Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NRIiKTYcFZ-RDn7_zbmsQDSPRew.roa
File:                     NRIiKTYcFZ-RDn7_zbmsQDSPRew.roa (raw, json)
Hash identifier:          KL1xkaqSIAhA9eIlFVl1fKXBfLazOKKyC7c8uPWIcJM=
Subject key identifier:   35:12:22:29:36:1C:15:9F:91:0E:7E:FF:CD:B9:AC:40:34:8F:45:EC
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01964222FABB69EA73A9901104D48DBF7F5C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NRIiKTYcFZ-RDn7_zbmsQDSPRew.roa
Signing time:             Thu 17 Apr 2025 05:05:10 +0000
ROA not before:           Thu 17 Apr 2025 05:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        37.202.193.0/24 maxlen: 24
                          37.202.195.0/24 maxlen: 24
                          37.202.196.0/24 maxlen: 24
                          37.202.197.0/24 maxlen: 24
                          37.202.198.0/24 maxlen: 24
                          37.202.199.0/24 maxlen: 24
                          37.202.200.0/24 maxlen: 24
                          37.202.201.0/24 maxlen: 24
                          151.242.50.0/24 maxlen: 24
                          151.243.16.0/20 maxlen: 20
                          151.243.97.0/24 maxlen: 24
                          151.243.246.0/24 maxlen: 24
                          151.243.247.0/24 maxlen: 24
                          151.243.248.0/24 maxlen: 24
                          151.243.249.0/24 maxlen: 24
                          151.243.250.0/24 maxlen: 24
                          151.243.251.0/24 maxlen: 24
                          151.243.252.0/24 maxlen: 24
                          151.243.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 26 Apr 2025 04:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:22:fa:bb:69:ea:73:a9:90:11:04:d4:8d:bf:7f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 17 05:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35122229361c159f910e7effcdb9ac40348f45ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:15:d5:91:79:66:86:23:22:af:cc:42:84:b9:
                    c2:77:b7:be:01:62:31:c5:5e:37:c6:e1:43:b0:e7:
                    24:a4:26:3d:da:cd:aa:4c:3a:a3:a5:52:ed:6b:d9:
                    ef:5f:5b:f3:7e:98:58:1f:17:99:b7:70:b7:26:a2:
                    27:30:5f:8c:3b:6e:1f:1f:de:2a:1f:7f:5b:87:32:
                    5b:a8:72:bd:da:a3:00:9a:70:e9:5c:2c:bb:b0:64:
                    d6:c2:3a:15:99:6a:96:ea:c5:3b:5a:c7:91:5b:a0:
                    b4:02:37:67:c2:0d:3c:f8:0e:7e:aa:1f:4a:02:eb:
                    72:3b:fb:02:10:18:16:5c:2e:4c:45:46:ca:d8:46:
                    3b:ec:d4:bd:6e:76:87:6b:b4:bb:69:da:34:55:5d:
                    0e:97:6f:91:93:4a:99:fa:6b:91:d8:17:e5:88:37:
                    61:44:0e:e6:c0:c7:d6:15:9a:1a:bb:83:2b:78:57:
                    ef:72:5a:01:be:5b:28:23:ed:74:7c:88:de:16:34:
                    a6:a8:e3:47:d3:a9:5f:b8:d8:8a:02:cc:98:ce:60:
                    bd:b1:98:ab:3e:d5:7d:15:47:37:3d:d1:ba:da:a4:
                    d3:3c:74:65:56:83:81:0a:9c:5a:53:85:a5:ed:26:
                    c0:52:21:34:b0:f8:4b:44:41:d5:96:3c:84:f9:74:
                    b3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:12:22:29:36:1C:15:9F:91:0E:7E:FF:CD:B9:AC:40:34:8F:45:EC
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NRIiKTYcFZ-RDn7_zbmsQDSPRew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.193.0/24
                  37.202.195.0-37.202.201.255
                  151.242.50.0/24
                  151.243.16.0/20
                  151.243.97.0/24
                  151.243.246.0-151.243.253.255

    Signature Algorithm: sha256WithRSAEncryption
         77:76:40:f4:8d:ba:7c:14:cd:2b:2b:f5:88:2e:2f:ec:fa:36:
         2f:33:22:33:00:d1:bb:e8:a8:5e:79:80:1f:69:59:fb:83:6d:
         6e:95:38:40:15:bb:ca:5a:4f:b4:f8:e6:ed:3d:d2:b6:c1:00:
         a1:18:05:21:7c:b9:1c:db:e7:60:19:be:d4:75:e6:77:85:63:
         c6:12:44:f9:90:50:48:b4:5a:59:0d:54:c6:86:0f:66:dd:81:
         aa:d6:d4:87:6c:0b:6d:13:6f:d6:8a:6f:84:7a:71:ac:53:a8:
         b3:3d:92:fd:c4:d1:12:1a:7f:27:37:e3:1a:18:8f:5f:2e:ad:
         2b:c1:84:2d:4b:ac:6d:3e:fa:ba:f4:15:4b:60:ef:ea:f0:86:
         a8:22:ae:42:48:60:2f:33:46:50:65:c6:62:6f:ea:b8:69:16:
         da:c4:65:c5:4f:6a:59:15:97:ec:39:2c:05:dd:97:b7:ea:29:
         2d:2b:35:56:f0:82:49:6b:c9:bf:d0:09:1f:f7:91:81:9d:27:
         55:10:92:02:f7:ff:23:13:bf:bf:df:6d:22:8a:31:05:18:b2:
         39:19:b2:8c:19:4d:60:e7:dc:79:b8:5e:8d:27:ae:1e:6f:60:
         b6:f9:b8:01:ab:4c:4a:2b:24:c2:b9:ba:7f:27:96:d4:5b:57:
         37:6f:41:7c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZZCIvq7aepzqZARBNSNv39cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDE3MDUwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTEyMjIyOTM2MWMxNTlmOTEwZTdlZmZjZGI5YWM0MDM0OGY0NWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBXVkXlmhiMir8xChLnCd7e+AWIx
xV43xuFDsOckpCY92s2qTDqjpVLta9nvX1vzfphYHxeZt3C3JqInMF+MO24fH94q
H39bhzJbqHK92qMAmnDpXCy7sGTWwjoVmWqW6sU7WseRW6C0Ajdnwg08+A5+qh9K
AutyO/sCEBgWXC5MRUbK2EY77NS9bnaHa7S7ado0VV0Ol2+Rk0qZ+muR2BfliDdh
RA7mwMfWFZoau4MreFfvcloBvlsoI+10fIjeFjSmqONH06lfuNiKAsyYzmC9sZir
PtV9FUc3PdG62qTTPHRlVoOBCpxaU4Wl7SbAUiE0sPhLREHVljyE+XSz6wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDUSIik2HBWfkQ5+/825rEA0j0XsMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTlJJaUtUWWNGWi1SRG43X3pibXNRRFNQUmV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQAJcrBMAwD
BAAlysMDBAElysgDBACX8jIDBASX8xADBACX82EwDAMEAZfz9gMEAZfz/DANBgkq
hkiG9w0BAQsFAAOCAQEAd3ZA9I26fBTNKyv1iC4v7Po2LzMiMwDRu+ioXnmAH2lZ
+4NtbpU4QBW7ylpPtPjm7T3StsEAoRgFIXy5HNvnYBm+1HXmd4VjxhJE+ZBQSLRa
WQ1UxoYPZt2BqtbUh2wLbRNv1opvhHpxrFOosz2S/cTREhp/JzfjGhiPXy6tK8GE
LUusbT76uvQVS2Dv6vCGqCKuQkhgLzNGUGXGYm/quGkW2sRlxU9qWRWX7DksBd2X
t+opLSs1VvCCSWvJv9AJH/eRgZ0nVRCSAvf/IxO/v99tIooxBRiyORmyjBlNYOfc
ebhejSeuHm9gtvm4AatMSiskwrm6fyeW1FtXN29BfA==
-----END CERTIFICATE-----