Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rHBkPVIWJMjkp7s1gRGJwd8BEf0.roa
File:                     rHBkPVIWJMjkp7s1gRGJwd8BEf0.roa (raw, json)
Hash identifier:          XbvDhDJMlF0z3ztZcp883bGfHXl7dJluYj/eH7FrkmU=
Subject key identifier:   AC:70:64:3D:52:16:24:C8:E4:A7:BB:35:81:11:89:C1:DF:01:11:FD
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019590590F1AD731C82C0F1386ABDE62481E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rHBkPVIWJMjkp7s1gRGJwd8BEf0.roa
Signing time:             Thu 13 Mar 2025 16:31:50 +0000
ROA not before:           Thu 13 Mar 2025 16:31:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        64.188.100.0/22 maxlen: 24
                          64.188.120.0/22 maxlen: 24
                          64.188.124.0/24 maxlen: 24
                          64.188.125.0/24 maxlen: 24
                          64.188.126.0/24 maxlen: 24
                          64.188.127.0/24 maxlen: 24
                          185.216.104.0/22 maxlen: 24
                          193.23.192.0/21 maxlen: 24
                          193.23.200.0/22 maxlen: 24
                          193.23.204.0/22 maxlen: 24
                          193.23.208.0/22 maxlen: 24
                          193.23.212.0/22 maxlen: 24
                          193.23.217.0/24 maxlen: 24
                          193.23.218.0/23 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 13 Mar 2025 21:44:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:90:59:0f:1a:d7:31:c8:2c:0f:13:86:ab:de:62:48:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 13 16:31:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac70643d521624c8e4a7bb35811189c1df0111fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5f:32:90:a1:f9:d0:5c:1c:33:d4:67:77:6f:
                    9c:8a:b8:21:37:88:9e:c8:1e:5f:b3:24:79:90:17:
                    4d:e4:9c:d3:27:ac:21:c7:41:91:05:27:8b:e3:6d:
                    59:6a:f7:19:2b:ae:7c:cb:c2:31:43:2a:31:b7:c1:
                    9f:88:c4:6d:97:62:8f:12:c7:39:54:9d:74:ba:05:
                    45:bb:ec:0f:1c:5f:94:27:10:60:8a:9c:4f:b9:c9:
                    87:0e:b8:f8:56:12:72:f2:0e:dd:1b:28:d6:83:71:
                    6e:38:72:d9:fe:7f:56:79:a1:0c:b8:99:a5:9a:e9:
                    b3:d4:0b:71:73:af:f5:a0:ac:a4:26:90:91:58:dd:
                    04:4f:3f:70:02:3e:5a:7b:6d:26:11:7e:e8:51:ce:
                    7d:0d:bb:dc:b5:19:2d:9e:88:e0:0b:4c:28:e7:bd:
                    b4:bd:f5:0f:08:0d:27:be:1a:f1:37:f7:98:97:2a:
                    f6:7f:a0:3b:2c:b8:6e:f7:04:26:f9:bb:49:80:2f:
                    6c:e3:fe:ad:3f:bf:b5:41:9c:f3:41:bb:b5:82:e3:
                    56:77:df:34:06:d6:c5:be:bd:f4:6a:e4:01:79:31:
                    d0:cf:9b:0c:65:e1:f8:91:6f:dd:4c:80:8a:1f:9d:
