Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/15b16a-f76b-41a4-88bc-91cf616d2c52/1/dhamWWO_nvTATgDToh1_PYNugZw.roa
File:                     dhamWWO_nvTATgDToh1_PYNugZw.roa (raw, json)
Hash identifier:          OzczfxCYnaIlbLRPtoIADRVApcr+Hojl7jo2QGY+tu4=
Subject key identifier:   76:16:A6:59:63:BF:9E:F4:C0:4E:00:D3:A2:1D:7F:3D:83:6E:81:9C
Certificate issuer:       /CN=4044fd1980ba01788a353a26fef8954ed7c11f96
Certificate serial:       01963EEAFFA9C4BA70FF8BBD0997CD1585B2
Authority key identifier: 40:44:FD:19:80:BA:01:78:8A:35:3A:26:FE:F8:95:4E:D7:C1:1F:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QET9GYC6AXiKNTom_viVTtfBH5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/15b16a-f76b-41a4-88bc-91cf616d2c52/1/dhamWWO_nvTATgDToh1_PYNugZw.roa
Signing time:             Wed 16 Apr 2025 14:05:10 +0000
ROA not before:           Wed 16 Apr 2025 14:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62365
IP address blocks:        80.249.116.0/22 maxlen: 22
                          139.28.0.0/22 maxlen: 22
                          141.98.144.0/22 maxlen: 22
                          155.133.200.0/21 maxlen: 21
                          155.133.208.0/20 maxlen: 20
                          185.38.48.0/22 maxlen: 22
                          185.202.180.0/22 maxlen: 22
                          185.206.240.0/22 maxlen: 22
                          194.233.104.0/22 maxlen: 22
                          2a00:fda0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 10:46:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:ea:ff:a9:c4:ba:70:ff:8b:bd:09:97:cd:15:85:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4044fd1980ba01788a353a26fef8954ed7c11f96
        Validity
            Not Before: Apr 16 14:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7616a65963bf9ef4c04e00d3a21d7f3d836e819c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:86:4b:e1:b3:b8:ab:76:35:84:24:d2:5b:ce:
                    b2:51:94:43:74:ed:e9:89:01:ab:e0:58:a4:3e:72:
                    94:8a:79:73:0b:cb:f3:76:41:95:51:a8:45:4b:cd:
                    d1:b2:df:65:54:7d:44:1c:15:86:01:a3:e0:a9:73:
                    31:bd:8b:25:70:4f:c5:16:93:c0:3d:34:02:ea:71:
                    d3:06:93:e8:a1:aa:ab:24:44:14:de:ae:f0:ad:2a:
                    6e:83:20:81:42:34:4b:42:0e:6c:78:67:ae:7d:35:
                    fb:1f:42:23:2a:20:e0:46:33:91:fe:12:87:77:88:
                    ce:35:b4:43:cd:b9:a5:6f:85:ae:e5:19:ad:ce:94:
                    c6:c2:42:7e:a1:89:63:8e:17:bb:56:16:03:82:a1:
                    ea:a0:65:29:38:13:f6:03:23:76:4b:6b:fa:21:e2:
                    44:de:d8:59:53:db:9f:c1:21:1b:0c:ca:5a:4d:23:
                    06:7b:84:6e:c0:3d:29:b4:63:30:11:8f:c6:c9:0d:
                    51:4b:98:2a:0e:68:bd:30:cf:d9:68:8c:be:70:7b:
                    8d:fb:b3:ca:12:fd:03:da:42:87:d9:70:ab:81:20:
                    a3:58:37:3d:b6:68:92:85:31:ae:3d:09:bc:00:47:
                    ad:80:65:73:2f:33:ed:e9:4d:7e:ef:83:75:ab:d6:
                    40:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:16:A6:59:63:BF:9E:F4:C0:4E:00:D3:A2:1D:7F:3D:83:6E:81:9C
            X509v3 Authority Key Identifier:
