Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/GOuatpd1vNbzPpU_MMrRaYmQMic.roa
File:                     GOuatpd1vNbzPpU_MMrRaYmQMic.roa (raw, json)
Hash identifier:          OVdB72bA6szCy6jD6bfN9YARry9OiHOiRiqXWlcNKto=
Subject key identifier:   18:EB:9A:B6:97:75:BC:D6:F3:3E:95:3F:30:CA:D1:69:89:90:32:27
Certificate issuer:       /CN=17c203e3f365923a843d3220317a1c68cf74de0f
Certificate serial:       0194221F8DE05024255A158F257A82D83939
Authority key identifier: 17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/GOuatpd1vNbzPpU_MMrRaYmQMic.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12993
IP address blocks:        37.203.32.0/21 maxlen: 21
                          37.203.32.0/23 maxlen: 23
                          37.203.38.0/24 maxlen: 24
                          37.203.39.0/24 maxlen: 24
                          81.94.224.0/20 maxlen: 20
                          81.94.229.0/24 maxlen: 24
                          89.111.0.0/18 maxlen: 18
                          89.111.38.0/24 maxlen: 24
                          178.16.16.0/20 maxlen: 20
                          185.34.24.0/22 maxlen: 22
                          185.34.24.0/23 maxlen: 23
                          185.34.26.0/23 maxlen: 23
                          185.219.156.0/22 maxlen: 22
                          193.108.144.0/22 maxlen: 24
                          193.108.144.0/23 maxlen: 23
                          193.108.185.0/24 maxlen: 24
                          194.9.175.0/24 maxlen: 24
                          2a00:17c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 05 Mar 2025 06:59:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8d:e0:50:24:25:5a:15:8f:25:7a:82:d8:39:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17c203e3f365923a843d3220317a1c68cf74de0f
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18eb9ab69775bcd6f33e953f30cad16989903227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b0:93:be:f0:f1:aa:bb:db:4d:6a:92:fd:3d:
                    f1:d7:da:e9:65:4e:78:cc:17:ca:4a:2e:6c:09:35:
                    60:95:1e:d7:42:25:5c:46:84:17:8d:b7:35:43:c7:
                    2e:b2:3a:f5:08:9e:28:30:a2:54:ae:2d:f7:75:17:
                    49:66:58:ee:7d:fe:af:e4:46:b2:83:84:09:f1:2a:
                    cc:55:99:76:6a:59:b8:ab:07:73:98:46:ce:20:61:
                    cc:d5:a8:b2:b4:1c:2e:d5:d9:a6:27:21:c3:f2:6c:
                    30:71:e8:53:ca:c0:6f:45:df:d9:66:87:6d:f4:45:
                    36:3f:36:e9:d9:af:38:7f:a8:0f:d5:20:df:d0:79:
                    27:7b:f8:ca:73:78:66:4b:b1:c2:09:c5:1c:91:af:
                    0a:6e:a1:e0:c2:7e:2a:73:39:9b:71:18:c9:ca:99:
                    14:c7:8c:e3:79:3e:74:71:be:40:20:66:26:f8:06:
                    99:c9:44:0f:d6:0c:6d:aa:81:58:f4:b3:98:a0:3a:
                    7b:16:19:34:a8:9b:59:98:04:7e:55:c2:99:5e:a4:
                    56:89:36:76:e7:cc:68:c9:b1:5d:39:c4:a2:8f:34:
                    c0:7d:49:a5:6b:f4:b2:12:ef:92:4d:16:3e:29:82:
                    49:35:de:04:1d:e2:75:26:fc:0b:0f:4a:59:f9:45:
                    3e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:EB:9A:B6:97:75:BC:D6:F3:3E:95:3F:30:CA:D1:69:89:90:32:27
            X509v3 Authority Key Identifier:
                keyid:17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/GOuatpd1vNbzPpU_MMrRaYmQMic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.32.0/21
                  81.94.224.0/20
                  89.111.0.0/18
                  178.16.16.0/20
                  185.34.24.0/22
                  185.219.156.0/22
                  193.108.144.0/22
                  193.108.185.0/24
                  194.9.175.0/24
                IPv6:
                  2a00:17c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:a8:40:4c:24:5f:b3:06:18:fb:7d:84:1f:b3:fe:4e:59:01:
         a4:86:08:cc:6b:f6:2c:93:b7:bd:fc:66:61:4a:9b:6b:f9:72:
         84:86:67:54:9e:51:44:8d:ab:ab:5b:96:a2:cd:53:f5:55:64:
         c9:8c:cc:db:0a:4a:6c:9a:23:7d:f5:1c:88:27:7e:16:53:34:
         72:de:af:fd:58:78:6c:fd:a1:05:49:00:1d:36:15:2b:fc:83:
         f0:72:31:5b:30:21:ab:60:d9:45:59:b4:36:63:a4:11:ac:0e:
         0b:79:98:3c:88:f0:b6:15:a0:c7:6e:b4:7d:4c:71:e2:e2:1e:
         cb:7e:f6:09:10:5b:86:3e:54:e3:e0:60:fa:cf:79:9c:cf:16:
         36:6f:4f:0e:e4:cf:09:62:22:ba:e9:5d:98:2d:06:12:92:10:
         0b:72:22:df:97:cf:14:11:cf:51:24:a9:9c:61:cd:a8:fc:6b:
         d3:b4:6f:cd:4f:7a:4c:3a:c3:63:70:86:6c:aa:f3:ec:95:7b:
         40:d1:95:e7:9f:cb:c2:17:29:33:77:d1:20:f8:3a:8f:2f:91:
         17:e9:d2:4e:fd:5e:66:34:11:bb:d4:c2:97:9e:66:83:a0:a8:
         b7:98:49:c1:61:d1:50:c2:40:6b:fb:89:32:18:93:2b:29:75:
         0b:ef:78:8a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQiH43gUCQlWhWPJXqC2Dk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YzIwM2UzZjM2NTkyM2E4NDNkMzIyMDMxN2ExYzY4Y2Y3
NGRlMGYwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGViOWFiNjk3NzViY2Q2ZjMzZTk1M2YzMGNhZDE2OTg5OTAzMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLCTvvDxqrvbTWqS/T3x19rpZU54
zBfKSi5sCTVglR7XQiVcRoQXjbc1Q8cusjr1CJ4oMKJUri33dRdJZljuff6v5Eay
g4QJ8SrMVZl2alm4qwdzmEbOIGHM1aiytBwu1dmmJyHD8mwwcehTysBvRd/ZZodt
9EU2Pzbp2a84f6gP1SDf0Hkne/jKc3hmS7HCCcUcka8KbqHgwn4qczmbcRjJypkU
x4zjeT50cb5AIGYm+AaZyUQP1gxtqoFY9LOYoDp7Fhk0qJtZmAR+VcKZXqRWiTZ2
58xoybFdOcSijzTAfUmla/SyEu+STRY+KYJJNd4EHeJ1JvwLD0pZ+UU++wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFBjrmraXdbzW8z6VPzDK0WmJkDInMB8GA1UdIwQY
MBaAFBfCA+PzZZI6hD0yIDF6HGjPdN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMt
YWM2N2EzNmU0YWFiLzEvR091YXRwZDF2TmJ6UHBVX01NclJhWW1RTWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMtYWM2N2EzNmU0YWFi
LzEvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJcsgAwQE
UV7gAwQGWW8AAwQEshAQAwQCuSIYAwQCuducAwQCwWyQAwQAwWy5AwQAwgmvMA0E
AgACMAcDBQAqABfAMA0GCSqGSIb3DQEBCwUAA4IBAQA9qEBMJF+zBhj7fYQfs/5O
WQGkhgjMa/Ysk7e9/GZhSptr+XKEhmdUnlFEjaurW5aizVP1VWTJjMzbCkpsmiN9
9RyIJ34WUzRy3q/9WHhs/aEFSQAdNhUr/IPwcjFbMCGrYNlFWbQ2Y6QRrA4LeZg8
iPC2FaDHbrR9THHi4h7LfvYJEFuGPlTj4GD6z3mczxY2b08O5M8JYiK66V2YLQYS
khALciLfl88UEc9RJKmcYc2o/GvTtG/NT3pMOsNjcIZsqvPslXtA0ZXnn8vCFykz
d9Eg+DqPL5EX6dJO/V5mNBG71MKXnmaDoKi3mEnBYdFQwkBr+4kyGJMrKXUL73iK
-----END CERTIFICATE-----