Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/SO5bQWXpQJyoixkQ6ynuL6R5hHs.roa
File:                     SO5bQWXpQJyoixkQ6ynuL6R5hHs.roa (raw, json)
Hash identifier:          Xk0t2/+YiWm38mjVq5OdDE0R1r9GtyK4TvG/aiHIu54=
Subject key identifier:   48:EE:5B:41:65:E9:40:9C:A8:8B:19:10:EB:29:EE:2F:A4:79:84:7B
Certificate issuer:       /CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
Certificate serial:       01922973CFF399A21BDB277816BBC841ABF4
Authority key identifier: 5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/SO5bQWXpQJyoixkQ6ynuL6R5hHs.roa
Signing time:             Wed 25 Sep 2024 13:51:48 +0000
ROA not before:           Wed 25 Sep 2024 13:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        78.138.4.0/22 maxlen: 24
                          78.138.36.0/22 maxlen: 24
                          83.229.52.0/22 maxlen: 24
                          83.229.100.0/23 maxlen: 24
                          83.229.102.0/24 maxlen: 24
                          185.10.6.0/24 maxlen: 24
                          185.115.108.0/22 maxlen: 24
                          213.255.212.0/22 maxlen: 24
                          213.255.220.0/22 maxlen: 24
                          213.255.232.0/21 maxlen: 24
                          213.255.252.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 17:48:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:73:cf:f3:99:a2:1b:db:27:78:16:bb:c8:41:ab:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
        Validity
            Not Before: Sep 25 13:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48ee5b4165e9409ca88b1910eb29ee2fa479847b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:eb:3b:d2:a3:f2:4a:e9:d9:27:1f:f8:0a:68:
                    60:47:8e:6b:24:f8:4c:4a:ca:4c:25:0d:28:84:86:
                    29:0c:d4:72:a1:10:ab:91:9b:fb:76:d8:dc:8d:df:
                    f3:09:46:67:08:b2:cc:00:2f:c4:2e:07:61:70:f9:
                    6c:d0:68:91:96:bb:39:c1:ed:66:2f:d4:d9:f9:e0:
                    c6:e7:06:c0:0c:14:a6:c9:dc:17:cd:40:6f:4a:6c:
                    79:96:3a:3e:be:e9:61:70:4d:e8:43:91:dc:3e:5c:
                    11:84:1c:ed:de:86:21:e0:5a:61:ce:86:13:83:5f:
                    96:32:a7:5a:f5:47:dc:d7:1a:50:b9:e6:8c:1d:11:
                    da:de:c8:f4:89:4e:77:ab:77:f0:1b:7c:8b:20:1c:
                    54:46:db:35:01:7f:67:9d:ca:0c:13:9d:16:b8:73:
                    10:09:93:0f:a4:fb:54:1d:c9:e6:55:bd:a5:87:85:
                    40:ce:64:9b:46:9d:62:8b:d6:2c:b9:98:c5:b0:f9:
                    38:30:28:54:44:dc:73:2b:ec:35:7f:2e:4f:da:2c:
                    c0:e7:f2:81:66:6c:ab:a1:e0:61:24:7a:da:42:fe:
                    ce:63:d4:d3:ff:0c:6c:c8:41:f9:b0:39:3e:0b:2c:
                    15:a1:2d:7f:56:2e:c7:43:ed:39:f5:70:f7:70:50:
                    6f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:EE:5B:41:65:E9:40:9C:A8:8B:19:10:EB:29:EE:2F:A4:79:84:7B
            X509v3 Authority Key Identifier:
