Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/9FDX72nNq6zvtAekUuU_eJYQCbM.roa
File:                     9FDX72nNq6zvtAekUuU_eJYQCbM.roa (raw, json)
Hash identifier:          b56tQi0AS8MjSdYzhDi5YkkklZgj+eFOFs8EeL65pGg=
Subject key identifier:   F4:50:D7:EF:69:CD:AB:AC:EF:B4:07:A4:52:E5:3F:78:96:10:09:B3
Certificate issuer:       /CN=572b4ed92682d718a8fc4488140027406960795f
Certificate serial:       01942521EE650DF7458B0639A0CDB2C4D70B
Authority key identifier: 57:2B:4E:D9:26:82:D7:18:A8:FC:44:88:14:00:27:40:69:60:79:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VytO2SaC1xio_ESIFAAnQGlgeV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/9FDX72nNq6zvtAekUuU_eJYQCbM.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205624
IP address blocks:        37.156.188.0/22 maxlen: 24
                          94.176.176.0/22 maxlen: 24
                          152.89.32.0/22 maxlen: 24
                          185.44.16.0/22 maxlen: 24
                          185.154.204.0/22 maxlen: 24
                          185.156.100.0/22 maxlen: 24
                          185.196.64.0/22 maxlen: 24
                          185.211.68.0/22 maxlen: 24
                          185.252.224.0/22 maxlen: 24
                          2a0d:8800::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 12:13:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ee:65:0d:f7:45:8b:06:39:a0:cd:b2:c4:d7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=572b4ed92682d718a8fc4488140027406960795f
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f450d7ef69cdabacefb407a452e53f78961009b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:44:c9:4b:aa:83:f0:37:b6:57:95:7d:8a:
                    7d:bd:c2:e1:04:cb:4d:e5:a4:88:ad:7a:f6:b2:a0:
                    ff:03:01:7c:ae:fc:b0:b2:3e:1b:01:15:04:cd:d0:
                    8a:03:67:f3:c1:88:97:2c:f3:93:31:ca:6f:31:a6:
                    97:c6:37:05:a2:3e:d8:8a:57:c9:da:be:d0:22:b0:
                    6e:b2:75:1a:50:0c:1f:26:61:ec:86:22:52:2f:40:
                    34:0f:82:ce:c1:43:61:a2:7f:72:62:63:c8:fa:d5:
                    5c:dc:82:8e:51:22:6d:9e:14:1f:26:92:e4:f7:0b:
                    2b:2a:da:db:53:e4:57:29:92:9a:2f:8a:fc:10:73:
                    b4:6a:51:ba:3e:03:ad:7b:2e:5d:e0:0c:a6:08:2f:
                    71:67:e4:9a:f3:f8:e5:1d:57:4b:a1:6e:15:ea:9a:
                    66:8e:05:17:b6:06:bd:a3:0e:ef:dd:ab:9b:29:5a:
                    65:44:73:12:34:86:78:6f:9d:ca:a2:f4:21:c0:f2:
                    dc:2a:38:21:0f:38:81:72:3a:96:d6:fb:9c:01:24:
                    60:2f:22:01:41:19:6b:80:94:2a:b5:f6:a3:03:37:
                    81:7f:33:4a:d2:41:40:ab:16:c5:4e:6c:d4:6f:a8:
                    83:70:7c:7b:00:b4:24:e1:1c:56:2a:96:95:3b:1e:
                    d0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:50:D7:EF:69:CD:AB:AC:EF:B4:07:A4:52:E5:3F:78:96:10:09:B3
            X509v3 Authority Key Identifier:
                keyid:57:2B:4E:D9:26:82:D7:18:A8:FC:44:88:14:00:27:40:69:60:79:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VytO2SaC1xio_ESIFAAnQGlgeV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/9FDX72nNq6zvtAekUuU_eJYQCbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/884c31-e509-422b-b0a1-af9fc012bd54/1/VytO2SaC1xio_ESIFAAnQGlgeV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.188.0/22
