Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/72xxoEABrsAflCEj0YR0kPBcEBc.roa
File:                     72xxoEABrsAflCEj0YR0kPBcEBc.roa (raw, json)
Hash identifier:          Szxtg9ehsWqUh1Wk0ZyjRZVIz7z/KCoo+s/BzxEkYpk=
Subject key identifier:   EF:6C:71:A0:40:01:AE:C0:1F:94:21:23:D1:84:74:90:F0:5C:10:17
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019807805D2BB7A1931BA53E1AED43250F88
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/72xxoEABrsAflCEj0YR0kPBcEBc.roa
Signing time:             Mon 14 Jul 2025 05:55:09 +0000
ROA not before:           Mon 14 Jul 2025 05:55:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        37.202.194.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.242.81.0/24 maxlen: 24
                          151.243.7.0/24 maxlen: 24
                          151.243.10.0/24 maxlen: 24
                          151.243.152.0/22 maxlen: 24
                          151.243.228.0/24 maxlen: 24
                          151.243.243.0/24 maxlen: 24
                          151.244.54.0/24 maxlen: 24
                          151.244.180.0/24 maxlen: 24
                          151.244.224.0/24 maxlen: 24
                          151.245.3.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 19 Jul 2025 08:09:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:80:5d:2b:b7:a1:93:1b:a5:3e:1a:ed:43:25:0f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jul 14 05:55:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef6c71a04001aec01f942123d1847490f05c1017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b6:b9:c6:22:17:e3:b5:48:8f:d2:0c:b8:1d:
                    99:4d:9a:3d:60:39:f9:17:48:9f:d2:ef:d1:c9:c8:
                    96:d8:56:72:2d:81:93:73:13:cc:62:9a:83:fc:97:
                    09:d2:61:7a:60:61:35:81:b7:39:a4:a3:72:9f:61:
                    e0:10:5a:33:44:ec:42:16:00:97:82:d4:e1:49:bc:
                    b1:30:c7:bf:bf:30:0e:6f:1d:43:27:8c:5b:97:2e:
                    eb:f2:09:bb:3b:2e:4c:35:63:46:92:11:f6:a6:1e:
                    42:26:4e:7b:49:03:7d:90:55:a8:06:62:5f:bb:38:
                    ec:ca:84:c7:91:b5:a5:5a:e4:55:8c:32:b9:9f:06:
                    f0:de:d6:98:e1:bc:6a:e7:c8:38:34:6c:47:46:35:
                    3d:c4:c5:6e:04:81:ea:f5:6b:db:a3:eb:a7:0e:94:
                    71:e1:4d:36:ef:57:1b:d1:d7:70:c0:84:a0:83:ab:
                    71:49:fc:38:20:fa:01:05:2e:5f:06:f6:3b:f4:25:
                    c0:3e:78:dc:6a:28:64:69:15:06:5e:78:27:55:96:
                    07:17:67:2c:54:4c:77:bf:b5:6d:02:a5:97:2d:da:
                    61:2d:0b:da:5e:39:6a:5a:6f:52:a4:1c:f2:69:8b:
                    bf:95:0c:ce:0f:97:c4:e9:8f:24:c7:11:8f:a3:9c:
                    91:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6C:71:A0:40:01:AE:C0:1F:94:21:23:D1:84:74:90:F0:5C:10:17
