Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa
File:                     H3OJjril8VQreWqGR-TwcHNEcXs.roa (raw, json)
Hash identifier:          9+prVnNxxAktnUOHccAB3eCwidzpqYieG0xL81HY0qk=
Subject key identifier:   1F:73:89:8E:B8:A5:F1:54:2B:79:6A:86:47:E4:F0:70:73:44:71:7B
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC8012AEC8B47650435DDB5D8E49A75E8
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43513
IP address blocks:        85.254.145.0/24 maxlen: 24
                          85.254.142.0/23 maxlen: 23
                          159.148.102.0/24 maxlen: 24
                          85.254.32.0/21 maxlen: 21
                          85.254.49.74/32 maxlen: 32
                          85.254.49.75/32 maxlen: 32
                          85.254.49.72/32 maxlen: 32
                          85.254.49.73/32 maxlen: 32
                          85.254.5.0/24 maxlen: 24
                          159.148.198.0/23 maxlen: 23
                          159.148.200.0/24 maxlen: 24
                          85.254.16.0/22 maxlen: 22
                          85.254.24.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2a:ec:8b:47:65:04:35:dd:b5:d8:e4:9a:75:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f73898eb8a5f1542b796a8647e4f0707344717b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c2:d5:82:eb:b2:ba:ee:b7:0f:69:22:ab:59:
                    6b:64:4a:c0:0b:23:65:69:ec:49:05:a6:81:4f:80:
                    6b:04:76:50:d3:4f:6f:3e:10:7f:43:fe:ae:59:2e:
                    0a:4a:54:ef:d4:fe:9e:cd:5c:e3:a1:96:82:ef:67:
                    e5:d3:4d:47:8a:10:dd:f9:36:7a:5b:ed:e7:f2:4d:
                    da:6a:d7:04:2f:20:2d:26:27:10:99:ec:20:01:f2:
                    cb:cd:c5:00:4e:5f:34:64:30:11:50:6d:d7:97:67:
                    e2:33:45:22:99:c5:2d:25:b2:bf:ce:9f:fa:26:07:
                    1a:17:cc:cb:4b:90:b0:a3:59:66:fc:ed:be:4d:c3:
                    99:97:93:29:8b:86:1c:bd:6f:a8:84:d1:c8:69:09:
                    17:f7:10:98:dc:88:06:7b:2c:14:36:24:8c:67:09:
                    6b:dd:4c:81:59:df:2a:70:3a:1f:4d:96:b7:6d:21:
                    6f:3a:f1:3b:a5:2e:e5:ea:1a:11:89:3c:4b:6d:e5:
                    0d:08:fd:b8:cb:87:e1:27:4d:c6:4f:e8:46:60:c7:
                    cc:45:1d:8a:c1:63:54:eb:95:b8:7a:4a:95:61:34:
                    3a:97:48:a3:6a:c2:46:f6:ae:91:d1:ff:f1:93:9a:
                    ab:fb:ef:29:41:26:31:07:6c:b4:09:00:bd:23:86:
                    43:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:73:89:8E:B8:A5:F1:54:2B:79:6A:86:47:E4:F0:70:73:44:71:7B
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/H3OJjril8VQreWqGR-TwcHNEcXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.5.0/24
                  85.254.16.0/22
                  85.254.24.0/22
                  85.254.32.0/21
                  85.254.49.72/30
                  85.254.142.0/23
                  85.254.145.0/24
                  159.148.102.0/24
                  159.148.198.0-159.148.200.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:2e:31:56:30:a8:23:17:2a:84:fb:e1:a5:64:6a:8c:cb:18:
         0a:9c:80:1f:8a:3b:da:00:03:5c:74:c8:99:41:18:60:53:7a:
         bb:d5:ff:97:75:f4:1f:18:85:ee:bb:d7:38:c0:4c:67:c9:91:
         be:ac:05:65:0e:29:a8:52:08:32:d8:2e:84:88:c3:cc:52:08:
         fe:20:4f:10:7b:62:d5:e1:2c:d2:ce:32:6f:6d:63:8d:4d:96:
         d9:8e:ce:b6:af:39:26:51:f6:2f:14:8d:0b:81:35:51:fd:ec:
         1e:69:c2:84:9a:23:0d:ee:b7:71:24:e7:b6:5a:4d:b2:b2:a2:
         88:f8:17:24:da:c2:6b:c1:94:35:e5:98:45:b9:bc:ea:c5:fa:
         c9:7e:7d:35:c6:a2:0a:92:3d:b2:25:aa:52:f4:45:b0:97:6f:
         53:69:2e:10:3b:cf:eb:c2:c8:7d:88:76:9c:5c:8d:52:a8:83:
         bb:56:9c:47:ac:a6:c3:9e:02:a4:36:61:a0:cd:1a:40:84:64:
         f1:50:c7:4b:ed:6b:04:d5:9e:69:6d:f6:f0:ab:2f:93:f4:0f:
         b4:2c:d2:ff:ee:7a:93:99:99:65:53:5d:32:14:e4:82:e5:80:
         78:9f:e2:1d:c8:2a:3d:a9:5f:e4:ea:6c:e3:be:65:df:b9:78:
         3a:f9:af:e1
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzIASrsi0dlBDXdtdjkmnXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjczODk4ZWI4YTVmMTU0MmI3OTZhODY0N2U0ZjA3MDczNDQ3MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8LVguuyuu63D2kiq1lrZErACyNl
aexJBaaBT4BrBHZQ009vPhB/Q/6uWS4KSlTv1P6ezVzjoZaC72fl001HihDd+TZ6
W+3n8k3aatcELyAtJicQmewgAfLLzcUATl80ZDARUG3Xl2fiM0UimcUtJbK/zp/6
JgcaF8zLS5Cwo1lm/O2+TcOZl5Mpi4YcvW+ohNHIaQkX9xCY3IgGeywUNiSMZwlr
3UyBWd8qcDofTZa3bSFvOvE7pS7l6hoRiTxLbeUNCP24y4fhJ03GT+hGYMfMRR2K
wWNU65W4ekqVYTQ6l0ijasJG9q6R0f/xk5qr++8pQSYxB2y0CQC9I4ZD4wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFB9ziY64pfFUK3lqhkfk8HBzRHF7MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvSDNPSmpyaWw4VlFyZVdxR1ItVHdjSE5FY1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQAVf4FAwQC
Vf4QAwQCVf4YAwQDVf4gAwUCVf4xSAMEAVX+jgMEAFX+kQMEAJ+UZjAMAwQBn5TG
AwQAn5TIMA0GCSqGSIb3DQEBCwUAA4IBAQA6LjFWMKgjFyqE++GlZGqMyxgKnIAf
ijvaAANcdMiZQRhgU3q71f+XdfQfGIXuu9c4wExnyZG+rAVlDimoUggy2C6EiMPM
Ugj+IE8Qe2LV4SzSzjJvbWONTZbZjs62rzkmUfYvFI0LgTVR/eweacKEmiMN7rdx
JOe2Wk2ysqKI+Bck2sJrwZQ15ZhFubzqxfrJfn01xqIKkj2yJapS9EWwl29TaS4Q
O8/rwsh9iHacXI1SqIO7VpxHrKbDngKkNmGgzRpAhGTxUMdL7WsE1Z5pbfbwqy+T
9A+0LNL/7nqTmZllU10yFOSC5YB4n+IdyCo9qV/k6mzjvmXfuXg6+a/h
-----END CERTIFICATE-----