Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/fBDkn6sc39bT6YVptIb7g_TsNkM.roa
File:                     fBDkn6sc39bT6YVptIb7g_TsNkM.roa (raw, json)
Hash identifier:          0WgOYm0kdliaRSLO7jTdja+CYcW67mCjXQBPAw2KU5k=
Subject key identifier:   7C:10:E4:9F:AB:1C:DF:D6:D3:E9:85:69:B4:86:FB:83:F4:EC:36:43
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019407DC3442FAF199C34F10475BEAEFE565
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/fBDkn6sc39bT6YVptIb7g_TsNkM.roa
Signing time:             Fri 27 Dec 2024 11:24:19 +0000
ROA not before:           Fri 27 Dec 2024 11:24:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57675
IP address blocks:        37.32.64.0/24 maxlen: 24
                          37.32.65.0/24 maxlen: 24
                          37.32.66.0/24 maxlen: 24
                          37.32.67.0/24 maxlen: 24
                          37.32.68.0/24 maxlen: 24
                          37.32.69.0/24 maxlen: 24
                          37.32.70.0/24 maxlen: 24
                          37.32.71.0/24 maxlen: 24
                          37.32.73.0/24 maxlen: 24
                          37.32.76.0/24 maxlen: 24
                          185.129.92.0/24 maxlen: 24
                          185.129.93.0/24 maxlen: 24
                          185.129.94.0/24 maxlen: 24
                          185.129.95.0/24 maxlen: 24
                          2a0f:1300::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:50:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:07:dc:34:42:fa:f1:99:c3:4f:10:47:5b:ea:ef:e5:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Dec 27 11:24:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c10e49fab1cdfd6d3e98569b486fb83f4ec3643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2f:91:f5:b7:50:ad:e3:06:a3:d3:e1:b8:19:
                    5a:8f:d9:ec:bb:24:9c:f6:09:94:a5:1d:ec:cd:a1:
                    c7:95:0e:b9:92:c2:14:e3:80:fa:be:95:f7:f3:50:
                    aa:b2:cd:e4:de:8f:0b:b1:a7:bb:da:d6:76:24:6c:
                    3b:5f:f9:6c:7e:61:c9:64:cb:c6:e0:d8:49:9e:c5:
                    f8:78:f3:f7:c7:21:68:e8:0b:5a:5a:bc:af:4a:af:
                    49:ea:fc:ad:94:46:ab:59:b3:31:93:f9:e4:c8:b0:
                    7d:e9:15:f2:59:ea:aa:6a:b1:64:1d:d0:8b:e5:e6:
                    fd:55:22:ee:0f:3e:0d:14:de:09:e1:47:c4:29:a7:
                    e0:3b:2e:11:3e:dc:4b:a7:73:e0:59:0b:7a:ab:88:
                    cf:61:7b:19:bd:f7:44:ca:29:85:60:b4:d5:72:b5:
                    12:e8:03:76:b6:27:95:53:3c:72:e5:86:6b:ca:d4:
                    a8:a0:b5:a4:63:a6:56:bb:b5:0f:ba:3a:3d:a5:9d:
                    35:b2:b3:a0:6f:de:90:f9:70:72:a8:7e:07:a1:d4:
                    15:d9:10:67:41:60:74:a1:2c:b9:c4:54:95:cf:f2:
                    9b:06:95:50:d9:41:56:05:89:96:a5:a0:ff:91:9a:
