Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/_LfqsdVGhW4A1SPJtiQ2NnVoWys.roa
File:                     _LfqsdVGhW4A1SPJtiQ2NnVoWys.roa (raw, json)
Hash identifier:          +dTCK/x9fE8c7deSCLKMT+2K8D0PbHFEzGK9fqz9QgI=
Subject key identifier:   FC:B7:EA:B1:D5:46:85:6E:00:D5:23:C9:B6:24:36:36:75:68:5B:2B
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       01942747340FB60DAEE6601FD4B0FF1D22CA
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/_LfqsdVGhW4A1SPJtiQ2NnVoWys.roa
Signing time:             Thu 02 Jan 2025 13:49:25 +0000
ROA not before:           Thu 02 Jan 2025 13:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39378
IP address blocks:        79.132.130.0/24 maxlen: 24
                          79.132.131.0/24 maxlen: 24
                          79.132.134.0/24 maxlen: 24
                          91.241.93.0/24 maxlen: 24
                          185.158.251.0/24 maxlen: 24
                          185.212.44.0/24 maxlen: 24
                          185.212.45.0/24 maxlen: 24
                          185.212.46.0/24 maxlen: 24
                          185.212.47.0/24 maxlen: 24
                          185.219.220.0/23 maxlen: 23
                          185.219.222.0/24 maxlen: 24
                          185.219.223.0/24 maxlen: 24
                          194.76.226.0/24 maxlen: 24
                          2a07:fc00::/48 maxlen: 48
                          2a0b:7140::/48 maxlen: 48
                          2a0b:7140:5::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 27 Mar 2025 10:59:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:34:0f:b6:0d:ae:e6:60:1f:d4:b0:ff:1d:22:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan  2 13:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcb7eab1d546856e00d523c9b624363675685b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0e:88:42:2a:83:64:0d:91:63:82:5b:c7:68:
                    22:61:6b:32:77:bc:c6:11:0a:5e:68:0c:74:6c:eb:
                    72:4f:a0:9d:ba:49:76:c0:f9:a1:63:c5:87:12:23:
                    a3:0f:64:ec:17:e5:23:9c:96:44:c3:ab:d7:6f:73:
                    78:80:04:80:79:84:0d:44:4e:56:ec:6f:bb:5f:f5:
                    42:28:27:eb:d5:81:1e:c0:a6:48:ed:0d:1c:06:ff:
                    c2:3a:ee:0f:6b:de:cc:94:2f:f4:89:6e:9a:0d:85:
                    55:5e:ad:16:3d:19:10:6a:39:a2:93:2a:3f:94:80:
                    1d:bb:6e:b6:5a:19:92:c7:45:98:8b:ef:d2:94:9d:
                    2e:09:f0:0f:4e:91:25:f8:e6:77:3d:1b:3b:99:29:
                    1c:c4:92:24:ab:50:32:62:43:4c:f8:35:47:44:1e:
                    08:53:50:db:e7:91:e1:73:a9:10:d8:3d:2e:60:73:
                    54:e2:3d:00:f7:d3:1f:98:4b:00:fb:d7:f8:d5:6b:
                    79:f8:9e:f0:29:cb:ec:a3:7b:31:3b:fe:b8:06:c2:
                    fb:9d:7b:60:80:47:b2:2e:77:b3:86:fa:bc:e0:fb:
                    81:74:67:31:fb:cd:ce:b3:f3:8f:2f:8f:38:77:a5:
                    ec:4a:17:82:d2:fd:1f:b0:ad:b5:b6:fa:5d:98:55:
