Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/YT2zMaaaGAiZ29aTAloWdvxCHeM.roa
File:                     YT2zMaaaGAiZ29aTAloWdvxCHeM.roa (raw, json)
Hash identifier:          tHgcE600Hw9FKeo6Kk6Pz+XMBfo4LAiGZWzxa5kLOuU=
Subject key identifier:   61:3D:B3:31:A6:9A:18:08:99:DB:D6:93:02:5A:16:76:FC:42:1D:E3
Certificate issuer:       /CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
Certificate serial:       01941722D4FAD832AE5BDA6FE5BD64FBF73D
Authority key identifier: 6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/YT2zMaaaGAiZ29aTAloWdvxCHeM.roa
Signing time:             Mon 30 Dec 2024 10:35:46 +0000
ROA not before:           Mon 30 Dec 2024 10:35:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58067
IP address blocks:        176.114.16.0/20 maxlen: 20
                          176.114.16.0/24 maxlen: 24
                          176.114.17.0/24 maxlen: 24
                          176.114.18.0/24 maxlen: 24
                          176.114.19.0/24 maxlen: 24
                          176.114.20.0/24 maxlen: 24
                          176.114.21.0/24 maxlen: 24
                          176.114.22.0/24 maxlen: 24
                          176.114.23.0/24 maxlen: 24
                          176.114.24.0/24 maxlen: 24
                          176.114.25.0/24 maxlen: 24
                          176.114.26.0/24 maxlen: 24
                          176.114.27.0/24 maxlen: 24
                          176.114.28.0/24 maxlen: 24
                          176.114.29.0/24 maxlen: 24
                          176.114.30.0/24 maxlen: 24
                          176.114.31.0/24 maxlen: 24
                          2a0b:97c0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 11:47:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:17:22:d4:fa:d8:32:ae:5b:da:6f:e5:bd:64:fb:f7:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
        Validity
            Not Before: Dec 30 10:35:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=613db331a69a180899dbd693025a1676fc421de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e3:f2:95:d0:44:f3:86:01:47:3f:31:e3:4f:
                    5c:30:2b:fe:cd:00:5c:98:21:fa:b2:3b:2c:1a:18:
                    2e:95:d3:38:cb:a0:46:b0:04:dd:b5:87:86:58:6d:
                    5f:5e:23:21:47:36:57:dd:fe:aa:dc:f3:46:10:5e:
                    8f:c5:f0:2b:1b:9f:d0:ca:66:d9:39:9a:9c:0e:c2:
                    5e:ca:33:46:f0:cc:9e:1d:b4:45:12:5a:71:16:b1:
                    bf:8b:bf:e0:b7:6e:4c:2e:cc:56:e9:54:63:07:90:
                    16:e2:fa:d3:29:c5:46:8c:6a:13:33:96:e9:b0:4e:
                    97:ec:5e:67:34:8f:89:a9:a7:9c:41:1f:64:e8:b3:
                    79:0c:2d:b7:51:23:f8:6b:cb:8b:3c:5c:cd:f6:dd:
                    46:55:1b:d4:f4:d2:66:ab:32:c1:47:6f:2b:7c:18:
                    8c:c7:39:16:10:12:a0:92:c1:e4:93:c7:f8:45:40:
                    71:d4:2d:48:be:b0:4b:52:97:94:17:c5:96:de:ec:
                    7a:eb:4a:0f:1c:6e:5d:c8:05:38:ea:a5:39:7a:8d:
                    37:c2:ab:65:df:7e:b5:40:dc:5c:f1:62:1b:12:f3:
                    57:57:2f:20:60:0e:35:cb:be:fe:da:78:7b:e6:3d:
                    c7:16:5e:99:04:c6:ac:7c:8f:0b:47:5d:7a:48:9e:
                    08:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3D:B3:31:A6:9A:18:08:99:DB:D6:93:02:5A:16:76:FC:42:1D:E3
            X509v3 Authority Key Identifier:
                keyid:6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/YT2zMaaaGAiZ29aTAloWdvxCHeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/bBAkoL37rZXwEGTVGM9uqWa0SIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.114.16.0/20
                IPv6:
                  2a0b:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:57:4e:97:5d:d7:e3:b8:69:15:17:c1:15:0e:ad:1c:f9:1c:
         2c:21:54:be:72:75:b7:95:ef:50:7b:cb:af:ed:ab:88:18:1b:
         bb:b8:e7:8a:2f:46:18:f7:cb:eb:c1:d3:8d:e1:46:33:07:c7:
         9d:c1:54:5a:7a:91:16:e5:e8:7c:cd:d9:b9:86:6f:e2:83:a1:
         c6:96:92:d5:94:99:f2:9a:63:b9:f1:4a:27:40:94:c8:05:95:
         d1:d6:ce:b6:86:36:ef:1b:bb:3d:6f:bb:0a:6a:b8:31:ff:63:
         9f:f1:77:d1:7d:83:d5:ad:7e:31:fe:95:35:f2:7a:61:77:2b:
         01:0d:4b:20:e2:3e:71:3c:c4:e7:f5:65:17:07:37:7d:91:01:
         22:b0:fa:6f:27:de:7e:a3:f7:5d:24:b8:d7:56:00:e8:8b:11:
         94:15:af:73:f4:e1:70:08:27:2c:51:d1:22:d0:b0:bb:fb:53:
         7d:0a:63:22:45:3a:df:58:44:71:3c:28:1d:60:a4:09:2a:c6:
         02:81:5d:18:2c:24:4d:cf:7a:25:ed:6e:66:12:5b:60:e6:63:
         ba:98:6b:f2:68:6c:50:2c:03:50:5b:ab:a6:ec:ba:5b:68:27:
         d7:03:40:f6:b6:6f:e1:a6:d3:a9:48:60:31:7d:45:aa:ee:c0:
         cd:8f:93:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQXItT62DKuW9pv5b1k+/c9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMTAyNGEwYmRmYmFkOTVmMDEwNjRkNTE4Y2Y2ZWE5NjZi
NDQ4OGEwHhcNMjQxMjMwMTAzNTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNkYjMzMWE2OWExODA4OTlkYmQ2OTMwMjVhMTY3NmZjNDIxZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+PyldBE84YBRz8x409cMCv+zQBc
mCH6sjssGhguldM4y6BGsATdtYeGWG1fXiMhRzZX3f6q3PNGEF6PxfArG5/QymbZ
OZqcDsJeyjNG8MyeHbRFElpxFrG/i7/gt25MLsxW6VRjB5AW4vrTKcVGjGoTM5bp
sE6X7F5nNI+JqaecQR9k6LN5DC23USP4a8uLPFzN9t1GVRvU9NJmqzLBR28rfBiM
xzkWEBKgksHkk8f4RUBx1C1IvrBLUpeUF8WW3ux660oPHG5dyAU46qU5eo03wqtl
3361QNxc8WIbEvNXVy8gYA41y77+2nh75j3HFl6ZBMasfI8LR116SJ4IEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGE9szGmmhgImdvWkwJaFnb8Qh3jMB8GA1UdIwQY
MBaAFGwQJKC9+62V8BBk1RjPbqlmtEiKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2Ut
MjgzYmIwOTIzODE3LzEvWVQyek1hYWFHQWlaMjlhVEFsb1dkdnhDSGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2UtMjgzYmIwOTIzODE3
LzEvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEsHIQMA0E
AgACMAcDBQMqC5fAMA0GCSqGSIb3DQEBCwUAA4IBAQAxV06XXdfjuGkVF8EVDq0c
+RwsIVS+cnW3le9Qe8uv7auIGBu7uOeKL0YY98vrwdON4UYzB8edwVRaepEW5eh8
zdm5hm/ig6HGlpLVlJnymmO58UonQJTIBZXR1s62hjbvG7s9b7sKargx/2Of8XfR
fYPVrX4x/pU18nphdysBDUsg4j5xPMTn9WUXBzd9kQEisPpvJ95+o/ddJLjXVgDo
ixGUFa9z9OFwCCcsUdEi0LC7+1N9CmMiRTrfWERxPCgdYKQJKsYCgV0YLCRNz3ol
7W5mEltg5mO6mGvyaGxQLANQW6um7LpbaCfXA0D2tm/hptOpSGAxfUWq7sDNj5PX
-----END CERTIFICATE-----