Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/915152-5c90-4544-8b7c-9c193e78ec18/1/UBbEDnqpEgu7x174CpvPcHcnJl4.roa
File:                     UBbEDnqpEgu7x174CpvPcHcnJl4.roa (raw, json)
Hash identifier:          vMg/u0Qu8qEjV5pjMl1ast2T5IkKcOjFQa59Hh0D2e4=
Subject key identifier:   50:16:C4:0E:7A:A9:12:0B:BB:C7:5E:F8:0A:9B:CF:70:77:27:26:5E
Certificate issuer:       /CN=7d443134dcd16ac16f6cd209fa1c7f958ca6db7e
Certificate serial:       0195BB2AA8184FF513EC8241637FF96D6EBC
Authority key identifier: 7D:44:31:34:DC:D1:6A:C1:6F:6C:D2:09:FA:1C:7F:95:8C:A6:DB:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fUQxNNzRasFvbNIJ-hx_lYym234.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/915152-5c90-4544-8b7c-9c193e78ec18/1/UBbEDnqpEgu7x174CpvPcHcnJl4.roa
Signing time:             Sat 22 Mar 2025 00:04:49 +0000
ROA not before:           Sat 22 Mar 2025 00:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57276
IP address blocks:        37.157.32.0/22 maxlen: 22
                          37.157.36.0/22 maxlen: 22
                          82.163.112.0/22 maxlen: 22
                          82.163.116.0/22 maxlen: 22
                          82.163.124.0/23 maxlen: 23
                          82.163.126.0/23 maxlen: 23
                          185.53.224.0/23 maxlen: 23
                          185.53.226.0/23 maxlen: 23
                          195.250.16.0/24 maxlen: 24
                          195.250.17.0/24 maxlen: 24
                          195.250.19.0/24 maxlen: 24
                          2a01:a220::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sat 22 Mar 2025 03:17:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bb:2a:a8:18:4f:f5:13:ec:82:41:63:7f:f9:6d:6e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d443134dcd16ac16f6cd209fa1c7f958ca6db7e
        Validity
            Not Before: Mar 22 00:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5016c40e7aa9120bbbc75ef80a9bcf707727265e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6d:22:55:10:f9:13:d0:ca:d0:aa:40:d6:1b:
                    94:6c:c7:28:1e:d8:14:f2:01:7e:37:14:c6:a3:a4:
                    c0:20:b5:98:ef:49:12:80:dd:2d:ec:96:2a:a1:f9:
                    41:2a:e8:cf:75:7a:f5:f5:af:e3:ca:5a:82:db:9b:
                    cd:78:aa:50:41:68:32:a3:72:2d:01:ea:ad:11:00:
                    a4:74:dc:17:45:51:20:6e:64:50:59:91:f6:c5:a4:
                    ee:3f:e0:8e:86:a3:14:31:99:f3:1d:e2:f1:e1:9a:
                    60:e4:73:de:43:00:e1:66:28:91:c6:5a:11:bb:c1:
                    4f:55:d0:17:25:7e:ed:4b:56:62:8d:00:97:1b:fc:
                    68:60:f2:0f:82:46:fc:f4:6a:6d:20:2b:f9:8f:f7:
                    c7:8e:e4:cc:9d:cc:b4:20:30:df:41:8f:6f:c7:df:
                    bc:55:3c:cc:7b:fd:73:0e:0f:d2:31:94:21:42:b5:
                    82:52:c6:1e:6a:a8:6c:a5:ac:2d:d6:4b:69:53:51:
                    67:82:26:42:ca:c4:c7:c8:cb:cc:5e:85:8c:a7:dd:
                    07:b6:50:db:6c:5c:92:44:7b:bf:0b:b9:c8:f2:bd:
                    34:a9:58:0b:93:05:63:13:c6:cc:ab:13:b1:1c:8e:
                    8d:dd:18:71:80:4e:ac:a4:e3:e3:9e:f7:63:a7:1c:
                    95:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:16:C4:0E:7A:A9:12:0B:BB:C7:5E:F8:0A:9B:CF:70:77:27:26:5E
            X509v3 Authority Key Identifier:
