Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6wgZKsd52yAX3RDzqnf55odvWpg.roa
File:                     6wgZKsd52yAX3RDzqnf55odvWpg.roa (raw, json)
Hash identifier:          U8PT0mF2QpObNcbhdhT10cO9nA6fw9d/Jjb51PY1+Uc=
Subject key identifier:   EB:08:19:2A:C7:79:DB:20:17:DD:10:F3:AA:77:F9:E6:87:6F:5A:98
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019515A2C21D4F422BCB511C84B064077F1B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6wgZKsd52yAX3RDzqnf55odvWpg.roa
Signing time:             Mon 17 Feb 2025 20:39:02 +0000
ROA not before:           Mon 17 Feb 2025 20:39:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        64.188.100.0/22 maxlen: 24
                          64.188.120.0/22 maxlen: 24
                          64.188.124.0/24 maxlen: 24
                          64.188.125.0/24 maxlen: 24
                          64.188.126.0/24 maxlen: 24
                          64.188.127.0/24 maxlen: 24
                          185.216.104.0/22 maxlen: 24
                          193.23.192.0/21 maxlen: 24
                          193.23.200.0/22 maxlen: 24
                          193.23.204.0/22 maxlen: 24
                          193.23.208.0/22 maxlen: 24
                          193.23.212.0/22 maxlen: 24
                          193.23.216.0/23 maxlen: 24
                          193.23.218.0/23 maxlen: 24
                          193.23.220.0/24 maxlen: 24
                          193.23.221.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 20 Feb 2025 20:45:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:15:a2:c2:1d:4f:42:2b:cb:51:1c:84:b0:64:07:7f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 17 20:39:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb08192ac779db2017dd10f3aa77f9e6876f5a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:35:dd:1f:6a:3b:a3:6f:a1:af:6f:aa:2f:82:
                    40:9f:f1:1c:e7:3d:bc:21:cc:1e:f8:46:a0:59:df:
                    18:2f:86:b0:78:63:97:a3:f6:2a:ec:9c:ac:a0:ce:
                    f0:d9:d4:6a:df:9e:bc:c9:28:61:24:06:46:cd:92:
                    25:c5:f8:28:4f:05:1c:42:00:52:5d:c6:aa:7c:30:
                    fe:7b:0b:87:af:fb:4b:c7:c7:d9:bf:70:f1:cc:18:
                    ab:2e:96:25:a8:90:cc:1a:c6:d5:2e:30:13:44:eb:
                    3a:48:db:cd:d2:8d:2d:b7:26:3a:f6:13:7c:b4:b7:
                    5f:11:2b:d5:15:05:4a:da:f0:9e:86:95:ee:9b:6f:
                    6d:05:66:f6:fe:5b:23:2d:8f:11:51:70:ab:91:f9:
                    d0:cf:8a:f2:e8:fc:0f:d8:68:7b:2a:63:26:1d:a0:
                    e1:51:d9:9f:fa:be:c5:9a:f3:32:02:fb:96:0a:e2:
                    96:aa:a3:d7:b7:93:14:27:e7:c4:47:c7:79:a7:b1:
                    e9:de:de:26:2d:83:8a:49:d2:51:37:4f:58:20:c5:
                    05:2e:bf:9e:95:a1:26:b1:ff:33:90:73:bf:63:4e:
                    3c:48:eb:72:9b:b5:46:44:b6:22:bf:a2:31:42:a2:
                    ba:ea:23:04:05:29:ca:75:b8:03:f9:7d:33:d0:36:
                    da:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:08:19:2A:C7:79:DB:20:17:DD:10:F3:AA:77:F9:E6:87:6F:5A:98
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6wgZKsd52yAX3RDzqnf55odvWpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.100.0/22
                  64.188.120.0/21
                  185.216.104.0/22
                  193.23.192.0-193.23.221.255

    Signature Algorithm: sha256WithRSAEncryption
         56:44:b9:cb:d4:83:62:bf:3b:01:d2:02:5b:f8:02:11:c2:b3:
         dc:7d:09:13:1e:1f:f2:f2:c7:65:2d:b4:31:7f:bc:ec:00:03:
         fd:25:fa:99:93:d7:70:67:5d:f9:36:9b:67:c1:43:0f:50:20:
         1d:89:9e:7e:e6:74:94:15:4d:73:7d:e4:3c:2a:a1:fe:ea:30:
         19:b1:47:8b:06:b1:1e:10:fc:e0:28:6c:49:3f:4a:9a:34:e0:
         da:25:11:20:82:ae:1d:2e:0e:72:b9:81:66:67:1f:30:81:55:
         48:61:09:e0:44:a7:1a:04:75:c6:c5:8f:99:9d:ad:65:46:77:
         eb:7e:c2:5c:33:85:43:48:b0:38:90:94:48:c3:1c:99:2a:03:
         32:b0:ea:1c:93:05:72:b7:64:b3:e0:e8:4c:5d:83:51:7d:70:
         0f:de:bc:3d:b6:61:8d:86:47:53:fc:a0:37:0e:9d:69:eb:6b:
         51:31:1f:de:2c:0f:37:f5:1a:cb:eb:33:dc:bc:e3:02:28:d1:
         37:dc:e5:26:c8:43:e2:16:c3:d3:48:23:d3:a9:28:33:83:36:
         d0:26:4a:36:50:5c:fc:61:3c:b3:e1:83:83:59:48:85:bc:58:
         7a:d3:df:c7:dd:de:d4:99:df:4e:4c:bd:db:d4:14:0a:ec:fd:
         7b:40:d4:c8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZUVosIdT0Iry1EchLBkB38bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjE3MjAzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjA4MTkyYWM3NzlkYjIwMTdkZDEwZjNhYTc3ZjllNjg3NmY1YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDXdH2o7o2+hr2+qL4JAn/Ec5z28
Icwe+EagWd8YL4aweGOXo/Yq7JysoM7w2dRq3568yShhJAZGzZIlxfgoTwUcQgBS
XcaqfDD+ewuHr/tLx8fZv3DxzBirLpYlqJDMGsbVLjATROs6SNvN0o0ttyY69hN8
tLdfESvVFQVK2vCehpXum29tBWb2/lsjLY8RUXCrkfnQz4ry6PwP2Gh7KmMmHaDh
Udmf+r7FmvMyAvuWCuKWqqPXt5MUJ+fER8d5p7Hp3t4mLYOKSdJRN09YIMUFLr+e
laEmsf8zkHO/Y048SOtym7VGRLYiv6IxQqK66iMEBSnKdbgD+X0z0Dba7QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOsIGSrHedsgF90Q86p3+eaHb1qYMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNndnWktzZDUyeUFYM1JEenFuZjU1b2R2V3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCQLxkAwQD
QLx4AwQCudhoMAwDBAbBF8ADBAHBF9wwDQYJKoZIhvcNAQELBQADggEBAFZEucvU
g2K/OwHSAlv4AhHCs9x9CRMeH/Lyx2UttDF/vOwAA/0l+pmT13BnXfk2m2fBQw9Q
IB2Jnn7mdJQVTXN95Dwqof7qMBmxR4sGsR4Q/OAobEk/Spo04NolESCCrh0uDnK5
gWZnHzCBVUhhCeBEpxoEdcbFj5mdrWVGd+t+wlwzhUNIsDiQlEjDHJkqAzKw6hyT
BXK3ZLPg6Exdg1F9cA/evD22YY2GR1P8oDcOnWnra1ExH94sDzf1GsvrM9y84wIo
0Tfc5SbIQ+IWw9NII9OpKDODNtAmSjZQXPxhPLPhg4NZSIW8WHrT38fd3tSZ305M
vdvUFArs/XtA1Mg=
-----END CERTIFICATE-----