Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YQAcqTc3SmFqesFJLumO71ApKX0.roa
File:                     YQAcqTc3SmFqesFJLumO71ApKX0.roa (raw, json)
Hash identifier:          3ACzGsqJO4FUo2TFj9kvBiOsvBAwyP+a94khAVoic5E=
Subject key identifier:   61:00:1C:A9:37:37:4A:61:6A:7A:C1:49:2E:E9:8E:EF:50:29:29:7D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019591779C66AE0ECE4E99CA195567FD2AAA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YQAcqTc3SmFqesFJLumO71ApKX0.roa
Signing time:             Thu 13 Mar 2025 21:44:49 +0000
ROA not before:           Thu 13 Mar 2025 21:44:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        64.188.100.0/22 maxlen: 24
                          64.188.120.0/22 maxlen: 24
                          64.188.124.0/24 maxlen: 24
                          64.188.125.0/24 maxlen: 24
                          64.188.126.0/24 maxlen: 24
                          64.188.127.0/24 maxlen: 24
                          185.216.104.0/22 maxlen: 24
                          193.23.192.0/21 maxlen: 24
                          193.23.200.0/22 maxlen: 24
                          193.23.204.0/22 maxlen: 24
                          193.23.208.0/22 maxlen: 24
                          193.23.212.0/22 maxlen: 24
                          193.23.217.0/24 maxlen: 24
                          193.23.218.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Fri 14 Mar 2025 16:31:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:77:9c:66:ae:0e:ce:4e:99:ca:19:55:67:fd:2a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 13 21:44:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61001ca937374a616a7ac1492ee98eef5029297d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3c:88:53:1e:9e:09:ab:7a:22:8f:3e:d9:95:
                    b1:58:0c:14:9c:89:ea:5e:ce:6a:35:9a:ee:3b:63:
                    9e:59:5d:7e:d2:f1:85:fa:66:00:d9:ef:81:3c:fe:
                    1c:03:06:7c:e9:fa:c3:7d:b7:a0:48:5d:4d:f8:f1:
                    33:b8:2e:c9:be:05:8f:97:f9:af:95:8f:b7:cf:97:
                    76:6c:ee:c2:eb:29:cb:15:4d:1f:e0:54:4e:4c:b8:
                    26:2a:d9:2d:e1:79:41:c8:70:97:00:75:13:58:e3:
                    b9:ca:bb:9c:94:75:f9:02:02:49:1e:4a:df:2a:c5:
                    fd:ee:d4:a8:de:a5:81:ae:34:b0:85:fa:1b:02:e4:
                    f0:7a:f6:51:a5:a9:a9:5d:7f:d0:b4:d9:2c:b6:bf:
                    1e:16:3b:93:81:7b:67:ca:e9:45:d2:78:12:7d:97:
                    10:99:6a:7d:d7:d5:86:7a:72:1c:19:61:9d:31:22:
                    53:e0:df:df:8f:f0:22:e0:3e:b9:00:61:95:15:08:
                    53:6d:f3:53:1b:5a:53:83:c3:00:5c:ae:4d:91:60:
                    51:08:dd:d5:fb:19:8c:fc:9f:f8:8b:4e:31:db:14:
                    01:09:2d:58:be:19:2c:94:37:07:7e:d3:ac:66:f5:
