Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IFYBQUAqAICi2WqAjltVaadrbas.roa
File:                     IFYBQUAqAICi2WqAjltVaadrbas.roa (raw, json)
Hash identifier:          hgUaFiwM9AcPIu6Kk/LPgzVsYiCfNHoLi61dWj6/SIs=
Subject key identifier:   20:56:01:41:40:2A:00:80:A2:D9:6A:80:8E:5B:55:69:A7:6B:6D:AB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01972EDD2825384C5A69DB97471DE19A58B7
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IFYBQUAqAICi2WqAjltVaadrbas.roa
Signing time:             Mon 02 Jun 2025 04:18:55 +0000
ROA not before:           Mon 02 Jun 2025 04:18:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        5.83.129.0/24 maxlen: 24
                          5.231.30.0/24 maxlen: 24
                          5.231.94.0/24 maxlen: 24
                          77.90.54.0/24 maxlen: 24
                          87.239.131.0/24 maxlen: 24
                          94.249.195.0/24 maxlen: 24
                          94.249.233.0/24 maxlen: 24
                          95.215.32.0/24 maxlen: 24
                          95.215.34.0/24 maxlen: 24
                          178.18.144.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 02 Jun 2025 12:33:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2e:dd:28:25:38:4c:5a:69:db:97:47:1d:e1:9a:58:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun  2 04:18:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20560141402a0080a2d96a808e5b5569a76b6dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9e:55:0c:7c:69:69:37:9b:bf:61:8c:dd:85:
                    c7:39:63:2c:35:ed:90:92:d5:6f:f9:85:1a:98:38:
                    71:b3:91:8f:71:1a:54:04:7d:76:76:ba:5e:10:3e:
                    52:2f:b0:fd:83:75:8e:8a:8d:82:ae:07:21:cd:52:
                    f9:d0:bb:b9:a8:d5:6c:f7:82:dc:06:e2:45:da:07:
                    5c:c4:ed:a2:23:7f:78:be:c4:a9:28:7c:15:1d:cb:
                    dc:00:43:ea:bb:f4:f3:9e:9e:4d:ad:52:2b:8c:ef:
                    15:a3:08:8e:22:7f:f1:5c:ce:bf:81:04:3a:27:3b:
                    4f:02:e4:6f:95:df:ee:9a:5d:84:8f:ec:2d:ad:ba:
                    da:b0:4d:13:d7:8f:18:35:ca:f6:6d:fc:13:c5:0c:
                    36:8a:3b:9a:01:d6:16:4f:32:06:53:a2:fe:e6:73:
                    ea:44:7c:03:7c:d3:26:6f:ef:b7:49:8e:a2:07:26:
                    09:42:f0:34:9d:a5:68:56:b0:5a:af:13:4b:11:b7:
                    1e:72:37:0e:2a:7e:f2:41:33:59:a1:5f:ab:34:d1:
                    5a:48:3f:e5:10:7c:43:59:f9:0b:53:c4:55:84:cc:
                    db:3d:bf:47:18:4e:23:cf:5e:8e:76:dd:d7:49:a5:
                    97:70:73:15:af:0e:4c:84:23:ac:09:4b:30:2b:65:
                    40:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:56:01:41:40:2A:00:80:A2:D9:6A:80:8E:5B:55:69:A7:6B:6D:AB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IFYBQUAqAICi2WqAjltVaadrbas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.129.0/24
                  5.231.30.0/24
                  5.231.94.0/24
                  77.90.54.0/24
                  87.239.131.0/24
                  94.249.195.0/24
                  94.249.233.0/24
                  95.215.32.0/24
                  95.215.34.0/24
                  178.18.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:36:05:6e:2a:03:4f:2d:11:73:0e:18:d4:62:ba:cb:c1:53:
         e2:69:70:d6:10:7a:d5:95:37:2a:92:21:d3:51:93:56:ed:83:
         97:24:81:09:62:9c:2a:c8:87:2b:ce:7d:aa:66:69:eb:fa:48:
         f6:13:fb:a8:dd:6e:c4:36:17:f5:fb:15:26:f3:17:d4:90:a7:
         15:cb:55:9f:36:b3:80:10:ce:c1:c6:a2:ea:2f:30:d8:7a:9c:
         dd:96:00:d7:73:e4:4e:93:35:9c:86:03:9d:8d:2c:c7:94:45:
         46:00:8b:8c:bb:f0:cc:6b:28:5c:85:ea:91:32:26:5a:93:94:
         dd:1f:d1:f4:b8:f8:da:fa:11:db:b6:49:6e:53:11:4e:7a:ac:
         9e:a2:25:85:6a:b5:a7:eb:50:39:ee:65:98:eb:98:23:7c:f7:
         d0:95:11:5b:26:a9:a7:25:ca:29:d0:42:5a:0a:d1:28:41:dd:
         16:f4:72:c1:1a:0c:43:30:2c:02:22:1f:aa:a3:72:96:2a:e9:
         6b:3f:0b:86:0c:97:aa:68:6d:66:3b:ea:38:b2:65:0c:05:3b:
         3c:85:2f:93:33:eb:95:59:49:e4:e4:4d:46:b6:13:9c:7d:70:
         47:fc:0e:8c:d5:00:63:c6:7a:ff:71:bd:1d:4d:88:43:5f:b2:
         49:39:40:6e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZcu3SglOExaaduXRx3hmli3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjAyMDQxODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU2MDE0MTQwMmEwMDgwYTJkOTZhODA4ZTViNTU2OWE3NmI2ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Z5VDHxpaTebv2GM3YXHOWMsNe2Q
ktVv+YUamDhxs5GPcRpUBH12drpeED5SL7D9g3WOio2CrgchzVL50Lu5qNVs94Lc
BuJF2gdcxO2iI394vsSpKHwVHcvcAEPqu/Tznp5NrVIrjO8VowiOIn/xXM6/gQQ6
JztPAuRvld/uml2Ej+wtrbrasE0T148YNcr2bfwTxQw2ijuaAdYWTzIGU6L+5nPq
RHwDfNMmb++3SY6iByYJQvA0naVoVrBarxNLEbcecjcOKn7yQTNZoV+rNNFaSD/l
EHxDWfkLU8RVhMzbPb9HGE4jz16Odt3XSaWXcHMVrw5MhCOsCUswK2VAjwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCBWAUFAKgCAotlqgI5bVWmna22rMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSUZZQlFVQXFBSUNpMldxQWpsdFZhYWRyYmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABVOBAwQA
BeceAwQABedeAwQATVo2AwQAV++DAwQAXvnDAwQAXvnpAwQAX9cgAwQAX9ciAwQA
shKQMA0GCSqGSIb3DQEBCwUAA4IBAQA4NgVuKgNPLRFzDhjUYrrLwVPiaXDWEHrV
lTcqkiHTUZNW7YOXJIEJYpwqyIcrzn2qZmnr+kj2E/uo3W7ENhf1+xUm8xfUkKcV
y1WfNrOAEM7BxqLqLzDYepzdlgDXc+ROkzWchgOdjSzHlEVGAIuMu/DMayhcheqR
MiZak5TdH9H0uPja+hHbtkluUxFOeqyeoiWFarWn61A57mWY65gjfPfQlRFbJqmn
Jcop0EJaCtEoQd0W9HLBGgxDMCwCIh+qo3KWKulrPwuGDJeqaG1mO+o4smUMBTs8
hS+TM+uVWUnk5E1GthOcfXBH/A6M1QBjxnr/cb0dTYhDX7JJOUBu
-----END CERTIFICATE-----