Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/QoiwAQScg-dc95rPf84B4Wox308.roa
File:                     QoiwAQScg-dc95rPf84B4Wox308.roa (raw, json)
Hash identifier:          hUermyWOUkw0vBALgvfn4enLT/yI9Ja11y+e6Svk8t0=
Subject key identifier:   42:88:B0:01:04:9C:83:E7:5C:F7:9A:CF:7F:CE:01:E1:6A:31:DF:4F
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01991515F37B97AF23918843CF12DD3AF9B3
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/QoiwAQScg-dc95rPf84B4Wox308.roa
Signing time:             Thu 04 Sep 2025 14:16:23 +0000
ROA not before:           Thu 04 Sep 2025 14:16:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214413
IP address blocks:        195.40.72.0/22 maxlen: 24
                          195.40.76.0/23 maxlen: 24
                          195.40.82.0/23 maxlen: 24
                          195.40.94.0/23 maxlen: 24
                          195.40.176.0/22 maxlen: 24
                          195.40.182.0/23 maxlen: 24
                          212.134.8.0/23 maxlen: 24
                          212.134.12.0/22 maxlen: 24
                          212.134.66.0/23 maxlen: 24
                          212.134.68.0/22 maxlen: 24
                          212.134.76.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Fri 05 Sep 2025 14:59:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:15:f3:7b:97:af:23:91:88:43:cf:12:dd:3a:f9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep  4 14:16:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4288b001049c83e75cf79acf7fce01e16a31df4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9a:50:29:7e:c3:8d:a1:aa:82:b1:ba:70:1e:
                    00:72:83:32:66:73:99:1d:d3:4b:10:15:9e:25:2b:
                    97:a1:4f:92:bc:68:20:1e:a9:5c:36:a5:e2:66:93:
                    66:03:ed:8e:71:86:1b:00:93:e7:ef:96:ec:bf:90:
                    a6:bc:07:e6:32:4e:e6:1a:2b:99:43:8c:e5:2c:b4:
                    71:4d:a3:42:1e:d5:13:57:f6:ef:99:17:5d:43:f4:
                    c2:5e:4b:b6:66:d5:cf:27:ac:b5:61:18:9f:a0:9e:
                    6f:5e:a3:75:80:20:a8:a4:55:15:db:78:f6:b4:76:
                    9b:63:f1:56:76:28:a4:ee:c9:6f:68:fa:ce:c6:06:
                    a7:82:e6:73:18:c0:b2:12:f8:81:6b:bc:40:81:56:
                    a6:d8:77:e1:6f:0f:8d:13:5c:79:bb:a5:c6:a2:c5:
                    f0:f7:a3:1a:c0:e8:b8:83:df:19:18:a7:78:2b:42:
                    e8:71:4a:7b:23:19:b6:f5:fb:59:eb:70:20:0d:d8:
                    b7:dd:be:9a:df:06:a9:31:f4:43:2e:eb:57:40:19:
                    32:8a:ab:bb:82:54:63:06:21:47:bc:eb:91:a0:62:
                    3d:22:f6:28:60:64:e2:75:38:5e:b5:de:89:02:d2:
                    7b:94:e8:41:6e:bd:51:b2:94:12:8b:8a:a2:50:fa:
                    17:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:88:B0:01:04:9C:83:E7:5C:F7:9A:CF:7F:CE:01:E1:6A:31:DF:4F