                    3e:ec:cf:f2:50:92:4f:5c:00:83:f5:e4:f6:b9:e4:
                    10:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:00:1C:A9:37:37:4A:61:6A:7A:C1:49:2E:E9:8E:EF:50:29:29:7D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YQAcqTc3SmFqesFJLumO71ApKX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.100.0/22
                  64.188.120.0/21
                  185.216.104.0/22
                  193.23.192.0-193.23.215.255
                  193.23.217.0-193.23.219.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:23:77:e7:52:bf:17:af:59:d3:0f:a9:e0:95:c9:80:74:b0:
         03:4d:b7:fa:dd:95:00:9b:63:e8:90:f2:fa:ea:67:83:2e:9f:
         49:dc:b1:f8:57:c4:13:66:d5:16:a8:e4:9e:92:08:75:20:2e:
         76:c0:fe:2f:c7:11:92:74:76:3c:31:04:77:e3:02:d2:41:2a:
         e8:72:08:ce:28:7c:09:49:38:aa:e8:3b:31:55:fd:d6:6e:0b:
         cc:52:0f:dc:b3:d1:14:9e:fb:e4:a8:82:9b:e4:33:24:70:7e:
         3b:8c:93:eb:e6:46:ad:20:f3:b4:d3:85:27:69:5f:f2:d9:93:
         f9:a0:75:7d:85:98:cf:bf:92:00:f2:a8:4a:d5:35:43:c4:fb:
         9b:5d:d5:ad:1a:96:82:3b:3c:d6:89:22:cd:5f:82:23:6c:30:
         b6:13:61:db:e5:8d:cd:6b:fa:cb:bc:53:89:7a:7c:46:0d:f6:
         80:18:33:2e:e9:ec:a1:4d:e0:a8:96:0f:00:87:8e:4d:42:0e:
         19:83:bd:db:e1:bd:26:5e:d1:3a:16:1a:45:d4:30:29:8d:21:
         c5:22:a1:03:89:a0:d1:e7:18:68:8e:8e:50:ea:b9:fe:5e:68:
         82:77:33:fc:4f:7a:36:46:c9:74:12:6f:a3:a2:24:95:c4:02:
         29:15:37:a7
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZWRd5xmrg7OTpnKGVVn/SqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzEzMjE0NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTAwMWNhOTM3Mzc0YTYxNmE3YWMxNDkyZWU5OGVlZjUwMjkyOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzyIUx6eCat6Io8+2ZWxWAwUnInq
Xs5qNZruO2OeWV1+0vGF+mYA2e+BPP4cAwZ86frDfbegSF1N+PEzuC7JvgWPl/mv
lY+3z5d2bO7C6ynLFU0f4FROTLgmKtkt4XlByHCXAHUTWOO5yruclHX5AgJJHkrf
KsX97tSo3qWBrjSwhfobAuTwevZRpampXX/QtNkstr8eFjuTgXtnyulF0ngSfZcQ
mWp919WGenIcGWGdMSJT4N/fj/Ai4D65AGGVFQhTbfNTG1pTg8MAXK5NkWBRCN3V
+xmM/J/4i04x2xQBCS1YvhkslDcHftOsZvU+7M/yUJJPXACD9eT2ueQQ8QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFGEAHKk3N0phanrBSS7pju9QKSl9MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWVFBY3FUYzNTbUZxZXNGSkx1bU83MUFwS1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCQLxkAwQD
QLx4AwQCudhoMAwDBAbBF8ADBAPBF9AwDAMEAMEX2QMEAsEX2DANBgkqhkiG9w0B
AQsFAAOCAQEAWiN351K/F69Z0w+p4JXJgHSwA023+t2VAJtj6JDy+upngy6fSdyx
+FfEE2bVFqjknpIIdSAudsD+L8cRknR2PDEEd+MC0kEq6HIIzih8CUk4qug7MVX9
1m4LzFIP3LPRFJ775KiCm+QzJHB+O4yT6+ZGrSDztNOFJ2lf8tmT+aB1fYWYz7+S
APKoStU1Q8T7m13VrRqWgjs81okizV+CI2wwthNh2+WNzWv6y7xTiXp8Rg32gBgz
LunsoU3gqJYPAIeOTUIOGYO92+G9Jl7ROhYaRdQwKY0hxSKhA4mg0ecYaI6OUOq5
/l5ogncz/E96NkbJdBJvo6IklcQCKRU3pw==
-----END CERTIFICATE-----