Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/3dOa92bgHPnIAIzXjvAmarmL-4U.roa
File:                     3dOa92bgHPnIAIzXjvAmarmL-4U.roa (raw, json)
Hash identifier:          vnTp7HMqtRp87Zwwh92npvKMDHZWY68rGcS6kR5fI+g=
Subject key identifier:   DD:D3:9A:F7:66:E0:1C:F9:C8:00:8C:D7:8E:F0:26:6A:B9:8B:FB:85
Certificate issuer:       /CN=cc777a08a4564548b518ec3864b341e1fa5225ea
Certificate serial:       0195666BDCEFCE256115479139A6ABD342C3
Authority key identifier: CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/3dOa92bgHPnIAIzXjvAmarmL-4U.roa
Signing time:             Wed 05 Mar 2025 13:08:19 +0000
ROA not before:           Wed 05 Mar 2025 13:08:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202779
IP address blocks:        91.201.220.0/22 maxlen: 24
                          91.201.220.0/24 maxlen: 24
                          91.201.221.0/24 maxlen: 24
                          91.201.222.0/24 maxlen: 24
                          185.154.156.0/22 maxlen: 24
                          185.154.156.0/24 maxlen: 24
                          185.154.157.0/24 maxlen: 24
                          185.154.158.0/24 maxlen: 24
                          185.154.159.0/24 maxlen: 24
                          213.173.96.0/19 maxlen: 24
                          213.173.96.0/23 maxlen: 23
                          213.173.99.0/24 maxlen: 24
                          213.244.248.0/21 maxlen: 24
                          213.244.248.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Wed 05 Mar 2025 13:15:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:6b:dc:ef:ce:25:61:15:47:91:39:a6:ab:d3:42:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc777a08a4564548b518ec3864b341e1fa5225ea
        Validity
            Not Before: Mar  5 13:08:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddd39af766e01cf9c8008cd78ef0266ab98bfb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:75:af:46:75:a2:72:d4:0d:66:ce:97:a2:2f:
                    15:4b:ba:da:ff:f5:4f:c3:ba:2b:89:ec:b2:ff:61:
                    1c:21:9b:55:fd:0f:d9:c0:6f:91:eb:c2:b3:ac:4e:
                    05:b7:13:ab:f9:f1:62:79:60:e2:f7:2d:91:01:24:
                    ec:57:d8:b8:7a:53:9d:fb:a4:94:1d:97:fe:d6:0b:
                    3d:fa:5f:9d:6a:9e:02:3f:ce:90:5d:ae:fa:33:f3:
                    b6:fb:ef:b7:76:7c:33:80:1b:8b:32:af:94:60:92:
                    23:e8:a8:34:c3:db:93:f1:04:ac:79:1f:5a:40:c8:
                    b2:d9:34:7e:d3:a3:b2:0d:da:d9:4c:f1:a1:62:06:
                    80:1f:a1:a4:44:cd:ba:f5:e8:dd:80:10:da:11:d4:
                    ef:c3:04:cb:3f:03:a9:78:fa:e0:9d:60:8d:41:2c:
                    45:f1:4c:1a:e6:c6:cd:32:12:56:58:5e:c4:5a:c9:
                    c3:8b:6b:12:1d:f8:fe:27:50:11:75:f6:4e:ae:c7:
                    e8:7b:5d:3f:aa:3a:4f:d2:92:02:43:f9:b4:12:cc:
                    76:35:96:96:ae:bf:26:7c:5e:02:02:9f:5b:3e:56:
                    d2:12:e0:f4:7b:cf:92:1b:f4:f2:ce:4f:5d:6d:78:
                    05:4a:fe:b5:f0:af:4b:6f:97:eb:17:33:26:1d:fe:
                    7f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D3:9A:F7:66:E0:1C:F9:C8:00:8C:D7:8E:F0:26:6A:B9:8B:FB:85
            X509v3 Authority Key Identifier:
                keyid:CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/3dOa92bgHPnIAIzXjvAmarmL-4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.220.0/22
                  185.154.156.0/22
                  213.173.96.0/19
                  213.244.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0f:a5:ea:18:30:73:32:72:f8:fd:33:0d:a2:91:2c:28:fd:b0:
         4e:f4:19:54:a7:5c:43:44:46:e8:3d:29:34:2e:5a:b2:da:3e:
         32:3e:d2:26:66:df:2a:2d:35:28:4f:d1:80:b7:29:04:07:7d:
         51:61:b2:e8:f5:ce:b8:4c:37:e9:cb:bc:bd:02:9f:d2:8d:28:
         db:eb:c6:e8:a2:08:fa:b1:1d:d6:7e:35:fe:4b:a1:43:b0:06:
         24:66:e8:4a:f7:75:5b:a4:75:39:d1:3e:f6:29:d7:0c:9a:49:
         60:9c:6b:86:96:c0:04:65:d4:2f:66:93:9e:3c:8b:31:ad:67:
         77:9f:22:a9:e5:4e:6e:9b:f8:e8:0f:ef:d9:1c:e7:35:8f:69:
         bb:b0:b2:20:e4:e6:cc:14:1b:2a:7d:31:07:90:37:2a:83:14:
         5e:3a:4a:ac:2c:39:68:7e:15:1c:32:33:b6:66:96:18:ca:c8:
         ee:e8:23:57:7d:07:d6:f8:df:5c:57:78:b3:9f:a3:e7:d5:71:
         e7:07:32:99:0d:35:7c:09:40:f1:29:3d:b8:e8:97:c7:d3:e9:
         90:8d:08:2a:3d:3d:a6:e4:54:7e:ac:6f:76:85:b2:b3:28:25:
         83:1e:d8:55:7e:32:f2:31:ea:d2:5b:60:fd:42:b9:19:4c:26:
         2c:2d:0a:a6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZVma9zvziVhFUeROaar00LDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNzc3YTA4YTQ1NjQ1NDhiNTE4ZWMzODY0YjM0MWUxZmE1
MjI1ZWEwHhcNMjUwMzA1MTMwODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQzOWFmNzY2ZTAxY2Y5YzgwMDhjZDc4ZWYwMjY2YWI5OGJmYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHWvRnWictQNZs6Xoi8VS7ra//VP
w7orieyy/2EcIZtV/Q/ZwG+R68KzrE4FtxOr+fFieWDi9y2RASTsV9i4elOd+6SU
HZf+1gs9+l+dap4CP86QXa76M/O2+++3dnwzgBuLMq+UYJIj6Kg0w9uT8QSseR9a
QMiy2TR+06OyDdrZTPGhYgaAH6GkRM269ejdgBDaEdTvwwTLPwOpePrgnWCNQSxF
8Uwa5sbNMhJWWF7EWsnDi2sSHfj+J1ARdfZOrsfoe10/qjpP0pICQ/m0Esx2NZaW
rr8mfF4CAp9bPlbSEuD0e8+SG/Tyzk9dbXgFSv618K9Lb5frFzMmHf5/IwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN3Tmvdm4Bz5yACM147wJmq5i/uFMB8GA1UdIwQY
MBaAFMx3egikVkVItRjsOGSzQeH6UiXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMt
NzY3YjBjYzgwYzA4LzEvM2RPYTkyYmdIUG5JQUl6WGp2QW1hcm1MLTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMtNzY3YjBjYzgwYzA4
LzEvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8ncAwQC
uZqcAwQF1a1gAwQD1fT4MA0GCSqGSIb3DQEBCwUAA4IBAQAPpeoYMHMycvj9Mw2i
kSwo/bBO9BlUp1xDREboPSk0Llqy2j4yPtImZt8qLTUoT9GAtykEB31RYbLo9c64
TDfpy7y9Ap/SjSjb68boogj6sR3WfjX+S6FDsAYkZuhK93VbpHU50T72KdcMmklg
nGuGlsAEZdQvZpOePIsxrWd3nyKp5U5um/joD+/ZHOc1j2m7sLIg5ObMFBsqfTEH
kDcqgxReOkqsLDlofhUcMjO2ZpYYysju6CNXfQfW+N9cV3izn6Pn1XHnBzKZDTV8
CUDxKT246JfH0+mQjQgqPT2m5FR+rG92hbKzKCWDHthVfjLyMerSW2D9QrkZTCYs
LQqm
-----END CERTIFICATE-----