Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cB63Z1r9bmszt3UiGrfRMzcDrIQ.roa
File:                     cB63Z1r9bmszt3UiGrfRMzcDrIQ.roa (raw, json)
Hash identifier:          OfqYE6/V3SpFkytUSLFQG0+N4mAevLSmPVVGZyUgGEs=
Subject key identifier:   70:1E:B7:67:5A:FD:6E:6B:33:B7:75:22:1A:B7:D1:33:37:03:AC:84
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194B5EF4EACDDB717CD49443D6F7C0F3C20
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cB63Z1r9bmszt3UiGrfRMzcDrIQ.roa
Signing time:             Thu 30 Jan 2025 06:39:06 +0000
ROA not before:           Thu 30 Jan 2025 06:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.243.16.0/20 maxlen: 20
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 02 Feb 2025 05:49:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b5:ef:4e:ac:dd:b7:17:cd:49:44:3d:6f:7c:0f:3c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 30 06:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=701eb7675afd6e6b33b775221ab7d1333703ac84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9d:db:45:f1:d3:ef:a4:c2:f6:ab:09:e3:15:
                    e2:90:45:fa:55:13:db:08:cf:9c:4b:4a:88:72:ad:
                    32:c5:e1:b8:5e:6c:19:6c:7c:db:d6:5d:d2:65:d6:
                    bb:02:d2:0a:d6:2c:9e:b4:e1:9a:1a:fd:ff:7a:48:
                    3d:e9:35:ae:49:8b:e5:a9:af:d2:1c:67:27:d9:33:
                    53:4a:1e:35:fb:86:77:2f:00:47:56:2a:11:00:59:
                    5c:bd:15:ba:c1:e9:31:78:c0:fb:05:43:3c:8f:34:
                    71:b7:bc:1d:1f:f3:8f:49:e3:f0:cb:7b:f9:3a:6b:
                    f9:31:fc:64:b8:a1:e5:46:20:0a:5d:bc:76:29:dc:
                    f0:cd:44:96:dc:5a:ac:14:0b:4f:9c:ef:b8:c0:dc:
                    4a:11:5a:e0:6d:02:08:8d:12:36:dd:2a:0d:cd:19:
                    cd:3c:ea:4d:7d:e4:4b:c8:f8:54:7c:aa:a4:fb:8a:
                    82:36:c0:24:37:2a:68:92:9a:8b:30:56:ac:bc:dc:
                    3c:e7:3b:cf:ec:f8:e2:6d:2e:37:37:f0:91:05:79:
                    7b:43:8d:a2:6a:9b:fd:c5:c1:99:09:5e:e9:1a:41:
                    7b:c4:89:e4:c7:14:c3:51:ed:85:ee:77:8a:37:9b:
                    a4:37:55:06:05:7b:c2:23:01:a9:ca:98:03:87:5a:
                    bc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1E:B7:67:5A:FD:6E:6B:33:B7:75:22:1A:B7:D1:33:37:03:AC:84
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/cB63Z1r9bmszt3UiGrfRMzcDrIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.243.16.0/20
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         21:d4:9a:6d:f0:97:91:6f:c5:75:cf:93:17:f6:04:20:64:12:
         dd:a3:b2:9d:86:0b:84:5a:ae:4f:90:1d:18:ca:1f:16:4e:46:
         a6:f1:79:d2:a8:7f:35:2f:7a:e1:d2:3d:10:32:cd:41:37:18:
         cf:85:da:36:4b:73:64:7c:0f:fc:2e:f1:c5:76:a5:b0:9f:f7:
         ef:31:45:c0:49:55:7f:f2:02:22:0c:94:05:ad:48:9c:5e:d6:
         1c:c1:28:85:e3:1b:f5:d0:cc:d1:30:ef:8d:35:c3:4d:67:bf:
         67:9d:c0:b6:d4:2b:3f:d1:81:b3:dd:a7:e9:c2:28:02:cb:f1:
         ad:b9:9c:8d:87:89:47:16:41:ee:8d:c1:bd:26:36:30:2b:a7:
         b2:17:36:29:04:49:15:46:d1:9f:b7:f4:8b:c0:24:82:52:ae:
         c3:93:df:59:82:ba:8a:94:55:03:1f:24:49:77:43:28:29:3d:
         55:3c:5e:cb:07:1c:49:33:f9:8b:79:2f:e4:45:d6:20:4a:15:
         a7:49:6a:93:4a:94:17:6b:db:2b:d7:6f:c2:55:fa:73:de:eb:
         51:3d:0b:7c:c8:4d:cb:f7:da:8b:55:04:ea:d1:4c:8b:39:6a:
         dc:c1:b2:c0:8d:7d:ce:14:62:ac:84:16:a5:51:19:58:1a:51:
         c9:71:2a:b0
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZS1706s3bcXzUlEPW98DzwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTMwMDYzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFlYjc2NzVhZmQ2ZTZiMzNiNzc1MjIxYWI3ZDEzMzM3MDNhYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm53bRfHT76TC9qsJ4xXikEX6VRPb
CM+cS0qIcq0yxeG4XmwZbHzb1l3SZda7AtIK1iyetOGaGv3/ekg96TWuSYvlqa/S
HGcn2TNTSh41+4Z3LwBHVioRAFlcvRW6wekxeMD7BUM8jzRxt7wdH/OPSePwy3v5
Omv5MfxkuKHlRiAKXbx2KdzwzUSW3FqsFAtPnO+4wNxKEVrgbQIIjRI23SoNzRnN
POpNfeRLyPhUfKqk+4qCNsAkNypokpqLMFasvNw85zvP7PjibS43N/CRBXl7Q42i
apv9xcGZCV7pGkF7xInkxxTDUe2F7neKN5ukN1UGBXvCIwGpypgDh1q83wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHAet2da/W5rM7d1Ihq30TM3A6yEMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvY0I2M1oxcjlibXN6dDNVaUdyZlJNemNEcklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQAJcrBMAwD
BAAlysMDBAElysgDBASX8xAwDAMEAZfz9gMEAZfz/DANBgkqhkiG9w0BAQsFAAOC
AQEAIdSabfCXkW/Fdc+TF/YEIGQS3aOynYYLhFquT5AdGMofFk5GpvF50qh/NS96
4dI9EDLNQTcYz4XaNktzZHwP/C7xxXalsJ/37zFFwElVf/ICIgyUBa1InF7WHMEo
heMb9dDM0TDvjTXDTWe/Z53AttQrP9GBs92n6cIoAsvxrbmcjYeJRxZB7o3BvSY2
MCunshc2KQRJFUbRn7f0i8AkglKuw5PfWYK6ipRVAx8kSXdDKCk9VTxeywccSTP5
i3kv5EXWIEoVp0lqk0qUF2vbK9dvwlX6c97rUT0LfMhNy/fai1UE6tFMizlq3MGy
wI19zhRirIQWpVEZWBpRyXEqsA==
-----END CERTIFICATE-----