Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/0PulJqK7mb3Z4FSRtjioqMWtklc.roa
File:                     0PulJqK7mb3Z4FSRtjioqMWtklc.roa (raw, json)
Hash identifier:          re4B4zsYF3cZTvdKEc44PlvcrqSs50j/AZWuvgOJk4o=
Subject key identifier:   D0:FB:A5:26:A2:BB:99:BD:D9:E0:54:91:B6:38:A8:A8:C5:AD:92:57
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01907BB7C44C64EB8E37198783E400BE0D23
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/0PulJqK7mb3Z4FSRtjioqMWtklc.roa
Signing time:             Thu 04 Jul 2024 03:09:19 +0000
ROA not before:           Thu 04 Jul 2024 03:09:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        77.223.192.0/21 maxlen: 21
                          77.223.200.0/23 maxlen: 24
                          79.139.64.0/23 maxlen: 24
                          83.142.200.0/21 maxlen: 24
                          94.101.103.0/24 maxlen: 24
                          176.222.48.0/22 maxlen: 24
                          178.216.184.0/21 maxlen: 24
                          198.14.16.0/20 maxlen: 24
                          198.145.112.0/22 maxlen: 24
                          205.134.244.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Tue 10 Sep 2024 23:42:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7b:b7:c4:4c:64:eb:8e:37:19:87:83:e4:00:be:0d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jul  4 03:09:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0fba526a2bb99bdd9e05491b638a8a8c5ad9257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ff:61:bf:4f:64:aa:ae:7e:3e:09:05:c2:b5:
                    4d:a9:cd:32:c4:02:12:98:06:89:ba:ce:bd:e3:96:
                    2e:84:09:ff:2d:3f:51:d9:cd:98:eb:97:c2:42:22:
                    b1:15:bc:75:bd:46:ec:2b:31:e3:b4:c9:b5:39:f2:
                    3d:7b:5d:5d:b7:11:45:05:99:da:0f:45:63:ff:f9:
                    03:80:a3:95:c0:32:fc:7f:0c:90:39:82:82:8f:33:
                    77:b7:bb:ef:c9:11:1e:91:99:5b:89:98:ed:18:fb:
                    cb:11:4d:3d:ff:d6:13:69:2a:59:1f:4a:ac:0f:8a:
                    08:b1:d9:9b:b4:60:5c:81:a5:27:82:1d:f0:3e:a0:
                    e1:c7:e6:9f:e6:62:22:a9:55:bf:74:02:1e:c2:9d:
                    1f:3b:3b:64:7d:c5:96:7b:7f:fa:e2:46:a8:41:15:
                    3d:44:34:fb:be:6c:bb:ce:8c:08:06:7a:6c:81:a9:
                    46:fb:9c:02:ed:bf:74:d2:20:8c:a3:e6:82:4a:5e:
                    c7:9f:ea:81:e5:a1:27:02:d8:5e:3c:f7:4e:e0:17:
                    51:c7:3b:b2:07:06:82:95:77:7e:06:3c:08:80:db:
                    63:e7:7b:3a:ae:3b:f4:f6:45:15:8e:82:4c:8e:09:
                    ec:e1:06:14:45:ba:09:43:9f:69:85:03:07:f6:3f:
                    ab:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FB:A5:26:A2:BB:99:BD:D9:E0:54:91:B6:38:A8:A8:C5:AD:92:57
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/0PulJqK7mb3Z4FSRtjioqMWtklc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.192.0-77.223.201.255
                  79.139.64.0/23
                  83.142.200.0/21
                  94.101.103.0/24
                  176.222.48.0/22
                  178.216.184.0/21
                  198.14.16.0/20
                  198.145.112.0/22
                  205.134.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:2b:d5:bb:30:53:1e:11:86:50:87:86:77:09:c3:3d:a1:44:
         c4:a5:a5:21:8b:46:f6:e3:bc:81:e3:7e:cc:e2:df:96:15:f4:
         79:f0:f7:af:48:b5:59:83:c7:ab:4f:6f:5d:c8:f9:65:3f:f0:
         f6:d6:19:26:cd:51:e7:b8:7d:f8:ae:78:5d:91:19:ad:39:04:
         f0:01:bf:51:e2:c0:3c:e5:1d:41:5e:cd:f3:3d:d4:c1:4b:97:
         e0:1c:3d:f2:04:eb:c7:c0:4b:00:bc:51:8f:29:a2:99:42:93:
         f4:46:bc:42:e4:44:dc:12:30:63:48:c8:23:70:5f:00:c3:69:
         e8:07:7e:03:ed:8f:6a:ac:65:35:b1:43:09:05:4b:72:94:9c:
         41:5a:17:77:c0:fe:87:6f:b6:ad:b1:e1:ff:db:1b:91:7d:7b:
         8e:2a:9b:e7:26:d0:fe:1d:1d:81:4c:4e:07:48:68:6a:d2:f2:
         b6:8f:65:68:56:65:f5:8c:51:3a:f3:38:7d:03:6f:b1:06:ab:
         16:49:50:dc:d8:2d:0a:7b:a3:7f:80:d1:00:ed:47:4f:5f:50:
         e5:b5:d2:d5:67:41:c6:a1:84:66:6b:83:d9:aa:a8:02:9c:50:
         a7:ee:59:8c:eb:0e:31:8e:fe:a3:ac:67:73:2e:44:4d:e3:48:
         e0:8c:98:cd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZB7t8RMZOuONxmHg+QAvg0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNzA0MDMwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGZiYTUyNmEyYmI5OWJkZDllMDU0OTFiNjM4YThhOGM1YWQ5MjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f9hv09kqq5+PgkFwrVNqc0yxAIS
mAaJus6945YuhAn/LT9R2c2Y65fCQiKxFbx1vUbsKzHjtMm1OfI9e11dtxFFBZna
D0Vj//kDgKOVwDL8fwyQOYKCjzN3t7vvyREekZlbiZjtGPvLEU09/9YTaSpZH0qs
D4oIsdmbtGBcgaUngh3wPqDhx+af5mIiqVW/dAIewp0fOztkfcWWe3/64kaoQRU9
RDT7vmy7zowIBnpsgalG+5wC7b900iCMo+aCSl7Hn+qB5aEnAthePPdO4BdRxzuy
BwaClXd+BjwIgNtj53s6rjv09kUVjoJMjgns4QYURboJQ59phQMH9j+rgwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFND7pSaiu5m92eBUkbY4qKjFrZJXMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvMFB1bEpxSzdtYjNaNEZTUnRqaW9xTVd0a2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAZN38AD
BAFN38gDBAFPi0ADBANTjsgDBABeZWcDBAKw3jADBAOy2LgDBATGDhADBALGkXAD
BALNhvQwDQYJKoZIhvcNAQELBQADggEBAGcr1bswUx4RhlCHhncJwz2hRMSlpSGL
RvbjvIHjfszi35YV9Hnw969ItVmDx6tPb13I+WU/8PbWGSbNUee4ffiueF2RGa05
BPABv1HiwDzlHUFezfM91MFLl+AcPfIE68fASwC8UY8poplCk/RGvELkRNwSMGNI
yCNwXwDDaegHfgPtj2qsZTWxQwkFS3KUnEFaF3fA/odvtq2x4f/bG5F9e44qm+cm
0P4dHYFMTgdIaGrS8raPZWhWZfWMUTrzOH0Db7EGqxZJUNzYLQp7o3+A0QDtR09f
UOW10tVnQcahhGZrg9mqqAKcUKfuWYzrDjGO/qOsZ3MuRE3jSOCMmM0=
-----END CERTIFICATE-----