Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/rTsDg3O2HPeCMPHJ9_cx7CAPjVs.roa
File:                     rTsDg3O2HPeCMPHJ9_cx7CAPjVs.roa (raw, json)
Hash identifier:          XHi5hKsxIg35tKYY0xul7Yb3H0utUvkzYnAlw92UYGU=
Subject key identifier:   AD:3B:03:83:73:B6:1C:F7:82:30:F1:C9:F7:F7:31:EC:20:0F:8D:5B
Certificate issuer:       /CN=785b490d766f4b1c211d7dadd6efa770f6eb9e25
Certificate serial:       0193AD0269117B04E634CB522D5D493DC7CD
Authority key identifier: 78:5B:49:0D:76:6F:4B:1C:21:1D:7D:AD:D6:EF:A7:70:F6:EB:9E:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eFtJDXZvSxwhHX2t1u-ncPbrniU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/rTsDg3O2HPeCMPHJ9_cx7CAPjVs.roa
Signing time:             Mon 09 Dec 2024 20:00:36 +0000
ROA not before:           Mon 09 Dec 2024 20:00:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41275
IP address blocks:        5.35.112.0/22 maxlen: 22
                          5.35.113.0/24 maxlen: 24
                          62.217.184.0/21 maxlen: 21
                          85.198.104.0/23 maxlen: 23
                          89.169.48.0/22 maxlen: 22
                          89.207.216.0/21 maxlen: 21
                          89.207.221.0/24 maxlen: 24
                          95.131.144.0/21 maxlen: 21
                          185.136.76.0/22 maxlen: 22
                          185.155.17.0/24 maxlen: 24
                          185.155.18.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Tue 10 Dec 2024 09:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ad:02:69:11:7b:04:e6:34:cb:52:2d:5d:49:3d:c7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785b490d766f4b1c211d7dadd6efa770f6eb9e25
        Validity
            Not Before: Dec  9 20:00:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3b038373b61cf78230f1c9f7f731ec200f8d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:2d:be:0d:ed:08:3c:ba:a3:3f:4a:15:df:
                    97:cb:86:de:aa:a0:0f:e1:b1:0c:17:19:8f:e7:43:
                    39:b2:9f:d4:c0:b2:61:e0:53:e1:a6:2e:4e:47:f4:
                    0c:07:ab:19:06:84:6a:2f:2a:49:7c:87:df:32:50:
                    b0:71:f8:51:99:92:0c:53:cd:57:1f:d2:10:fb:76:
                    41:30:28:07:a8:16:54:72:3b:f7:10:30:d1:41:50:
                    75:a9:31:4f:54:cd:5a:f6:bc:b3:39:24:1d:5e:6b:
                    f2:42:5b:31:a5:f2:12:7d:56:87:7e:2f:65:7b:99:
                    4c:7d:12:68:c3:68:15:f7:d2:b9:84:19:9f:89:28:
                    7a:13:06:27:aa:d8:d2:f9:fe:0b:60:6a:eb:39:18:
                    4b:5e:06:b8:46:74:fd:27:55:57:81:35:52:74:70:
                    1a:02:2c:09:9b:6e:0e:08:06:1a:bd:55:15:c0:a3:
                    49:bb:30:95:de:1d:9d:90:70:6e:b0:8c:ba:38:48:
                    2c:a6:51:ff:d6:b8:49:56:8f:70:b4:7f:e6:3e:3d:
                    e6:73:88:44:0c:cf:7d:84:03:f0:42:90:ea:3f:c7:
                    cd:0d:1a:ce:b4:a7:d8:23:1e:47:37:20:50:63:fa:
                    42:85:29:33:6f:14:f7:c7:c2:7c:e6:a1:eb:76:5c:
                    84:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3B:03:83:73:B6:1C:F7:82:30:F1:C9:F7:F7:31:EC:20:0F:8D:5B
            X509v3 Authority Key Identifier:
