Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nqR7b6xIWY8PkvP5svjGiy_6UAE.roa
File:                     nqR7b6xIWY8PkvP5svjGiy_6UAE.roa (raw, json)
Hash identifier:          qvi5mPfpCFvwrIS5i2sty3abiqJZD/rAN+fBCrQzkUQ=
Subject key identifier:   9E:A4:7B:6F:AC:48:59:8F:0F:92:F3:F9:B2:F8:C6:8B:2F:FA:50:01
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019420686AB32684C846DDE690218E58B0DA
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nqR7b6xIWY8PkvP5svjGiy_6UAE.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199404
IP address blocks:        69.57.172.0/24 maxlen: 24
                          190.92.174.0/24 maxlen: 24
                          190.92.175.0/24 maxlen: 24
                          195.250.20.0/24 maxlen: 24
                          195.250.21.0/24 maxlen: 24
                          195.250.22.0/24 maxlen: 24
                          195.250.30.0/24 maxlen: 24
                          195.250.31.0/24 maxlen: 24
                          198.38.81.0/24 maxlen: 24
                          198.38.83.0/24 maxlen: 24
                          198.38.84.0/24 maxlen: 24
                          198.38.85.0/24 maxlen: 24
                          198.38.86.0/24 maxlen: 24
                          198.38.87.0/24 maxlen: 24
                          198.38.88.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 17 Feb 2025 12:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6a:b3:26:84:c8:46:dd:e6:90:21:8e:58:b0:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ea47b6fac48598f0f92f3f9b2f8c68b2ffa5001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:de:f0:6f:ce:7e:b8:22:4c:bf:4a:35:a8:72:
                    a8:f8:fd:f4:0e:f3:98:6f:0b:92:f4:76:b4:ba:d0:
                    f8:40:48:d0:60:4c:82:aa:05:fe:a8:63:01:9e:5e:
                    92:f3:13:9a:a3:60:ab:8b:1f:94:b1:56:a4:c2:86:
                    3f:b8:b0:b5:2c:01:0e:c5:f0:4b:b6:a4:c3:d0:24:
                    6c:ee:8f:61:03:eb:09:96:38:e5:5f:7d:ba:27:06:
                    8c:12:5b:ad:2a:ac:9f:c2:e6:ae:99:10:48:01:35:
                    54:a5:5a:ab:af:b2:69:ee:a6:63:29:56:c3:a5:4d:
                    5d:c4:ec:13:99:ae:c1:00:d3:fb:03:d9:06:91:40:
                    3c:26:b0:f2:39:4c:3c:95:f0:29:69:49:cc:c5:62:
                    87:a1:08:a9:e8:42:27:ec:2a:2e:fe:d7:f5:85:83:
                    88:29:5b:b2:63:a1:35:2c:84:cf:14:29:b7:46:d3:
                    bb:13:f9:b9:17:63:15:96:b3:57:8c:bf:b7:fd:da:
                    1d:cf:e2:1f:62:90:b3:e8:12:2b:58:8f:c5:28:0b:
                    a5:9f:e0:30:76:1e:ea:dd:e7:c4:6b:4e:2e:08:dc:
                    86:33:de:98:42:e6:fc:22:65:06:98:cf:e3:9b:95:
                    65:fe:81:d9:44:6e:0a:63:69:00:2e:75:a8:ec:fb:
                    36:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A4:7B:6F:AC:48:59:8F:0F:92:F3:F9:B2:F8:C6:8B:2F:FA:50:01
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nqR7b6xIWY8PkvP5svjGiy_6UAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.57.172.0/24
                  190.92.174.0/23
                  195.250.20.0-195.250.22.255
                  195.250.30.0/23
                  198.38.81.0/24
                  198.38.83.0-198.38.88.255

    Signature Algorithm: sha256WithRSAEncryption
         24:59:d1:af:36:99:89:95:65:c8:04:d2:e5:d8:34:bf:98:5f:
         31:01:c6:e0:a1:87:80:8f:ee:4a:67:3d:7d:88:a7:c4:af:b1:
         98:b2:17:6c:2a:55:ad:f8:6b:d6:15:a9:ae:ed:89:ad:a9:4a:
         ac:20:48:21:db:ad:48:67:19:7a:00:df:dd:a6:90:c5:27:a3:
         aa:a1:bb:87:94:8c:7d:9c:73:be:8c:db:3d:9f:5d:1c:5d:a1:
         6a:b8:9f:48:fd:6c:8e:ab:21:11:5f:cb:f5:7d:bc:b0:b2:b3:
         d2:fe:7e:37:51:ea:44:a2:dc:fe:3e:64:23:00:0e:50:88:45:
         ef:bc:3a:05:2d:e8:60:d7:5a:bf:f8:ff:56:db:60:de:84:be:
         be:90:37:ac:cd:77:05:e3:91:d6:43:3b:e6:21:d9:6c:9b:e5:
         9a:c7:32:76:3d:98:7c:22:91:68:64:aa:37:da:f9:9f:b2:3a:
         e6:7d:c4:f3:66:99:99:cd:6e:19:5c:8f:ba:2a:16:4e:92:74:
         b0:68:a6:9c:4e:ba:11:59:09:ba:22:8f:e0:fe:cd:d2:2c:f7:
         12:68:98:8b:1b:01:56:b4:92:8f:b2:1e:60:f6:45:b8:64:d7:
         3f:bf:09:3b:33:d1:10:6f:9c:76:69:2f:47:21:bb:8e:29:45:
         f9:f7:cb:f3
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQgaGqzJoTIRt3mkCGOWLDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE0N2I2ZmFjNDg1OThmMGY5MmYzZjliMmY4YzY4YjJmZmE1MDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd7wb85+uCJMv0o1qHKo+P30DvOY
bwuS9Ha0utD4QEjQYEyCqgX+qGMBnl6S8xOao2Crix+UsVakwoY/uLC1LAEOxfBL
tqTD0CRs7o9hA+sJljjlX326JwaMElutKqyfwuaumRBIATVUpVqrr7Jp7qZjKVbD
pU1dxOwTma7BANP7A9kGkUA8JrDyOUw8lfApaUnMxWKHoQip6EIn7Cou/tf1hYOI
KVuyY6E1LITPFCm3RtO7E/m5F2MVlrNXjL+3/dodz+IfYpCz6BIrWI/FKAuln+Aw
dh7q3efEa04uCNyGM96YQub8ImUGmM/jm5Vl/oHZRG4KY2kALnWo7Ps2pwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFJ6ke2+sSFmPD5Lz+bL4xosv+lABMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvbnFSN2I2eElXWThQa3ZQNXN2akdpeV82VUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQARTmsAwQB
vlyuMAwDBALD+hQDBADD+hYDBAHD+h4DBADGJlEwDAMEAMYmUwMEAMYmWDANBgkq
hkiG9w0BAQsFAAOCAQEAJFnRrzaZiZVlyATS5dg0v5hfMQHG4KGHgI/uSmc9fYin
xK+xmLIXbCpVrfhr1hWpru2JralKrCBIIdutSGcZegDf3aaQxSejqqG7h5SMfZxz
vozbPZ9dHF2harifSP1sjqshEV/L9X28sLKz0v5+N1HqRKLc/j5kIwAOUIhF77w6
BS3oYNdav/j/Vttg3oS+vpA3rM13BeOR1kM75iHZbJvlmscydj2YfCKRaGSqN9r5
n7I65n3E82aZmc1uGVyPuioWTpJ0sGimnE66EVkJuiKP4P7N0iz3EmiYixsBVrSS
j7IeYPZFuGTXP78JOzPREG+cdmkvRyG7jilF+ffL8w==
-----END CERTIFICATE-----