Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/YHwVC46t_2vRtk9Y5IeIb_20vqI.roa
File:                     YHwVC46t_2vRtk9Y5IeIb_20vqI.roa (raw, json)
Hash identifier:          Bj065ur8gEmpBd1HrMZwSIDfEXHitmOdKSiI1atuQfU=
Subject key identifier:   60:7C:15:0B:8E:AD:FF:6B:D1:B6:4F:58:E4:87:88:6F:FD:B4:BE:A2
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0197172CB3F3900A8E027E320332A5E5E849
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/YHwVC46t_2vRtk9Y5IeIb_20vqI.roa
Signing time:             Wed 28 May 2025 13:54:54 +0000
ROA not before:           Wed 28 May 2025 13:54:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        62.84.16.0/20 maxlen: 20
                          85.254.8.0/24 maxlen: 24
                          85.254.9.0/24 maxlen: 24
                          85.254.11.0/24 maxlen: 24
                          85.254.12.0/24 maxlen: 24
                          85.254.13.0/24 maxlen: 24
                          85.254.14.0/24 maxlen: 24
                          85.254.15.0/24 maxlen: 24
                          85.254.63.0/24 maxlen: 24
                          85.254.117.0/24 maxlen: 24
                          85.254.118.0/23 maxlen: 23
                          217.24.64.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 10:11:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:2c:b3:f3:90:0a:8e:02:7e:32:03:32:a5:e5:e8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: May 28 13:54:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=607c150b8eadff6bd1b64f58e487886ffdb4bea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:f6:b4:e7:9e:15:f8:8c:52:ac:7d:d9:ec:ed:
                    d6:31:a4:fc:90:c4:7e:5b:6a:36:f0:fe:45:98:83:
                    38:2f:98:3c:59:25:6c:7f:40:3d:fb:7f:a0:a4:16:
                    6f:75:76:7f:9a:8b:d3:fd:a9:d5:27:d8:17:e4:04:
                    28:cf:0f:9d:dc:63:8a:cf:7e:5c:c5:42:83:22:1a:
                    a5:1a:c5:5f:3d:19:d6:c3:24:1e:70:bb:af:93:73:
                    6e:88:ee:f3:41:d1:fe:a1:e1:3b:bc:8f:d2:10:21:
                    e5:91:d0:36:33:69:42:bf:1f:92:94:46:af:c5:08:
                    a1:67:9a:bc:be:f8:42:8c:d2:fd:d6:11:f7:f1:5f:
                    6d:b2:2b:10:4c:60:b0:d6:5b:fa:0e:ce:f1:dc:82:
                    95:eb:72:20:04:38:26:d0:d2:9e:77:92:c2:81:a9:
                    47:16:37:3b:b1:73:77:b1:91:9f:bc:cf:07:44:a9:
                    c3:17:4c:55:ec:5f:2a:60:21:22:e1:4f:55:df:0c:
                    1f:3c:eb:a5:16:8b:4c:09:2a:11:b8:73:e0:9f:d2:
                    29:60:41:4e:3b:6c:38:02:f6:3c:a6:46:f1:4b:95:
                    c8:47:d5:58:44:f7:90:94:2f:fa:ee:d0:c0:b6:dd:
                    d3:4c:c5:32:8f:a8:52:fc:8e:83:a1:93:5e:67:6f:
                    a9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7C:15:0B:8E:AD:FF:6B:D1:B6:4F:58:E4:87:88:6F:FD:B4:BE:A2
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/YHwVC46t_2vRtk9Y5IeIb_20vqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.16.0/20
                  85.254.8.0/23
                  85.254.11.0-85.254.15.255
                  85.254.63.0/24
                  85.254.117.0-85.254.119.255
                  217.24.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a0:68:ab:b7:42:2d:77:1d:61:e5:74:1c:fb:96:ef:84:6e:47:
         cc:6b:f3:af:92:1e:1d:03:50:99:42:1f:32:ee:a9:54:fa:74:
         8b:c8:7b:38:cc:3a:fc:2b:40:25:d6:92:91:21:7c:e0:1d:54:
         c8:1e:8a:16:e9:a8:f6:bb:86:54:95:0e:27:09:c5:42:1f:14:
         f4:f0:0d:a1:db:8f:66:0e:74:fc:04:0e:29:96:83:de:7d:aa:
         0f:17:5e:73:96:0d:cc:6f:79:7c:f2:b3:a9:a3:7e:3f:16:4f:
         09:f5:a7:fc:d5:e5:1d:55:90:9d:a6:71:e7:11:41:8b:34:bd:
         29:92:84:dd:f4:37:54:91:06:92:70:2e:6f:3a:81:89:de:22:
         8a:ff:80:da:25:9d:be:74:6e:95:41:40:d3:4f:7a:ef:74:7d:
         12:b7:e8:b4:08:5b:95:c9:2c:01:85:b7:5e:9c:e9:c5:18:5f:
         f0:89:ec:8a:ee:85:5c:01:c2:6b:9e:8f:1e:32:d7:5b:33:3b:
         69:d7:6a:43:e0:d8:85:17:4a:97:b8:08:fe:62:91:2d:66:c8:
         be:83:58:f4:71:75:14:81:c8:09:89:94:5f:87:f7:5b:d8:ec:
         b5:39:ed:62:7a:e9:6d:16:c6:39:6d:43:35:0e:f0:4f:f0:d5:
         55:73:6e:49
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZcXLLPzkAqOAn4yAzKl5ehJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwNTI4MTM1NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdjMTUwYjhlYWRmZjZiZDFiNjRmNThlNDg3ODg2ZmZkYjRiZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Pa0554V+IxSrH3Z7O3WMaT8kMR+
W2o28P5FmIM4L5g8WSVsf0A9+3+gpBZvdXZ/movT/anVJ9gX5AQozw+d3GOKz35c
xUKDIhqlGsVfPRnWwyQecLuvk3NuiO7zQdH+oeE7vI/SECHlkdA2M2lCvx+SlEav
xQihZ5q8vvhCjNL91hH38V9tsisQTGCw1lv6Ds7x3IKV63IgBDgm0NKed5LCgalH
Fjc7sXN3sZGfvM8HRKnDF0xV7F8qYCEi4U9V3wwfPOulFotMCSoRuHPgn9IpYEFO
O2w4AvY8pkbxS5XIR9VYRPeQlC/67tDAtt3TTMUyj6hS/I6DoZNeZ2+pywIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFGB8FQuOrf9r0bZPWOSHiG/9tL6iMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvWUh3VkM0NnRfMnZSdGs5WTVJZUliXzIwdnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQEPlQQAwQB
Vf4IMAwDBABV/gsDBARV/gADBABV/j8wDAMEAFX+dQMEA1X+cAMEBNkYQDANBgkq
hkiG9w0BAQsFAAOCAQEAoGirt0Itdx1h5XQc+5bvhG5HzGvzr5IeHQNQmUIfMu6p
VPp0i8h7OMw6/CtAJdaSkSF84B1UyB6KFumo9ruGVJUOJwnFQh8U9PANoduPZg50
/AQOKZaD3n2qDxdec5YNzG95fPKzqaN+PxZPCfWn/NXlHVWQnaZx5xFBizS9KZKE
3fQ3VJEGknAubzqBid4iiv+A2iWdvnRulUFA009673R9ErfotAhblcksAYW3Xpzp
xRhf8Insiu6FXAHCa56PHjLXWzM7addqQ+DYhRdKl7gI/mKRLWbIvoNY9HF1FIHI
CYmUX4f3W9jstTntYnrpbRbGOW1DNQ7wT/DVVXNuSQ==
-----END CERTIFICATE-----