Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/WmCjhC020VZJHCbwt0wcI1G7vBs.roa
File:                     WmCjhC020VZJHCbwt0wcI1G7vBs.roa (raw, json)
Hash identifier:          vFdkNUkLUkeFAME9XuqqVHQ3Z9x9OXozKHFcoHevPR8=
Subject key identifier:   5A:60:A3:84:2D:36:D1:56:49:1C:26:F0:B7:4C:1C:23:51:BB:BC:1B
Certificate issuer:       /CN=63082d6d3a1dc501795737537ca74d27a80265a2
Certificate serial:       0196885D2FC1D88824BD5925789547A21126
Authority key identifier: 63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/WmCjhC020VZJHCbwt0wcI1G7vBs.roa
Signing time:             Wed 30 Apr 2025 20:22:10 +0000
ROA not before:           Wed 30 Apr 2025 20:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62205
IP address blocks:        79.174.184.0/21 maxlen: 21
                          91.209.128.0/23 maxlen: 23
                          91.209.130.0/24 maxlen: 24
                          139.28.180.0/22 maxlen: 22
                          139.28.180.0/23 maxlen: 23
                          139.28.182.0/23 maxlen: 23
                          178.213.80.0/21 maxlen: 21
                          178.213.80.0/22 maxlen: 24
                          178.213.84.0/23 maxlen: 24
                          178.213.86.0/24 maxlen: 24
                          185.44.164.0/22 maxlen: 24
                          185.77.228.0/22 maxlen: 22
                          185.77.240.0/22 maxlen: 22
                          2a01:72a0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 01 May 2025 11:34:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:88:5d:2f:c1:d8:88:24:bd:59:25:78:95:47:a2:11:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63082d6d3a1dc501795737537ca74d27a80265a2
        Validity
            Not Before: Apr 30 20:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a60a3842d36d156491c26f0b74c1c2351bbbc1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:66:4d:30:44:e8:19:d2:08:77:bf:2c:01:02:
                    45:1a:d4:6a:3b:61:4a:49:b1:ef:f7:f4:c6:80:2f:
                    f9:78:57:e6:d1:29:b2:c7:04:e2:7f:ff:5e:df:5d:
                    cd:29:00:b2:ca:3d:a0:59:1e:72:36:39:4b:22:a7:
                    cd:bf:18:74:2b:ff:8f:00:02:02:3c:80:ee:fd:8b:
                    52:ce:e9:f1:7a:b2:d9:ff:2a:fa:09:92:e5:f6:03:
                    1e:2c:e1:d4:ae:9d:a3:f4:7a:56:e5:ec:e5:1b:13:
                    e0:31:36:6b:0a:4e:e8:62:78:6a:c5:72:0e:d3:fd:
                    e1:a7:de:4b:d5:99:e5:99:83:ad:43:02:c1:3f:fa:
                    bd:24:7c:f5:72:3b:34:c4:f6:be:3e:2a:bd:98:68:
                    b0:0e:24:87:4b:67:aa:c7:be:ab:0e:d5:29:6d:f6:
                    dc:52:d0:73:22:4b:24:e6:20:d5:10:2a:ad:8d:46:
                    2a:93:ca:7d:e3:2a:09:8a:54:5c:1c:0e:bc:88:b1:
                    c4:36:57:f0:19:fb:0e:18:1d:a3:54:c5:09:e9:c3:
                    0c:39:92:03:b6:25:08:90:75:51:17:4a:d7:88:6d:
                    36:7c:31:6f:36:8d:b8:1a:90:0c:bb:cb:2d:94:57:
                    b3:b8:7b:66:e8:6f:12:dc:6e:76:b4:87:67:6e:a8:
                    a6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:60:A3:84:2D:36:D1:56:49:1C:26:F0:B7:4C:1C:23:51:BB:BC:1B
            X509v3 Authority Key Identifier:
                keyid:63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/WmCjhC020VZJHCbwt0wcI1G7vBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.184.0/21
                  91.209.128.0-91.209.130.255
                  139.28.180.0/22
                  178.213.80.0/21
                  185.44.164.0/22
                  185.77.228.0/22
                  185.77.240.0/22
                IPv6:
                  2a01:72a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:dd:37:23:3f:f1:66:25:16:06:62:f9:b7:04:9c:a4:4a:cc:
         4d:6f:78:56:56:e4:a7:00:48:15:0b:d4:e1:53:d3:5a:00:a3:
         d6:15:4a:d5:6a:df:40:0c:ca:49:c6:d1:f6:d2:85:70:4a:dd:
         21:d2:e6:47:36:68:1c:c6:66:d9:f7:96:6d:f8:30:99:90:84:
         4e:d7:47:ce:25:a4:ab:c5:9d:c6:44:00:52:40:0f:9b:0e:69:
         21:ed:9d:09:68:a4:66:fd:27:e8:bc:ef:5e:4e:8f:96:16:cc:
         11:5d:0c:60:64:e6:43:85:82:f7:22:a4:b6:f8:9e:a7:aa:f6:
         c1:1f:c8:85:cd:97:e2:7f:1d:62:98:d9:3f:b3:75:5d:28:c2:
         b4:3f:6e:a7:a6:9b:cc:2b:10:a9:a3:27:1f:08:12:84:8d:89:
         d8:53:11:fc:4d:3f:03:9b:bd:e9:4f:ad:78:f8:ed:b3:f0:27:
         31:8f:e9:5c:77:63:45:4c:dc:be:d9:45:7e:05:8a:a5:d8:7e:
         20:75:6f:de:8e:e9:fa:07:22:a4:0d:44:70:9a:9e:15:07:b7:
         d4:3c:a8:d4:51:57:50:d2:8c:15:a4:67:ef:93:a1:28:f8:2d:
         05:cc:46:ce:7b:97:8b:12:60:d9:c3:a7:a3:99:a7:a4:2b:99:
         80:3a:76:ea
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZaIXS/B2IgkvVkleJVHohEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDgyZDZkM2ExZGM1MDE3OTU3Mzc1MzdjYTc0ZDI3YTgw
MjY1YTIwHhcNMjUwNDMwMjAyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTYwYTM4NDJkMzZkMTU2NDkxYzI2ZjBiNzRjMWMyMzUxYmJiYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mZNMEToGdIId78sAQJFGtRqO2FK
SbHv9/TGgC/5eFfm0SmyxwTif/9e313NKQCyyj2gWR5yNjlLIqfNvxh0K/+PAAIC
PIDu/YtSzunxerLZ/yr6CZLl9gMeLOHUrp2j9HpW5ezlGxPgMTZrCk7oYnhqxXIO
0/3hp95L1ZnlmYOtQwLBP/q9JHz1cjs0xPa+Piq9mGiwDiSHS2eqx76rDtUpbfbc
UtBzIksk5iDVECqtjUYqk8p94yoJilRcHA68iLHENlfwGfsOGB2jVMUJ6cMMOZID
tiUIkHVRF0rXiG02fDFvNo24GpAMu8stlFezuHtm6G8S3G52tIdnbqimIwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFFpgo4QtNtFWSRwm8LdMHCNRu7wbMB8GA1UdIwQY
MBaAFGMILW06HcUBeVc3U3ynTSeoAmWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMt
YzE4YWQzNmE3YjMwLzEvV21DamhDMDIwVlpKSENid3Qwd2NJMUc3dkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMtYzE4YWQzNmE3YjMw
LzEvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDT664MAwD
BAdb0YADBABb0YIDBAKLHLQDBAOy1VADBAK5LKQDBAK5TeQDBAK5TfAwDQQCAAIw
BwMFACoBcqAwDQYJKoZIhvcNAQELBQADggEBAAHdNyM/8WYlFgZi+bcEnKRKzE1v
eFZW5KcASBUL1OFT01oAo9YVStVq30AMyknG0fbShXBK3SHS5kc2aBzGZtn3lm34
MJmQhE7XR84lpKvFncZEAFJAD5sOaSHtnQlopGb9J+i8715Oj5YWzBFdDGBk5kOF
gvcipLb4nqeq9sEfyIXNl+J/HWKY2T+zdV0owrQ/bqemm8wrEKmjJx8IEoSNidhT
EfxNPwObvelPrXj47bPwJzGP6Vx3Y0VM3L7ZRX4FiqXYfiB1b96O6foHIqQNRHCa
nhUHt9Q8qNRRV1DSjBWkZ++ToSj4LQXMRs57l4sSYNnDp6OZp6QrmYA6duo=
-----END CERTIFICATE-----