Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/vc9CqyAbGU51g9o37OTY1e272m4.roa
File:                     vc9CqyAbGU51g9o37OTY1e272m4.roa (raw, json)
Hash identifier:          AwjzQqlyDWWe3fXs+gwI3+Fe4dYqaELNMbsAABSvvHQ=
Subject key identifier:   BD:CF:42:AB:20:1B:19:4E:75:83:DA:37:EC:E4:D8:D5:ED:BB:DA:6E
Certificate issuer:       /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial:       0197D084A1B760E1F74ADAC4A80053BF2574
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/vc9CqyAbGU51g9o37OTY1e272m4.roa
Signing time:             Thu 03 Jul 2025 13:40:42 +0000
ROA not before:           Thu 03 Jul 2025 13:40:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62370
IP address blocks:        5.104.224.0/21 maxlen: 21
                          37.148.160.0/21 maxlen: 21
                          77.95.224.0/21 maxlen: 21
                          78.41.200.0/21 maxlen: 21
                          89.207.128.0/21 maxlen: 21
                          128.204.192.0/20 maxlen: 20
                          185.62.56.0/22 maxlen: 22
                          193.33.60.0/23 maxlen: 23
                          193.34.166.0/23 maxlen: 23
                          2a00:7b80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 03 Jul 2025 14:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:84:a1:b7:60:e1:f7:4a:da:c4:a8:00:53:bf:25:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
        Validity
            Not Before: Jul  3 13:40:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdcf42ab201b194e7583da37ece4d8d5edbbda6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:21:6f:15:4f:0e:f7:be:c5:50:fa:43:8b:34:
                    84:2c:97:c5:4a:16:31:03:0c:c3:57:17:7c:c6:30:
                    f5:fb:ae:88:3e:0b:e9:66:8f:4e:42:1f:b4:57:b5:
                    53:16:f4:93:7f:87:bb:a6:c4:e9:be:62:89:b4:da:
                    66:bf:b4:f5:78:b5:7c:a1:26:24:57:dc:c8:17:24:
                    80:78:56:0f:6d:39:44:0e:75:a2:00:0e:db:d5:4f:
                    9c:07:2f:0f:70:e4:06:7f:01:89:26:82:78:f7:a5:
                    5d:84:f3:24:4f:f6:23:1a:d5:44:ae:0c:d7:de:38:
                    9f:cc:3f:4d:cc:a2:37:d5:72:cc:bc:f4:2c:96:ea:
                    bd:a0:43:31:12:d4:11:ad:d5:ea:3b:ac:d8:fa:90:
                    53:ad:72:38:14:dc:26:02:12:a5:80:84:0e:e2:08:
                    56:a1:51:e6:4d:35:68:37:cc:9e:64:08:46:f4:85:
                    24:e2:93:48:7f:e6:fc:9a:56:f5:d4:d6:e3:aa:ed:
                    04:6e:bb:f5:8a:7c:e7:8c:58:dd:09:a2:4a:54:40:
                    e2:26:ba:ae:4e:90:36:fa:75:e3:6c:2a:0b:bb:85:
                    37:ad:98:d1:94:22:ad:f4:41:b6:c4:98:75:f3:46:
                    b9:73:61:a9:20:30:42:37:16:c2:83:28:39:34:89:
                    93:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:CF:42:AB:20:1B:19:4E:75:83:DA:37:EC:E4:D8:D5:ED:BB:DA:6E
