Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/YYrOdZ7hE0ZJrKzi6AgktZsmPXk.roa
File:                     YYrOdZ7hE0ZJrKzi6AgktZsmPXk.roa (raw, json)
Hash identifier:          UhmgBEwBcvnk/zBO6oIYEmDmpGqDW6ZzSh/Z+rpKjeA=
Subject key identifier:   61:8A:CE:75:9E:E1:13:46:49:AC:AC:E2:E8:08:24:B5:9B:26:3D:79
Certificate issuer:       /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial:       01941FFA331FB3EDDBC838E01543ACEDD448
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/YYrOdZ7hE0ZJrKzi6AgktZsmPXk.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58172
IP address blocks:        91.239.101.0/24 maxlen: 24
                          128.127.98.0/24 maxlen: 24
                          128.127.99.0/24 maxlen: 24
                          128.127.100.0/24 maxlen: 24
                          128.127.101.0/24 maxlen: 24
                          128.127.102.0/24 maxlen: 24
                          128.127.103.0/24 maxlen: 24
                          178.20.176.0/24 maxlen: 24
                          178.20.177.0/24 maxlen: 24
                          178.20.178.0/24 maxlen: 24
                          178.20.179.0/24 maxlen: 24
                          178.20.180.0/24 maxlen: 24
                          178.20.181.0/24 maxlen: 24
                          178.20.182.0/24 maxlen: 24
                          178.20.183.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 30 Jan 2025 10:55:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:33:1f:b3:ed:db:c8:38:e0:15:43:ac:ed:d4:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=618ace759ee1134649acace2e80824b59b263d79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:64:5c:6b:d3:b4:05:19:f6:52:94:76:97:78:
                    9d:b0:0d:63:1b:71:73:e1:88:46:5c:d7:0e:15:cc:
                    8f:42:0c:df:fc:dc:10:11:4f:f2:b9:02:70:31:19:
                    43:d5:08:75:4a:e8:be:0b:a3:2a:82:4c:38:e2:c2:
                    5e:8b:70:e3:ca:3d:ff:fc:97:17:ad:86:5e:eb:a2:
                    c0:44:18:ad:a7:82:aa:8b:de:85:4e:96:9a:b4:a2:
                    d5:3c:00:5b:d8:45:ca:c2:87:2f:36:bd:8b:70:1b:
                    12:ec:85:75:71:bf:7a:27:14:ea:13:a4:8c:3c:6d:
                    f9:5d:e8:7c:c6:35:1c:43:af:71:d7:85:cf:b7:e0:
                    26:e7:3a:99:24:9b:0c:60:23:32:81:ba:8c:9c:41:
                    4e:04:04:79:51:98:9e:3b:e7:7e:41:dc:d3:a2:2b:
                    1a:fd:d6:2e:6f:f6:76:41:c4:82:c6:3b:dc:8d:12:
                    17:f7:4c:ab:fd:72:66:6a:e5:35:ad:3b:a0:2b:8f:
                    35:08:6d:11:9b:58:dc:d8:88:2a:54:48:df:cd:d5:
                    f9:b4:57:0e:57:65:d0:8b:1a:87:91:3b:5a:eb:cd:
                    90:0e:bb:5e:45:db:09:73:c0:8e:ae:9a:56:b8:51:
                    76:e9:78:77:d4:06:c5:3a:9d:7d:06:d7:e2:09:60:
                    33:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:8A:CE:75:9E:E1:13:46:49:AC:AC:E2:E8:08:24:B5:9B:26:3D:79
            X509v3 Authority Key Identifier:
                keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/YYrOdZ7hE0ZJrKzi6AgktZsmPXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.101.0/24
                  128.127.98.0-128.127.103.255
                  178.20.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bf:38:ef:f1:61:b5:eb:e9:7b:84:81:00:4c:4a:d2:07:eb:be:
         7c:64:e1:ce:34:39:a8:ab:50:60:be:f8:84:d8:a5:be:63:80:
         0e:49:15:88:64:0e:9a:20:4c:9c:ff:dd:78:08:b0:47:62:1c:
         c7:dd:3b:75:9e:02:68:66:da:08:cc:77:c0:c9:82:80:4f:cc:
         98:6e:54:92:d1:75:0d:3f:9b:34:2d:cf:3b:1a:14:e3:2c:30:
         89:cf:69:8c:5b:df:bf:c4:28:28:ec:78:27:34:ed:13:95:73:
         58:1c:7d:6e:14:67:02:56:98:78:7c:90:c8:29:32:06:ec:02:
         3c:9a:c0:3e:6b:f8:a5:5e:20:67:4b:5f:bf:d7:5b:89:a3:4e:
         00:74:39:70:65:7e:5a:aa:dc:f8:45:76:90:30:7e:03:89:09:
         03:fd:d8:ca:52:36:d0:0f:af:d1:66:e4:c8:98:29:f6:9c:77:
         fb:4d:ba:af:43:03:80:7c:61:e3:cf:0f:07:5f:17:5c:3f:f2:
         df:e8:9f:fd:fc:b8:98:de:dc:92:db:0e:6e:06:67:9c:e5:0a:
         9e:7f:e2:0c:29:b8:e2:d1:d5:33:aa:a2:36:a7:a3:e1:de:4c:
         bf:0d:01:94:c5:e6:41:05:a4:0b:6d:1e:71:b1:93:7b:e0:68:
         4e:a4:ee:b4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQf+jMfs+3byDjgFUOs7dRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MThhY2U3NTllZTExMzQ2NDlhY2FjZTJlODA4MjRiNTliMjYzZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Rca9O0BRn2UpR2l3idsA1jG3Fz
4YhGXNcOFcyPQgzf/NwQEU/yuQJwMRlD1Qh1Sui+C6Mqgkw44sJei3Djyj3//JcX
rYZe66LARBitp4Kqi96FTpaatKLVPABb2EXKwocvNr2LcBsS7IV1cb96JxTqE6SM
PG35Xeh8xjUcQ69x14XPt+Am5zqZJJsMYCMygbqMnEFOBAR5UZieO+d+QdzToisa
/dYub/Z2QcSCxjvcjRIX90yr/XJmauU1rTugK481CG0Rm1jc2IgqVEjfzdX5tFcO
V2XQixqHkTta682QDrteRdsJc8COrppWuFF26Xh31AbFOp19BtfiCWAz+wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGGKznWe4RNGSays4ugIJLWbJj15MB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvWVlyT2RaN2hFMFpKckt6aTZBZ2t0WnNtUFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAW+9lMAwD
BAGAf2IDBAOAf2ADBAOyFLAwDQYJKoZIhvcNAQELBQADggEBAL847/Fhtevpe4SB
AExK0gfrvnxk4c40OairUGC++ITYpb5jgA5JFYhkDpogTJz/3XgIsEdiHMfdO3We
Amhm2gjMd8DJgoBPzJhuVJLRdQ0/mzQtzzsaFOMsMInPaYxb37/EKCjseCc07ROV
c1gcfW4UZwJWmHh8kMgpMgbsAjyawD5r+KVeIGdLX7/XW4mjTgB0OXBlflqq3PhF
dpAwfgOJCQP92MpSNtAPr9Fm5MiYKfacd/tNuq9DA4B8YePPDwdfF1w/8t/on/38
uJje3JLbDm4GZ5zlCp5/4gwpuOLR1TOqojano+HeTL8NAZTF5kEFpAttHnGxk3vg
aE6k7rQ=
-----END CERTIFICATE-----