Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/JR6h-zBi3WYs1QVXXnW_x8GDiZU.roa
File:                     JR6h-zBi3WYs1QVXXnW_x8GDiZU.roa (raw, json)
Hash identifier:          sKovCBq1Fi1U/Kgwcf9uWHOaB4baWZFpVL5UbmmycCo=
Subject key identifier:   25:1E:A1:FB:30:62:DD:66:2C:D5:05:57:5E:75:BF:C7:C1:83:89:95
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0196D4194EA08D743F3D423A6914EAC09E32
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/JR6h-zBi3WYs1QVXXnW_x8GDiZU.roa
Signing time:             Thu 15 May 2025 13:19:10 +0000
ROA not before:           Thu 15 May 2025 13:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        5.182.192.0/24 maxlen: 24
                          31.132.52.0/24 maxlen: 24
                          92.249.31.0/24 maxlen: 24
                          94.154.182.0/24 maxlen: 24
                          147.78.205.0/24 maxlen: 24
                          147.78.206.0/24 maxlen: 24
                          162.218.90.0/24 maxlen: 24
                          185.187.212.0/24 maxlen: 24
                          185.205.205.0/24 maxlen: 24
                          212.60.15.0/24 maxlen: 24
                          217.197.169.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 15 May 2025 17:44:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:19:4e:a0:8d:74:3f:3d:42:3a:69:14:ea:c0:9e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: May 15 13:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=251ea1fb3062dd662cd505575e75bfc7c1838995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d5:33:a7:ee:3d:48:b3:0f:2d:de:ec:61:9e:
                    7b:e9:6b:fb:9c:e2:28:8c:97:ce:5d:66:73:76:40:
                    de:e7:98:dd:73:ae:7c:fc:36:5c:64:3c:c3:43:2e:
                    2a:d4:c3:0c:67:08:d4:68:94:b2:92:67:11:44:6c:
                    c5:11:5e:c9:79:7c:f2:97:c0:bb:62:42:67:61:00:
                    1f:2e:72:a2:7c:aa:95:bd:00:9b:3b:43:ed:42:ee:
                    6f:2d:3b:4e:62:72:85:f6:b8:89:57:45:d3:1f:34:
                    df:b8:de:d6:88:79:0f:f9:7c:9b:5a:e9:c5:a2:8d:
                    44:58:75:2d:93:25:ac:63:65:ba:0d:97:b1:2d:d5:
                    c1:e7:8a:95:9f:25:a4:1c:84:36:cc:96:6e:e7:aa:
                    15:7f:d5:27:80:2b:f0:7d:de:1f:86:4f:f4:75:01:
                    2f:9b:37:78:cc:1f:db:2b:16:2d:15:17:9a:32:bb:
                    17:e0:12:1c:0d:d7:e5:e8:45:98:84:90:ae:61:18:
                    8b:27:f1:5c:65:59:01:21:b1:95:ad:1e:b7:ce:30:
                    2c:36:40:1d:af:0b:47:70:f7:f7:08:3c:ef:e8:da:
                    84:52:12:f0:49:41:84:23:a5:f9:bc:d6:f6:17:34:
                    d3:c0:9a:b7:a7:b3:cd:54:9a:63:68:33:c2:53:e8:
                    c2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1E:A1:FB:30:62:DD:66:2C:D5:05:57:5E:75:BF:C7:C1:83:89:95
