Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/jTdbCe2RnfdOrrBwLUOBkm5t76Q.roa
File:                     jTdbCe2RnfdOrrBwLUOBkm5t76Q.roa (raw, json)
Hash identifier:          KMu73MBMxaZzCocogbOimpXrKfXwQK0L6krGARFG0Hw=
Subject key identifier:   8D:37:5B:09:ED:91:9D:F7:4E:AE:B0:70:2D:43:81:92:6E:6D:EF:A4
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       0195D71544276D16994584A301CD9CD72689
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/jTdbCe2RnfdOrrBwLUOBkm5t76Q.roa
Signing time:             Thu 27 Mar 2025 10:10:49 +0000
ROA not before:           Thu 27 Mar 2025 10:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     719
IP address blocks:        192.58.49.0/24 maxlen: 24
                          192.103.87.0/24 maxlen: 24
                          192.103.89.0/24 maxlen: 24
                          192.103.90.0/24 maxlen: 24
                          192.103.93.0/24 maxlen: 24
                          192.103.94.0/24 maxlen: 24
                          192.103.98.0/24 maxlen: 24
                          192.103.101.0/24 maxlen: 24
                          192.103.108.0/24 maxlen: 24
                          192.103.109.0/24 maxlen: 24
                          194.137.11.0/24 maxlen: 24
                          194.137.159.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 28 Mar 2025 07:35:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:15:44:27:6d:16:99:45:84:a3:01:cd:9c:d7:26:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Mar 27 10:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d375b09ed919df74eaeb0702d4381926e6defa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bf:42:f1:6d:d9:18:f8:f6:fb:eb:9d:0d:35:
                    f4:4b:38:52:e5:dd:59:f7:b8:9e:e0:5e:c8:ff:94:
                    98:f4:fb:c9:a1:09:f4:52:5f:0d:ec:ef:81:c1:ad:
                    b8:f8:27:62:c9:d2:fb:4a:3b:23:2d:17:ce:17:01:
                    d3:13:cf:f2:1d:fe:6d:e0:6b:e8:82:df:ed:79:ea:
                    fa:99:65:7d:59:96:51:e3:11:0b:9e:13:50:9e:64:
                    20:a9:9e:e2:94:c3:0e:ff:a5:b9:31:88:83:29:57:
                    0f:3d:72:39:b9:3a:33:c8:ae:d2:77:74:10:9d:dc:
                    9d:14:57:b4:4d:d2:e8:51:30:f0:7c:30:41:43:dd:
                    b8:04:59:99:b5:07:64:1f:db:ac:94:f5:8e:e5:89:
                    82:e6:c5:c2:40:69:ad:cf:5b:98:7a:f6:0f:49:d6:
                    f9:f4:08:3a:95:cf:9d:58:ef:d5:ad:a6:34:a7:13:
                    bb:0d:d0:7f:dd:a0:f0:22:ca:4b:f7:15:11:5b:83:
                    99:d5:a2:f3:9d:55:f5:2e:cd:73:fd:e1:4a:8d:8b:
                    c3:3c:82:0f:a7:c0:64:44:74:05:09:a8:aa:f1:9a:
                    46:23:4f:14:72:07:6e:19:c0:dd:31:02:38:d0:39:
                    fa:ec:4e:ee:a2:b8:fa:0c:0c:61:d7:a1:01:8c:04:
