D:D8:99:F1:60:ED:08:78:DC:D1:39:DA:23:65:C3:53
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/WNQwYA3YmfFg7Qh43NE52iNlw1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.240.128.0/20
                  151.240.171.0/24
                  151.241.132.0/22
                  151.241.232.0/21
                  151.242.56.0/24
                  151.243.8.0/23
                  151.243.204.0/23
                  151.244.16.0/21
                  151.245.56.0/22
                  151.245.187.0-151.245.188.255

    Signature Algorithm: sha256WithRSAEncryption
         05:c1:46:96:62:26:14:81:d6:1b:c9:19:69:81:3a:6b:5a:7a:
         fc:2f:1f:5c:81:c0:f8:9b:34:1c:ac:28:4f:09:b7:96:91:8e:
         1c:91:79:52:49:46:32:12:bd:fa:36:55:22:c5:d4:2e:d8:6f:
         bc:57:b6:66:8c:c4:96:dd:7f:1c:48:2f:12:e2:5d:67:ff:e8:
         3b:34:1b:e5:19:d9:d6:57:9f:f2:86:8a:e8:6a:1d:e4:73:4f:
         ab:c7:8b:37:29:90:89:9f:49:a4:61:28:dc:e0:99:fe:d7:36:
         12:28:45:5c:fb:21:3e:12:53:e5:f3:f6:38:a6:c2:49:77:d2:
         3d:a1:d0:5c:45:a0:b4:c0:25:f7:42:d6:ea:58:1b:95:87:28:
         46:0a:3a:9b:93:a8:7b:30:00:2e:8e:41:d8:41:a5:53:37:77:
         1f:d8:16:1b:1a:fa:08:bf:d7:81:50:3d:d7:f4:06:00:40:6e:
         f0:e2:46:b2:80:88:bb:f6:ec:1d:d2:f6:69:51:2a:d5:7a:12:
         cb:0b:39:cc:ae:63:4e:1f:05:c9:03:a3:e4:16:bc:82:76:e6:
         17:fb:d2:2c:9d:44:15:0d:f3:3f:21:5d:36:1c:a5:96:33:e9:
         16:1f:a9:fd:08:9c:5c:69:80:65:09:bb:63:1c:37:54:4c:c8:
         e5:30:37:ad
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZhZlAhX9mwgaqi4msogdpC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzMwMDQyNTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ0MzA2MDBkZDg5OWYxNjBlZDA4NzhkY2QxMzlkYTIzNjVjMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUb43u8fwDl1aSN/HVsDWCSwuwSC
2uXM1+d3Ox1DMZhlJGkL6rwDS5oIWjrXXY4Z3h18LQC1+ng3LVfGdDzvhMSSpn5d
dgn1MBspVN+DWS9gXQyT7xO7ZkL9vT+0smydh9YsAEo5qjLF/ochF1mnOf2tP6py
4hJoDheueo4SDFtM0Nyrur5OrolVf1UzhuuSmbKk0YytMF/xVNDTM2whyoglw61R
/5RbX4ZdKDrE3qrKmukIe9gba5N/5B81ZC1DBkO/R/+FG+A8zdOWiMyIRV8uYTsE
vQApZGX3YlzXZ1QkJNCDX7q7nDsUFPB4JE2fBkeTz9BJmMeA3PbCTD9TcQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFjUMGAN2JnxYO0IeNzROdojZcNTMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvV05Rd1lBM1ltZkZnN1FoNDNORTUyaU5sdzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQEl/CAAwQA
l/CrAwQCl/GEAwQDl/HoAwQAl/I4AwQBl/MIAwQBl/PMAwQDl/QQAwQCl/U4MAwD
BACX9bsDBACX9bwwDQYJKoZIhvcNAQELBQADggEBAAXBRpZiJhSB1hvJGWmBOmta
evwvH1yBwPibNBysKE8Jt5aRjhyReVJJRjISvfo2VSLF1C7Yb7xXtmaMxJbdfxxI
LxLiXWf/6Ds0G+UZ2dZXn/KGiuhqHeRzT6vHizcpkImfSaRhKNzgmf7XNhIoRVz7
IT4SU+Xz9jimwkl30j2h0FxFoLTAJfdC1upYG5WHKEYKOpuTqHswAC6OQdhBpVM3
dx/YFhsa+gi/14FQPdf0BgBAbvDiRrKAiLv27B3S9mlRKtV6EssLOcyuY04fBckD
o+QWvIJ25hf70iydRBUN8z8hXTYcpZYz6RYfqf0InFxpgGUJu2McN1RMyOUwN60=
-----END CERTIFICATE-----