Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/wglJREQlLQSctuc8BCNbgyQwg38.roa
File:                     wglJREQlLQSctuc8BCNbgyQwg38.roa (raw, json)
Hash identifier:          fA4pvwaHbfnJIVN3Ijms3G8Xdlgtnsi6Fyf00o5MxZw=
Subject key identifier:   C2:09:49:44:44:25:2D:04:9C:B6:E7:3C:04:23:5B:83:24:30:83:7F
Certificate issuer:       /CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Certificate serial:       01960105A82891FB2F524481EBBC54B48E60
Authority key identifier: 89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/wglJREQlLQSctuc8BCNbgyQwg38.roa
Signing time:             Fri 04 Apr 2025 13:37:49 +0000
ROA not before:           Fri 04 Apr 2025 13:37:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207147
IP address blocks:        45.11.68.0/22 maxlen: 24
                          45.88.128.0/22 maxlen: 24
                          84.247.4.0/22 maxlen: 24
                          85.204.148.0/22 maxlen: 24
                          89.37.228.0/22 maxlen: 24
                          130.0.88.0/22 maxlen: 24
                          176.223.176.0/22 maxlen: 24
                          185.164.212.0/22 maxlen: 24
                          185.178.88.0/22 maxlen: 24
                          185.178.91.0/24 maxlen: 24
                          185.194.120.0/22 maxlen: 24
                          185.237.40.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Mon 07 Apr 2025 07:09:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:01:05:a8:28:91:fb:2f:52:44:81:eb:bc:54:b4:8e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
        Validity
            Not Before: Apr  4 13:37:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c209494444252d049cb6e73c04235b832430837f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fe:00:52:4b:b6:5b:c0:96:75:81:6a:54:9c:
                    7a:4b:a3:60:04:72:0b:85:1c:6b:d6:56:76:9b:ae:
                    55:1f:54:9e:e2:47:7f:a1:eb:a7:7a:5e:04:fd:ac:
                    f7:46:7a:e5:15:70:b2:8d:3d:c3:5f:1c:66:d7:11:
                    f9:d6:cb:da:b2:a5:bd:2b:8b:9a:80:cf:98:0e:7c:
                    ca:3f:61:2b:e0:e7:b2:13:e5:48:ee:d1:63:fc:69:
                    e4:5c:a8:9a:6b:86:8d:6b:fa:61:d4:0c:52:f3:93:
                    35:18:e3:3b:4a:9d:da:fa:b3:e7:d3:26:e4:ff:e1:
                    66:53:46:1b:cf:6d:0f:ef:f0:8b:8b:b1:02:d8:25:
                    5b:85:73:8b:25:bc:0f:27:62:46:a6:d1:52:89:70:
                    51:78:66:e9:60:96:46:55:fb:68:b5:08:87:e7:74:
                    9b:9c:a5:08:1b:cb:38:46:87:ba:7c:d9:a4:ed:2c:
                    7f:0b:2c:10:a7:35:94:2b:f1:a5:1f:58:98:b9:76:
                    09:4f:8e:3f:33:95:2d:4c:60:dc:7f:d7:10:57:71:
                    d2:be:40:e7:a0:dc:e0:43:67:80:ad:2e:e2:40:e0:
                    04:d6:a5:6d:63:59:74:50:4d:3a:16:39:3a:2a:f0:
                    a3:b7:ba:13:28:41:47:2f:cd:fe:29:3b:f5:87:0b:
                    37:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:09:49:44:44:25:2D:04:9C:B6:E7:3C:04:23:5B:83:24:30:83:7F