                    36:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:37:5B:09:ED:91:9D:F7:4E:AE:B0:70:2D:43:81:92:6E:6D:EF:A4
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/jTdbCe2RnfdOrrBwLUOBkm5t76Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.49.0/24
                  192.103.87.0/24
                  192.103.89.0-192.103.90.255
                  192.103.93.0-192.103.94.255
                  192.103.98.0/24
                  192.103.101.0/24
                  192.103.108.0/23
                  194.137.11.0/24
                  194.137.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:12:b6:ee:9d:0d:77:e0:fd:28:d8:3e:9c:69:4a:ba:d2:41:
         8d:00:28:30:5b:9d:ba:bf:c7:78:e5:9f:b5:3a:72:83:06:2a:
         9a:53:49:00:4b:dc:9e:f0:76:b7:30:6e:d7:59:16:ca:6f:00:
         45:e7:9a:d0:03:a2:ed:16:71:7a:0c:9a:ec:fe:20:2b:f1:42:
         73:15:8f:83:45:77:1a:6a:b4:d0:75:c1:5d:1e:2a:27:71:27:
         df:50:6f:e1:4f:f1:5e:e1:c0:5d:1a:ac:63:78:80:87:1b:12:
         43:8f:63:77:9a:97:1a:2c:93:a8:ba:4a:40:67:a0:90:fa:56:
         a6:d2:0e:fa:8c:45:41:d0:64:59:8b:fa:28:f3:0d:98:18:a1:
         3f:a0:c1:6a:15:fd:d7:12:d5:91:89:66:24:cf:55:66:b7:2a:
         13:17:ed:ac:31:f2:5e:a3:9c:5c:3d:cf:e8:05:30:1a:03:65:
         e9:98:a0:23:01:bc:f3:ac:7b:d8:b3:37:b5:e1:86:c6:70:09:
         38:1f:04:58:f6:f4:17:50:92:3e:38:4b:73:c9:3d:d9:3d:8e:
         e2:5d:20:f3:74:78:7c:7a:00:25:88:3d:9f:80:d7:26:d3:75:
         c0:66:1c:4d:e4:26:59:dd:b3:4d:d6:75:69:2b:68:76:62:fa:
         aa:c0:88:8e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZXXFUQnbRaZRYSjAc2c1yaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjUwMzI3MTAxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDM3NWIwOWVkOTE5ZGY3NGVhZWIwNzAyZDQzODE5MjZlNmRlZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb9C8W3ZGPj2++udDTX0SzhS5d1Z
97ie4F7I/5SY9PvJoQn0Ul8N7O+Bwa24+CdiydL7SjsjLRfOFwHTE8/yHf5t4Gvo
gt/teer6mWV9WZZR4xELnhNQnmQgqZ7ilMMO/6W5MYiDKVcPPXI5uTozyK7Sd3QQ
ndydFFe0TdLoUTDwfDBBQ924BFmZtQdkH9uslPWO5YmC5sXCQGmtz1uYevYPSdb5
9Ag6lc+dWO/VraY0pxO7DdB/3aDwIspL9xURW4OZ1aLznVX1Ls1z/eFKjYvDPIIP
p8BkRHQFCaiq8ZpGI08UcgduGcDdMQI40Dn67E7uorj6DAxh16EBjAQ2swIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI03WwntkZ33Tq6wcC1DgZJube+kMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvalRkYkNlMlJuZmRPcnJCd0xVT0JrbTV0NzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAwDoxAwQA
wGdXMAwDBADAZ1kDBADAZ1owDAMEAMBnXQMEAMBnXgMEAMBnYgMEAMBnZQMEAcBn
bAMEAMKJCwMEAMKJnzANBgkqhkiG9w0BAQsFAAOCAQEASxK27p0Nd+D9KNg+nGlK
utJBjQAoMFudur/HeOWftTpygwYqmlNJAEvcnvB2tzBu11kWym8AReea0AOi7RZx
egya7P4gK/FCcxWPg0V3Gmq00HXBXR4qJ3En31Bv4U/xXuHAXRqsY3iAhxsSQ49j
d5qXGiyTqLpKQGegkPpWptIO+oxFQdBkWYv6KPMNmBihP6DBahX91xLVkYlmJM9V
ZrcqExftrDHyXqOcXD3P6AUwGgNl6ZigIwG886x72LM3teGGxnAJOB8EWPb0F1CS
PjhLc8k92T2O4l0g83R4fHoAJYg9n4DXJtN1wGYcTeQmWd2zTdZ1aStodmL6qsCI
jg==
-----END CERTIFICATE-----