Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gztpyas8D2Pubg0jZRRiKf__VPg.roa
File:                     Gztpyas8D2Pubg0jZRRiKf__VPg.roa (raw, json)
Hash identifier:          vxRczBYHVv1JA3+6+yg9OMo9FTQ+g/DYSwq9lkAaGR0=
Subject key identifier:   1B:3B:69:C9:AB:3C:0F:63:EE:6E:0D:23:65:14:62:29:FF:FF:54:F8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194755F49358BECAF12502FAE44604AF55E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gztpyas8D2Pubg0jZRRiKf__VPg.roa
Signing time:             Fri 17 Jan 2025 17:46:06 +0000
ROA not before:           Fri 17 Jan 2025 17:46:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 30 Jan 2025 06:39:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:75:5f:49:35:8b:ec:af:12:50:2f:ae:44:60:4a:f5:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 17 17:46:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b3b69c9ab3c0f63ee6e0d2365146229ffff54f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:27:f4:20:af:60:68:ae:8d:4e:73:a8:20:1d:
                    67:d4:63:13:22:db:50:df:e9:86:f7:54:fe:b8:00:
                    cb:d3:c8:61:b3:cb:6d:9d:76:8a:04:4f:aa:99:91:
                    1f:44:d7:90:fc:57:6d:89:4f:4c:7f:61:74:c7:ee:
                    a4:fd:59:5f:15:83:bd:4a:82:74:f7:a2:6b:31:8a:
                    6e:1c:b7:6b:15:83:cc:b4:36:2e:a6:0f:71:bd:22:
                    32:ca:76:e2:b5:00:7d:66:88:73:d2:25:75:04:01:
                    e5:92:5d:65:ec:c7:6d:57:e6:34:ff:44:af:da:15:
                    12:8a:97:61:40:06:5c:6c:66:e0:6e:8b:86:a3:8e:
                    1c:79:2b:7a:9d:24:03:b0:0a:f0:12:15:26:2e:5c:
                    6f:7e:e9:a3:cc:d9:1a:bb:4e:48:86:1f:36:da:9b:
                    76:e5:37:ee:96:f9:0b:cc:3a:b3:f0:b8:08:88:3d:
                    8f:d2:72:36:72:5b:55:d3:18:ee:3b:59:b4:38:58:
                    99:b9:1e:fe:d7:a7:45:72:45:4c:8d:95:d1:03:b6:
                    34:8c:24:17:bd:0f:57:06:14:d7:e5:a0:a9:60:2b:
                    c9:09:27:8e:60:32:67:87:2f:97:05:be:c8:ec:ff:
                    ff:84:d3:50:8d:e5:b1:eb:91:2a:c3:b5:e2:f0:b9:
                    00:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3B:69:C9:AB:3C:0F:63:EE:6E:0D:23:65:14:62:29:FF:FF:54:F8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gztpyas8D2Pubg0jZRRiKf__VPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         97:e4:b7:43:67:65:23:09:c6:60:79:48:07:63:e5:db:c4:62:
         84:30:cb:f9:6c:bb:c4:6e:d1:63:c0:79:99:b8:5a:aa:21:52:
         bc:43:a6:1e:aa:db:69:ea:2c:75:4b:99:db:65:11:99:cf:1f:
         b6:f8:02:e5:5c:30:3d:f4:53:d8:a2:d1:b4:df:9f:95:b8:d9:
         b0:88:4e:6b:2b:a2:63:21:6a:04:d0:88:3a:84:d1:18:cf:8f:
         f6:b6:49:54:ff:54:56:77:ef:3b:b2:af:22:ac:3b:09:5e:f3:
         b6:6d:13:1a:c8:6f:3f:5c:22:50:db:25:9b:d1:71:e7:e3:09:
         a2:ca:f1:70:f2:74:f7:74:94:4d:2a:fc:4a:23:fe:96:89:09:
         3b:92:ee:e1:f5:5c:d3:7e:f1:67:fe:3f:15:3f:3f:fe:2b:f4:
         5a:4c:0b:b2:88:4f:f5:5f:27:16:1d:fc:42:d3:a0:66:04:47:
         d9:1d:89:75:78:22:65:1f:b2:9a:5c:8e:95:cf:9c:d1:c6:a6:
         34:8a:51:a7:b9:fb:00:9e:da:06:7c:65:69:8c:c8:57:01:17:
         92:bb:eb:c4:65:85:8d:bb:a5:c4:5a:14:33:15:0a:42:d3:49:
         d1:09:9b:ef:74:53:9e:0f:f0:fe:b5:88:9b:a0:cc:ae:26:f2:
         4e:3f:80:3d
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZR1X0k1i+yvElAvrkRgSvVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTE3MTc0NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNiNjljOWFiM2MwZjYzZWU2ZTBkMjM2NTE0NjIyOWZmZmY1NGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Sf0IK9gaK6NTnOoIB1n1GMTIttQ
3+mG91T+uADL08hhs8ttnXaKBE+qmZEfRNeQ/FdtiU9Mf2F0x+6k/VlfFYO9SoJ0
96JrMYpuHLdrFYPMtDYupg9xvSIyynbitQB9Zohz0iV1BAHlkl1l7MdtV+Y0/0Sv
2hUSipdhQAZcbGbgbouGo44ceSt6nSQDsArwEhUmLlxvfumjzNkau05Ihh822pt2
5TfulvkLzDqz8LgIiD2P0nI2cltV0xjuO1m0OFiZuR7+16dFckVMjZXRA7Y0jCQX
vQ9XBhTX5aCpYCvJCSeOYDJnhy+XBb7I7P//hNNQjeWx65Eqw7Xi8LkAYQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFBs7acmrPA9j7m4NI2UUYin//1T4MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR3p0cHlhczhEMlB1YmcwalpSUmlLZl9fVlBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAJcrBMAwD
BAAlysMDBAElysgwDAMEAZfz9gMEAZfz/DANBgkqhkiG9w0BAQsFAAOCAQEAl+S3
Q2dlIwnGYHlIB2Pl28RihDDL+Wy7xG7RY8B5mbhaqiFSvEOmHqrbaeosdUuZ22UR
mc8ftvgC5VwwPfRT2KLRtN+flbjZsIhOayuiYyFqBNCIOoTRGM+P9rZJVP9UVnfv
O7KvIqw7CV7ztm0TGshvP1wiUNslm9Fx5+MJosrxcPJ093SUTSr8SiP+lokJO5Lu
4fVc037xZ/4/FT8//iv0WkwLsohP9V8nFh38QtOgZgRH2R2JdXgiZR+ymlyOlc+c
0camNIpRp7n7AJ7aBnxlaYzIVwEXkrvrxGWFjbulxFoUMxUKQtNJ0Qmb73RTng/w
/rWIm6DMribyTj+APQ==
-----END CERTIFICATE-----