                    33:f5:ed:bc:dd:1e:ec:eb:b1:7e:c7:1c:5c:13:00:
                    e0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:10:E4:9F:AB:1C:DF:D6:D3:E9:85:69:B4:86:FB:83:F4:EC:36:43
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/fBDkn6sc39bT6YVptIb7g_TsNkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.64.0/21
                  37.32.73.0/24
                  37.32.76.0/24
                  185.129.92.0/22
                IPv6:
                  2a0f:1300::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:de:fe:aa:02:6d:2f:e9:c1:35:17:61:59:a2:1f:66:87:05:
         86:85:2d:72:ae:64:5b:0d:c9:27:cf:9a:06:2c:ed:b8:73:77:
         1d:41:12:f1:08:f3:f2:79:70:12:87:fb:74:e4:54:54:27:98:
         3a:e6:49:20:6f:b4:fa:9d:1e:75:6a:ca:83:25:f7:24:b1:fc:
         1f:a8:b8:ce:b3:ba:19:87:d6:e4:58:11:74:3e:85:07:78:16:
         71:96:08:31:d5:9e:b9:cd:c3:f5:51:61:53:62:70:e8:a8:81:
         64:80:b1:fb:bb:3c:82:1b:18:f8:1a:1c:a7:ed:3a:49:b1:7e:
         09:63:11:94:fa:da:ab:ef:aa:da:c1:3f:86:32:bf:ec:99:65:
         bf:fb:90:de:8d:2b:bb:df:ff:4a:84:2e:e6:6d:66:3e:ef:17:
         43:de:9c:45:11:9c:4b:3b:71:ba:2e:43:ef:0c:38:64:f3:f5:
         90:19:eb:96:21:e1:d1:62:30:c3:4a:44:be:7d:7f:91:1b:d9:
         b7:1a:ee:b6:ec:2d:40:26:4b:68:6e:b1:ee:37:47:8d:0c:d2:
         5a:61:64:2b:58:60:f9:c2:1f:31:aa:1f:3e:40:aa:bc:b1:da:
         43:82:11:1b:d2:26:c3:ee:a8:f0:f3:c6:16:d0:00:a9:b6:dd:
         d5:27:d1:cf
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQH3DRC+vGZw08QR1vq7+VlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQxMjI3MTEyNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzEwZTQ5ZmFiMWNkZmQ2ZDNlOTg1NjliNDg2ZmI4M2Y0ZWMzNjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS+R9bdQreMGo9PhuBlaj9nsuySc
9gmUpR3szaHHlQ65ksIU44D6vpX381Cqss3k3o8Lsae72tZ2JGw7X/lsfmHJZMvG
4NhJnsX4ePP3xyFo6AtaWryvSq9J6vytlEarWbMxk/nkyLB96RXyWeqqarFkHdCL
5eb9VSLuDz4NFN4J4UfEKafgOy4RPtxLp3PgWQt6q4jPYXsZvfdEyimFYLTVcrUS
6AN2tieVUzxy5YZrytSooLWkY6ZWu7UPujo9pZ01srOgb96Q+XByqH4HodQV2RBn
QWB0oSy5xFSVz/KbBpVQ2UFWBYmWpaD/kZoz9e283R7s67F+xxxcEwDgGwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHwQ5J+rHN/W0+mFabSG+4P07DZDMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvZkJEa242c2MzOWJUNllWcHRJYjdnX1RzTmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDJSBAAwQA
JSBJAwQAJSBMAwQCuYFcMA0EAgACMAcDBQMqDxMAMA0GCSqGSIb3DQEBCwUAA4IB
AQCb3v6qAm0v6cE1F2FZoh9mhwWGhS1yrmRbDcknz5oGLO24c3cdQRLxCPPyeXAS
h/t05FRUJ5g65kkgb7T6nR51asqDJfcksfwfqLjOs7oZh9bkWBF0PoUHeBZxlggx
1Z65zcP1UWFTYnDoqIFkgLH7uzyCGxj4Ghyn7TpJsX4JYxGU+tqr76rawT+GMr/s
mWW/+5DejSu73/9KhC7mbWY+7xdD3pxFEZxLO3G6LkPvDDhk8/WQGeuWIeHRYjDD
SkS+fX+RG9m3Gu627C1AJktobrHuN0eNDNJaYWQrWGD5wh8xqh8+QKq8sdpDghEb
0ibD7qjw88YW0ACptt3VJ9HP
-----END CERTIFICATE-----