Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/6HrwZNpbvYhhYfLli8aXSDjbSHQ.roa
File:                     6HrwZNpbvYhhYfLli8aXSDjbSHQ.roa (raw, json)
Hash identifier:          C9qYI6bwZJAdML2cWWUkqzAkp8NeMEC0TRE5K5vg7C8=
Subject key identifier:   E8:7A:F0:64:DA:5B:BD:88:61:61:F2:E5:8B:C6:97:48:38:DB:48:74
Certificate issuer:       /CN=ffbcae2b290c801d57d09d025a9348e16706f182
Certificate serial:       019427B58F92A1184FB49892EFC22F9DA21D
Authority key identifier: FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/6HrwZNpbvYhhYfLli8aXSDjbSHQ.roa
Signing time:             Thu 02 Jan 2025 15:49:57 +0000
ROA not before:           Thu 02 Jan 2025 15:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198537
IP address blocks:        37.221.100.0/22 maxlen: 24
                          45.159.236.0/22 maxlen: 24
                          77.83.40.0/22 maxlen: 24
                          91.209.115.0/24 maxlen: 24
                          91.209.149.0/24 maxlen: 24
                          91.236.32.0/22 maxlen: 24
                          185.146.52.0/22 maxlen: 24
                          194.53.1.0/24 maxlen: 24
                          194.53.2.0/24 maxlen: 24
                          194.53.61.0/24 maxlen: 24
                          195.14.26.0/23 maxlen: 24
                          195.14.112.0/23 maxlen: 24
                          2a07:4bc0::/29 maxlen: 48
Validation:               Failed, certificate revoked on Wed 02 Apr 2025 07:40:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:8f:92:a1:18:4f:b4:98:92:ef:c2:2f:9d:a2:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffbcae2b290c801d57d09d025a9348e16706f182
        Validity
            Not Before: Jan  2 15:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e87af064da5bbd886161f2e58bc6974838db4874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4e:fb:dc:b1:da:a9:7a:bb:4a:3d:e5:ca:4a:
                    03:a2:8e:9d:ab:4e:fe:9e:26:1c:f8:b4:72:e2:b4:
                    7b:a7:84:c7:07:ff:e0:f1:75:c0:32:6f:ad:ad:1c:
                    88:0d:ec:1f:29:75:ba:26:58:71:4c:45:b4:fe:47:
                    16:b7:ed:17:3d:a3:7c:b7:92:83:11:7e:c7:65:0b:
                    61:47:d5:46:44:77:0c:f4:5d:f3:40:78:5c:71:01:
                    81:ae:1e:d0:b6:55:66:ac:c1:b0:50:d5:d3:cd:03:
                    b9:96:61:db:b3:34:a7:69:17:7a:89:c3:8d:73:c7:
                    db:09:55:0f:09:45:b1:8f:8f:6e:1e:cb:b0:42:98:
                    f7:a7:9b:c6:01:5d:5b:8b:f4:5f:5a:44:46:cd:3c:
                    d9:2b:63:80:86:9f:79:2c:da:0a:2a:03:41:ab:fd:
                    0d:ff:a7:76:75:4a:12:c4:55:9a:b9:cb:bc:b6:54:
                    c1:22:f7:9b:2d:d9:ea:92:de:d2:d6:20:e1:19:b9:
                    c3:04:67:c4:57:5c:9f:24:26:03:05:3e:1d:1c:c6:
                    1a:79:04:4a:ea:61:13:07:9d:ba:d1:e9:0c:fd:36:
                    5c:fc:a2:b9:da:22:22:24:da:f4:17:e2:56:2f:68:
                    e4:fb:2e:1a:66:b2:82:14:8d:e3:b5:9e:f3:31:1d:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7A:F0:64:DA:5B:BD:88:61:61:F2:E5:8B:C6:97:48:38:DB:48:74
            X509v3 Authority Key Identifier:
                keyid:FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/6HrwZNpbvYhhYfLli8aXSDjbSHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/_7yuKykMgB1X0J0CWpNI4WcG8YI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.100.0/22
                  45.159.236.0/22
                  77.83.40.0/22
                  91.209.115.0/24
                  91.209.149.0/24
                  91.236.32.0/22
                  185.146.52.0/22
                  194.53.1.0-194.53.2.255
                  194.53.61.0/24
                  195.14.26.0/23
                  195.14.112.0/23
                IPv6:
                  2a07:4bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:54:da:83:0b:e5:de:0d:3d:27:cc:9a:79:07:41:f8:23:c0:
         2e:20:82:ac:56:e7:a1:80:71:40:fe:6d:1d:30:34:01:fe:cb:
         b3:79:4d:b2:7a:40:8d:be:19:0e:ff:90:0b:48:50:e9:f2:c8:
         34:6c:77:84:b6:d8:07:e3:1d:e4:ba:99:d2:ad:c4:8e:f4:04:
         52:47:72:67:e6:2b:05:11:1c:7d:77:1a:ed:4a:97:7c:8e:e9:
         d0:6f:91:17:69:5e:8c:40:62:5c:f6:04:a4:0d:3d:f2:80:a3:
         75:b1:d9:d5:67:21:82:ce:9e:1f:f4:b2:33:b8:a2:a7:8d:f5:
         68:30:11:4b:10:c4:50:b7:89:e8:d3:9b:35:65:d0:f7:83:07:
         c8:f1:b8:bf:90:4a:f3:5e:d7:9e:95:e2:3d:77:42:80:42:19:
         92:3e:28:70:24:47:4f:f1:17:5b:1c:ac:59:f9:2c:52:79:a3:
         46:b8:f2:4b:82:57:7f:41:14:f7:25:c8:da:22:13:f3:c6:48:
         23:bb:87:d2:17:16:7b:20:bd:b5:d1:b8:60:87:5a:69:e5:72:
         21:0f:ea:bd:b0:fe:58:6f:81:bf:40:3c:4d:1a:75:c2:39:61:
         2e:8d:3c:11:b3:c3:1e:34:fe:e0:b6:68:bc:11:41:04:8b:4a:
         f3:a7:29:ab
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZQntY+SoRhPtJiS78IvnaIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYmNhZTJiMjkwYzgwMWQ1N2QwOWQwMjVhOTM0OGUxNjcw
NmYxODIwHhcNMjUwMTAyMTU0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODdhZjA2NGRhNWJiZDg4NjE2MWYyZTU4YmM2OTc0ODM4ZGI0ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE773LHaqXq7Sj3lykoDoo6dq07+
niYc+LRy4rR7p4THB//g8XXAMm+trRyIDewfKXW6JlhxTEW0/kcWt+0XPaN8t5KD
EX7HZQthR9VGRHcM9F3zQHhccQGBrh7QtlVmrMGwUNXTzQO5lmHbszSnaRd6icON
c8fbCVUPCUWxj49uHsuwQpj3p5vGAV1bi/RfWkRGzTzZK2OAhp95LNoKKgNBq/0N
/6d2dUoSxFWaucu8tlTBIvebLdnqkt7S1iDhGbnDBGfEV1yfJCYDBT4dHMYaeQRK
6mETB5260ekM/TZc/KK52iIiJNr0F+JWL2jk+y4aZrKCFI3jtZ7zMR3OoQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFOh68GTaW72IYWHy5YvGl0g420h0MB8GA1UdIwQY
MBaAFP+8rispDIAdV9CdAlqTSOFnBvGCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAt
MDk2YWY0NzhmMDRiLzEvNkhyd1pOcGJ2WWhoWWZMbGk4YVhTRGpiU0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAtMDk2YWY0NzhmMDRi
LzEvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCJd1kAwQC
LZ/sAwQCTVMoAwQAW9FzAwQAW9GVAwQCW+wgAwQCuZI0MAwDBADCNQEDBADCNQID
BADCNT0DBAHDDhoDBAHDDnAwDQQCAAIwBwMFAyoHS8AwDQYJKoZIhvcNAQELBQAD
ggEBACJU2oML5d4NPSfMmnkHQfgjwC4ggqxW56GAcUD+bR0wNAH+y7N5TbJ6QI2+
GQ7/kAtIUOnyyDRsd4S22AfjHeS6mdKtxI70BFJHcmfmKwURHH13Gu1Kl3yO6dBv
kRdpXoxAYlz2BKQNPfKAo3Wx2dVnIYLOnh/0sjO4oqeN9WgwEUsQxFC3iejTmzVl
0PeDB8jxuL+QSvNe156V4j13QoBCGZI+KHAkR0/xF1scrFn5LFJ5o0a48kuCV39B
FPclyNoiE/PGSCO7h9IXFnsgvbXRuGCHWmnlciEP6r2w/lhvgb9APE0adcI5YS6N
PBGzwx40/uC2aLwRQQSLSvOnKas=
-----END CERTIFICATE-----