Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D_JtAEX7xueYrdCJa2RSS4eND0s.roa
File:                     D_JtAEX7xueYrdCJa2RSS4eND0s.roa (raw, json)
Hash identifier:          4LYw+6H+Dv1aKXDKL5Iv9RETY0DXEpw+sf1+Hb+kDWo=
Subject key identifier:   0F:F2:6D:00:45:FB:C6:E7:98:AD:D0:89:6B:64:52:4B:87:8D:0F:4B
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196706BBC1574BAD4FD7421C4F881119582
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D_JtAEX7xueYrdCJa2RSS4eND0s.roa
Signing time:             Sat 26 Apr 2025 04:47:10 +0000
ROA not before:           Sat 26 Apr 2025 04:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.243.54.0/24 maxlen: 24
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 27 Apr 2025 04:45:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:70:6b:bc:15:74:ba:d4:fd:74:21:c4:f8:81:11:95:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 26 04:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ff26d0045fbc6e798add0896b64524b878d0f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:39:0e:68:71:13:ca:9f:cd:b3:cc:bf:0f:71:
                    50:91:21:ef:8d:de:0d:0b:59:bd:1b:c9:47:56:ce:
                    32:04:fd:01:c1:0f:60:5f:25:ef:b3:b7:99:35:18:
                    2d:eb:a3:5c:2e:0b:16:98:c4:53:1a:9f:9f:6a:10:
                    c6:36:13:cb:87:bf:d7:e5:4a:ae:41:91:e5:14:41:
                    ba:01:22:cf:35:ae:67:3a:52:5d:63:40:ba:f9:39:
                    7d:80:3b:b8:bf:6a:7c:2c:1c:e1:18:a3:1b:b8:a8:
                    ac:f4:f9:ba:87:8a:61:e0:6e:47:89:58:28:02:4b:
                    b1:77:b9:5b:ef:1c:f2:63:ed:91:55:0e:05:08:65:
                    5e:12:8a:38:ec:96:ee:47:bd:da:8b:28:a9:96:ac:
                    b3:10:80:a0:88:1b:70:66:9b:44:71:04:e6:51:07:
                    51:f9:05:7b:37:af:93:de:2f:7b:00:37:50:31:ed:
                    5f:70:7f:7c:0a:d2:c1:0a:2b:6a:bf:a9:92:7b:51:
                    91:55:0b:aa:ff:cf:21:dd:da:f8:ac:30:b8:7b:7d:
                    8e:b5:f9:c8:f7:75:fb:1c:5c:e4:d4:bd:73:96:8e:
                    8b:e3:6f:99:c8:44:28:87:bd:b5:bc:bf:e1:4e:f2:
                    13:8e:e5:b7:82:ce:45:41:dc:4e:0c:a7:25:91:89:
                    a5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F2:6D:00:45:FB:C6:E7:98:AD:D0:89:6B:64:52:4B:87:8D:0F:4B
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/D_JtAEX7xueYrdCJa2RSS4eND0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.243.54.0/24
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         1f:f3:bc:d9:d7:53:37:00:36:6a:ef:3a:f9:a3:e4:8d:71:51:
         ea:29:13:48:98:e1:30:5a:a2:7d:d3:ef:95:e7:49:5f:95:db:
         94:1b:25:aa:75:a0:e3:45:0a:83:90:aa:ed:bf:f8:65:e4:11:
         5b:3a:c9:e9:99:3b:ec:f4:18:6e:3c:f6:db:fe:45:3e:bd:f9:
         79:e8:eb:c3:1e:3c:af:b8:90:bc:32:1e:88:3b:e5:47:99:b0:
         a5:47:41:b1:3e:cc:b2:bf:c8:31:2a:55:1a:c8:de:44:18:9f:
         8e:73:c2:b8:9f:5e:e4:b3:3c:09:ca:e8:92:41:f1:29:18:cb:
         02:38:b9:5e:da:8d:e8:d9:6e:3a:7d:f8:a4:3d:c3:d7:26:8a:
         7f:b6:a0:62:4f:5c:10:90:d7:b5:7a:ef:c6:8e:97:af:5c:1b:
         06:1c:b9:bb:39:5a:4c:17:4b:c5:d9:83:20:6c:cd:3b:9d:bd:
         e5:30:09:03:17:9c:cb:6b:c2:06:b4:bb:bd:96:73:d7:9b:5e:
         f4:26:6c:28:dd:fd:c3:4f:b2:c0:59:a2:ec:aa:bf:37:59:5d:
         46:49:55:e1:be:dc:b6:7c:b0:9d:da:92:43:90:22:45:dc:e8:
         62:9d:02:56:c7:bc:d9:20:4b:c5:df:46:42:83:b9:47:87:db:
         a4:94:da:5f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZZwa7wVdLrU/XQhxPiBEZWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDI2MDQ0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmYyNmQwMDQ1ZmJjNmU3OThhZGQwODk2YjY0NTI0Yjg3OGQwZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jkOaHETyp/Ns8y/D3FQkSHvjd4N
C1m9G8lHVs4yBP0BwQ9gXyXvs7eZNRgt66NcLgsWmMRTGp+fahDGNhPLh7/X5Uqu
QZHlFEG6ASLPNa5nOlJdY0C6+Tl9gDu4v2p8LBzhGKMbuKis9Pm6h4ph4G5HiVgo
Akuxd7lb7xzyY+2RVQ4FCGVeEoo47JbuR73aiyiplqyzEICgiBtwZptEcQTmUQdR
+QV7N6+T3i97ADdQMe1fcH98CtLBCitqv6mSe1GRVQuq/88h3dr4rDC4e32OtfnI
93X7HFzk1L1zlo6L42+ZyEQoh721vL/hTvITjuW3gs5FQdxODKclkYmluQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFA/ybQBF+8bnmK3QiWtkUkuHjQ9LMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRF9KdEFFWDd4dWVZcmRDSmEyUlNTNGVORDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQAJcrBMAwD
BAAlysMDBAElysgDBACX8zYwDAMEAZfz9gMEAZfz/DANBgkqhkiG9w0BAQsFAAOC
AQEAH/O82ddTNwA2au86+aPkjXFR6ikTSJjhMFqifdPvledJX5XblBslqnWg40UK
g5Cq7b/4ZeQRWzrJ6Zk77PQYbjz22/5FPr35eejrwx48r7iQvDIeiDvlR5mwpUdB
sT7Msr/IMSpVGsjeRBifjnPCuJ9e5LM8CcrokkHxKRjLAji5XtqN6NluOn34pD3D
1yaKf7agYk9cEJDXtXrvxo6Xr1wbBhy5uzlaTBdLxdmDIGzNO5295TAJAxecy2vC
BrS7vZZz15te9CZsKN39w0+ywFmi7Kq/N1ldRklV4b7ctnywndqSQ5AiRdzoYp0C
Vse82SBLxd9GQoO5R4fbpJTaXw==
-----END CERTIFICATE-----