Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa
File:                     bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa (raw, json)
Hash identifier:          8hDjqTZcpLp/vaexL4Qer1wdIuo57wRv8RT8FKNfPBg=
Subject key identifier:   6E:A6:3C:64:E6:FB:EB:E7:7F:4B:A6:8E:5B:EB:99:42:78:DA:40:CD
Certificate issuer:       /CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
Certificate serial:       0194279E14C29EC9D89790328649224CB556
Authority key identifier: 70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa
Signing time:             Thu 02 Jan 2025 15:24:18 +0000
ROA not before:           Thu 02 Jan 2025 15:24:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60785
IP address blocks:        185.25.224.0/22 maxlen: 22
                          185.25.224.0/24 maxlen: 24
                          185.25.227.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 07 Jan 2025 16:59:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:9e:14:c2:9e:c9:d8:97:90:32:86:49:22:4c:b5:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
        Validity
            Not Before: Jan  2 15:24:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ea63c64e6fbebe77f4ba68e5beb994278da40cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:c6:55:60:f5:a3:ea:0e:45:84:cf:cc:4c:
                    f1:10:de:2d:1e:e2:21:f5:cb:d2:11:50:9b:ab:12:
                    a6:b4:fe:d6:00:b0:dc:9e:0c:92:ad:1c:34:c1:07:
                    4c:4d:d7:06:35:c2:3f:8a:bf:e0:61:e1:51:07:8f:
                    02:18:47:36:83:7d:bc:a9:a6:59:e4:f1:6f:32:46:
                    53:9f:63:43:92:a3:ba:e4:d8:af:ff:d6:97:e0:10:
                    d6:28:91:53:e7:f8:f9:17:34:7f:cc:33:51:d1:fc:
                    a8:f4:77:9c:70:51:3b:d5:49:b4:9f:5a:1b:94:b5:
                    10:52:af:2d:e7:20:73:8a:66:d4:84:9e:e4:3d:69:
                    21:24:e1:0e:81:76:92:de:d2:d7:bc:39:6a:97:ea:
                    c8:7b:a3:a0:80:fc:7e:ce:42:d2:30:f1:ac:98:c9:
                    ed:f0:58:23:bf:2d:57:0f:d9:9b:68:9e:a5:ef:6c:
                    0a:9c:fe:35:e0:62:4f:6a:09:2d:9e:a5:7e:15:ae:
                    d6:4a:25:5e:ce:dd:39:25:3e:f6:91:f9:f2:16:af:
                    51:84:4e:7d:3d:81:c4:db:cb:26:32:7d:64:aa:9c:
                    ee:c4:87:70:a3:4e:3b:a0:bb:b4:0c:fa:85:17:d0:
                    ea:49:9e:9f:3f:a1:53:16:50:fa:db:35:01:43:79:
                    44:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A6:3C:64:E6:FB:EB:E7:7F:4B:A6:8E:5B:EB:99:42:78:DA:40:CD
            X509v3 Authority Key Identifier:
                keyid:70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:44:f8:bf:26:c1:52:6a:e2:fe:06:d4:d9:e2:eb:9f:b0:b0:
         e0:4b:3c:19:77:0d:d0:ef:5c:e8:f8:26:a8:d2:c3:24:59:d1:
         ed:08:3d:5b:7b:c0:68:c2:52:00:d0:59:29:3e:9b:c1:85:d8:
         a9:bd:28:71:bd:12:e4:8b:08:d3:23:8c:4d:62:77:ea:bf:92:
         db:1e:97:9f:06:75:b4:4d:20:57:fc:20:6c:f8:33:1e:e6:69:
         f5:7a:eb:89:c3:d7:a1:b6:48:e6:e7:45:a1:33:6d:fc:70:f9:
         35:91:29:99:e0:87:2c:c0:e7:7a:9e:eb:c0:ba:22:79:62:5e:
         c8:c3:b5:82:68:24:27:17:cd:88:c3:bb:d1:bf:65:38:93:c4:
         0b:e4:a9:1e:8c:49:76:82:b4:3b:29:69:dd:b6:50:1b:86:a5:
         7a:b1:3a:fd:9e:e8:8b:a9:48:b3:fa:33:8e:56:fe:b3:47:55:
         7e:cd:2c:a8:90:36:db:a5:bf:15:06:f5:44:7d:38:b2:47:7d:
         4b:9e:bc:2a:75:ea:99:10:c4:63:8f:7d:85:7c:f7:f6:55:60:
         ae:ff:2f:3a:d0:0f:84:d3:a0:0a:1c:eb:54:10:4d:47:ba:af:
         6f:55:a8:2f:46:3b:5e:72:ba:84:5c:9b:97:67:a3:1f:dc:a6:
         c2:bf:2a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnnhTCnsnYl5AyhkkiTLVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTc2OTI5Y2JlMjFjZWRkOTRjMDEyYmE1OGJiMGI2ZjEy
OTcyMmUwHhcNMjUwMTAyMTUyNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWE2M2M2NGU2ZmJlYmU3N2Y0YmE2OGU1YmViOTk0Mjc4ZGE0MGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY7GVWD1o+oORYTPzEzxEN4tHuIh
9cvSEVCbqxKmtP7WALDcngySrRw0wQdMTdcGNcI/ir/gYeFRB48CGEc2g328qaZZ
5PFvMkZTn2NDkqO65Niv/9aX4BDWKJFT5/j5FzR/zDNR0fyo9HeccFE71Um0n1ob
lLUQUq8t5yBzimbUhJ7kPWkhJOEOgXaS3tLXvDlql+rIe6OggPx+zkLSMPGsmMnt
8Fgjvy1XD9mbaJ6l72wKnP414GJPagktnqV+Fa7WSiVezt05JT72kfnyFq9RhE59
PYHE28smMn1kqpzuxIdwo047oLu0DPqFF9DqSZ6fP6FTFlD62zUBQ3lEsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6mPGTm++vnf0umjlvrmUJ42kDNMB8GA1UdIwQY
MBaAFHCnaSnL4hzt2UwBK6WLsLbxKXIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQt
YTQwOWUyMmEyNDNlLzEvYnFZOFpPYjc2LWRfUzZhT1ctdVpRbmphUU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQtYTQwOWUyMmEyNDNl
LzEvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRngMA0G
CSqGSIb3DQEBCwUAA4IBAQBERPi/JsFSauL+BtTZ4uufsLDgSzwZdw3Q71zo+Cao
0sMkWdHtCD1be8BowlIA0FkpPpvBhdipvShxvRLkiwjTI4xNYnfqv5LbHpefBnW0
TSBX/CBs+DMe5mn1euuJw9ehtkjm50WhM238cPk1kSmZ4IcswOd6nuvAuiJ5Yl7I
w7WCaCQnF82Iw7vRv2U4k8QL5KkejEl2grQ7KWndtlAbhqV6sTr9nuiLqUiz+jOO
Vv6zR1V+zSyokDbbpb8VBvVEfTiyR31LnrwqdeqZEMRjj32FfPf2VWCu/y860A+E
06AKHOtUEE1Huq9vVagvRjtecrqEXJuXZ6Mf3KbCvyom
-----END CERTIFICATE-----
Generated at Tue Apr 29 23:33:27 2025 by rpki-client