Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/bBuN7mtce-hNnyUlA2Q-vXuunNk.roa
File:                     bBuN7mtce-hNnyUlA2Q-vXuunNk.roa (raw, json)
Hash identifier:          MmZlugQdY2TMf1eoohNR3FXmr3BBJy7E6Xy3m2Cu3GQ=
Subject key identifier:   6C:1B:8D:EE:6B:5C:7B:E8:4D:9F:25:25:03:64:3E:BD:7B:AE:9C:D9
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       0185710BF3155D9043E8196140BF28FFAA64
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/bBuN7mtce-hNnyUlA2Q-vXuunNk.roa
Signing time:             Mon 02 Jan 2023 05:54:46 +0000
ROA not before:           Mon 02 Jan 2023 05:54:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        213.181.77.0/24 maxlen: 24
                          213.181.72.0/23 maxlen: 23
                          89.29.190.0/23 maxlen: 23
                          213.181.89.0/24 maxlen: 24
                          213.181.90.0/23 maxlen: 23
                          213.181.94.0/24 maxlen: 24
                          213.181.92.0/23 maxlen: 23
                          89.29.206.0/23 maxlen: 23
                          89.29.225.0/24 maxlen: 24
                          176.57.96.0/24 maxlen: 24
                          89.29.247.0/24 maxlen: 24
                          89.29.253.0/24 maxlen: 24
                          89.29.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0b:f3:15:5d:90:43:e8:19:61:40:bf:28:ff:aa:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  2 05:54:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6c1b8dee6b5c7be84d9f252503643ebd7bae9cd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:a1:76:13:d6:11:b9:73:5f:d6:91:8a:43:
                    07:ef:c3:4a:2d:14:e6:70:e2:d4:95:90:64:77:eb:
                    73:2d:a4:af:2b:ce:40:f6:b7:39:f5:d3:6b:7c:b4:
                    81:df:d9:5d:4f:ff:7a:cf:2c:69:78:65:94:d8:34:
                    f1:5a:5d:9e:74:24:ff:33:fd:cd:fb:ae:b9:1f:8a:
                    82:07:3f:f1:4e:a4:78:84:16:50:58:8e:77:16:8a:
                    1a:18:ce:1e:bc:62:88:a3:d2:53:a1:f8:e5:43:a8:
                    73:01:11:6c:5b:11:a2:fe:c4:fe:9d:e2:ec:08:33:
                    23:4d:81:fe:3d:2f:bb:6a:ca:ed:12:51:72:20:dc:
                    5b:d8:78:7d:ad:c8:13:98:24:6c:cc:3e:4f:45:dd:
                    e0:75:c7:75:11:0a:40:28:29:75:10:db:34:c2:be:
                    56:d0:3e:5b:e9:8e:1b:e2:c0:a4:d7:5b:6c:23:5f:
                    ea:22:36:a0:84:e6:ea:16:62:90:74:4f:be:42:8c:
                    65:19:51:ab:d4:15:ef:c4:3f:0c:14:e6:79:52:4f:
                    23:a2:ca:d9:c0:42:82:bb:d1:c8:d0:9e:f5:9b:51:
                    f3:f8:60:68:bf:d0:d9:2f:3f:83:02:77:76:8f:bf:
                    32:cd:6b:dd:ca:08:80:0f:1d:43:46:c5:ac:19:a1:
                    c1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1B:8D:EE:6B:5C:7B:E8:4D:9F:25:25:03:64:3E:BD:7B:AE:9C:D9