                    d8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B7:EA:B1:D5:46:85:6E:00:D5:23:C9:B6:24:36:36:75:68:5B:2B
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/_LfqsdVGhW4A1SPJtiQ2NnVoWys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.130.0/23
                  79.132.134.0/24
                  91.241.93.0/24
                  185.158.251.0/24
                  185.212.44.0/22
                  185.219.220.0/22
                  194.76.226.0/24
                IPv6:
                  2a07:fc00::/48
                  2a0b:7140::/48
                  2a0b:7140:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:2c:d5:84:38:de:3e:a5:8c:6b:85:2e:53:cf:cf:1f:65:b4:
         be:88:c9:d8:3a:8d:94:81:c3:ab:4d:85:e9:c7:78:d3:30:ce:
         31:25:73:7c:2a:58:45:23:33:43:1a:24:fd:ae:12:a9:b6:f5:
         b0:4f:67:34:5f:14:a8:d6:1a:3c:21:9d:f1:17:93:36:fa:02:
         35:1a:13:71:f5:3e:95:05:1a:ea:b2:f4:9b:a7:48:38:44:16:
         0e:3d:90:89:a3:71:7d:c4:c0:5b:96:03:f1:b5:c6:0e:3c:f7:
         36:7c:63:01:d4:84:66:84:f5:d1:be:a0:09:38:b4:d3:80:9b:
         2e:e2:13:69:39:e3:7e:36:ca:c5:e6:c0:ca:59:c7:3a:9e:21:
         d8:2e:ba:f4:6e:88:be:a1:d7:5e:d2:2e:53:18:67:4c:7c:cd:
         a0:63:95:05:c6:76:8d:6d:77:f1:c8:ec:53:3f:04:1b:d1:37:
         f1:62:29:d9:7d:4b:b2:ac:53:d0:af:d4:8e:86:b1:25:0d:1c:
         b1:78:f2:f2:f8:d6:19:e4:d7:0d:09:ba:13:ba:d7:ba:93:cd:
         3f:8b:e0:5a:75:ce:d1:fd:e6:89:31:28:28:9f:47:74:de:ca:
         41:16:54:33:92:84:57:2a:68:0a:ff:91:28:78:7e:2a:05:ff:
         6a:82:71:ec
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQnRzQPtg2u5mAf1LD/HSLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjUwMTAyMTM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2I3ZWFiMWQ1NDY4NTZlMDBkNTIzYzliNjI0MzYzNjc1Njg1YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQ6IQiqDZA2RY4Jbx2giYWsyd7zG
EQpeaAx0bOtyT6Cdukl2wPmhY8WHEiOjD2TsF+UjnJZEw6vXb3N4gASAeYQNRE5W
7G+7X/VCKCfr1YEewKZI7Q0cBv/COu4Pa97MlC/0iW6aDYVVXq0WPRkQajmikyo/
lIAdu262WhmSx0WYi+/SlJ0uCfAPTpEl+OZ3PRs7mSkcxJIkq1AyYkNM+DVHRB4I
U1Db55Hhc6kQ2D0uYHNU4j0A99MfmEsA+9f41Wt5+J7wKcvso3sxO/64BsL7nXtg
gEeyLnezhvq84PuBdGcx+83Os/OPL484d6XsSheC0v0fsK21tvpdmFXYKQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPy36rHVRoVuANUjybYkNjZ1aFsrMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvX0xmcXNkVkdoVzRBMVNQSnRpUTJOblZvV3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQBT4SCAwQA
T4SGAwQAW/FdAwQAuZ77AwQCudQsAwQCudvcAwQAwkziMCEEAgACMBsDBwAqB/wA
AAADBwAqC3FAAAADBwAqC3FAAAUwDQYJKoZIhvcNAQELBQADggEBAHos1YQ43j6l
jGuFLlPPzx9ltL6Iydg6jZSBw6tNhenHeNMwzjElc3wqWEUjM0MaJP2uEqm29bBP
ZzRfFKjWGjwhnfEXkzb6AjUaE3H1PpUFGuqy9JunSDhEFg49kImjcX3EwFuWA/G1
xg489zZ8YwHUhGaE9dG+oAk4tNOAmy7iE2k54342ysXmwMpZxzqeIdguuvRuiL6h
117SLlMYZ0x8zaBjlQXGdo1td/HI7FM/BBvRN/FiKdl9S7KsU9Cv1I6GsSUNHLF4
8vL41hnk1w0JuhO617qTzT+L4Fp1ztH95okxKCifR3TeykEWVDOShFcqaAr/kSh4
fioF/2qCcew=
-----END CERTIFICATE-----