Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/dJy8VomTDpcuE1LIE0fVa1hdp0o.roa
File:                     dJy8VomTDpcuE1LIE0fVa1hdp0o.roa (raw, json)
Hash identifier:          mgHwu6Rf71UIQQeo3L6zYusRJLJvVwSM6uPETDgguX8=
Subject key identifier:   74:9C:BC:56:89:93:0E:97:2E:13:52:C8:13:47:D5:6B:58:5D:A7:4A
Certificate issuer:       /CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
Certificate serial:       01958F37BD7C65EB33758DF262092DF59DF4
Authority key identifier: 13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/dJy8VomTDpcuE1LIE0fVa1hdp0o.roa
Signing time:             Thu 13 Mar 2025 11:15:49 +0000
ROA not before:           Thu 13 Mar 2025 11:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59497
IP address blocks:        185.189.184.0/22 maxlen: 22
                          185.189.184.0/24 maxlen: 24
                          185.189.185.0/24 maxlen: 24
                          185.189.186.0/24 maxlen: 24
                          185.189.187.0/24 maxlen: 24
                          194.8.156.0/22 maxlen: 22
                          194.8.156.0/24 maxlen: 24
                          195.140.228.0/22 maxlen: 22
                          195.140.228.0/24 maxlen: 24
                          195.178.18.0/23 maxlen: 23
                          195.178.18.0/24 maxlen: 24
                          2a09:87c0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Mon 17 Mar 2025 08:43:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:37:bd:7c:65:eb:33:75:8d:f2:62:09:2d:f5:9d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
        Validity
            Not Before: Mar 13 11:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=749cbc5689930e972e1352c81347d56b585da74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9d:bd:9f:9f:04:7e:ee:a0:a3:d8:9e:72:6e:
                    e6:39:cb:43:2d:44:37:02:b5:30:8f:72:de:45:aa:
                    c7:54:bf:0a:9a:29:82:2e:6e:59:e7:0d:b0:b1:59:
                    3b:49:c6:50:81:a7:98:a6:c3:0c:db:70:68:dd:9a:
                    de:36:3e:53:3b:28:56:a8:28:24:a1:ff:b0:6e:00:
                    1a:df:04:17:fe:f5:2d:94:50:22:35:91:3b:10:c2:
                    87:be:64:88:12:48:5e:da:e5:62:60:5e:49:25:ec:
                    22:03:56:7e:74:cc:26:58:ff:d3:74:64:72:87:e2:
                    ef:06:45:7d:a0:dd:a5:ba:34:c7:65:be:da:7d:21:
                    e0:fd:fd:b8:98:51:d8:0a:92:92:2d:15:1c:6f:57:
                    c0:02:5c:74:7b:91:16:ac:fa:4b:b1:05:8c:0b:bc:
                    d4:f5:26:33:5b:0b:4f:51:7b:07:19:66:70:10:06:
                    68:f2:f7:b5:fb:d4:04:4b:2f:2e:05:d0:3f:3c:be:
                    1b:a3:ee:52:97:40:ea:3a:8b:9e:ef:35:7f:4a:5c:
                    f7:01:41:53:1b:a9:e8:7d:91:e1:d0:c1:a1:de:c9:
                    fc:fa:7a:8e:a4:71:86:98:da:d1:2b:4d:85:48:c7:
                    3d:12:cf:8a:41:1a:03:70:ce:13:1e:b3:88:91:be:
                    a9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9C:BC:56:89:93:0E:97:2E:13:52:C8:13:47:D5:6B:58:5D:A7:4A
