Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/OdGIg8cJ2rzI5VWXlRCkICXAgZg.roa
File:                     OdGIg8cJ2rzI5VWXlRCkICXAgZg.roa (raw, json)
Hash identifier:          zg2FXS1TukEcKxxPpE7A+9L+MU5YQ1aF4iCrEwnxF38=
Subject key identifier:   39:D1:88:83:C7:09:DA:BC:C8:E5:55:97:95:10:A4:20:25:C0:81:98
Certificate issuer:       /CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
Certificate serial:       01958A918E2A5F4FAF76F91285B5E7366339
Authority key identifier: 58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/OdGIg8cJ2rzI5VWXlRCkICXAgZg.roa
Signing time:             Wed 12 Mar 2025 13:35:49 +0000
ROA not before:           Wed 12 Mar 2025 13:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        77.95.120.0/21 maxlen: 21
                          185.63.148.0/22 maxlen: 22
                          194.187.88.0/24 maxlen: 24
                          212.103.64.0/19 maxlen: 19
                          212.103.64.0/24 maxlen: 24
                          212.103.65.0/24 maxlen: 24
                          217.11.208.0/20 maxlen: 20
                          217.146.160.0/20 maxlen: 20
                          217.146.165.0/24 maxlen: 24
                          2a00:c38::/32 maxlen: 32
                          2a00:c38:1a5::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 12 Mar 2025 14:26:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:91:8e:2a:5f:4f:af:76:f9:12:85:b5:e7:36:63:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
        Validity
            Not Before: Mar 12 13:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39d18883c709dabcc8e555979510a42025c08198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:68:30:85:6b:aa:5e:f9:e3:98:59:d6:7c:c0:
                    f5:26:1c:ab:e8:98:53:3b:2d:b9:60:5c:ae:55:8f:
                    ec:6e:ea:f6:a4:5b:da:5f:8d:a1:a7:a4:26:46:fd:
                    1a:d1:f9:c0:55:7d:51:f2:ae:29:f0:51:7e:ef:66:
                    f4:29:ea:6a:5e:10:11:ce:9c:72:c7:db:e4:de:35:
                    36:9c:e1:5c:5f:2a:6c:58:54:ba:6d:c0:6d:bb:6e:
                    33:3a:09:15:ca:fc:6d:e0:1b:8b:50:95:9d:de:08:
                    b2:d0:a7:ab:a8:ef:9f:77:f0:41:ec:92:56:2d:42:
                    5f:7c:60:79:7b:60:29:45:fc:35:68:fc:0f:7f:90:
                    1d:12:a8:5c:9f:b0:e8:a3:87:09:d0:1f:87:aa:a5:
                    4a:62:59:0f:d7:d1:fc:e7:9d:d5:f2:d4:84:52:f3:
                    ab:76:63:94:3c:ec:61:72:1b:ff:51:3c:4c:44:13:
                    ae:eb:6b:9f:3a:e6:4f:c5:76:80:7c:40:17:12:60:
                    46:27:53:5a:33:89:d2:e1:c9:dc:8e:d8:5d:ef:80:
                    a6:a6:72:de:72:cb:7f:36:f2:7f:03:4e:f5:4e:b9:
                    3a:73:b8:dc:b7:b2:fa:8e:39:55:84:9f:63:e0:08:
                    36:16:e2:ef:89:dd:be:ab:7d:02:f4:e3:6e:a7:87:
                    d4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D1:88:83:C7:09:DA:BC:C8:E5:55:97:95:10:A4:20:25:C0:81:98
            X509v3 Authority Key Identifier:
                keyid:58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/OdGIg8cJ2rzI5VWXlRCkICXAgZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/WAFcyNofG780PiarII34uyb9U64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.120.0/21
                  185.63.148.0/22
                  194.187.88.0/24
                  212.103.64.0/19
                  217.11.208.0/20
                  217.146.160.0/20
                IPv6:
                  2a00:c38::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:03:1e:e3:61:57:30:20:9f:63:aa:f8:7e:e7:40:af:26:16:
         f3:9d:26:93:a7:32:9d:78:8e:87:c1:95:b5:1f:fd:1e:31:66:
         3e:2d:c0:0f:1b:7c:c3:4b:af:e0:0c:af:d2:fe:dd:32:91:1d:
         fd:e6:07:7e:e7:67:56:04:cb:94:75:2b:25:13:05:54:85:00:
         a7:c7:b2:87:20:0c:03:42:99:7e:db:7d:68:9f:3f:c8:d3:0d:
         a0:c0:4a:27:42:b7:77:87:c4:53:ab:33:d8:0a:a4:79:d5:1e:
         83:b2:88:ca:f4:df:87:a5:3b:42:7f:a6:a4:7e:e7:5c:2f:77:
         15:b6:07:c3:52:d8:e7:15:40:f7:52:19:9a:d0:04:22:f6:f7:
         3f:b6:42:47:0e:0c:41:ea:3f:cb:be:e1:31:7b:c0:b5:26:71:
         ed:f4:81:5a:4f:ff:f3:af:84:c4:7c:bc:56:c0:95:37:f5:84:
         12:71:95:32:83:8b:d2:f1:44:a4:d5:25:ad:59:2e:29:b8:aa:
         88:b3:9c:de:02:4a:87:8a:f7:06:c3:1c:43:2f:d3:0d:ec:ab:
         63:e0:5a:73:28:cf:83:06:8c:03:22:d2:f3:25:bb:c8:58:90:
         a5:ca:af:cb:88:44:58:3d:a9:06:35:c1:61:18:9a:03:50:b7:
         ed:51:b2:f8
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZWKkY4qX0+vdvkShbXnNmM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDE1Y2M4ZGExZjFiYmYzNDNlMjZhYjIwOGRmOGJiMjZm
ZDUzYWUwHhcNMjUwMzEyMTMzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQxODg4M2M3MDlkYWJjYzhlNTU1OTc5NTEwYTQyMDI1YzA4MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2gwhWuqXvnjmFnWfMD1Jhyr6JhT
Oy25YFyuVY/sbur2pFvaX42hp6QmRv0a0fnAVX1R8q4p8FF+72b0KepqXhARzpxy
x9vk3jU2nOFcXypsWFS6bcBtu24zOgkVyvxt4BuLUJWd3giy0KerqO+fd/BB7JJW
LUJffGB5e2ApRfw1aPwPf5AdEqhcn7Doo4cJ0B+HqqVKYlkP19H8553V8tSEUvOr
dmOUPOxhchv/UTxMRBOu62ufOuZPxXaAfEAXEmBGJ1NaM4nS4cncjthd74CmpnLe
cst/NvJ/A071Trk6c7jct7L6jjlVhJ9j4Ag2FuLvid2+q30C9ONup4fUhQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDnRiIPHCdq8yOVVl5UQpCAlwIGYMB8GA1UdIwQY
MBaAFFgBXMjaHxu/ND4mqyCN+Lsm/VOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYt
OGVlMjFiNzRkZDU2LzEvT2RHSWc4Y0oycnpJNVZXWGxSQ2tJQ1hBZ1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYtOGVlMjFiNzRkZDU2
LzEvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDTV94AwQC
uT+UAwQAwrtYAwQF1GdAAwQE2QvQAwQE2ZKgMA0EAgACMAcDBQAqAAw4MA0GCSqG
SIb3DQEBCwUAA4IBAQAaAx7jYVcwIJ9jqvh+50CvJhbznSaTpzKdeI6HwZW1H/0e
MWY+LcAPG3zDS6/gDK/S/t0ykR395gd+52dWBMuUdSslEwVUhQCnx7KHIAwDQpl+
231onz/I0w2gwEonQrd3h8RTqzPYCqR51R6DsojK9N+HpTtCf6akfudcL3cVtgfD
UtjnFUD3Uhma0AQi9vc/tkJHDgxB6j/LvuExe8C1JnHt9IFaT//zr4TEfLxWwJU3
9YQScZUyg4vS8USk1SWtWS4puKqIs5zeAkqHivcGwxxDL9MN7Ktj4FpzKM+DBowD
ItLzJbvIWJClyq/LiERYPakGNcFhGJoDULftUbL4
-----END CERTIFICATE-----