Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/4uO2BMLTVBVoy19MDD2YL9ZIqQg.roa
File:                     4uO2BMLTVBVoy19MDD2YL9ZIqQg.roa (raw, json)
Hash identifier:          UmBUnP+mYWiBTse1r+p4IF/m5l8eDEFrSLwcgPOKDWw=
Subject key identifier:   E2:E3:B6:04:C2:D3:54:15:68:CB:5F:4C:0C:3D:98:2F:D6:48:A9:08
Certificate issuer:       /CN=69042c1f27a7d7862475087023dc97c3330f73c6
Certificate serial:       0192968FAF364A7EEEA55E1BB1DD0EC7EB29
Authority key identifier: 69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/4uO2BMLTVBVoy19MDD2YL9ZIqQg.roa
Signing time:             Wed 16 Oct 2024 18:20:51 +0000
ROA not before:           Wed 16 Oct 2024 18:20:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48847
IP address blocks:        185.104.68.0/22 maxlen: 22
                          185.104.68.0/24 maxlen: 24
                          185.104.68.0/26 maxlen: 26
                          185.104.68.64/26 maxlen: 26
                          185.104.68.144/28 maxlen: 28
                          185.104.68.240/29 maxlen: 29
                          185.104.70.0/24 maxlen: 24
                          185.104.70.0/28 maxlen: 28
                          185.104.70.220/30 maxlen: 30
                          185.104.71.0/24 maxlen: 24
                          185.104.71.0/28 maxlen: 28
                          185.104.71.16/30 maxlen: 30
                          185.104.71.20/30 maxlen: 30
                          185.104.71.24/30 maxlen: 30
                          185.104.71.28/30 maxlen: 30
                          185.104.71.32/28 maxlen: 28
                          185.104.71.176/29 maxlen: 29
                          2a06:3480::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 16 Oct 2024 19:04:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:8f:af:36:4a:7e:ee:a5:5e:1b:b1:dd:0e:c7:eb:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69042c1f27a7d7862475087023dc97c3330f73c6
        Validity
            Not Before: Oct 16 18:20:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2e3b604c2d3541568cb5f4c0c3d982fd648a908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:86:ca:4a:a0:6f:0e:42:ca:45:9e:74:cb:32:
                    30:96:33:58:46:07:a2:69:bd:c6:27:2a:7a:30:51:
                    be:4e:b9:42:74:b5:6f:db:d2:72:63:6e:06:a4:0a:
                    15:46:06:c6:02:c0:05:7b:e7:82:84:bd:d7:b2:d5:
                    77:29:f3:1c:70:51:ee:11:b7:ae:cd:e3:5a:5a:c3:
                    c0:59:3d:ff:ae:9d:63:a9:85:ac:90:4f:c8:9f:13:
                    e4:f8:78:79:12:a2:97:b5:3f:5e:72:2f:b5:aa:53:
                    79:1b:90:58:63:c1:8e:10:51:70:50:17:2f:65:ce:
                    82:b3:df:eb:4a:9e:b8:54:56:10:05:fc:a3:32:4f:
                    62:70:8c:df:97:9d:25:94:94:c8:62:77:33:72:23:
                    2d:cf:1f:4b:4d:f1:d8:cb:45:31:f6:f6:08:72:be:
                    e0:69:67:9c:58:3f:1a:e9:8d:de:ab:65:08:c6:32:
                    a8:fa:08:78:18:64:77:71:5c:9d:b5:6d:e8:60:4d:
                    a9:96:20:bb:70:c6:28:d5:72:6a:5d:43:c7:b9:83:
                    4d:48:93:51:3e:a9:93:d8:89:29:1c:cd:0e:e9:bb:
