Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PkAt_LGXvSRvyAkMmDT9rGMfIPM.roa
File:                     PkAt_LGXvSRvyAkMmDT9rGMfIPM.roa (raw, json)
Hash identifier:          GHlzXX/duM1mxzbQbe9zrcdxBSzB5EqqyZRQrBOhc4w=
Subject key identifier:   3E:40:2D:FC:B1:97:BD:24:6F:C8:09:0C:98:34:FD:AC:63:1F:20:F3
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01963DDC01AC0C1F92161313D1B39AB94F26
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PkAt_LGXvSRvyAkMmDT9rGMfIPM.roa
Signing time:             Wed 16 Apr 2025 09:09:10 +0000
ROA not before:           Wed 16 Apr 2025 09:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13886
IP address blocks:        45.43.165.0/24 maxlen: 24
                          45.43.166.0/24 maxlen: 24
                          45.150.32.0/22 maxlen: 22
                          45.150.32.0/23 maxlen: 23
                          45.150.34.0/23 maxlen: 23
                          64.137.51.0/24 maxlen: 24
                          104.238.21.0/24 maxlen: 24
                          104.238.29.0/24 maxlen: 24
                          104.238.30.0/24 maxlen: 24
                          104.239.15.0/24 maxlen: 24
                          204.52.112.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 09:11:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:dc:01:ac:0c:1f:92:16:13:13:d1:b3:9a:b9:4f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr 16 09:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e402dfcb197bd246fc8090c9834fdac631f20f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:43:4e:78:db:01:76:e3:38:72:76:14:3f:b6:
                    b5:40:c8:4c:88:df:4d:0a:c7:f2:ad:7b:db:13:c0:
                    1f:40:49:f5:a3:30:6b:21:ef:09:2d:9d:95:dc:c7:
                    13:9f:fc:44:fb:e0:42:7e:85:f5:80:1a:d5:a0:79:
                    0f:6b:c6:02:9c:e0:42:30:05:57:9c:9b:a4:4e:99:
                    d0:f3:74:0b:a6:41:ad:6a:43:d2:7f:65:67:a2:9c:
                    a6:2f:28:af:7c:94:a3:2e:ea:6d:a5:72:61:21:02:
                    29:a0:6f:9d:e1:64:ba:16:08:91:cb:42:e4:c8:9f:
                    d1:d3:8e:59:3d:c0:5c:c3:fe:ba:17:33:be:28:13:
                    22:90:74:bd:79:b9:5b:ef:d3:4c:a5:18:01:cc:4a:
                    d0:29:c9:18:66:c5:7b:f9:94:31:fb:09:7c:8c:fe:
                    cb:d0:a4:39:ec:9a:cd:09:a6:66:d2:67:0b:5b:e7:
                    94:a3:4f:4c:8c:81:ea:6e:02:54:c8:f8:6e:8e:fd:
                    e7:8d:8c:ee:1d:a1:ed:a6:58:48:c4:4f:04:74:aa:
                    aa:cd:80:2d:de:10:3b:4c:32:ed:dc:c6:05:f4:55:
                    91:d3:4b:f9:55:31:2b:9f:bc:24:77:8f:d5:33:3f:
                    f8:9e:e8:24:a5:e3:c3:e2:f8:7e:a6:5d:f6:97:86:
                    4b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:40:2D:FC:B1:97:BD:24:6F:C8:09:0C:98:34:FD:AC:63:1F:20:F3
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PkAt_LGXvSRvyAkMmDT9rGMfIPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.165.0-45.43.166.255
                  45.150.32.0/22
                  64.137.51.0/24
                  104.238.21.0/24
                  104.238.29.0-104.238.30.255
                  104.239.15.0/24
                  204.52.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:2f:2d:a0:87:f4:3a:fc:b4:78:9c:41:7c:ee:32:65:85:98:
         a0:d6:f6:a9:0a:50:bc:97:8f:b8:41:7d:97:18:bf:a4:11:1f:
         ba:0a:82:c7:36:22:91:b3:b2:97:41:15:62:4b:b1:b7:de:ac:
         37:fa:43:2b:b8:22:eb:50:96:49:33:89:3f:fe:b2:b7:97:4e:
         1d:d1:79:d1:e6:09:97:b4:36:8c:8c:d4:52:28:bd:93:40:ce:
         33:9f:2a:99:a0:af:6c:7f:98:38:8d:14:62:77:2c:ea:26:ef:
         15:3c:d7:7f:ff:f1:54:6b:66:ad:ab:01:b1:d1:c3:2d:2e:df:
         54:37:f1:0b:cf:6e:b1:32:21:ac:ad:a8:3a:ed:a8:63:29:b0:
         2c:61:f8:db:d1:ad:2c:ef:ee:f9:15:b3:aa:7a:2e:9c:21:c4:
         e5:98:60:6b:4b:73:d6:26:a7:04:80:f5:e3:0f:75:a4:10:99:
         d2:93:41:22:2a:8c:f9:f9:64:f2:0b:0d:94:ef:6a:ca:d4:0a:
         08:79:cb:b8:5c:68:dc:cf:53:05:68:ed:2b:61:93:c8:d3:e3:
         ac:82:0a:48:48:6c:4a:af:2a:98:55:a8:8a:af:38:cb:74:23:
         43:71:53:ed:4e:11:66:75:de:06:b9:bb:ba:0d:2d:71:50:d8:
         5f:61:ee:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZY93AGsDB+SFhMT0bOauU8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNDE2MDkwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQwMmRmY2IxOTdiZDI0NmZjODA5MGM5ODM0ZmRhYzYzMWYyMGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkNOeNsBduM4cnYUP7a1QMhMiN9N
CsfyrXvbE8AfQEn1ozBrIe8JLZ2V3McTn/xE++BCfoX1gBrVoHkPa8YCnOBCMAVX
nJukTpnQ83QLpkGtakPSf2VnopymLyivfJSjLuptpXJhIQIpoG+d4WS6FgiRy0Lk
yJ/R045ZPcBcw/66FzO+KBMikHS9eblb79NMpRgBzErQKckYZsV7+ZQx+wl8jP7L
0KQ57JrNCaZm0mcLW+eUo09MjIHqbgJUyPhujv3njYzuHaHtplhIxE8EdKqqzYAt
3hA7TDLt3MYF9FWR00v5VTErn7wkd4/VMz/4nugkpePD4vh+pl32l4ZL+QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFD5ALfyxl70kb8gJDJg0/axjHyDzMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvUGtBdF9MR1h2U1J2eUFrTW1EVDlyR01mSVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAAtK6UD
BAAtK6YDBAItliADBABAiTMDBABo7hUwDAMEAGjuHQMEAGjuHgMEAGjvDwMEAMw0
cDANBgkqhkiG9w0BAQsFAAOCAQEAYC8toIf0Ovy0eJxBfO4yZYWYoNb2qQpQvJeP
uEF9lxi/pBEfugqCxzYikbOyl0EVYkuxt96sN/pDK7gi61CWSTOJP/6yt5dOHdF5
0eYJl7Q2jIzUUii9k0DOM58qmaCvbH+YOI0UYncs6ibvFTzXf//xVGtmrasBsdHD
LS7fVDfxC89usTIhrK2oOu2oYymwLGH429GtLO/u+RWzqnounCHE5Zhga0tz1ian
BID14w91pBCZ0pNBIiqM+flk8gsNlO9qytQKCHnLuFxo3M9TBWjtK2GTyNPjrIIK
SEhsSq8qmFWoiq84y3QjQ3FT7U4RZnXeBrm7ug0tcVDYX2HuqQ==
-----END CERTIFICATE-----