                keyid:40:44:FD:19:80:BA:01:78:8A:35:3A:26:FE:F8:95:4E:D7:C1:1F:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QET9GYC6AXiKNTom_viVTtfBH5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/15b16a-f76b-41a4-88bc-91cf616d2c52/1/dhamWWO_nvTATgDToh1_PYNugZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/15b16a-f76b-41a4-88bc-91cf616d2c52/1/QET9GYC6AXiKNTom_viVTtfBH5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.116.0/22
                  139.28.0.0/22
                  141.98.144.0/22
                  155.133.200.0-155.133.223.255
                  185.38.48.0/22
                  185.202.180.0/22
                  185.206.240.0/22
                  194.233.104.0/22
                IPv6:
                  2a00:fda0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:45:c2:ce:8d:2e:7c:2a:43:d4:fc:e1:7d:75:b9:ad:aa:82:
         db:87:99:23:1e:49:ee:a6:f3:19:71:5e:f9:e1:52:1d:0a:5a:
         fb:3d:ba:6d:d6:5a:3e:fd:80:b2:23:54:0e:38:b5:66:e1:21:
         61:c9:dc:40:08:01:1d:cb:53:0f:c2:ad:83:c8:05:7c:cf:12:
         27:bc:46:5a:34:40:82:81:5e:27:f4:78:40:bd:7a:6f:3e:a6:
         32:93:07:f8:ec:7b:86:af:0c:d1:14:25:05:90:ad:f8:af:4f:
         0a:85:d0:c5:43:1c:d9:09:c5:e2:f0:78:38:a7:0d:e6:ab:3a:
         8e:a1:5a:c0:fa:30:1f:63:9d:55:47:f7:5b:e5:f2:ed:b6:f0:
         9b:92:94:48:76:37:0e:c3:3e:0b:00:bb:f3:24:de:e3:a0:8a:
         63:0f:32:78:07:6e:16:7e:33:7c:ab:35:f1:1d:61:96:44:b2:
         09:b1:4f:32:6f:cf:d8:0d:48:54:01:25:e2:0f:84:02:50:15:
         3f:b3:b9:c9:52:5f:44:51:00:d1:19:b3:19:94:5b:05:99:d8:
         92:35:41:b6:53:75:b4:a8:d3:1e:ef:93:ff:1e:4d:eb:78:d4:
         80:2d:f4:c6:2b:7a:25:bb:4e:84:bb:b8:ad:49:a0:47:30:f2:
         ca:54:3a:e2
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZY+6v+pxLpw/4u9CZfNFYWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNDRmZDE5ODBiYTAxNzg4YTM1M2EyNmZlZjg5NTRlZDdj
MTFmOTYwHhcNMjUwNDE2MTQwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjE2YTY1OTYzYmY5ZWY0YzA0ZTAwZDNhMjFkN2YzZDgzNmU4MTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoZL4bO4q3Y1hCTSW86yUZRDdO3p
iQGr4FikPnKUinlzC8vzdkGVUahFS83Rst9lVH1EHBWGAaPgqXMxvYslcE/FFpPA
PTQC6nHTBpPooaqrJEQU3q7wrSpugyCBQjRLQg5seGeufTX7H0IjKiDgRjOR/hKH
d4jONbRDzbmlb4Wu5RmtzpTGwkJ+oYljjhe7VhYDgqHqoGUpOBP2AyN2S2v6IeJE
3thZU9ufwSEbDMpaTSMGe4RuwD0ptGMwEY/GyQ1RS5gqDmi9MM/ZaIy+cHuN+7PK
Ev0D2kKH2XCrgSCjWDc9tmiShTGuPQm8AEetgGVzLzPt6U1+74N1q9ZAFQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHYWplljv570wE4A06Idfz2DboGcMB8GA1UdIwQY
MBaAFEBE/RmAugF4ijU6Jv74lU7XwR+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUVUOUdZQzZBWGlLTlRvbV92aVZUdGZCSDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8xNWIxNmEtZjc2Yi00MWE0LTg4YmMt
OTFjZjYxNmQyYzUyLzEvZGhhbVdXT19udlRBVGdEVG9oMV9QWU51Z1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8xNWIxNmEtZjc2Yi00MWE0LTg4YmMtOTFjZjYxNmQyYzUy
LzEvUUVUOUdZQzZBWGlLTlRvbV92aVZUdGZCSDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQCUPl0AwQC
ixwAAwQCjWKQMAwDBAObhcgDBAWbhcADBAK5JjADBAK5yrQDBAK5zvADBALC6Wgw
DQQCAAIwBwMFACoA/aAwDQYJKoZIhvcNAQELBQADggEBAMdFws6NLnwqQ9T84X11
ua2qgtuHmSMeSe6m8xlxXvnhUh0KWvs9um3WWj79gLIjVA44tWbhIWHJ3EAIAR3L
Uw/CrYPIBXzPEie8Rlo0QIKBXif0eEC9em8+pjKTB/jse4avDNEUJQWQrfivTwqF
0MVDHNkJxeLweDinDearOo6hWsD6MB9jnVVH91vl8u228JuSlEh2Nw7DPgsAu/Mk
3uOgimMPMngHbhZ+M3yrNfEdYZZEsgmxTzJvz9gNSFQBJeIPhAJQFT+zuclSX0RR
ANEZsxmUWwWZ2JI1QbZTdbSo0x7vk/8eTet41IAt9MYreiW7ToS7uK1JoEcw8spU
OuI=
-----END CERTIFICATE-----