Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/iUwTx162M7vAj7xLrhOB-ps3fOc.roa
File:                     iUwTx162M7vAj7xLrhOB-ps3fOc.roa (raw, json)
Hash identifier:          TIoE446PIppLfWzKszbkPRI78W0ZBpawkw4BdKrltgE=
Subject key identifier:   89:4C:13:C7:5E:B6:33:BB:C0:8F:BC:4B:AE:13:81:FA:9B:37:7C:E7
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0195B9A72FA77164D52EDE95F294088A1F08
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/iUwTx162M7vAj7xLrhOB-ps3fOc.roa
Signing time:             Fri 21 Mar 2025 17:01:36 +0000
ROA not before:           Fri 21 Mar 2025 17:01:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        144.56.0.0/24 maxlen: 24
                          144.56.13.0/24 maxlen: 24
                          144.56.20.0/24 maxlen: 24
                          144.56.21.0/24 maxlen: 24
                          144.56.22.0/24 maxlen: 24
                          144.56.23.0/24 maxlen: 24
                          144.56.24.0/24 maxlen: 24
                          144.56.27.0/24 maxlen: 24
                          144.56.28.0/24 maxlen: 24
                          144.56.31.0/24 maxlen: 24
                          144.56.33.0/24 maxlen: 24
                          144.56.34.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 22 Mar 2025 11:46:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:a7:2f:a7:71:64:d5:2e:de:95:f2:94:08:8a:1f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Mar 21 17:01:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=894c13c75eb633bbc08fbc4bae1381fa9b377ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3a:7d:2b:49:06:93:99:33:59:1c:b9:b3:2a:
                    58:fc:26:7c:91:3b:b1:2a:39:bd:69:1a:5a:49:99:
                    bf:84:26:f6:d8:ca:f0:98:dd:b4:29:f1:21:9f:95:
                    f7:07:ab:5e:33:1d:7d:28:ec:dc:08:99:c7:86:a9:
                    81:f3:41:0e:1f:35:9c:58:77:f7:4f:cb:09:64:24:
                    5c:ad:08:cc:74:3a:20:d4:a7:2a:2b:21:a5:ad:0a:
                    b5:bd:a0:ad:e7:0b:01:f8:48:cf:43:d6:ec:c3:53:
                    2e:24:bf:c8:4f:ea:a4:89:5f:a0:65:9c:c1:1b:d5:
                    5a:49:95:72:cb:07:ef:6e:53:01:c9:3b:d6:b0:13:
                    53:54:bd:e2:c0:c2:35:d2:53:26:15:d7:07:f1:ef:
                    bb:db:a4:5d:8b:90:f1:f1:2e:b6:74:31:0a:80:d4:
                    7c:a5:48:c3:c2:a5:46:f0:17:72:6d:20:21:94:86:
                    26:ac:f4:9a:9c:1e:5d:8a:17:d1:d5:72:c5:23:6f:
                    74:72:a4:3d:72:05:e6:0a:a2:a1:31:58:4b:99:ae:
                    71:5e:34:1d:58:a5:81:56:49:0d:d1:34:1e:3b:bc:
                    cd:c1:05:2b:d8:1a:86:34:15:6c:cc:d2:03:f3:fd:
                    60:da:6e:0b:75:d7:49:fd:3e:31:a0:6b:d8:56:78:
                    c3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:4C:13:C7:5E:B6:33:BB:C0:8F:BC:4B:AE:13:81:FA:9B:37:7C:E7
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/iUwTx162M7vAj7xLrhOB-ps3fOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.0.0/24
                  144.56.13.0/24
                  144.56.20.0-144.56.24.255
                  144.56.27.0-144.56.28.255
                  144.56.31.0/24
                  144.56.33.0-144.56.34.255

    Signature Algorithm: sha256WithRSAEncryption
         65:96:87:85:56:37:ed:8b:c6:fd:5d:12:75:64:a6:76:5c:e4:
         40:d3:a0:f6:72:82:ac:e0:e9:fa:f4:ec:a4:19:16:78:96:35:
         75:73:3f:f4:9d:f4:99:cd:d0:cc:d2:3a:f6:23:27:d0:40:af:
         62:04:5d:23:09:2d:50:9d:0b:63:1e:be:bf:26:7e:d6:02:b1:
         71:c1:42:e9:4f:e9:a7:c6:9e:66:a3:66:29:3a:38:de:4e:dc:
         22:46:aa:a7:f9:a2:dc:bd:b7:25:ce:13:96:1f:ee:fd:77:f1:
         12:ed:60:39:72:c2:b5:00:ce:b6:e7:3f:9f:23:e6:23:65:56:
         55:00:3f:10:48:e6:67:b7:b0:08:90:b9:4c:8d:27:43:f7:e1:
         f1:4b:4b:ce:3b:08:32:9a:3f:9c:f8:27:83:32:81:dc:56:d1:
         07:cb:f0:4e:15:8c:21:da:5a:35:cd:5d:87:a2:43:57:c8:75:
         25:93:bf:d5:d7:bd:1d:b9:fc:e0:3c:7e:fa:7e:17:94:c2:42:
         fb:ee:25:eb:66:a2:a0:9b:eb:18:cc:dc:c0:c9:c1:58:8e:9b:
         b5:66:c8:5c:c8:7e:96:38:e6:60:a1:a9:86:5a:61:f0:49:4d:
         45:6a:a3:e6:bb:bb:92:94:74:2b:a2:19:18:f6:57:31:a7:65:
         40:4a:19:74
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZW5py+ncWTVLt6V8pQIih8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwMzIxMTcwMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTRjMTNjNzVlYjYzM2JiYzA4ZmJjNGJhZTEzODFmYTliMzc3Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzp9K0kGk5kzWRy5sypY/CZ8kTux
Kjm9aRpaSZm/hCb22MrwmN20KfEhn5X3B6teMx19KOzcCJnHhqmB80EOHzWcWHf3
T8sJZCRcrQjMdDog1KcqKyGlrQq1vaCt5wsB+EjPQ9bsw1MuJL/IT+qkiV+gZZzB
G9VaSZVyywfvblMByTvWsBNTVL3iwMI10lMmFdcH8e+726Rdi5Dx8S62dDEKgNR8
pUjDwqVG8BdybSAhlIYmrPSanB5dihfR1XLFI290cqQ9cgXmCqKhMVhLma5xXjQd
WKWBVkkN0TQeO7zNwQUr2BqGNBVszNID8/1g2m4LdddJ/T4xoGvYVnjDpwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIlME8detjO7wI+8S64TgfqbN3znMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvaVV3VHgxNjJNN3ZBajd4THJoT0ItcHMzZk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAkDgAAwQA
kDgNMAwDBAKQOBQDBACQOBgwDAMEAJA4GwMEAJA4HAMEAJA4HzAMAwQAkDghAwQA
kDgiMA0GCSqGSIb3DQEBCwUAA4IBAQBlloeFVjfti8b9XRJ1ZKZ2XORA06D2coKs
4On69OykGRZ4ljV1cz/0nfSZzdDM0jr2IyfQQK9iBF0jCS1QnQtjHr6/Jn7WArFx
wULpT+mnxp5mo2YpOjjeTtwiRqqn+aLcvbclzhOWH+79d/ES7WA5csK1AM625z+f
I+YjZVZVAD8QSOZnt7AIkLlMjSdD9+HxS0vOOwgymj+c+CeDMoHcVtEHy/BOFYwh
2lo1zV2HokNXyHUlk7/V170dufzgPH76fheUwkL77iXrZqKgm+sYzNzAycFYjpu1
ZshcyH6WOOZgoamGWmHwSU1FaqPmu7uSlHQrohkY9lcxp2VAShl0
-----END CERTIFICATE-----