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/QoiwAQScg-dc95rPf84B4Wox308.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.40.72.0-195.40.77.255
                  195.40.82.0/23
                  195.40.94.0/23
                  195.40.176.0/22
                  195.40.182.0/23
                  212.134.8.0/23
                  212.134.12.0/22
                  212.134.66.0-212.134.71.255
                  212.134.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:38:cd:18:33:f7:c3:a5:52:8b:d7:11:76:5f:23:f9:ee:3f:
         6b:29:5e:21:97:86:02:b3:5e:53:97:4e:38:7f:72:bc:32:41:
         e9:d4:e2:9c:f1:40:4e:f6:9e:18:5d:3d:30:1c:6b:8b:c0:ba:
         62:37:d6:cf:36:12:75:3c:b7:66:0a:c7:1b:3b:be:7e:20:b9:
         9f:9a:61:59:0b:7e:92:83:ff:47:89:b1:50:0d:27:8f:25:72:
         10:fd:d2:d4:8c:c7:87:46:1f:94:13:63:61:16:34:e3:21:73:
         2c:65:ff:a2:b1:8c:5b:ea:b7:be:ca:e7:1d:f5:af:a3:0f:1d:
         5d:b4:fd:bb:06:a0:9c:19:74:60:1d:57:d8:0b:1d:30:5e:e4:
         ae:c5:fb:fc:3e:03:f6:90:6d:a4:70:b0:aa:65:a1:67:e6:51:
         87:0e:c5:0b:6a:55:6c:e3:06:4d:94:08:fd:82:27:21:5a:e2:
         59:8b:02:1e:de:ea:b7:02:63:8f:b2:b8:03:38:57:0c:2b:7b:
         f8:83:8d:f6:f6:30:5b:10:c6:ff:80:5d:a0:c1:f2:ca:e6:00:
         f5:b4:b7:4e:e4:1a:5e:b2:e1:e8:39:53:28:c3:fd:fe:7b:70:
         00:f1:8a:c4:1d:5f:69:36:73:6d:6c:b9:43:58:f1:74:c9:53:
         65:72:17:5f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZkVFfN7l68jkYhDzxLdOvmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTA0MTQxNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg4YjAwMTA0OWM4M2U3NWNmNzlhY2Y3ZmNlMDFlMTZhMzFkZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZpQKX7DjaGqgrG6cB4AcoMyZnOZ
HdNLEBWeJSuXoU+SvGggHqlcNqXiZpNmA+2OcYYbAJPn75bsv5CmvAfmMk7mGiuZ
Q4zlLLRxTaNCHtUTV/bvmRddQ/TCXku2ZtXPJ6y1YRifoJ5vXqN1gCCopFUV23j2
tHabY/FWdiik7slvaPrOxganguZzGMCyEviBa7xAgVam2Hfhbw+NE1x5u6XGosXw
96MawOi4g98ZGKd4K0LocUp7Ixm29ftZ63AgDdi33b6a3wapMfRDLutXQBkyiqu7
glRjBiFHvOuRoGI9IvYoYGTidThetd6JAtJ7lOhBbr1RspQSi4qiUPoXjQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEKIsAEEnIPnXPeaz3/OAeFqMd9PMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUW9pd0FRU2NnLWRjOTVyUGY4NEI0V294MzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAPDKEgD
BAHDKEwDBAHDKFIDBAHDKF4DBALDKLADBAHDKLYDBAHUhggDBALUhgwwDAMEAdSG
QgMEA9SGQAMEAtSGTDANBgkqhkiG9w0BAQsFAAOCAQEAVzjNGDP3w6VSi9cRdl8j
+e4/ayleIZeGArNeU5dOOH9yvDJB6dTinPFATvaeGF09MBxri8C6YjfWzzYSdTy3
ZgrHGzu+fiC5n5phWQt+koP/R4mxUA0njyVyEP3S1IzHh0YflBNjYRY04yFzLGX/
orGMW+q3vsrnHfWvow8dXbT9uwagnBl0YB1X2AsdMF7krsX7/D4D9pBtpHCwqmWh
Z+ZRhw7FC2pVbOMGTZQI/YInIVriWYsCHt7qtwJjj7K4AzhXDCt7+ION9vYwWxDG
/4BdoMHyyuYA9bS3TuQaXrLh6DlTKMP9/ntwAPGKxB1faTZzbWy5Q1jxdMlTZXIX
Xw==
-----END CERTIFICATE-----