            X509v3 Authority Key Identifier:
                keyid:89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/wglJREQlLQSctuc8BCNbgyQwg38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.68.0/22
                  45.88.128.0/22
                  84.247.4.0/22
                  85.204.148.0/22
                  89.37.228.0/22
                  130.0.88.0/22
                  176.223.176.0/22
                  185.164.212.0/22
                  185.178.88.0/22
                  185.194.120.0/22
                  185.237.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:3b:38:31:8a:e9:aa:ba:28:e4:10:55:db:94:1f:7e:81:58:
         a6:02:1c:da:c6:04:e0:f8:39:c9:ba:6d:87:fa:9f:c8:0b:f8:
         ef:8d:1f:79:a4:27:d7:e9:7d:3f:3f:3a:94:b4:ba:f3:37:79:
         7e:f8:ce:75:f4:86:1a:76:85:2c:c1:17:3a:27:de:04:0b:5c:
         a2:9b:aa:05:d4:5f:0f:12:d1:24:06:a6:31:4f:51:74:48:d2:
         68:c0:b5:65:5f:f0:a2:54:5d:6c:ec:90:c1:2a:7a:b9:a1:9f:
         a8:1f:7b:56:b6:66:2e:7a:df:e9:29:ac:43:af:03:10:13:c5:
         83:01:98:3d:a3:04:c2:25:75:a8:0a:8d:58:ce:d6:f5:9d:bf:
         63:eb:d5:0d:c9:05:b0:51:c3:74:f3:9b:bd:ce:fa:3c:1b:64:
         1d:04:02:c2:d9:8a:e6:a5:02:ee:b7:8e:8e:f0:ba:e5:85:45:
         8c:20:bd:e0:25:77:06:6d:23:a3:eb:0d:87:d1:b2:ca:5b:69:
         ee:54:23:e2:fc:66:00:a4:12:00:d2:21:09:e8:1d:5f:07:b5:
         0e:3d:4a:82:78:27:fc:51:74:32:eb:01:01:40:24:85:09:13:
         42:01:d4:c8:7d:b9:93:71:eb:16:35:9f:73:91:15:c0:ed:a6:
         8e:ae:df:eb
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZYBBagokfsvUkSB67xUtI5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NzhmZjVkYWIzM2M0MmRhNjVmZTRlMWFiZmJjYTRlYWZi
ZGQyYWEwHhcNMjUwNDA0MTMzNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjA5NDk0NDQ0MjUyZDA0OWNiNmU3M2MwNDIzNWI4MzI0MzA4MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf4AUku2W8CWdYFqVJx6S6NgBHIL
hRxr1lZ2m65VH1Se4kd/oeunel4E/az3RnrlFXCyjT3DXxxm1xH51svasqW9K4ua
gM+YDnzKP2Er4OeyE+VI7tFj/GnkXKiaa4aNa/ph1AxS85M1GOM7Sp3a+rPn0ybk
/+FmU0Ybz20P7/CLi7EC2CVbhXOLJbwPJ2JGptFSiXBReGbpYJZGVftotQiH53Sb
nKUIG8s4Roe6fNmk7Sx/CywQpzWUK/GlH1iYuXYJT44/M5UtTGDcf9cQV3HSvkDn
oNzgQ2eArS7iQOAE1qVtY1l0UE06Fjk6KvCjt7oTKEFHL83+KTv1hws3IQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFMIJSUREJS0EnLbnPAQjW4MkMIN/MB8GA1UdIwQY
MBaAFIl4/12rM8Qtpl/k4av7yk6vvdKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQt
ZDAyZDk2YzM2Y2EzLzEvd2dsSlJFUWxMUVNjdHVjOEJDTmJneVF3ZzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQtZDAyZDk2YzM2Y2Ez
LzEvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLQtEAwQC
LViAAwQCVPcEAwQCVcyUAwQCWSXkAwQCggBYAwQCsN+wAwQCuaTUAwQCubJYAwQC
ucJ4AwQCue0oMA0GCSqGSIb3DQEBCwUAA4IBAQArOzgxiumquijkEFXblB9+gVim
AhzaxgTg+DnJum2H+p/IC/jvjR95pCfX6X0/PzqUtLrzN3l++M519IYadoUswRc6
J94EC1yim6oF1F8PEtEkBqYxT1F0SNJowLVlX/CiVF1s7JDBKnq5oZ+oH3tWtmYu
et/pKaxDrwMQE8WDAZg9owTCJXWoCo1Yztb1nb9j69UNyQWwUcN085u9zvo8G2Qd
BALC2YrmpQLut46O8LrlhUWMIL3gJXcGbSOj6w2H0bLKW2nuVCPi/GYApBIA0iEJ
6B1fB7UOPUqCeCf8UXQy6wEBQCSFCRNCAdTIfbmTcesWNZ9zkRXA7aaOrt/r
-----END CERTIFICATE-----