                keyid:78:5B:49:0D:76:6F:4B:1C:21:1D:7D:AD:D6:EF:A7:70:F6:EB:9E:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eFtJDXZvSxwhHX2t1u-ncPbrniU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/rTsDg3O2HPeCMPHJ9_cx7CAPjVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/eFtJDXZvSxwhHX2t1u-ncPbrniU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.112.0/22
                  62.217.184.0/21
                  85.198.104.0/23
                  89.169.48.0/22
                  89.207.216.0/21
                  95.131.144.0/21
                  185.136.76.0/22
                  185.155.17.0-185.155.19.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:25:5d:73:31:48:9f:b3:82:94:1e:e6:21:ff:88:1e:06:e9:
         07:d9:7d:ce:7d:a1:90:5d:9f:30:bb:0e:1d:42:eb:ac:67:be:
         d5:26:10:c2:52:21:af:54:3d:f4:2e:8f:d9:49:7f:e5:cf:24:
         ff:ee:ae:15:0f:61:95:4e:2b:f8:b9:5f:c5:0a:94:bf:ac:b7:
         f1:1b:59:bb:99:45:be:5a:78:e9:5f:23:2b:12:40:b8:8c:a8:
         ba:f9:a4:88:0c:07:c9:56:1e:c9:b1:54:40:f3:e3:70:f5:7c:
         e0:55:26:f6:8c:09:0f:d9:14:db:b3:9d:e9:e0:30:9d:ee:13:
         3b:6c:02:0c:06:cf:c9:ce:84:1b:04:54:97:8f:32:36:d9:54:
         84:76:19:ea:6a:50:f5:2d:47:ac:af:20:93:a6:63:c4:ef:aa:
         02:92:c1:92:26:a2:53:b3:fd:c9:15:cf:61:1a:84:70:f9:4b:
         92:42:9e:a7:d4:29:09:bc:b6:c7:ed:6c:e7:13:80:ed:53:5c:
         15:7a:6e:92:79:ea:88:23:fd:18:d8:b2:f2:90:8a:8a:3a:8c:
         95:03:cd:3a:60:a4:28:51:b4:92:8e:9a:84:0d:82:58:f1:33:
         ce:eb:28:26:05:ae:b4:19:de:5b:de:b9:3f:ce:8e:91:7f:cd:
         53:b1:09:fb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZOtAmkRewTmNMtSLV1JPcfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NWI0OTBkNzY2ZjRiMWMyMTFkN2RhZGQ2ZWZhNzcwZjZl
YjllMjUwHhcNMjQxMjA5MjAwMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNiMDM4MzczYjYxY2Y3ODIzMGYxYzlmN2Y3MzFlYzIwMGY4ZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFMtvg3tCDy6oz9KFd+Xy4beqqAP
4bEMFxmP50M5sp/UwLJh4FPhpi5OR/QMB6sZBoRqLypJfIffMlCwcfhRmZIMU81X
H9IQ+3ZBMCgHqBZUcjv3EDDRQVB1qTFPVM1a9ryzOSQdXmvyQlsxpfISfVaHfi9l
e5lMfRJow2gV99K5hBmfiSh6EwYnqtjS+f4LYGrrORhLXga4RnT9J1VXgTVSdHAa
AiwJm24OCAYavVUVwKNJuzCV3h2dkHBusIy6OEgsplH/1rhJVo9wtH/mPj3mc4hE
DM99hAPwQpDqP8fNDRrOtKfYIx5HNyBQY/pChSkzbxT3x8J85qHrdlyEEwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFK07A4Nzthz3gjDxyff3MewgD41bMB8GA1UdIwQY
MBaAFHhbSQ12b0scIR19rdbvp3D2654lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUZ0SkRYWnZTeHdoSFgydDF1LW5jUGJybmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81ZjM0M2QtOWI0Mi00NGI0LTkwNjct
N2NhZTA0MGU0OWU4LzEvclRzRGczTzJIUGVDTVBISjlfY3g3Q0FQalZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81ZjM0M2QtOWI0Mi00NGI0LTkwNjctN2NhZTA0MGU0OWU4
LzEvZUZ0SkRYWnZTeHdoSFgydDF1LW5jUGJybmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCBSNwAwQD
Ptm4AwQBVcZoAwQCWakwAwQDWc/YAwQDX4OQAwQCuYhMMAwDBAC5mxEDBAK5mxAw
DQYJKoZIhvcNAQELBQADggEBAG0lXXMxSJ+zgpQe5iH/iB4G6QfZfc59oZBdnzC7
Dh1C66xnvtUmEMJSIa9UPfQuj9lJf+XPJP/urhUPYZVOK/i5X8UKlL+st/EbWbuZ
Rb5aeOlfIysSQLiMqLr5pIgMB8lWHsmxVEDz43D1fOBVJvaMCQ/ZFNuznengMJ3u
EztsAgwGz8nOhBsEVJePMjbZVIR2GepqUPUtR6yvIJOmY8TvqgKSwZImolOz/ckV
z2EahHD5S5JCnqfUKQm8tsftbOcTgO1TXBV6bpJ56ogj/RjYsvKQioo6jJUDzTpg
pChRtJKOmoQNgljxM87rKCYFrrQZ3lveuT/OjpF/zVOxCfs=
-----END CERTIFICATE-----