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/bBuN7mtce-hNnyUlA2Q-vXuunNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.190.0/23
                  89.29.206.0/23
                  89.29.225.0/24
                  89.29.247.0/24
                  89.29.253.0/24
                  89.29.255.0/24
                  176.57.96.0/24
                  213.181.72.0/23
                  213.181.77.0/24
                  213.181.89.0-213.181.94.255

    Signature Algorithm: sha256WithRSAEncryption
         ac:e5:ac:41:3f:0f:61:61:83:dc:cc:8f:59:43:37:78:47:74:
         8a:ba:3f:ee:b3:c8:83:b6:6d:13:c4:40:23:c1:15:9e:b9:21:
         9b:57:bf:5e:7b:0e:cb:c4:ce:ea:72:b0:fa:22:c9:9a:2b:d0:
         ca:7b:56:1d:c5:ce:e2:f3:cb:05:58:39:be:9b:e4:da:b1:97:
         cd:19:40:19:47:da:47:13:c5:30:32:ef:b3:c2:e4:fd:13:fe:
         b6:ed:6e:9e:65:c5:e4:9e:ed:4b:f9:2d:97:12:69:a1:f0:55:
         dd:61:67:f0:51:d7:54:60:15:d8:a1:43:dc:af:84:c1:27:f8:
         bf:1b:82:bb:54:80:cc:49:07:c6:e6:52:59:38:f2:25:28:4a:
         74:e0:39:65:96:02:6a:59:67:75:73:6d:8d:19:e5:a4:d2:88:
         40:9b:ad:50:30:a1:c9:59:d4:f7:01:06:b2:54:a5:7b:f1:a5:
         11:6d:2d:55:94:13:76:06:2d:b5:45:13:ae:e1:5c:02:ba:f0:
         bf:34:0f:ad:f4:81:5a:cc:3d:d3:82:e6:09:ac:6e:67:1a:a6:
         59:78:99:a8:07:22:14:e0:8f:c0:3a:22:8f:4c:5f:ae:a6:5d:
         b7:ae:e2:a5:19:a0:97:1e:23:ca:f9:eb:7e:25:01:2d:7b:56:
         22:d0:51:40
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVxC/MVXZBD6BlhQL8o/6pkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjMwMTAyMDU1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzFiOGRlZTZiNWM3YmU4NGQ5ZjI1MjUwMzY0M2ViZDdiYWU5Y2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidahdhPWEblzX9aRikMH78NKLRTm
cOLUlZBkd+tzLaSvK85A9rc59dNrfLSB39ldT/96zyxpeGWU2DTxWl2edCT/M/3N
+665H4qCBz/xTqR4hBZQWI53FooaGM4evGKIo9JTofjlQ6hzARFsWxGi/sT+neLs
CDMjTYH+PS+7asrtElFyINxb2Hh9rcgTmCRszD5PRd3gdcd1EQpAKCl1ENs0wr5W
0D5b6Y4b4sCk11tsI1/qIjaghObqFmKQdE++QoxlGVGr1BXvxD8MFOZ5Uk8josrZ
wEKCu9HI0J71m1Hz+GBov9DZLz+DAnd2j78yzWvdygiADx1DRsWsGaHBDQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGwbje5rXHvoTZ8lJQNkPr17rpzZMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvYkJ1TjdtdGNlLWhObnlVbEEyUS12WHV1bk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBWR2+AwQB
WR3OAwQAWR3hAwQAWR33AwQAWR39AwQAWR3/AwQAsDlgAwQB1bVIAwQA1bVNMAwD
BADVtVkDBADVtV4wDQYJKoZIhvcNAQELBQADggEBAKzlrEE/D2Fhg9zMj1lDN3hH
dIq6P+6zyIO2bRPEQCPBFZ65IZtXv157DsvEzupysPoiyZor0Mp7Vh3FzuLzywVY
Ob6b5Nqxl80ZQBlH2kcTxTAy77PC5P0T/rbtbp5lxeSe7Uv5LZcSaaHwVd1hZ/BR
11RgFdihQ9yvhMEn+L8bgrtUgMxJB8bmUlk48iUoSnTgOWWWAmpZZ3VzbY0Z5aTS
iECbrVAwoclZ1PcBBrJUpXvxpRFtLVWUE3YGLbVFE67hXAK68L80D630gVrMPdOC
5gmsbmcapll4magHIhTgj8A6Io9MX66mXbeu4qUZoJceI8r5634lAS17ViLQUUA=
-----END CERTIFICATE-----