Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/c7NL4sO4rO4d2Ji7JllxENQI8pU.roa
File:                     c7NL4sO4rO4d2Ji7JllxENQI8pU.roa (raw, json)
Hash identifier:          QV+lzePFP9rO8p53a+CkQDu5rzur1muUtAqDBQ+S5SE=
Subject key identifier:   73:B3:4B:E2:C3:B8:AC:EE:1D:D8:98:BB:26:59:71:10:D4:08:F2:95
Certificate issuer:       /CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Certificate serial:       019668913B6B76AD60F19DC08C5DE16B9B63
Authority key identifier: B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/c7NL4sO4rO4d2Ji7JllxENQI8pU.roa
Signing time:             Thu 24 Apr 2025 16:11:10 +0000
ROA not before:           Thu 24 Apr 2025 16:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60175
IP address blocks:        89.63.0.0/16 maxlen: 24
                          89.63.0.0/20 maxlen: 20
                          89.63.16.0/20 maxlen: 20
                          89.63.20.0/24 maxlen: 24
                          89.63.240.0/20 maxlen: 20
                          185.35.12.0/22 maxlen: 22
                          195.4.128.0/19 maxlen: 19
                          195.4.145.0/24 maxlen: 24
                          195.4.160.0/20 maxlen: 20
                          195.4.184.0/21 maxlen: 21
                          195.4.192.0/20 maxlen: 20
                          195.4.199.0/24 maxlen: 24
                          195.4.208.0/21 maxlen: 21
                          2a00:dca0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 25 Apr 2025 07:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:91:3b:6b:76:ad:60:f1:9d:c0:8c:5d:e1:6b:9b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
        Validity
            Not Before: Apr 24 16:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73b34be2c3b8acee1dd898bb26597110d408f295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4d:fa:96:c7:43:12:21:41:19:7b:71:e7:29:
                    3d:65:a3:11:d3:f2:c4:22:df:2a:ca:7a:59:05:ea:
                    70:93:85:ee:cb:0f:ea:a6:be:14:42:0c:3f:93:0e:
                    c9:38:1d:c8:cb:e1:d5:3f:d8:3c:bf:8c:17:7a:58:
                    fe:88:16:15:bf:15:15:28:01:ff:76:c8:e1:53:da:
                    94:83:cb:5c:e4:3c:c0:ea:8b:0b:ae:0b:e7:07:be:
                    e6:af:71:f6:9e:73:75:65:45:5d:51:b4:c4:36:b7:
                    f5:cb:78:e9:a4:dd:a6:b4:b4:71:be:39:16:f8:73:
                    52:56:c1:7a:a8:d6:83:51:56:26:55:97:82:27:00:
                    16:bd:6d:45:d9:6a:d5:8f:ff:5e:a0:fc:03:54:e9:
                    12:9d:aa:15:cd:9c:44:31:6f:36:fc:88:45:47:30:
                    50:aa:94:41:4c:1f:8b:41:67:e3:e9:f8:04:b1:ba:
                    c0:d6:88:0e:6c:62:e6:8c:ed:98:02:2c:13:3b:1f:
                    b5:ce:6f:a9:3e:dc:3f:00:79:b0:fd:99:32:24:90:
                    01:7f:30:3e:f6:74:3f:87:95:16:5f:79:c8:68:64:
                    77:53:f0:70:98:c7:a9:d6:59:e1:65:90:8b:22:3e:
                    81:67:12:12:05:d1:5b:f6:18:9c:e3:ff:94:d6:ec:
                    d0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B3:4B:E2:C3:B8:AC:EE:1D:D8:98:BB:26:59:71:10:D4:08:F2:95
            X509v3 Authority Key Identifier:
                keyid:B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/c7NL4sO4rO4d2Ji7JllxENQI8pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.63.0.0/16
                  185.35.12.0/22
                  195.4.128.0-195.4.175.255
                  195.4.184.0-195.4.215.255
                IPv6:
                  2a00:dca0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d0:aa:2b:01:c0:04:16:b1:9b:e5:01:c3:f6:d0:34:81:3b:d2:
         92:54:c0:14:17:e3:ba:36:b2:bc:40:51:4b:80:77:ad:f1:bb:
         9e:19:09:eb:1f:8e:cf:d3:c7:53:79:31:9e:13:4d:b8:a8:11:
         ad:c3:78:06:a7:22:cc:d1:6c:ea:94:9d:7e:0d:d0:af:21:09:
         36:af:93:45:af:b0:80:0d:04:d9:c1:08:75:53:9a:6c:52:dc:
         bd:ca:4f:32:2a:73:6b:19:4b:dd:e7:1e:87:07:33:3d:03:c6:
         cb:ae:80:4c:2b:4f:2d:51:7c:54:c7:f9:e9:0b:47:20:ac:63:
         85:28:11:70:e2:73:63:fc:31:1d:d9:36:0e:c3:66:e3:a4:20:
         a4:8c:4a:ad:6b:5d:5a:92:be:62:3f:65:e5:dc:af:db:59:fc:
         73:45:b3:ed:aa:99:e2:5c:3b:3e:a2:22:c7:d3:15:b6:7e:8a:
         08:3b:02:89:75:ad:1f:cb:24:4c:43:f7:f7:7e:bd:77:fa:87:
         c4:64:f4:61:96:59:64:99:c2:8f:d7:11:01:bd:ca:dc:6c:af:
         63:02:05:72:9e:98:da:a0:7d:12:ee:3c:e2:cc:96:da:d8:e2:
         0b:9a:06:8b:a2:33:8b:5f:6a:44:5a:59:99:6b:9a:87:23:5d:
         9b:d0:09:64
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZZokTtrdq1g8Z3AjF3ha5tjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmVlMmIzOTcxMjM3N2I0YmZlYzllNjZhYzdlNmU5MDhl
ZmNlZWMwHhcNMjUwNDI0MTYxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2IzNGJlMmMzYjhhY2VlMWRkODk4YmIyNjU5NzExMGQ0MDhmMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E36lsdDEiFBGXtx5yk9ZaMR0/LE
It8qynpZBepwk4Xuyw/qpr4UQgw/kw7JOB3Iy+HVP9g8v4wXelj+iBYVvxUVKAH/
dsjhU9qUg8tc5DzA6osLrgvnB77mr3H2nnN1ZUVdUbTENrf1y3jppN2mtLRxvjkW
+HNSVsF6qNaDUVYmVZeCJwAWvW1F2WrVj/9eoPwDVOkSnaoVzZxEMW82/IhFRzBQ
qpRBTB+LQWfj6fgEsbrA1ogObGLmjO2YAiwTOx+1zm+pPtw/AHmw/ZkyJJABfzA+
9nQ/h5UWX3nIaGR3U/BwmMep1lnhZZCLIj6BZxISBdFb9hic4/+U1uzQsQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHOzS+LDuKzuHdiYuyZZcRDUCPKVMB8GA1UdIwQY
MBaAFLMu4rOXEjd7S/7J5mrH5ukI787sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMt
ZjAxNmNhNWRhMjE5LzEvYzdOTDRzTzRyTzRkMkppN0psbHhFTlFJOHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMtZjAxNmNhNWRhMjE5
LzEvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAtBAIAATAnAwMAWT8DBAK5
IwwwDAMEB8MEgAMEBMMEoDAMAwQDwwS4AwQDwwTQMA0EAgACMAcDBQMqANygMA0G
CSqGSIb3DQEBCwUAA4IBAQDQqisBwAQWsZvlAcP20DSBO9KSVMAUF+O6NrK8QFFL
gHet8bueGQnrH47P08dTeTGeE024qBGtw3gGpyLM0WzqlJ1+DdCvIQk2r5NFr7CA
DQTZwQh1U5psUty9yk8yKnNrGUvd5x6HBzM9A8bLroBMK08tUXxUx/npC0cgrGOF
KBFw4nNj/DEd2TYOw2bjpCCkjEqta11akr5iP2Xl3K/bWfxzRbPtqpniXDs+oiLH
0xW2fooIOwKJda0fyyRMQ/f3fr13+ofEZPRhlllkmcKP1xEBvcrcbK9jAgVynpja
oH0S7jzizJba2OILmgaLojOLX2pEWlmZa5qHI12b0Alk
-----END CERTIFICATE-----