Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hr9UI71OY-FoDY6XQFr4ETZ-hlU.roa
File:                     hr9UI71OY-FoDY6XQFr4ETZ-hlU.roa (raw, json)
Hash identifier:          8DgxBDSlttDfYqlEP57yKfXtMvSWMQr6z17cC/qcdyo=
Subject key identifier:   86:BF:54:23:BD:4E:63:E1:68:0D:8E:97:40:5A:F8:11:36:7E:86:55
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0197111BF7AA645A48C71C1E60FCF8BA197A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hr9UI71OY-FoDY6XQFr4ETZ-hlU.roa
Signing time:             Tue 27 May 2025 09:38:54 +0000
ROA not before:           Tue 27 May 2025 09:38:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        79.172.208.0/24 maxlen: 24
                          79.172.228.0/24 maxlen: 24
                          87.229.8.0/22 maxlen: 22
                          87.229.22.0/24 maxlen: 24
                          87.229.34.0/24 maxlen: 24
                          87.229.64.0/24 maxlen: 24
                          87.229.79.0/24 maxlen: 24
                          87.229.80.0/23 maxlen: 24
                          87.229.110.0/24 maxlen: 24
                          87.229.124.0/24 maxlen: 24
                          87.229.125.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 30 May 2025 13:25:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:1b:f7:aa:64:5a:48:c7:1c:1e:60:fc:f8:ba:19:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 27 09:38:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86bf5423bd4e63e1680d8e97405af811367e8655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:36:f3:ec:cc:37:13:57:2e:13:27:48:8f:4f:
                    ec:ff:0e:bc:6c:8f:06:55:30:fa:5e:d3:e0:6a:c9:
                    da:58:80:67:33:f7:0b:88:f2:17:bb:60:d4:cb:a2:
                    6c:c7:99:2f:b2:69:0a:38:9d:3c:eb:53:65:50:7e:
                    15:0c:75:27:23:2c:51:dd:0f:10:64:5f:ff:b6:f5:
                    e9:87:e9:57:eb:3a:9a:f6:32:22:26:07:92:8c:7d:
                    bf:8f:a3:52:f5:a4:d3:3c:d5:fc:a8:d8:85:e6:66:
                    ed:5b:97:33:21:c5:48:e3:2d:ac:7e:38:4e:54:5b:
                    89:50:8d:a3:97:d4:97:21:9b:a3:85:f6:00:56:ce:
                    a6:9b:e7:dc:25:8d:ff:d2:50:67:6c:5f:de:ff:45:
                    1a:0a:98:e5:76:a4:a6:33:ac:40:d9:2e:aa:5a:5e:
                    10:6e:02:af:ab:66:c6:e6:31:8b:00:c8:b8:13:fe:
                    46:83:b0:44:a8:f1:96:e0:8b:e8:5b:38:9b:b2:e2:
                    2a:12:65:5b:48:de:30:1d:97:48:66:c6:8c:d3:73:
                    d6:5a:fb:4e:5e:73:b9:ca:27:67:35:72:89:ab:b8:
                    cb:4e:33:e9:f8:a4:14:76:2f:e3:0e:08:4f:93:21:
                    5d:5c:4b:c2:2f:97:e4:b1:81:ab:9c:81:1d:ec:6d:
                    93:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BF:54:23:BD:4E:63:E1:68:0D:8E:97:40:5A:F8:11:36:7E:86:55
