Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/F72R0MK4kiZKaeBVUAKjZS6T_o0.roa
File:                     F72R0MK4kiZKaeBVUAKjZS6T_o0.roa (raw, json)
Hash identifier:          D0MJstBHM/6YXd2Wfrz/cq6kEgr81ccGXA15sUvT47Q=
Subject key identifier:   17:BD:91:D0:C2:B8:92:26:4A:69:E0:55:50:02:A3:65:2E:93:FE:8D
Certificate issuer:       /CN=06e4bbdab896e66113f351b4d9c82df50e66a712
Certificate serial:       0197370FE4B54D8BE77A2A13EFAF8BCBF16C
Authority key identifier: 06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/F72R0MK4kiZKaeBVUAKjZS6T_o0.roa
Signing time:             Tue 03 Jun 2025 18:31:17 +0000
ROA not before:           Tue 03 Jun 2025 18:31:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15497
IP address blocks:        31.28.160.0/22 maxlen: 22
                          31.28.164.0/22 maxlen: 22
                          31.28.168.0/22 maxlen: 24
                          31.28.169.0/24 maxlen: 24
                          31.28.172.0/22 maxlen: 22
                          31.28.176.0/22 maxlen: 22
                          31.28.180.0/22 maxlen: 22
                          31.28.184.0/22 maxlen: 22
                          31.28.184.0/24 maxlen: 24
                          31.28.188.0/22 maxlen: 22
                          31.28.188.0/24 maxlen: 24
                          31.28.190.0/24 maxlen: 24
                          31.28.191.0/24 maxlen: 24
                          62.149.0.0/19 maxlen: 24
                          62.149.2.0/24 maxlen: 24
                          62.149.10.0/24 maxlen: 24
                          62.149.15.0/24 maxlen: 24
                          2a03:6300::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 05:28:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:0f:e4:b5:4d:8b:e7:7a:2a:13:ef:af:8b:cb:f1:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06e4bbdab896e66113f351b4d9c82df50e66a712
        Validity
            Not Before: Jun  3 18:31:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17bd91d0c2b892264a69e0555002a3652e93fe8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:f7:31:ec:d1:fc:5f:e8:53:6f:7b:c7:8b:
                    d3:35:da:c1:17:e4:79:76:7c:2a:0c:6a:b7:20:35:
                    61:aa:14:12:0c:07:8e:d8:0e:fb:09:90:8f:5a:bd:
                    cc:9b:0d:3f:c5:c3:3c:a8:bb:24:3e:9d:a5:d1:04:
                    c9:32:1e:c6:52:65:7e:cc:f2:f6:59:c3:f0:5f:7d:
                    95:1c:6e:36:64:a7:54:2e:4c:52:27:9a:94:3b:be:
                    82:62:be:bb:86:61:de:5d:2a:5d:42:65:3e:7e:b9:
                    d7:d9:1e:0e:79:61:4a:2d:09:0f:b1:41:82:a8:7c:
                    83:9b:5e:c4:b1:2c:95:81:9a:f0:cd:b5:3e:e0:73:
                    4f:a2:f5:d8:29:1d:f6:1c:ec:10:ac:37:49:54:34:
                    22:34:0a:3a:ff:d1:00:90:4b:42:c5:e1:c8:7f:8a:
                    b2:f8:36:5e:39:3b:ac:0f:ea:77:63:d8:e3:a4:4f:
                    db:f9:13:b8:96:83:d4:8f:66:98:f5:c5:b6:cb:1e:
                    55:5d:fb:e6:5b:34:75:7e:e4:60:77:96:c0:e2:52:
                    04:6a:5d:f6:af:73:a9:57:aa:fb:5d:45:73:7d:3d:
                    97:03:1e:a8:3b:2c:67:96:d1:01:d9:62:5d:81:3b:
                    99:ba:4b:ed:b2:fe:52:88:45:b9:69:de:04:14:b3:
                    70:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BD:91:D0:C2:B8:92:26:4A:69:E0:55:50:02:A3:65:2E:93:FE:8D
            X509v3 Authority Key Identifier:
                keyid:06:E4:BB:DA:B8:96:E6:61:13:F3:51:B4:D9:C8:2D:F5:0E:66:A7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BuS72riW5mET81G02cgt9Q5mpxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/F72R0MK4kiZKaeBVUAKjZS6T_o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d99947-2298-422f-9da0-fe0d28b68cd5/1/BuS72riW5mET81G02cgt9Q5mpxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.28.160.0/19
                  62.149.0.0/19
                IPv6:
                  2a03:6300::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:f9:e6:a1:72:ab:56:a5:84:ca:e6:4a:c0:77:cc:56:08:d0:
         de:c4:7e:6e:e4:08:9b:db:11:19:9f:10:4a:09:fd:e1:a2:4a:
         f8:81:64:46:d9:1a:e1:d5:54:04:09:f9:92:69:68:db:35:af:
         3b:ec:b9:ea:35:ba:bf:fa:c4:f2:c6:dc:d1:85:89:c4:5f:69:
         d8:18:06:ec:1f:0a:c7:32:78:8c:12:2f:b9:69:96:82:df:a7:
         16:8c:02:b9:a7:41:5c:f8:25:06:aa:b4:38:fa:83:2a:27:e7:
         d8:ac:4b:44:7d:da:35:9f:e9:d5:15:49:2d:cb:32:8c:33:96:
         87:f6:e9:42:66:ec:0c:9d:73:61:65:9e:7c:3f:85:23:8f:73:
         ca:0e:8a:30:2a:7f:10:ba:38:3b:21:8d:d5:b6:ef:85:37:d8:
         0f:fa:e9:26:10:27:c0:26:01:88:a5:b1:de:bd:30:1c:1f:e3:
         fd:2c:0f:62:b9:d1:e8:4b:88:43:88:b2:fd:99:56:cf:d9:8c:
         b3:60:b0:f9:26:3e:cf:ea:d7:32:54:43:2e:8e:e2:4b:70:aa:
         f9:d6:2c:4b:b4:64:81:20:98:d8:17:ae:0d:18:83:20:8d:98:
         55:44:18:bd:f9:ec:32:68:f7:6c:44:d9:50:97:0f:22:9e:d9:
         4a:7c:ef:f6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZc3D+S1TYvneioT76+Ly/FsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZTRiYmRhYjg5NmU2NjExM2YzNTFiNGQ5YzgyZGY1MGU2
NmE3MTIwHhcNMjUwNjAzMTgzMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JkOTFkMGMyYjg5MjI2NGE2OWUwNTU1MDAyYTM2NTJlOTNmZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbr3MezR/F/oU297x4vTNdrBF+R5
dnwqDGq3IDVhqhQSDAeO2A77CZCPWr3Mmw0/xcM8qLskPp2l0QTJMh7GUmV+zPL2
WcPwX32VHG42ZKdULkxSJ5qUO76CYr67hmHeXSpdQmU+frnX2R4OeWFKLQkPsUGC
qHyDm17EsSyVgZrwzbU+4HNPovXYKR32HOwQrDdJVDQiNAo6/9EAkEtCxeHIf4qy
+DZeOTusD+p3Y9jjpE/b+RO4loPUj2aY9cW2yx5VXfvmWzR1fuRgd5bA4lIEal32
r3OpV6r7XUVzfT2XAx6oOyxnltEB2WJdgTuZukvtsv5SiEW5ad4EFLNwsQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBe9kdDCuJImSmngVVACo2Uuk/6NMB8GA1UdIwQY
MBaAFAbku9q4luZhE/NRtNnILfUOZqcSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAt
ZmUwZDI4YjY4Y2Q1LzEvRjcyUjBNSzRraVpLYWVCVlVBS2paUzZUX28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kOTk5NDctMjI5OC00MjJmLTlkYTAtZmUwZDI4YjY4Y2Q1
LzEvQnVTNzJyaVc1bUVUODFHMDJjZ3Q5UTVtcHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFHxygAwQF
PpUAMA0EAgACMAcDBQAqA2MAMA0GCSqGSIb3DQEBCwUAA4IBAQBe+eahcqtWpYTK
5krAd8xWCNDexH5u5Aib2xEZnxBKCf3hokr4gWRG2Rrh1VQECfmSaWjbNa877Lnq
Nbq/+sTyxtzRhYnEX2nYGAbsHwrHMniMEi+5aZaC36cWjAK5p0Fc+CUGqrQ4+oMq
J+fYrEtEfdo1n+nVFUktyzKMM5aH9ulCZuwMnXNhZZ58P4Ujj3PKDoowKn8Qujg7
IY3Vtu+FN9gP+ukmECfAJgGIpbHevTAcH+P9LA9iudHoS4hDiLL9mVbP2YyzYLD5
Jj7P6tcyVEMujuJLcKr51ixLtGSBIJjYF64NGIMgjZhVRBi9+ewyaPdsRNlQlw8i
ntlKfO/2
-----END CERTIFICATE-----