Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/026ed8-ab9c-4753-9b20-2ba9d516f944/1/YXagmNI4R9h4sYvJM0HHIrlDjpA.roa
File:                     YXagmNI4R9h4sYvJM0HHIrlDjpA.roa (raw, json)
Hash identifier:          nZQsUqKGkNHC2r9zdJDbbMUy/qNa5arXgjbnUdeeYr8=
Subject key identifier:   61:76:A0:98:D2:38:47:D8:78:B1:8B:C9:33:41:C7:22:B9:43:8E:90
Certificate issuer:       /CN=6510c26f3a4fac700ac7b0e3490b8fa175f08ad8
Certificate serial:       018CC8DE92E296E3B325B268D2BB1CACDEDA
Authority key identifier: 65:10:C2:6F:3A:4F:AC:70:0A:C7:B0:E3:49:0B:8F:A1:75:F0:8A:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZRDCbzpPrHAKx7DjSQuPoXXwitg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/026ed8-ab9c-4753-9b20-2ba9d516f944/1/YXagmNI4R9h4sYvJM0HHIrlDjpA.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202761
IP address blocks:        178.19.172.0/24 maxlen: 24
                          178.19.172.0/22 maxlen: 22
                          178.19.172.0/23 maxlen: 23
                          178.19.174.0/23 maxlen: 23
                          178.19.175.0/24 maxlen: 24
                          178.19.173.0/24 maxlen: 24
                          178.19.174.0/24 maxlen: 24
                          185.251.124.0/23 maxlen: 23
                          185.251.124.0/22 maxlen: 22
                          185.251.124.0/24 maxlen: 24
                          185.251.125.0/24 maxlen: 24
                          185.251.126.0/24 maxlen: 24
                          185.251.127.0/24 maxlen: 24
                          185.251.126.0/23 maxlen: 23
                          2a07:8cc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:92:e2:96:e3:b3:25:b2:68:d2:bb:1c:ac:de:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6510c26f3a4fac700ac7b0e3490b8fa175f08ad8
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6176a098d23847d878b18bc93341c722b9438e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:aa:33:42:17:77:cb:87:e6:41:a0:2f:91:ba:
                    b0:f0:82:1e:d1:13:c8:18:07:0d:d6:ec:f9:d5:9f:
                    26:f9:eb:1a:a3:65:f8:06:06:9e:48:c2:36:8c:b7:
                    05:a0:85:68:c4:0d:a8:5e:c7:75:86:95:1c:90:f0:
                    05:b9:fc:89:02:95:da:55:b9:3f:27:08:c5:18:06:
                    ae:b7:74:41:c5:7d:0f:0d:73:a8:1f:5d:d1:4c:4e:
                    1d:51:97:14:e4:ac:81:33:db:88:1a:51:73:e3:eb:
                    b1:c3:5a:05:3e:b7:93:16:41:44:dc:ab:be:14:22:
                    29:8c:e4:72:20:53:58:d1:70:1d:02:88:86:53:96:
                    d1:74:15:07:f1:b6:f3:e6:21:66:7c:33:ac:79:d3:
                    d8:13:af:2b:66:b5:de:08:7a:ea:e4:65:86:f2:b3:
                    cc:eb:12:e6:3f:37:61:85:f1:0d:30:1a:37:34:9e:
                    73:0d:30:e8:f9:66:b8:87:6f:81:a8:1b:00:a2:64:
                    f3:f1:d2:da:28:1b:6f:3b:f2:7f:6f:12:65:6f:ea:
                    e9:b6:d9:40:97:8a:2f:70:23:8b:ab:1e:68:40:6b:
                    f9:0f:70:78:f8:39:5d:95:1e:69:2f:25:c9:bb:89:
                    d8:d6:98:94:ed:af:3b:51:0b:45:58:86:cd:3c:3a:
                    08:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:76:A0:98:D2:38:47:D8:78:B1:8B:C9:33:41:C7:22:B9:43:8E:90
