Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/M1AMIJu00iuJIXVYgfRrHBPXhnE.roa
File:                     M1AMIJu00iuJIXVYgfRrHBPXhnE.roa (raw, json)
Hash identifier:          MuM/ycdbHj6DEWEAokl5m3nx8iTFDxMzBh822Adf30M=
Subject key identifier:   33:50:0C:20:9B:B4:D2:2B:89:21:75:58:81:F4:6B:1C:13:D7:86:71
Certificate issuer:       /CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
Certificate serial:       018CC50012B6E431668EC907ADDB8C7DE32F
Authority key identifier: 57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/M1AMIJu00iuJIXVYgfRrHBPXhnE.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43775
IP address blocks:        91.147.152.0/24 maxlen: 24
                          91.147.157.0/24 maxlen: 24
                          91.147.156.0/24 maxlen: 24
                          91.147.154.0/24 maxlen: 24
                          91.147.153.0/24 maxlen: 24
                          91.147.159.0/24 maxlen: 24
                          91.147.158.0/24 maxlen: 24
                          91.147.164.0/24 maxlen: 24
                          91.147.163.0/24 maxlen: 24
                          91.147.162.0/24 maxlen: 24
                          91.147.161.0/24 maxlen: 24
                          91.147.160.0/24 maxlen: 24
                          91.147.160.0/20 maxlen: 20
                          91.147.171.0/24 maxlen: 24
                          91.147.170.0/24 maxlen: 24
                          91.147.175.0/24 maxlen: 24
                          91.147.173.0/24 maxlen: 24
                          91.147.129.0/24 maxlen: 24
                          91.147.128.0/19 maxlen: 19
                          91.147.128.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 29 Feb 2024 13:10:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:12:b6:e4:31:66:8e:c9:07:ad:db:8c:7d:e3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=577c0cd5a4cfd83d491d627d8b0fccb670e81534
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33500c209bb4d22b8921755881f46b1c13d78671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:54:41:a0:79:69:d0:ee:69:80:39:7d:75:21:
                    9c:47:5b:58:0c:37:c3:51:e5:f6:f2:31:41:16:3a:
                    8f:fd:89:58:1f:ac:2c:f1:29:b4:9f:71:6b:75:d8:
                    76:9f:eb:c3:9f:85:18:07:ff:a1:cb:9f:cb:09:46:
                    5e:39:c6:1f:0a:72:f1:8f:8d:61:53:61:aa:ce:4b:
                    de:86:6e:f0:0e:cb:e2:a1:fb:30:f2:5a:ea:50:8b:
                    9e:4c:6f:71:7a:bb:35:73:62:b2:e9:a3:de:49:ca:
                    4a:0e:09:32:ec:94:33:09:d5:a5:e9:fb:6e:ce:e9:
                    a0:9d:9f:6b:10:69:eb:c4:6f:62:15:83:0a:84:cd:
                    a7:00:89:21:17:d9:99:9d:f2:39:90:8d:32:16:32:
                    3b:81:ac:09:5e:cc:25:98:ef:76:70:a5:86:08:88:
                    49:e7:15:7b:c4:62:48:a2:a4:1b:7c:d8:c0:ad:8b:
                    55:99:4b:28:37:e1:62:6e:da:a6:0e:72:ac:a9:75:
                    4d:e1:90:aa:86:40:70:da:b1:a5:8b:53:be:e6:35:
                    8e:6d:af:51:77:bd:0e:09:25:c2:28:03:40:b7:5e:
                    f7:73:50:ea:0f:9b:44:75:24:13:c0:7c:df:4a:18:
                    a3:49:74:af:4d:db:76:12:d2:00:a2:09:b1:59:2b:
                    4c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:50:0C:20:9B:B4:D2:2B:89:21:75:58:81:F4:6B:1C:13:D7:86:71
            X509v3 Authority Key Identifier:
                keyid:57:7C:0C:D5:A4:CF:D8:3D:49:1D:62:7D:8B:0F:CC:B6:70:E8:15:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/M1AMIJu00iuJIXVYgfRrHBPXhnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/011b5d-652e-452a-96c9-d8ec2cbcad26/1/V3wM1aTP2D1JHWJ9iw_MtnDoFTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.128.0-91.147.175.255

    Signature Algorithm: sha256WithRSAEncryption
         27:7e:34:54:d2:7f:c5:b0:f7:7b:70:40:37:6d:73:bf:2a:9d:
         fa:2d:2e:ac:6b:76:dd:c3:cb:85:53:27:93:51:59:23:d7:70:
         66:cf:fb:78:21:17:e2:b4:47:6c:eb:62:ab:d7:37:a7:40:a1:
         8e:4e:35:1b:7e:60:7a:70:62:10:b2:04:d9:c6:33:7a:7f:aa:
         8c:99:47:c2:db:bb:c7:d2:8a:3d:43:ec:75:7f:b2:bd:e2:00:
         75:b5:2c:c5:07:25:64:cb:14:4c:2d:cb:e1:c9:55:cd:7f:ae:
         75:3a:6c:9d:4e:0d:f6:8f:d7:7c:16:f1:82:95:62:5c:ef:53:
         5d:c1:4d:12:ef:63:37:1d:bc:eb:41:ce:a6:2b:73:de:c3:39:
         6f:35:ab:72:a2:8a:0e:38:3a:22:9c:e8:e8:ef:f8:b8:e6:74:
         28:09:4f:d5:7c:f5:11:c4:17:46:4a:0a:fe:83:00:ce:c6:fe:
         ee:41:95:a5:87:1a:0b:2e:be:87:ea:cc:49:14:f6:03:b0:22:
         df:ba:06:69:84:74:7a:6d:84:e6:8f:05:cd:46:bf:6a:3a:a3:
         2b:a7:b9:af:56:3d:ce:e4:d0:36:72:91:7b:27:74:81:80:ac:
         97:36:26:df:79:b7:10:7d:d2:73:bd:f9:2d:c0:37:cc:5e:f3:
         fc:d3:d6:96
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFABK25DFmjskHrduMfeMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3N2MwY2Q1YTRjZmQ4M2Q0OTFkNjI3ZDhiMGZjY2I2NzBl
ODE1MzQwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzUwMGMyMDliYjRkMjJiODkyMTc1NTg4MWY0NmIxYzEzZDc4NjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VRBoHlp0O5pgDl9dSGcR1tYDDfD
UeX28jFBFjqP/YlYH6ws8Sm0n3Frddh2n+vDn4UYB/+hy5/LCUZeOcYfCnLxj41h
U2Gqzkvehm7wDsviofsw8lrqUIueTG9xers1c2Ky6aPeScpKDgky7JQzCdWl6ftu
zumgnZ9rEGnrxG9iFYMKhM2nAIkhF9mZnfI5kI0yFjI7gawJXswlmO92cKWGCIhJ
5xV7xGJIoqQbfNjArYtVmUsoN+FibtqmDnKsqXVN4ZCqhkBw2rGli1O+5jWOba9R
d70OCSXCKANAt173c1DqD5tEdSQTwHzfShijSXSvTdt2EtIAogmxWStMLwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDNQDCCbtNIriSF1WIH0axwT14ZxMB8GA1UdIwQY
MBaAFFd8DNWkz9g9SR1ifYsPzLZw6BU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2Yzkt
ZDhlYzJjYmNhZDI2LzEvTTFBTUlKdTAwaXVKSVhWWWdmUnJIQlBYaG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMTFiNWQtNjUyZS00NTJhLTk2YzktZDhlYzJjYmNhZDI2
LzEvVjN3TTFhVFAyRDFKSFdKOWl3X010bkRvRlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdbk4AD
BARbk6AwDQYJKoZIhvcNAQELBQADggEBACd+NFTSf8Ww93twQDdtc78qnfotLqxr
dt3Dy4VTJ5NRWSPXcGbP+3ghF+K0R2zrYqvXN6dAoY5ONRt+YHpwYhCyBNnGM3p/
qoyZR8Lbu8fSij1D7HV/sr3iAHW1LMUHJWTLFEwty+HJVc1/rnU6bJ1ODfaP13wW
8YKVYlzvU13BTRLvYzcdvOtBzqYrc97DOW81q3Kiig44OiKc6Ojv+LjmdCgJT9V8
9RHEF0ZKCv6DAM7G/u5BlaWHGgsuvofqzEkU9gOwIt+6BmmEdHpthOaPBc1Gv2o6
oyunua9WPc7k0DZykXsndIGArJc2Jt95txB90nO9+S3AN8xe8/zT1pY=
-----END CERTIFICATE-----