            X509v3 Authority Key Identifier:
                keyid:13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/dJy8VomTDpcuE1LIE0fVa1hdp0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/EynNPuL-EmqCyipYyH7Vg4_ir1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.184.0/22
                  194.8.156.0/22
                  195.140.228.0/22
                  195.178.18.0/23
                IPv6:
                  2a09:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:9d:67:c1:4a:15:34:ec:df:4e:8a:8e:7b:9d:d1:44:d0:c1:
         cc:2b:3f:42:7a:34:bd:69:59:db:e4:f9:28:e8:e0:3e:60:20:
         a0:1e:0a:2e:44:5d:a5:26:fc:26:a9:fd:f4:f3:c6:a4:45:e7:
         68:45:c7:dd:42:84:f8:d9:55:84:d6:bf:0c:d7:3c:04:53:12:
         10:da:e2:0c:23:af:88:46:52:c0:4b:03:a5:a5:1b:b8:ee:35:
         a9:33:f1:a9:31:92:95:62:78:cb:93:05:f6:30:d1:66:52:9e:
         e9:0e:6c:f8:70:f2:fa:df:eb:9e:27:09:c2:66:ec:2b:5f:39:
         c0:5b:90:30:73:cc:e0:3d:8a:f2:3e:b7:85:c0:5d:51:89:0b:
         d7:25:5d:27:ae:d3:21:cb:64:48:b0:a2:20:37:ba:88:ad:0c:
         6f:38:e3:44:51:56:bc:9c:bc:06:d7:ed:1d:52:cd:d4:94:f3:
         b8:0a:5a:e6:a3:a6:4c:b8:68:65:f8:66:d2:df:0d:5c:b1:ec:
         33:ba:05:ea:2c:29:e6:7a:6d:7c:7a:80:f6:58:3c:79:41:97:
         5d:ec:f5:3b:27:32:2b:00:14:70:4c:73:79:af:00:61:7e:64:
         0b:bc:e4:cb:1c:da:7c:2a:47:59:43:12:c0:0f:e9:53:34:92:
         8a:42:7c:d7
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZWPN718ZeszdY3yYgkt9Z30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMjljZDNlZTJmZTEyNmE4MmNhMmE1OGM4N2VkNTgzOGZl
MmFmNTcwHhcNMjUwMzEzMTExNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDljYmM1Njg5OTMwZTk3MmUxMzUyYzgxMzQ3ZDU2YjU4NWRhNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ29n58Efu6go9iecm7mOctDLUQ3
ArUwj3LeRarHVL8KmimCLm5Z5w2wsVk7ScZQgaeYpsMM23Bo3ZreNj5TOyhWqCgk
of+wbgAa3wQX/vUtlFAiNZE7EMKHvmSIEkhe2uViYF5JJewiA1Z+dMwmWP/TdGRy
h+LvBkV9oN2lujTHZb7afSHg/f24mFHYCpKSLRUcb1fAAlx0e5EWrPpLsQWMC7zU
9SYzWwtPUXsHGWZwEAZo8ve1+9QESy8uBdA/PL4bo+5Sl0DqOoue7zV/Slz3AUFT
G6nofZHh0MGh3sn8+nqOpHGGmNrRK02FSMc9Es+KQRoDcM4THrOIkb6pnwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHScvFaJkw6XLhNSyBNH1WtYXadKMB8GA1UdIwQY
MBaAFBMpzT7i/hJqgsoqWMh+1YOP4q9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMt
MmZjMDMwYTYwY2VhLzEvZEp5OFZvbVREcGN1RTFMSUUwZlZhMWhkcDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMtMmZjMDMwYTYwY2Vh
LzEvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCub24AwQC
wgicAwQCw4zkAwQBw7ISMA0EAgACMAcDBQMqCYfAMA0GCSqGSIb3DQEBCwUAA4IB
AQCtnWfBShU07N9Oio57ndFE0MHMKz9CejS9aVnb5Pko6OA+YCCgHgouRF2lJvwm
qf3088akRedoRcfdQoT42VWE1r8M1zwEUxIQ2uIMI6+IRlLASwOlpRu47jWpM/Gp
MZKVYnjLkwX2MNFmUp7pDmz4cPL63+ueJwnCZuwrXznAW5Awc8zgPYryPreFwF1R
iQvXJV0nrtMhy2RIsKIgN7qIrQxvOONEUVa8nLwG1+0dUs3UlPO4Clrmo6ZMuGhl
+GbS3w1csewzugXqLCnmem18eoD2WDx5QZdd7PU7JzIrABRwTHN5rwBhfmQLvOTL
HNp8KkdZQxLAD+lTNJKKQnzX
-----END CERTIFICATE-----