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hr9UI71OY-FoDY6XQFr4ETZ-hlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.208.0/24
                  79.172.228.0/24
                  87.229.8.0/22
                  87.229.22.0/24
                  87.229.34.0/24
                  87.229.64.0/24
                  87.229.79.0-87.229.81.255
                  87.229.110.0/24
                  87.229.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:d9:49:3e:19:31:d8:54:d6:07:03:b9:18:96:70:4d:c3:ea:
         1e:5e:0c:d7:23:18:d6:62:58:8d:3f:f1:eb:8a:fb:98:6e:e4:
         7d:e8:be:a2:64:28:30:25:23:3c:3f:9c:13:c1:39:1e:8a:7e:
         ee:f8:3a:b7:6e:dd:dc:34:71:4c:30:ab:21:70:8d:72:9f:a7:
         80:e8:e1:a8:ed:9e:6c:11:5e:a8:aa:14:0c:99:89:2c:43:a4:
         42:3a:3e:3d:85:88:79:8f:f5:a6:fa:c5:77:5a:3e:9b:b2:20:
         95:bc:ee:26:42:77:dd:48:68:64:5d:ea:0f:d7:b9:07:9d:fa:
         16:80:fb:3b:d5:ec:9c:da:bf:d1:99:73:50:42:65:6d:90:98:
         ac:8c:26:98:62:36:cd:ee:05:02:fe:b7:d8:6b:d2:ec:0c:ef:
         e3:0a:54:e0:02:c1:b0:ab:a6:6d:2e:b0:e9:c5:dd:4e:3d:59:
         88:f0:59:98:10:1c:77:6e:38:11:3b:24:55:14:45:9b:6f:67:
         b4:3a:b6:33:0e:e3:94:5e:bf:7d:ab:e8:82:bf:19:93:4b:41:
         03:56:13:a0:b1:e5:a8:50:f9:e2:87:c5:2d:8c:cd:e0:57:e3:
         9a:88:2c:5b:96:ce:75:6c:5a:aa:c6:ab:4c:68:e1:7b:53:fe:
         23:ad:40:84
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZcRG/eqZFpIxxweYPz4uhl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNTI3MDkzODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJmNTQyM2JkNGU2M2UxNjgwZDhlOTc0MDVhZjgxMTM2N2U4NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jbz7Mw3E1cuEydIj0/s/w68bI8G
VTD6XtPgasnaWIBnM/cLiPIXu2DUy6Jsx5kvsmkKOJ0861NlUH4VDHUnIyxR3Q8Q
ZF//tvXph+lX6zqa9jIiJgeSjH2/j6NS9aTTPNX8qNiF5mbtW5czIcVI4y2sfjhO
VFuJUI2jl9SXIZujhfYAVs6mm+fcJY3/0lBnbF/e/0UaCpjldqSmM6xA2S6qWl4Q
bgKvq2bG5jGLAMi4E/5Gg7BEqPGW4IvoWzibsuIqEmVbSN4wHZdIZsaM03PWWvtO
XnO5yidnNXKJq7jLTjPp+KQUdi/jDghPkyFdXEvCL5fksYGrnIEd7G2T7QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFIa/VCO9TmPhaA2Ol0Ba+BE2foZVMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvaHI5VUk3MU9ZLUZvRFk2WFFGcjRFVFotaGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAT6zQAwQA
T6zkAwQCV+UIAwQAV+UWAwQAV+UiAwQAV+VAMAwDBABX5U8DBAFX5VADBABX5W4D
BAFX5XwwDQYJKoZIhvcNAQELBQADggEBAC/ZST4ZMdhU1gcDuRiWcE3D6h5eDNcj
GNZiWI0/8euK+5hu5H3ovqJkKDAlIzw/nBPBOR6Kfu74Ordu3dw0cUwwqyFwjXKf
p4Do4ajtnmwRXqiqFAyZiSxDpEI6Pj2FiHmP9ab6xXdaPpuyIJW87iZCd91IaGRd
6g/XuQed+haA+zvV7Jzav9GZc1BCZW2QmKyMJphiNs3uBQL+t9hr0uwM7+MKVOAC
wbCrpm0usOnF3U49WYjwWZgQHHduOBE7JFUURZtvZ7Q6tjMO45Rev32r6IK/GZNL
QQNWE6Cx5ahQ+eKHxS2MzeBX45qILFuWznVsWqrGq0xo4XtT/iOtQIQ=
-----END CERTIFICATE-----