                keyid:5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/SO5bQWXpQJyoixkQ6ynuL6R5hHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/W1v_nUH3GfYmAMMtNBDduZ7Msww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.138.4.0/22
                  78.138.36.0/22
                  83.229.52.0/22
                  83.229.100.0-83.229.102.255
                  185.10.6.0/24
                  185.115.108.0/22
                  213.255.212.0/22
                  213.255.220.0/22
                  213.255.232.0/21
                  213.255.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:33:f1:90:98:8c:f1:b2:39:8e:da:14:aa:af:13:9d:1b:dc:
         64:5c:9a:16:36:16:29:a9:75:4c:a9:bc:ad:a5:7e:d1:58:1f:
         59:37:cc:4f:9c:3e:61:b9:e8:d7:6a:27:97:81:20:3c:a6:d9:
         08:b9:12:86:47:da:4b:67:c0:04:08:3a:60:b2:49:51:00:8a:
         60:c9:7d:ae:61:6b:7c:68:4a:22:aa:7d:35:83:45:47:0f:8d:
         bf:7c:f0:f6:ca:62:d8:ee:ce:8b:bc:4c:be:e6:af:73:55:a4:
         1a:c1:8b:ab:d4:50:98:b4:dc:54:af:5c:97:f8:5e:3a:1c:24:
         c3:2a:e8:82:fc:ea:92:1c:a6:49:0a:6d:97:d7:55:a7:43:81:
         78:dd:8d:95:ca:f2:7b:ae:2f:20:a2:35:7e:fe:c7:a2:ff:a5:
         d6:c5:79:9b:49:f3:be:3c:a5:2f:02:34:1c:74:90:2a:bf:06:
         5b:41:f7:6d:47:a7:8e:2e:57:98:97:cb:44:85:34:db:56:ff:
         72:48:e0:3f:d8:a4:df:cf:3e:40:31:97:39:31:b4:ef:ed:49:
         ad:12:30:ca:69:22:a8:99:41:58:b2:9a:21:07:d9:d1:07:10:
         75:9d:c5:0f:3a:f5:dc:88:6e:23:8d:06:3a:aa:93:90:b6:5d:
         11:01:e8:f7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZIpc8/zmaIb2yd4FrvIQav0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNWJmZjlkNDFmNzE5ZjYyNjAwYzMyZDM0MTBkZGI5OWVj
Y2IzMGMwHhcNMjQwOTI1MTM1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGVlNWI0MTY1ZTk0MDljYTg4YjE5MTBlYjI5ZWUyZmE0Nzk4NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzus70qPySunZJx/4CmhgR45rJPhM
SspMJQ0ohIYpDNRyoRCrkZv7dtjcjd/zCUZnCLLMAC/ELgdhcPls0GiRlrs5we1m
L9TZ+eDG5wbADBSmydwXzUBvSmx5ljo+vulhcE3oQ5HcPlwRhBzt3oYh4FphzoYT
g1+WMqda9Ufc1xpQueaMHRHa3sj0iU53q3fwG3yLIBxURts1AX9nncoME50WuHMQ
CZMPpPtUHcnmVb2lh4VAzmSbRp1ii9YsuZjFsPk4MChURNxzK+w1fy5P2izA5/KB
ZmyroeBhJHraQv7OY9TT/wxsyEH5sDk+CywVoS1/Vi7HQ+059XD3cFBvRwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEjuW0Fl6UCcqIsZEOsp7i+keYR7MB8GA1UdIwQY
MBaAFFtb/51B9xn2JgDDLTQQ3bmezLMMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEt
ZjBjNjI1OGI5YTA0LzEvU081YlFXWHBRSnlvaXhrUTZ5bnVMNlI1aEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEtZjBjNjI1OGI5YTA0
LzEvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCTooEAwQC
TookAwQCU+U0MAwDBAJT5WQDBABT5WYDBAC5CgYDBAK5c2wDBALV/9QDBALV/9wD
BAPV/+gDBALV//wwDQYJKoZIhvcNAQELBQADggEBADIz8ZCYjPGyOY7aFKqvE50b
3GRcmhY2FimpdUypvK2lftFYH1k3zE+cPmG56NdqJ5eBIDym2Qi5EoZH2ktnwAQI
OmCySVEAimDJfa5ha3xoSiKqfTWDRUcPjb988PbKYtjuzou8TL7mr3NVpBrBi6vU
UJi03FSvXJf4XjocJMMq6IL86pIcpkkKbZfXVadDgXjdjZXK8nuuLyCiNX7+x6L/
pdbFeZtJ8748pS8CNBx0kCq/BltB921Hp44uV5iXy0SFNNtW/3JI4D/YpN/PPkAx
lzkxtO/tSa0SMMppIqiZQViymiEH2dEHEHWdxQ869dyIbiONBjqqk5C2XREB6Pc=
-----END CERTIFICATE-----