Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/osLp4-1vIzMc-6PePI1-8LV0im4.roa
File:                     osLp4-1vIzMc-6PePI1-8LV0im4.roa (raw, json)
Hash identifier:          7QYUabN6HxpbY+XOwvZRp5QaOtx/2dgd1Bw4rzxASGE=
Subject key identifier:   A2:C2:E9:E3:ED:6F:23:33:1C:FB:A3:DE:3C:8D:7E:F0:B5:74:8A:6E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0195EAFD17621E292217B1A0A1AAE48FB81F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/osLp4-1vIzMc-6PePI1-8LV0im4.roa
Signing time:             Mon 31 Mar 2025 06:56:49 +0000
ROA not before:           Mon 31 Mar 2025 06:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54852
IP address blocks:        2a09:b700::/29 maxlen: 29
                          2a0f:dec0::/29 maxlen: 29
                          2a0f:e540::/29 maxlen: 29
                          2a10:7100::/29 maxlen: 29
                          2a11:3f80::/29 maxlen: 29
                          2a11:4e80::/29 maxlen: 29
                          2a13:1940::/29 maxlen: 29
                          2a13:8f00::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
                          2a13:c500::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 02 Apr 2025 14:28:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ea:fd:17:62:1e:29:22:17:b1:a0:a1:aa:e4:8f:b8:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 31 06:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2c2e9e3ed6f23331cfba3de3c8d7ef0b5748a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3b:84:88:c3:34:7f:67:c2:a3:b9:01:b7:af:
                    ca:27:b8:14:74:60:27:86:f3:6e:d1:c5:7e:62:dc:
                    ab:74:f4:72:2d:93:30:63:05:4e:04:c4:1e:c0:fc:
                    c5:18:23:98:b5:f9:50:6b:b5:f8:88:36:b2:d1:12:
                    34:a5:7c:14:40:27:15:9d:26:6c:1a:14:79:4b:fe:
                    2d:8b:4a:6a:54:e5:33:dd:1c:6a:82:46:13:f2:84:
                    8c:56:f9:00:8d:d5:73:fd:62:ba:81:41:6c:f0:85:
                    a4:47:7d:45:ae:4a:b0:f5:f8:fd:fe:53:82:fa:8d:
                    55:68:72:94:3f:79:a4:d5:29:dd:e7:78:8c:e9:d6:
                    3a:cd:a4:4f:ed:9f:2c:1c:73:0c:8d:ae:53:9b:ae:
                    07:7d:4d:07:cc:26:0e:a5:1e:68:98:95:dd:f6:f1:
                    1c:d7:a7:2b:cd:1d:5e:72:af:c1:dc:70:be:1e:a0:
                    39:76:c5:fe:69:24:35:30:ff:f5:54:6d:23:ec:00:
                    eb:92:4c:86:20:45:cf:9f:36:da:49:21:b9:75:a2:
                    66:d1:c9:19:61:0e:e9:ec:4a:ef:87:56:b2:22:d4:
                    e0:96:8c:75:73:70:dc:b4:b4:db:95:02:6d:fb:ce:
                    19:12:6d:0c:75:31:68:4c:78:6b:54:58:dd:88:15:
