Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_iyavPDiHR4AB7CK8xxYi8uZUYY.roa
File:                     _iyavPDiHR4AB7CK8xxYi8uZUYY.roa (raw, json)
Hash identifier:          r0Nb4IuToM+jkYFKnm8OaTqufRuoNzQgrO/2lFvE7Ks=
Subject key identifier:   FE:2C:9A:BC:F0:E2:1D:1E:00:07:B0:8A:F3:1C:58:8B:CB:99:51:86
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A737F182609622B7961958518EAA8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_iyavPDiHR4AB7CK8xxYi8uZUYY.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41745
IP address blocks:        195.133.75.0/24 maxlen: 24
                          194.87.219.0/24 maxlen: 24
                          193.124.33.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          195.58.50.0/24 maxlen: 24
                          194.87.62.0/24 maxlen: 24
                          194.87.191.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 08:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:73:7f:18:26:09:62:2b:79:61:95:85:18:ea:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe2c9abcf0e21d1e0007b08af31c588bcb995186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:29:bb:da:55:21:8d:19:7a:13:e0:39:fc:9f:
                    dd:59:d6:7e:39:0d:6b:7d:3f:ae:94:00:23:50:a5:
                    bc:16:ee:06:64:22:f9:ae:b0:fe:de:9b:18:df:d0:
                    13:04:fd:b7:99:52:6a:45:fa:34:ea:ee:e8:7e:6d:
                    96:aa:2f:1c:77:d7:67:6b:ac:ea:b8:0d:91:56:0f:
                    86:f0:9e:33:ec:3e:d0:b6:6a:1f:a2:89:82:3f:24:
                    6e:55:0a:61:e4:b9:a0:cc:8c:eb:1a:fe:8b:f4:8b:
                    18:16:04:65:88:54:c5:ae:75:51:33:51:78:6f:28:
                    f6:2f:be:65:1a:fe:d9:42:53:44:6c:8b:24:da:98:
                    e2:3f:82:81:60:03:77:15:5d:ba:25:ea:b9:93:a7:
                    41:70:4f:e4:62:40:20:e5:5d:f6:93:99:cf:ef:16:
                    a4:f2:30:33:84:2e:86:84:de:19:57:5d:80:da:e5:
                    8b:c8:52:a4:d9:7c:fa:20:4e:63:08:ef:be:29:a1:
                    30:c1:8f:69:ee:80:54:2d:ad:93:9d:e3:42:64:97:
                    08:af:9c:f1:20:e2:89:6d:50:04:df:b5:5f:36:f5:
                    31:93:11:22:44:9f:b4:b3:d3:f8:cb:bc:58:f5:20:
                    39:0b:3b:5f:d9:38:e7:b4:fd:2c:c6:ac:0b:3d:10:
                    97:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:2C:9A:BC:F0:E2:1D:1E:00:07:B0:8A:F3:1C:58:8B:CB:99:51:86
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_iyavPDiHR4AB7CK8xxYi8uZUYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.33.0/24
                  194.87.35.0/24
                  194.87.62.0/24
                  194.87.82.0/24
                  194.87.191.0/24
                  194.87.219.0/24
                  194.87.252.0/24
                  195.58.50.0/24
                  195.133.75.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:be:2a:44:c3:a7:ed:05:b4:1f:9d:25:42:11:97:9d:da:4e:
         c7:53:b1:99:d2:d0:79:2b:9a:62:a3:bd:d6:3d:d2:de:35:d8:
         fd:9e:d9:a9:7a:8d:b6:54:36:eb:18:87:8d:00:72:b3:bc:33:
         2d:a5:87:f6:e3:07:fc:f3:7a:6e:d2:3d:c1:59:ae:86:22:a3:
         0c:69:4e:6e:e4:6e:bb:43:33:89:de:c9:8d:ac:47:67:ff:96:
         4b:10:66:60:e6:90:73:b5:dd:e1:1c:3c:c1:bd:ff:f8:b2:0b:
         b7:3e:bf:70:48:9c:d3:7f:38:33:ac:3d:03:50:01:b2:0f:6c:
         3d:c4:84:55:7e:bb:66:11:2e:51:97:b1:5d:72:4c:0b:f1:4c:
         09:e0:d8:16:bf:b1:68:4e:75:20:94:7b:10:4b:22:79:8d:af:
         d9:62:02:b7:64:54:32:44:35:1c:b3:29:9e:29:eb:b5:97:ce:
         40:72:87:d3:88:c5:43:8b:03:64:99:13:f6:dc:1e:23:18:ac:
         0f:3d:56:7a:a0:64:47:a1:e8:ba:b3:87:3f:78:0c:67:53:ca:
         c8:cc:d2:28:76:5f:26:29:00:1f:80:d6:e7:6c:85:72:65:db:
         3e:7d:01:ec:c6:95:cd:8c:8b:4f:92:e7:c2:f1:99:7a:f7:82:
         a4:20:22:cc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzKKnN/GCYJYit5YZWFGOqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTJjOWFiY2YwZTIxZDFlMDAwN2IwOGFmMzFjNTg4YmNiOTk1MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCm72lUhjRl6E+A5/J/dWdZ+OQ1r
fT+ulAAjUKW8Fu4GZCL5rrD+3psY39ATBP23mVJqRfo06u7ofm2Wqi8cd9dna6zq
uA2RVg+G8J4z7D7QtmofoomCPyRuVQph5LmgzIzrGv6L9IsYFgRliFTFrnVRM1F4
byj2L75lGv7ZQlNEbIsk2pjiP4KBYAN3FV26Jeq5k6dBcE/kYkAg5V32k5nP7xak
8jAzhC6GhN4ZV12A2uWLyFKk2Xz6IE5jCO++KaEwwY9p7oBULa2TneNCZJcIr5zx
IOKJbVAE37VfNvUxkxEiRJ+0s9P4y7xY9SA5Cztf2TjntP0sxqwLPRCXNwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFP4smrzw4h0eAAewivMcWIvLmVGGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvX2l5YXZQRGlIUjRBQjdDSzh4eFlpOHVaVVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwhAwQA
wlcjAwQAwlc+AwQAwldSAwQAwle/AwQAwlfbAwQAwlf8AwQAwzoyAwQAw4VLAwQA
1MAJMA0GCSqGSIb3DQEBCwUAA4IBAQCVvipEw6ftBbQfnSVCEZed2k7HU7GZ0tB5
K5pio73WPdLeNdj9ntmpeo22VDbrGIeNAHKzvDMtpYf24wf883pu0j3BWa6GIqMM
aU5u5G67QzOJ3smNrEdn/5ZLEGZg5pBztd3hHDzBvf/4sgu3Pr9wSJzTfzgzrD0D
UAGyD2w9xIRVfrtmES5Rl7FdckwL8UwJ4NgWv7FoTnUglHsQSyJ5ja/ZYgK3ZFQy
RDUcsymeKeu1l85AcofTiMVDiwNkmRP23B4jGKwPPVZ6oGRHoei6s4c/eAxnU8rI
zNIodl8mKQAfgNbnbIVyZds+fQHsxpXNjItPkufC8Zl694KkICLM
-----END CERTIFICATE-----