Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/s8u8wqRBEN0vLkqqYnKasGX4dPs.roa
File:                     s8u8wqRBEN0vLkqqYnKasGX4dPs.roa (raw, json)
Hash identifier:          4q7Vn/hJ9Y7z1jPVBOXAqf2jX5dnRIjj0MhidLVljX4=
Subject key identifier:   B3:CB:BC:C2:A4:41:10:DD:2F:2E:4A:AA:62:72:9A:B0:65:F8:74:FB
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019725B568C6AC68879A6620B2F3C61204A9
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/s8u8wqRBEN0vLkqqYnKasGX4dPs.roa
Signing time:             Sat 31 May 2025 09:38:55 +0000
ROA not before:           Sat 31 May 2025 09:38:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        79.172.193.0/24 maxlen: 24
                          79.172.208.0/24 maxlen: 24
                          79.172.228.0/24 maxlen: 24
                          87.229.8.0/22 maxlen: 22
                          87.229.34.0/24 maxlen: 24
                          87.229.64.0/24 maxlen: 24
                          87.229.79.0/24 maxlen: 24
                          87.229.80.0/23 maxlen: 24
                          87.229.124.0/24 maxlen: 24
                          87.229.125.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 10:52:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:25:b5:68:c6:ac:68:87:9a:66:20:b2:f3:c6:12:04:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 31 09:38:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3cbbcc2a44110dd2f2e4aaa62729ab065f874fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:53:70:c3:78:76:8a:c8:b5:a3:85:f4:66:6f:
                    f5:9b:0c:e1:b6:13:04:ea:77:37:a0:b5:3e:c4:08:
                    dd:ee:95:1a:9f:31:f1:19:3c:83:d0:32:c7:8c:83:
                    a5:92:12:32:8d:c3:e2:e4:0a:30:42:43:9b:aa:79:
                    70:48:20:e3:3d:cc:97:cb:9b:f9:fe:a4:39:11:58:
                    ed:14:97:87:51:4f:92:4f:8a:8d:ea:84:23:2a:c6:
                    d3:04:fb:26:00:96:cd:72:eb:5c:7a:d5:34:da:13:
                    9b:7e:80:00:52:3e:e6:42:6a:a6:1a:53:22:6e:ee:
                    7f:bd:a8:6c:55:37:57:b5:4f:70:fd:61:e8:1d:31:
                    c1:58:31:54:df:62:63:f1:7a:76:2d:b5:5d:d5:a1:
                    da:5d:e1:0d:15:fc:ab:c0:37:e8:d8:bb:d6:b0:9f:
                    bc:83:4d:6f:11:ec:97:e1:87:53:25:ea:67:e5:22:
                    e3:a6:5f:34:f2:cd:4b:68:c2:9c:6e:83:92:cc:1e:
                    7e:37:e8:ab:09:21:09:29:1d:a9:fa:b4:42:0c:84:
                    12:17:16:bf:49:2c:3e:f5:89:25:3a:d6:c6:f7:53:
                    5c:cb:49:53:09:71:78:39:e9:a1:c8:2d:32:5c:a8:
                    7d:8f:07:b7:38:89:e5:8e:cf:45:d8:0f:d7:9a:cb:
                    fc:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CB:BC:C2:A4:41:10:DD:2F:2E:4A:AA:62:72:9A:B0:65:F8:74:FB
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/s8u8wqRBEN0vLkqqYnKasGX4dPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.193.0/24
                  79.172.208.0/24
                  79.172.228.0/24
                  87.229.8.0/22
                  87.229.34.0/24
                  87.229.64.0/24
                  87.229.79.0-87.229.81.255
                  87.229.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:1f:df:47:19:65:bc:88:0f:b1:ec:8f:09:ad:fe:3b:f5:68:
         75:57:63:53:e2:98:ef:e4:5d:45:9f:89:76:f9:de:be:dd:da:
         ca:5c:63:12:af:63:02:bc:1b:70:e6:b0:11:98:6e:4f:48:d5:
         ce:13:cd:34:33:cc:28:cf:e7:db:83:0d:e9:64:94:ae:bd:63:
         27:8d:16:db:8b:19:38:6a:fb:a7:9a:d2:66:06:6d:7f:b7:31:
         cb:8b:39:d9:aa:ea:92:2b:df:f4:a5:8c:d6:53:78:1f:8f:37:
         9d:b3:4d:f4:68:76:a9:c8:37:1c:23:ff:cb:e5:04:3a:7d:4f:
         a7:12:4a:17:c9:bb:0a:e7:fb:18:31:4d:b6:bf:04:b1:62:57:
         48:50:d5:cd:16:d1:32:60:6a:a5:a1:cb:0b:4b:21:b2:47:70:
         c2:52:42:3b:e6:49:35:e6:f9:9f:d7:30:18:77:62:a2:ad:c2:
         4e:c1:24:35:3f:32:4e:c0:f4:c3:1b:04:44:ba:0a:b7:84:ed:
         cb:64:ee:a8:ff:ed:86:28:a6:c1:4f:6a:c5:c7:be:0e:38:96:
         63:f1:cb:7a:bd:50:ca:3c:70:51:f0:7b:0e:57:e3:3f:2c:93:
         f4:2f:b4:97:c8:29:05:e9:2f:f7:36:99:40:e6:6c:ef:3d:1d:
         97:bb:60:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZcltWjGrGiHmmYgsvPGEgSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNTMxMDkzODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2NiYmNjMmE0NDExMGRkMmYyZTRhYWE2MjcyOWFiMDY1Zjg3NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lNww3h2isi1o4X0Zm/1mwzhthME
6nc3oLU+xAjd7pUanzHxGTyD0DLHjIOlkhIyjcPi5AowQkObqnlwSCDjPcyXy5v5
/qQ5EVjtFJeHUU+ST4qN6oQjKsbTBPsmAJbNcutcetU02hObfoAAUj7mQmqmGlMi
bu5/vahsVTdXtU9w/WHoHTHBWDFU32Jj8Xp2LbVd1aHaXeENFfyrwDfo2LvWsJ+8
g01vEeyX4YdTJepn5SLjpl808s1LaMKcboOSzB5+N+irCSEJKR2p+rRCDIQSFxa/
SSw+9YklOtbG91Ncy0lTCXF4OemhyC0yXKh9jwe3OInljs9F2A/Xmsv8DQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFLPLvMKkQRDdLy5KqmJymrBl+HT7MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvczh1OHdxUkJFTjB2TGtxcVluS2FzR1g0ZFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAT6zBAwQA
T6zQAwQAT6zkAwQCV+UIAwQAV+UiAwQAV+VAMAwDBABX5U8DBAFX5VADBAFX5Xww
DQYJKoZIhvcNAQELBQADggEBAEgf30cZZbyID7Hsjwmt/jv1aHVXY1PimO/kXUWf
iXb53r7d2spcYxKvYwK8G3DmsBGYbk9I1c4TzTQzzCjP59uDDelklK69YyeNFtuL
GThq+6ea0mYGbX+3McuLOdmq6pIr3/SljNZTeB+PN52zTfRodqnINxwj/8vlBDp9
T6cSShfJuwrn+xgxTba/BLFiV0hQ1c0W0TJgaqWhywtLIbJHcMJSQjvmSTXm+Z/X
MBh3YqKtwk7BJDU/Mk7A9MMbBES6CreE7ctk7qj/7YYopsFPasXHvg44lmPxy3q9
UMo8cFHwew5X4z8sk/QvtJfIKQXpL/c2mUDmbO89HZe7YMw=
-----END CERTIFICATE-----