                    75:a2:99:7e:36:d8:03:7e:da:d1:72:c2:9a:91:83:
                    16:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:70:64:3D:52:16:24:C8:E4:A7:BB:35:81:11:89:C1:DF:01:11:FD
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rHBkPVIWJMjkp7s1gRGJwd8BEf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.100.0/22
                  64.188.120.0/21
                  185.216.104.0/22
                  193.23.192.0-193.23.215.255
                  193.23.217.0-193.23.219.255
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:74:77:d8:cc:0e:77:54:3d:c9:76:18:09:ac:be:13:84:3b:
         ba:4e:22:56:0e:00:37:9d:dc:75:d0:c7:67:4c:89:21:d7:0e:
         59:e3:61:06:34:2c:91:09:29:f4:4d:63:e1:d7:7a:de:5b:3e:
         ef:e0:36:36:71:d9:f1:61:e1:80:3d:6a:66:63:54:78:5d:69:
         08:bd:84:e4:e1:ee:39:ea:99:2c:05:1c:69:e8:d5:73:dd:4f:
         32:41:3a:6d:74:1f:82:3e:f9:0b:86:7f:96:51:9e:51:3e:2a:
         bf:31:5f:c6:2e:19:f4:00:22:e2:4d:8e:33:42:8d:9b:d1:ae:
         8f:96:ba:c5:80:cc:7e:20:93:34:89:46:f8:ef:9d:29:bc:8a:
         d7:be:3d:ab:52:3d:26:a6:56:f9:7b:95:bb:43:4b:5c:e3:38:
         0b:a0:69:e6:a3:d0:ce:de:cc:97:07:af:03:69:94:dd:72:cb:
         71:b6:a0:b8:70:7a:97:8e:38:89:1f:03:a8:c6:b8:53:ea:3f:
         5f:c5:ff:98:5c:2c:e5:3b:c6:18:8a:21:72:3e:b4:e9:7c:f8:
         74:08:ea:43:cc:4c:7f:05:bd:ba:8f:cc:85:80:51:86:be:24:
         b3:84:9e:0c:1d:cc:77:88:94:97:23:31:9a:28:85:8a:68:65:
         78:67:bc:d5
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZWQWQ8a1zHILA8ThqveYkgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzEzMTYzMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzcwNjQzZDUyMTYyNGM4ZTRhN2JiMzU4MTExODljMWRmMDExMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv18ykKH50FwcM9Rnd2+cirghN4ie
yB5fsyR5kBdN5JzTJ6whx0GRBSeL421ZavcZK658y8IxQyoxt8GfiMRtl2KPEsc5
VJ10ugVFu+wPHF+UJxBgipxPucmHDrj4VhJy8g7dGyjWg3FuOHLZ/n9WeaEMuJml
mumz1Atxc6/1oKykJpCRWN0ETz9wAj5ae20mEX7oUc59DbvctRktnojgC0wo5720
vfUPCA0nvhrxN/eYlyr2f6A7LLhu9wQm+btJgC9s4/6tP7+1QZzzQbu1guNWd980
BtbFvr30auQBeTHQz5sMZeH4kW/dTICKH511opl+NtgDftrRcsKakYMW7wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKxwZD1SFiTI5Ke7NYERicHfARH9MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvckhCa1BWSVdKTWprcDdzMWdSR0p3ZDhCRWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCQLxkAwQD
QLx4AwQCudhoMAwDBAbBF8ADBAPBF9AwDAMEAMEX2QMEAsEX2AMEAMEX3TANBgkq
hkiG9w0BAQsFAAOCAQEAlHR32MwOd1Q9yXYYCay+E4Q7uk4iVg4AN53cddDHZ0yJ
IdcOWeNhBjQskQkp9E1j4dd63ls+7+A2NnHZ8WHhgD1qZmNUeF1pCL2E5OHuOeqZ
LAUcaejVc91PMkE6bXQfgj75C4Z/llGeUT4qvzFfxi4Z9AAi4k2OM0KNm9Guj5a6
xYDMfiCTNIlG+O+dKbyK1749q1I9JqZW+XuVu0NLXOM4C6Bp5qPQzt7MlwevA2mU
3XLLcbaguHB6l444iR8DqMa4U+o/X8X/mFws5TvGGIohcj606Xz4dAjqQ8xMfwW9
uo/MhYBRhr4ks4SeDB3Md4iUlyMxmiiFimhleGe81Q==
-----END CERTIFICATE-----