Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/p5l1Rcypw7JmmLh-o6QqBjninnM.roa
File:                     p5l1Rcypw7JmmLh-o6QqBjninnM.roa (raw, json)
Hash identifier:          MM8tIti82MoUYOCI6tnSoMy9iLVs9RLx+Gm7hPYqv8g=
Subject key identifier:   A7:99:75:45:CC:A9:C3:B2:66:98:B8:7E:A3:A4:2A:06:39:E2:9E:73
Certificate issuer:       /CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
Certificate serial:       01961F8240C5175B1CD410ECDA55C80A32F2
Authority key identifier: 8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/p5l1Rcypw7JmmLh-o6QqBjninnM.roa
Signing time:             Thu 10 Apr 2025 11:42:32 +0000
ROA not before:           Thu 10 Apr 2025 11:42:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8468
IP address blocks:        46.254.0.0/21 maxlen: 21
                          62.249.192.0/18 maxlen: 18
                          78.32.0.0/15 maxlen: 15
                          79.143.144.0/20 maxlen: 20
                          81.31.96.0/19 maxlen: 19
                          84.45.128.0/17 maxlen: 17
                          87.127.0.0/16 maxlen: 16
                          109.224.160.0/19 maxlen: 19
                          185.220.12.0/22 maxlen: 22
                          188.39.0.0/16 maxlen: 16
                          195.74.96.0/19 maxlen: 19
                          2001:4d48::/29 maxlen: 29
                          2001:4d48::/32 maxlen: 32
                          2a05:8940::/29 maxlen: 48
Validation:               Failed, certificate revoked on Thu 10 Apr 2025 13:07:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1f:82:40:c5:17:5b:1c:d4:10:ec:da:55:c8:0a:32:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
        Validity
            Not Before: Apr 10 11:42:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7997545cca9c3b26698b87ea3a42a0639e29e73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:81:2e:47:e3:8e:3e:a2:dd:11:8a:ee:c1:ff:
                    da:62:bf:3b:56:41:84:09:3c:7a:d8:ae:a8:5a:d9:
                    4f:ce:7f:66:75:cd:85:5f:1a:01:49:61:73:42:2c:
                    c3:02:c9:f2:87:d9:0e:e3:8f:70:c5:c4:6f:8d:78:
                    be:12:2f:64:c4:89:27:f0:73:16:27:d4:44:30:af:
                    be:c6:f2:4d:8d:c1:ac:cf:22:29:6c:a1:76:9b:bb:
                    99:16:1a:27:26:8d:4a:6a:bf:0c:0b:f6:a3:74:6f:
                    fd:b3:e5:fa:73:e8:14:77:40:35:bb:78:84:8c:8f:
                    00:68:10:22:d4:10:48:00:a7:28:03:e0:4f:d5:98:
                    50:65:cc:c2:c8:51:b7:77:4f:da:7d:8f:9c:11:87:
                    80:0c:f3:0b:4e:35:3b:72:b5:28:13:f2:89:80:fb:
                    f2:53:3f:cd:4e:ce:17:c3:06:57:06:27:7d:f3:cc:
                    b3:69:c9:64:bd:3c:6b:a6:ec:8f:c3:95:86:ba:0b:
                    c3:15:cc:b2:13:39:ed:7b:23:90:3a:9b:ad:f9:35:
                    49:1e:52:66:d8:f4:6e:ac:a4:85:34:d1:1c:5c:29:
                    d1:ac:eb:fc:d8:ff:d9:dc:1c:9b:e2:82:9b:bd:8a:
                    2c:71:7f:28:71:f4:13:28:d3:ad:3f:9a:08:e2:e6:
                    70:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:99:75:45:CC:A9:C3:B2:66:98:B8:7E:A3:A4:2A:06:39:E2:9E:73
            X509v3 Authority Key Identifier:
                keyid:8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/p5l1Rcypw7JmmLh-o6QqBjninnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.0.0/21
                  62.249.192.0/18
                  78.32.0.0/15
                  79.143.144.0/20
                  81.31.96.0/19
                  84.45.128.0/17
                  87.127.0.0/16
                  109.224.160.0/19
                  185.220.12.0/22
                  188.39.0.0/16
                  195.74.96.0/19
                IPv6:
                  2001:4d48::/29
                  2a05:8940::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:cc:a4:24:50:57:2c:1a:d1:51:0b:24:c2:e7:ae:be:4f:61:
         a8:f0:a2:3c:7a:af:1c:3e:ad:0b:5b:0d:a5:d6:19:e7:2f:48:
         5a:71:f3:76:57:ec:cc:e7:e0:13:3b:75:25:47:ec:19:d9:85:
         77:92:68:71:dc:96:6e:a9:6b:5b:af:ac:69:e5:c6:57:c8:f1:
         07:0d:e8:2a:99:32:01:82:30:bf:92:8b:aa:d6:4d:85:16:da:
         94:84:58:d6:03:70:3c:c3:9c:ca:b7:8b:c4:02:d4:b9:12:8f:
         63:81:de:af:e3:08:cf:44:ac:fd:f4:97:4e:5a:9a:8c:1b:e0:
         ed:64:12:ef:64:9d:45:42:35:5a:86:54:43:95:2e:5a:fe:e2:
         3d:f7:c9:56:d2:e1:ca:07:d5:9b:22:ca:47:5a:f7:00:dd:36:
         58:17:ae:62:8e:47:a8:82:22:5a:d2:e8:37:11:9d:54:34:c0:
         cd:6f:ae:ee:1b:04:ea:fa:f7:cc:59:19:1b:c3:a6:1c:c2:6d:
         c7:ae:04:36:be:68:be:8d:48:50:d5:29:44:eb:3c:d4:c9:d5:
         7b:be:9d:f3:1e:d9:75:ee:43:d5:68:1c:b4:a9:97:9e:76:21:
         16:63:92:0e:1b:2d:3c:7b:bb:e9:a9:f9:48:4b:60:c6:83:5b:
         b8:fe:73:5c
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZYfgkDFF1sc1BDs2lXICjLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNzg5NjNiM2M0ZjJkZDE4N2MyMDQzN2RmMWQ3ZDljMTY4
Y2FiODEwHhcNMjUwNDEwMTE0MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzk5NzU0NWNjYTljM2IyNjY5OGI4N2VhM2E0MmEwNjM5ZTI5ZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64EuR+OOPqLdEYruwf/aYr87VkGE
CTx62K6oWtlPzn9mdc2FXxoBSWFzQizDAsnyh9kO449wxcRvjXi+Ei9kxIkn8HMW
J9REMK++xvJNjcGszyIpbKF2m7uZFhonJo1Kar8MC/ajdG/9s+X6c+gUd0A1u3iE
jI8AaBAi1BBIAKcoA+BP1ZhQZczCyFG3d0/afY+cEYeADPMLTjU7crUoE/KJgPvy
Uz/NTs4XwwZXBid988yzaclkvTxrpuyPw5WGugvDFcyyEznteyOQOput+TVJHlJm
2PRurKSFNNEcXCnRrOv82P/Z3Byb4oKbvYoscX8ocfQTKNOtP5oI4uZwNwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFKeZdUXMqcOyZpi4fqOkKgY54p5zMB8GA1UdIwQY
MBaAFI94ljs8Ty3Rh8IEN98dfZwWjKuBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgt
MWVmOWYyMzE5NTIyLzEvcDVsMVJjeXB3N0ptbUxoLW82UXFCam5pbm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgtMWVmOWYyMzE5NTIy
LzEvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBFBAIAATA/AwQDLv4AAwQG
PvnAAwMBTiADBARPj5ADBAVRH2ADBAdULYADAwBXfwMEBW3goAMEArncDAMDALwn
AwQFw0pgMBQEAgACMA4DBQMgAU1IAwUDKgWJQDANBgkqhkiG9w0BAQsFAAOCAQEA
TMykJFBXLBrRUQskwueuvk9hqPCiPHqvHD6tC1sNpdYZ5y9IWnHzdlfszOfgEzt1
JUfsGdmFd5JocdyWbqlrW6+saeXGV8jxBw3oKpkyAYIwv5KLqtZNhRbalIRY1gNw
PMOcyreLxALUuRKPY4Her+MIz0Ss/fSXTlqajBvg7WQS72SdRUI1WoZUQ5UuWv7i
PffJVtLhygfVmyLKR1r3AN02WBeuYo5HqIIiWtLoNxGdVDTAzW+u7hsE6vr3zFkZ
G8OmHMJtx64ENr5ovo1IUNUpROs81MnVe76d8x7Zde5D1WgctKmXnnYhFmOSDhst
PHu76an5SEtgxoNbuP5zXA==
-----END CERTIFICATE-----