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/JR6h-zBi3WYs1QVXXnW_x8GDiZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.192.0/24
                  31.132.52.0/24
                  92.249.31.0/24
                  94.154.182.0/24
                  147.78.205.0-147.78.206.255
                  162.218.90.0/24
                  185.187.212.0/24
                  185.205.205.0/24
                  212.60.15.0/24
                  217.197.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b1:71:3e:29:89:aa:d9:db:fd:a6:a0:54:a2:56:3a:66:2f:
         36:e1:87:e8:08:f8:ec:c9:eb:a5:33:11:73:c1:d8:ec:2f:0b:
         03:f7:73:8f:eb:2e:e4:e2:93:87:fc:a4:d1:16:80:87:7a:12:
         e1:0e:ab:d8:5e:68:b1:07:af:7d:a7:48:d0:98:57:89:0a:41:
         1c:35:4b:0b:cc:d5:68:05:51:95:d5:5a:98:69:11:d8:53:6d:
         b9:0c:a8:55:62:70:aa:e8:35:b8:b3:ae:d8:b9:0c:52:18:35:
         70:ff:8a:1d:c1:e4:95:c2:81:cf:c5:36:0d:1c:6c:2c:dd:e1:
         f6:e1:0f:43:02:44:7b:62:58:03:55:aa:f6:9a:d4:9d:72:e1:
         a9:d2:03:80:d1:50:ac:5f:92:5e:ad:84:29:00:a9:06:e2:83:
         bc:52:23:cb:d7:f4:cf:52:71:dd:b5:8f:7a:91:f3:0f:af:78:
         33:44:d0:bd:9c:93:75:c9:4b:7d:28:c2:87:61:40:33:33:75:
         02:e0:c4:0e:61:c3:96:cc:b0:c9:bb:85:24:b4:d6:8f:bc:1f:
         d4:2a:79:2e:92:e3:9c:23:cb:80:1d:f6:9b:98:ac:dd:b2:9f:
         e0:a7:05:c4:f0:8f:cb:2b:e9:e6:da:64:77:8b:85:41:cd:b5:
         7d:c9:0d:8b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZbUGU6gjXQ/PUI6aRTqwJ4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNTE1MTMxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTFlYTFmYjMwNjJkZDY2MmNkNTA1NTc1ZTc1YmZjN2MxODM4OTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtUzp+49SLMPLd7sYZ576Wv7nOIo
jJfOXWZzdkDe55jdc658/DZcZDzDQy4q1MMMZwjUaJSykmcRRGzFEV7JeXzyl8C7
YkJnYQAfLnKifKqVvQCbO0PtQu5vLTtOYnKF9riJV0XTHzTfuN7WiHkP+XybWunF
oo1EWHUtkyWsY2W6DZexLdXB54qVnyWkHIQ2zJZu56oVf9UngCvwfd4fhk/0dQEv
mzd4zB/bKxYtFReaMrsX4BIcDdfl6EWYhJCuYRiLJ/FcZVkBIbGVrR63zjAsNkAd
rwtHcPf3CDzv6NqEUhLwSUGEI6X5vNb2FzTTwJq3p7PNVJpjaDPCU+jCSwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCUeofswYt1mLNUFV151v8fBg4mVMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvSlI2aC16QmkzV1lzMVFWWFhuV194OEdEaVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQABbbAAwQA
H4Q0AwQAXPkfAwQAXpq2MAwDBACTTs0DBACTTs4DBACi2loDBAC5u9QDBAC5zc0D
BADUPA8DBADZxakwDQYJKoZIhvcNAQELBQADggEBAFGxcT4piarZ2/2moFSiVjpm
Lzbhh+gI+OzJ66UzEXPB2OwvCwP3c4/rLuTik4f8pNEWgId6EuEOq9heaLEHr32n
SNCYV4kKQRw1SwvM1WgFUZXVWphpEdhTbbkMqFVicKroNbizrti5DFIYNXD/ih3B
5JXCgc/FNg0cbCzd4fbhD0MCRHtiWANVqvaa1J1y4anSA4DRUKxfkl6thCkAqQbi
g7xSI8vX9M9Scd21j3qR8w+veDNE0L2ck3XJS30owodhQDMzdQLgxA5hw5bMsMm7
hSS01o+8H9QqeS6S45wjy4Ad9puYrN2yn+CnBcTwj8sr6ebaZHeLhUHNtX3JDYs=
-----END CERTIFICATE-----