                    a5:7f:2d:c3:57:37:9c:89:f4:7e:e6:de:1e:8d:6f:
                    17:e6:0d:fb:ed:51:c9:71:0b:64:17:59:9c:c7:3c:
                    80:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E3:B6:04:C2:D3:54:15:68:CB:5F:4C:0C:3D:98:2F:D6:48:A9:08
            X509v3 Authority Key Identifier:
                keyid:69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/4uO2BMLTVBVoy19MDD2YL9ZIqQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/aQQsHyen14YkdQhwI9yXwzMPc8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.68.0/22
                IPv6:
                  2a06:3480::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:15:e0:99:18:ea:bf:42:57:ff:97:bf:df:86:76:db:f1:ab:
         ed:90:c7:7c:d1:13:cc:a0:1f:7a:67:6f:e4:26:95:e6:11:53:
         3c:57:68:fc:8e:9a:90:12:f0:72:20:de:cb:23:b2:82:72:20:
         1b:bb:d6:4c:3a:aa:01:39:06:88:09:5a:e6:fa:69:ca:12:70:
         70:f2:d9:d8:74:c0:03:64:a7:53:a8:73:34:02:71:60:87:27:
         b7:63:84:1e:03:30:78:b3:73:6f:4a:cd:c7:68:9e:e1:b3:db:
         28:45:8b:64:a8:85:07:47:bc:3e:f3:b4:b0:24:d5:8f:cc:4d:
         1e:e4:12:2c:bb:6d:8f:42:d1:2d:c5:c7:30:12:b4:6d:dd:b9:
         d7:a2:44:e8:e8:9c:23:b3:b9:e8:6a:2a:64:58:73:d0:1c:ff:
         70:d0:1d:dc:d3:ba:72:f0:36:f3:fb:b4:18:c1:eb:ea:9a:11:
         b1:1b:a1:9f:32:16:22:49:95:c1:21:17:f6:39:0c:5d:55:1c:
         47:50:7f:dd:12:8f:46:39:e3:b2:8d:ef:5e:6b:0b:63:b3:4a:
         bb:17:db:61:b0:a1:af:7c:95:f0:36:f3:52:26:30:f7:fd:fe:
         9a:45:71:1e:c3:0d:57:29:77:ae:77:38:21:81:8f:ac:47:6a:
         25:2f:4e:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKWj682Sn7upV4bsd0Ox+spMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MDQyYzFmMjdhN2Q3ODYyNDc1MDg3MDIzZGM5N2MzMzMw
ZjczYzYwHhcNMjQxMDE2MTgyMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmUzYjYwNGMyZDM1NDE1NjhjYjVmNGMwYzNkOTgyZmQ2NDhhOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4bKSqBvDkLKRZ50yzIwljNYRgei
ab3GJyp6MFG+TrlCdLVv29JyY24GpAoVRgbGAsAFe+eChL3XstV3KfMccFHuEbeu
zeNaWsPAWT3/rp1jqYWskE/InxPk+Hh5EqKXtT9eci+1qlN5G5BYY8GOEFFwUBcv
Zc6Cs9/rSp64VFYQBfyjMk9icIzfl50llJTIYnczciMtzx9LTfHYy0Ux9vYIcr7g
aWecWD8a6Y3eq2UIxjKo+gh4GGR3cVydtW3oYE2pliC7cMYo1XJqXUPHuYNNSJNR
PqmT2IkpHM0O6bulfy3DVzecifR+5t4ejW8X5g377VHJcQtkF1mcxzyAewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLjtgTC01QVaMtfTAw9mC/WSKkIMB8GA1UdIwQY
MBaAFGkELB8np9eGJHUIcCPcl8MzD3PGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgt
Y2JiM2Q2MzVkODJmLzEvNHVPMkJNTFRWQlZveTE5TUREMllMOVpJcVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgtY2JiM2Q2MzVkODJm
LzEvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWhEMA0E
AgACMAcDBQMqBjSAMA0GCSqGSIb3DQEBCwUAA4IBAQCtFeCZGOq/Qlf/l7/fhnbb
8avtkMd80RPMoB96Z2/kJpXmEVM8V2j8jpqQEvByIN7LI7KCciAbu9ZMOqoBOQaI
CVrm+mnKEnBw8tnYdMADZKdTqHM0AnFghye3Y4QeAzB4s3NvSs3HaJ7hs9soRYtk
qIUHR7w+87SwJNWPzE0e5BIsu22PQtEtxccwErRt3bnXokTo6Jwjs7noaipkWHPQ
HP9w0B3c07py8Dbz+7QYwevqmhGxG6GfMhYiSZXBIRf2OQxdVRxHUH/dEo9GOeOy
je9eawtjs0q7F9thsKGvfJXwNvNSJjD3/f6aRXEeww1XKXeudzghgY+sR2olL07I
-----END CERTIFICATE-----