                    c6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C2:E9:E3:ED:6F:23:33:1C:FB:A3:DE:3C:8D:7E:F0:B5:74:8A:6E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/osLp4-1vIzMc-6PePI1-8LV0im4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b700::/29
                  2a0f:dec0::/29
                  2a0f:e540::/29
                  2a10:7100::/29
                  2a11:3f80::/29
                  2a11:4e80::/29
                  2a13:1940::/29
                  2a13:8f00::/29
                  2a13:9f00::/29
                  2a13:c500::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:f9:c0:9b:cf:37:f8:ed:26:5c:98:18:1e:44:1a:d7:2f:06:
         5f:29:4e:f5:8f:0c:9c:7e:a6:73:4f:56:22:15:c5:8f:32:b1:
         44:91:e6:db:a6:a1:13:c0:c1:2f:8f:27:8d:02:e4:61:f3:f7:
         d7:93:ce:05:e9:1d:82:5b:35:47:2e:5b:e7:6c:56:da:15:5a:
         9b:4b:3d:a7:58:09:33:1d:fa:99:98:fe:7a:f5:bd:28:7b:66:
         30:34:0d:44:6d:e6:39:ff:66:fa:d5:ac:e3:5e:02:bf:0b:fa:
         24:35:12:2b:50:19:c4:35:bd:25:b2:64:76:06:49:08:0d:d2:
         0b:8a:e2:a0:86:cf:0f:22:87:cd:ad:9e:65:04:71:e2:41:ab:
         30:f7:87:00:b4:b5:87:cc:8b:13:6f:ee:1b:77:58:51:98:a9:
         20:03:1e:c6:04:9d:a6:3f:1a:64:14:ab:2d:59:c6:e4:6b:6a:
         1a:17:e7:3f:ed:cf:f0:3d:63:f7:cd:93:81:78:aa:f1:24:5a:
         46:e7:5c:4a:da:7a:18:74:bf:80:47:a2:e8:5a:4a:c7:da:83:
         32:a8:24:bf:7a:7d:be:e1:b4:64:4c:c8:20:c1:14:10:01:f9:
         be:c8:81:2a:b3:b5:ed:7a:f9:c5:79:02:07:f6:6e:cc:85:c0:
         71:40:96:74
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZXq/RdiHikiF7Ggoarkj7gfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMzMxMDY1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmMyZTllM2VkNmYyMzMzMWNmYmEzZGUzYzhkN2VmMGI1NzQ4YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zuEiMM0f2fCo7kBt6/KJ7gUdGAn
hvNu0cV+YtyrdPRyLZMwYwVOBMQewPzFGCOYtflQa7X4iDay0RI0pXwUQCcVnSZs
GhR5S/4ti0pqVOUz3RxqgkYT8oSMVvkAjdVz/WK6gUFs8IWkR31Frkqw9fj9/lOC
+o1VaHKUP3mk1Snd53iM6dY6zaRP7Z8sHHMMja5Tm64HfU0HzCYOpR5omJXd9vEc
16crzR1ecq/B3HC+HqA5dsX+aSQ1MP/1VG0j7ADrkkyGIEXPnzbaSSG5daJm0ckZ
YQ7p7Ervh1ayItTglox1c3DctLTblQJt+84ZEm0MdTFoTHhrVFjdiBXGQQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKLC6ePtbyMzHPuj3jyNfvC1dIpuMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb3NMcDQtMXZJek1jLTZQZVBJMS04TFYwaW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKgm3AAMF
AyoP3sADBQMqD+VAAwUDKhBxAAMFAyoRP4ADBQMqEU6AAwUDKhMZQAMFAyoTjwAD
BQMqE58AAwUDKhPFADANBgkqhkiG9w0BAQsFAAOCAQEABPnAm883+O0mXJgYHkQa
1y8GXylO9Y8MnH6mc09WIhXFjzKxRJHm26ahE8DBL48njQLkYfP315POBekdgls1
Ry5b52xW2hVam0s9p1gJMx36mZj+evW9KHtmMDQNRG3mOf9m+tWs414Cvwv6JDUS
K1AZxDW9JbJkdgZJCA3SC4rioIbPDyKHza2eZQRx4kGrMPeHALS1h8yLE2/uG3dY
UZipIAMexgSdpj8aZBSrLVnG5GtqGhfnP+3P8D1j982TgXiq8SRaRudcStp6GHS/
gEei6FpKx9qDMqgkv3p9vuG0ZEzIIMEUEAH5vsiBKrO17Xr5xXkCB/ZuzIXAcUCW
dA==
-----END CERTIFICATE-----