                  94.176.176.0/22
                  152.89.32.0/22
                  185.44.16.0/22
                  185.154.204.0/22
                  185.156.100.0/22
                  185.196.64.0/22
                  185.211.68.0/22
                  185.252.224.0/22
                IPv6:
                  2a0d:8800::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:4e:e4:e4:60:24:01:f4:09:8f:68:c5:03:69:ac:e1:b1:56:
         2d:6b:14:e0:4d:c4:30:c7:ff:d7:d8:b0:af:8d:1d:0c:17:da:
         26:e4:7f:24:83:34:8c:ea:a6:20:de:29:ae:5b:cb:f0:15:d9:
         9b:f8:31:07:fe:3a:04:ee:42:c9:32:f9:56:37:1f:3e:8e:4e:
         32:d6:62:c8:4b:5c:94:26:01:22:20:08:db:e5:72:66:2f:41:
         cc:73:fa:89:e3:5f:1e:b9:4b:ff:f2:11:b5:71:bd:91:64:36:
         07:cb:f0:1f:5d:a1:22:71:15:5d:10:4c:1a:c9:89:fb:75:aa:
         40:e4:ad:6c:38:8e:36:06:46:d8:cf:93:4f:d2:06:95:fa:2f:
         e2:c1:f0:0d:09:8e:a1:e2:7e:79:9f:32:82:7b:00:c8:e4:7c:
         85:76:31:61:d5:2c:9f:60:db:ff:97:5f:b8:b9:ed:3b:63:20:
         bb:a2:8a:f0:5b:91:0e:e9:3c:d7:82:52:68:79:5b:d7:62:39:
         a2:12:63:2d:e3:ac:4c:1e:5d:33:20:48:e1:9b:3d:ad:8c:76:
         99:3d:a9:b6:bc:4b:9f:d7:ad:51:44:fa:95:02:08:a9:1f:f5:
         42:53:18:ba:12:91:a2:8f:c8:73:1c:fd:5e:28:31:80:94:44:
         16:d6:67:56
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQlIe5lDfdFiwY5oM2yxNcLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MmI0ZWQ5MjY4MmQ3MThhOGZjNDQ4ODE0MDAyNzQwNjk2
MDc5NWYwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDUwZDdlZjY5Y2RhYmFjZWZiNDA3YTQ1MmU1M2Y3ODk2MTAwOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfxEyUuqg/A3tleVfYp9vcLhBMtN
5aSIrXr2sqD/AwF8rvywsj4bARUEzdCKA2fzwYiXLPOTMcpvMaaXxjcFoj7YilfJ
2r7QIrBusnUaUAwfJmHshiJSL0A0D4LOwUNhon9yYmPI+tVc3IKOUSJtnhQfJpLk
9wsrKtrbU+RXKZKaL4r8EHO0alG6PgOtey5d4AymCC9xZ+Sa8/jlHVdLoW4V6ppm
jgUXtga9ow7v3aubKVplRHMSNIZ4b53KovQhwPLcKjghDziBcjqW1vucASRgLyIB
QRlrgJQqtfajAzeBfzNK0kFAqxbFTmzUb6iDcHx7ALQk4RxWKpaVOx7QwwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPRQ1+9pzaus77QHpFLlP3iWEAmzMB8GA1UdIwQY
MBaAFFcrTtkmgtcYqPxEiBQAJ0BpYHlfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnl0TzJTYUMxeGlvX0VTSUZBQW5RR2xnZVY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84ODRjMzEtZTUwOS00MjJiLWIwYTEt
YWY5ZmMwMTJiZDU0LzEvOUZEWDcybk5xNnp2dEFla1V1VV9lSllRQ2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84ODRjMzEtZTUwOS00MjJiLWIwYTEtYWY5ZmMwMTJiZDU0
LzEvVnl0TzJTYUMxeGlvX0VTSUZBQW5RR2xnZVY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCJZy8AwQC
XrCwAwQCmFkgAwQCuSwQAwQCuZrMAwQCuZxkAwQCucRAAwQCudNEAwQCufzgMA0E
AgACMAcDBQMqDYgAMA0GCSqGSIb3DQEBCwUAA4IBAQBKTuTkYCQB9AmPaMUDaazh
sVYtaxTgTcQwx//X2LCvjR0MF9om5H8kgzSM6qYg3imuW8vwFdmb+DEH/joE7kLJ
MvlWNx8+jk4y1mLIS1yUJgEiIAjb5XJmL0HMc/qJ418euUv/8hG1cb2RZDYHy/Af
XaEicRVdEEwayYn7dapA5K1sOI42BkbYz5NP0gaV+i/iwfANCY6h4n55nzKCewDI
5HyFdjFh1SyfYNv/l1+4ue07YyC7oorwW5EO6TzXglJoeVvXYjmiEmMt46xMHl0z
IEjhmz2tjHaZPam2vEuf161RRPqVAgipH/VCUxi6EpGij8hzHP1eKDGAlEQW1mdW
-----END CERTIFICATE-----