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/72xxoEABrsAflCEj0YR0kPBcEBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.194.0/24
                  37.202.201.0/24
                  151.242.81.0/24
                  151.243.7.0/24
                  151.243.10.0/24
                  151.243.152.0/22
                  151.243.228.0/24
                  151.243.243.0/24
                  151.244.54.0/24
                  151.244.180.0/24
                  151.244.224.0/24
                  151.245.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:76:22:12:c5:f8:98:f6:ab:9b:ec:0b:fb:75:56:b8:2b:5d:
         24:8d:f5:bc:dc:85:9c:67:9c:f3:6d:c9:98:44:22:90:d2:e5:
         71:cf:21:9c:4e:1a:81:e6:c9:d9:cf:89:08:b6:fc:cc:7e:fa:
         47:73:24:ad:65:2d:5d:30:d1:0a:c6:12:ac:de:64:01:ae:92:
         11:e6:fc:6d:75:0c:e8:f6:74:fe:e1:c6:51:e3:af:df:d6:a8:
         60:ac:97:4d:8a:23:b1:ef:62:1e:83:45:ba:6f:30:05:7f:a6:
         59:46:13:08:06:ec:40:54:92:8d:34:95:9a:89:8a:5a:11:e7:
         39:2a:b6:12:88:dd:54:32:e0:a8:4d:e6:d6:29:96:a6:04:1b:
         62:05:ec:b7:5e:7d:bc:c0:8c:26:1e:e0:db:c8:28:2e:e7:b8:
         30:90:e3:fd:e0:94:5b:55:4c:a0:3c:4c:27:7e:b8:0c:b8:11:
         4f:1f:ee:f2:af:5a:e0:6e:a3:12:b8:d6:e0:8c:28:91:5a:c1:
         b3:5c:45:dc:40:61:50:51:62:97:45:c8:9f:d0:c7:15:3c:68:
         23:3e:24:eb:1e:8a:4a:07:90:36:d5:7f:ab:90:8c:a3:d8:4f:
         a9:b3:c2:ce:23:e1:3d:e5:d8:29:99:02:fd:da:f6:45:4f:10:
         fd:a9:96:0b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZgHgF0rt6GTG6U+Gu1DJQ+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE0MDU1NTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjZjNzFhMDQwMDFhZWMwMWY5NDIxMjNkMTg0NzQ5MGYwNWMxMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqba5xiIX47VIj9IMuB2ZTZo9YDn5
F0if0u/RyciW2FZyLYGTcxPMYpqD/JcJ0mF6YGE1gbc5pKNyn2HgEFozROxCFgCX
gtThSbyxMMe/vzAObx1DJ4xbly7r8gm7Oy5MNWNGkhH2ph5CJk57SQN9kFWoBmJf
uzjsyoTHkbWlWuRVjDK5nwbw3taY4bxq58g4NGxHRjU9xMVuBIHq9Wvbo+unDpRx
4U0271cb0ddwwISgg6txSfw4IPoBBS5fBvY79CXAPnjcaihkaRUGXngnVZYHF2cs
VEx3v7VtAqWXLdphLQvaXjlqWm9SpBzyaYu/lQzOD5fE6Y8kxxGPo5yRqwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFO9scaBAAa7AH5QhI9GEdJDwXBAXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNzJ4eG9FQUJyc0FmbENFajBZUjBrUEJjRUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAJcrCAwQA
JcrJAwQAl/JRAwQAl/MHAwQAl/MKAwQCl/OYAwQAl/PkAwQAl/PzAwQAl/Q2AwQA
l/S0AwQAl/TgAwQAl/UDMA0GCSqGSIb3DQEBCwUAA4IBAQB0diISxfiY9qub7Av7
dVa4K10kjfW83IWcZ5zzbcmYRCKQ0uVxzyGcThqB5snZz4kItvzMfvpHcyStZS1d
MNEKxhKs3mQBrpIR5vxtdQzo9nT+4cZR46/f1qhgrJdNiiOx72Ieg0W6bzAFf6ZZ
RhMIBuxAVJKNNJWaiYpaEec5KrYSiN1UMuCoTebWKZamBBtiBey3Xn28wIwmHuDb
yCgu57gwkOP94JRbVUygPEwnfrgMuBFPH+7yr1rgbqMSuNbgjCiRWsGzXEXcQGFQ
UWKXRcif0McVPGgjPiTrHopKB5A21X+rkIyj2E+ps8LOI+E95dgpmQL92vZFTxD9
qZYL
-----END CERTIFICATE-----