            X509v3 Authority Key Identifier:
                keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/vc9CqyAbGU51g9o37OTY1e272m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.224.0/21
                  37.148.160.0/21
                  77.95.224.0/21
                  78.41.200.0/21
                  89.207.128.0/21
                  128.204.192.0/20
                  185.62.56.0/22
                  193.33.60.0/23
                  193.34.166.0/23
                IPv6:
                  2a00:7b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:f7:e2:37:53:86:22:10:fb:07:84:f4:46:8c:67:c7:3a:4f:
         d2:0c:67:4c:13:f1:dc:d8:a8:0c:32:88:aa:7d:59:81:4c:77:
         c7:fa:f8:86:0c:ec:21:b5:04:43:53:b2:bc:34:c1:17:46:87:
         ae:64:8d:38:20:06:6d:ef:6c:a8:b7:fc:bf:9a:cc:fe:5e:42:
         44:ca:ad:12:ea:cf:58:0b:22:57:41:a9:f9:ab:57:55:52:49:
         af:de:33:1c:ba:5d:ee:54:02:7f:29:35:4f:bd:aa:bb:a4:f7:
         93:de:c8:b7:a0:14:4d:8e:30:bd:bb:db:f7:76:4e:ae:9f:8a:
         81:de:eb:5a:ac:fd:49:d3:6d:a9:b3:8c:58:ce:8f:6b:95:da:
         81:83:eb:f4:e9:c6:6e:ca:2e:79:24:81:bb:c4:a6:26:43:d8:
         23:cb:f3:2c:b0:0e:3d:6f:8a:76:56:d9:5a:c9:13:02:6c:bc:
         89:ed:6c:b9:26:87:b0:1c:a2:98:d3:a5:85:4f:a8:52:39:1f:
         07:ad:fd:c2:dc:ff:87:b8:4f:90:fa:4d:a8:78:de:c5:00:49:
         1f:57:8d:a0:12:13:75:7f:6e:4b:6a:22:8f:97:3f:fd:c0:29:
         c3:47:d2:fe:b4:6f:35:9e:c9:30:2e:90:1f:cf:a0:83:58:04:
         7e:6a:96:17
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZfQhKG3YOH3StrEqABTvyV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjUwNzAzMTM0MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGNmNDJhYjIwMWIxOTRlNzU4M2RhMzdlY2U0ZDhkNWVkYmJkYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCFvFU8O977FUPpDizSELJfFShYx
AwzDVxd8xjD1+66IPgvpZo9OQh+0V7VTFvSTf4e7psTpvmKJtNpmv7T1eLV8oSYk
V9zIFySAeFYPbTlEDnWiAA7b1U+cBy8PcOQGfwGJJoJ496VdhPMkT/YjGtVErgzX
3jifzD9NzKI31XLMvPQsluq9oEMxEtQRrdXqO6zY+pBTrXI4FNwmAhKlgIQO4ghW
oVHmTTVoN8yeZAhG9IUk4pNIf+b8mlb11Nbjqu0Ebrv1inznjFjdCaJKVEDiJrqu
TpA2+nXjbCoLu4U3rZjRlCKt9EG2xJh180a5c2GpIDBCNxbCgyg5NImTrQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFL3PQqsgGxlOdYPaN+zk2NXtu9puMB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvdmM5Q3F5QWJHVTUxZzlvMzdPVFkxZTI3Mm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDBWjgAwQD
JZSgAwQDTV/gAwQDTinIAwQDWc+AAwQEgMzAAwQCuT44AwQBwSE8AwQBwSKmMA0E
AgACMAcDBQAqAHuAMA0GCSqGSIb3DQEBCwUAA4IBAQBD9+I3U4YiEPsHhPRGjGfH
Ok/SDGdME/Hc2KgMMoiqfVmBTHfH+viGDOwhtQRDU7K8NMEXRoeuZI04IAZt72yo
t/y/msz+XkJEyq0S6s9YCyJXQan5q1dVUkmv3jMcul3uVAJ/KTVPvaq7pPeT3si3
oBRNjjC9u9v3dk6un4qB3utarP1J022ps4xYzo9rldqBg+v06cZuyi55JIG7xKYm
Q9gjy/MssA49b4p2VtlayRMCbLyJ7Wy5JoewHKKY06WFT6hSOR8Hrf3C3P+HuE+Q
+k2oeN7FAEkfV42gEhN1f25LaiKPlz/9wCnDR9L+tG81nskwLpAfz6CDWAR+apYX
-----END CERTIFICATE-----