                keyid:7D:44:31:34:DC:D1:6A:C1:6F:6C:D2:09:FA:1C:7F:95:8C:A6:DB:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fUQxNNzRasFvbNIJ-hx_lYym234.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/915152-5c90-4544-8b7c-9c193e78ec18/1/UBbEDnqpEgu7x174CpvPcHcnJl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/915152-5c90-4544-8b7c-9c193e78ec18/1/fUQxNNzRasFvbNIJ-hx_lYym234.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.32.0/21
                  82.163.112.0/21
                  82.163.124.0/22
                  185.53.224.0/22
                  195.250.16.0/23
                  195.250.19.0/24
                IPv6:
                  2a01:a220::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:d4:89:78:16:e1:61:35:38:50:3d:e8:e7:da:b8:aa:1a:14:
         f5:a4:9f:63:aa:db:99:02:1a:47:65:ac:d5:8f:fc:f7:0b:83:
         73:5c:cc:2d:16:72:20:bd:56:4b:6c:38:8d:be:71:5c:03:61:
         4e:a3:8a:63:49:45:bd:d0:82:54:28:c2:0b:33:3f:34:1a:06:
         95:f0:9e:bc:7b:2c:c7:6d:02:7f:8c:b0:79:56:20:29:c0:2a:
         28:b2:2f:2c:21:9f:b8:e1:00:89:f7:7c:af:a7:9c:68:f0:cb:
         7a:fa:fb:f2:01:6d:7e:ce:2f:c0:60:d7:dd:cd:a1:9c:4f:b2:
         a7:c3:df:8d:1f:fc:dd:de:7a:81:a7:56:1b:80:49:e9:42:92:
         d3:08:a6:33:45:c9:7e:43:84:45:1c:78:e4:ed:14:f1:39:44:
         de:52:9a:e0:55:ea:7b:00:bf:b5:46:22:11:3d:c3:2e:8d:b7:
         40:73:ca:8c:c9:5d:65:01:05:8a:09:63:36:94:1f:7b:f7:b7:
         18:14:a4:4a:e9:f0:01:87:94:52:81:4a:82:58:68:b3:4d:70:
         87:8a:10:62:18:84:4a:be:31:27:72:90:6d:cd:8e:99:db:1e:
         b4:81:9a:09:de:88:66:86:41:68:bf:d9:85:e4:80:96:01:9f:
         82:33:36:08
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZW7KqgYT/UT7IJBY3/5bW68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNDQzMTM0ZGNkMTZhYzE2ZjZjZDIwOWZhMWM3Zjk1OGNh
NmRiN2UwHhcNMjUwMzIyMDAwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDE2YzQwZTdhYTkxMjBiYmJjNzVlZjgwYTliY2Y3MDc3MjcyNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm0iVRD5E9DK0KpA1huUbMcoHtgU
8gF+NxTGo6TAILWY70kSgN0t7JYqoflBKujPdXr19a/jylqC25vNeKpQQWgyo3It
AeqtEQCkdNwXRVEgbmRQWZH2xaTuP+COhqMUMZnzHeLx4Zpg5HPeQwDhZiiRxloR
u8FPVdAXJX7tS1ZijQCXG/xoYPIPgkb89GptICv5j/fHjuTMncy0IDDfQY9vx9+8
VTzMe/1zDg/SMZQhQrWCUsYeaqhspawt1ktpU1FngiZCysTHyMvMXoWMp90HtlDb
bFySRHu/C7nI8r00qVgLkwVjE8bMqxOxHI6N3RhxgE6spOPjnvdjpxyVxQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFFAWxA56qRILu8de+Aqbz3B3JyZeMB8GA1UdIwQY
MBaAFH1EMTTc0WrBb2zSCfocf5WMptt+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlVReE5OelJhc0Z2Yk5JSi1oeF9sWXltMjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxNTItNWM5MC00NTQ0LThiN2Mt
OWMxOTNlNzhlYzE4LzEvVUJiRURucXBFZ3U3eDE3NENwdlBjSGNuSmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxNTItNWM5MC00NTQ0LThiN2MtOWMxOTNlNzhlYzE4
LzEvZlVReE5OelJhc0Z2Yk5JSi1oeF9sWXltMjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDJZ0gAwQD
UqNwAwQCUqN8AwQCuTXgAwQBw/oQAwQAw/oTMA0EAgACMAcDBQMqAaIgMA0GCSqG
SIb3DQEBCwUAA4IBAQBh1Il4FuFhNThQPejn2riqGhT1pJ9jqtuZAhpHZazVj/z3
C4NzXMwtFnIgvVZLbDiNvnFcA2FOo4pjSUW90IJUKMILMz80GgaV8J68eyzHbQJ/
jLB5ViApwCoosi8sIZ+44QCJ93yvp5xo8Mt6+vvyAW1+zi/AYNfdzaGcT7Knw9+N
H/zd3nqBp1YbgEnpQpLTCKYzRcl+Q4RFHHjk7RTxOUTeUprgVep7AL+1RiIRPcMu
jbdAc8qMyV1lAQWKCWM2lB9797cYFKRK6fABh5RSgUqCWGizTXCHihBiGIRKvjEn
cpBtzY6Z2x60gZoJ3ohmhkFov9mF5ICWAZ+CMzYI
-----END CERTIFICATE-----