            X509v3 Authority Key Identifier:
                keyid:65:10:C2:6F:3A:4F:AC:70:0A:C7:B0:E3:49:0B:8F:A1:75:F0:8A:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRDCbzpPrHAKx7DjSQuPoXXwitg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/026ed8-ab9c-4753-9b20-2ba9d516f944/1/YXagmNI4R9h4sYvJM0HHIrlDjpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/026ed8-ab9c-4753-9b20-2ba9d516f944/1/ZRDCbzpPrHAKx7DjSQuPoXXwitg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.172.0/22
                  185.251.124.0/22
                IPv6:
                  2a07:8cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:fd:27:b4:ff:20:c5:2b:70:50:a6:8c:32:5d:3f:fe:1c:ed:
         b5:99:11:66:44:03:f1:57:29:72:0d:44:2f:8c:00:43:90:02:
         54:4c:32:3c:02:ae:21:c2:d8:c0:2d:55:20:2b:5d:aa:65:b6:
         14:07:69:f5:c7:36:6c:ec:ad:d5:d9:95:a9:7e:2f:aa:ce:33:
         44:0c:08:0e:44:1d:7d:60:b0:27:38:ff:35:8c:c7:d1:ed:d4:
         e0:1f:7c:be:7f:b4:23:15:7c:b4:2b:b5:50:14:0b:aa:b9:0a:
         f6:e4:6f:c3:89:a2:12:7c:72:ac:8c:ca:af:94:5b:70:08:20:
         cd:7d:fc:55:80:b8:4b:2b:20:b1:bb:ec:36:5b:79:10:ec:8e:
         9b:7b:43:e4:6f:56:fa:4f:ea:ac:ad:92:86:9f:09:e8:ef:08:
         91:18:69:3f:f2:15:1c:6b:33:97:73:0a:bf:e3:3b:82:42:42:
         55:2d:95:3a:e2:a1:a2:9a:19:0a:03:78:39:04:74:da:3d:a0:
         39:8d:af:b4:65:73:39:0f:5e:07:69:02:09:ef:b6:05:e9:32:
         15:81:24:54:f2:7a:3f:20:84:f1:f2:6f:b8:8d:29:cb:a6:17:
         ae:44:98:44:84:7f:6a:32:9a:2b:80:0a:f5:55:78:25:64:cc:
         f4:64:f3:48
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3pLiluOzJbJo0rscrN7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MTBjMjZmM2E0ZmFjNzAwYWM3YjBlMzQ5MGI4ZmExNzVm
MDhhZDgwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc2YTA5OGQyMzg0N2Q4NzhiMThiYzkzMzQxYzcyMmI5NDM4ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76ozQhd3y4fmQaAvkbqw8IIe0RPI
GAcN1uz51Z8m+esao2X4BgaeSMI2jLcFoIVoxA2oXsd1hpUckPAFufyJApXaVbk/
JwjFGAaut3RBxX0PDXOoH13RTE4dUZcU5KyBM9uIGlFz4+uxw1oFPreTFkFE3Ku+
FCIpjORyIFNY0XAdAoiGU5bRdBUH8bbz5iFmfDOsedPYE68rZrXeCHrq5GWG8rPM
6xLmPzdhhfENMBo3NJ5zDTDo+Wa4h2+BqBsAomTz8dLaKBtvO/J/bxJlb+rpttlA
l4ovcCOLqx5oQGv5D3B4+DldlR5pLyXJu4nY1piU7a87UQtFWIbNPDoIhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGF2oJjSOEfYeLGLyTNBxyK5Q46QMB8GA1UdIwQY
MBaAFGUQwm86T6xwCsew40kLj6F18IrYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJEQ2J6cFBySEFLeDdEalNRdVBvWFh3aXRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wMjZlZDgtYWI5Yy00NzUzLTliMjAt
MmJhOWQ1MTZmOTQ0LzEvWVhhZ21OSTRSOWg0c1l2Sk0wSEhJcmxEanBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wMjZlZDgtYWI5Yy00NzUzLTliMjAtMmJhOWQ1MTZmOTQ0
LzEvWlJEQ2J6cFBySEFLeDdEalNRdVBvWFh3aXRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCshOsAwQC
uft8MA0EAgACMAcDBQMqB4zAMA0GCSqGSIb3DQEBCwUAA4IBAQAj/Se0/yDFK3BQ
powyXT/+HO21mRFmRAPxVylyDUQvjABDkAJUTDI8Aq4hwtjALVUgK12qZbYUB2n1
xzZs7K3V2ZWpfi+qzjNEDAgORB19YLAnOP81jMfR7dTgH3y+f7QjFXy0K7VQFAuq
uQr25G/DiaISfHKsjMqvlFtwCCDNffxVgLhLKyCxu+w2W3kQ7I6be0Pkb1b6T+qs
rZKGnwno7wiRGGk/8hUcazOXcwq/4zuCQkJVLZU64qGimhkKA3g5BHTaPaA5ja+0
ZXM5D14HaQIJ77YF6TIVgSRU8no/IITx8m+4jSnLpheuRJhEhH9qMporgAr1VXgl
ZMz0ZPNI
-----END CERTIFICATE-----