Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/7e8z_Oz-xtu7xLssyPfiPTFXT1g.roa
File:                     7e8z_Oz-xtu7xLssyPfiPTFXT1g.roa (raw, json)
Hash identifier:          BtL/DAPLYM+qOJbaqYL6pq6gYPWQqUkOoGjAmdL22uM=
Subject key identifier:   ED:EF:33:FC:EC:FE:C6:DB:BB:C4:BB:2C:C8:F7:E2:3D:31:57:4F:58
Certificate issuer:       /CN=1e234242957bb1be129681721f9c2cd08df07baa
Certificate serial:       0194282684D370C17DCD4D01DA3937224B7A
Authority key identifier: 1E:23:42:42:95:7B:B1:BE:12:96:81:72:1F:9C:2C:D0:8D:F0:7B:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HiNCQpV7sb4SloFyH5ws0I3we6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/7e8z_Oz-xtu7xLssyPfiPTFXT1g.roa
Signing time:             Thu 02 Jan 2025 17:53:20 +0000
ROA not before:           Thu 02 Jan 2025 17:53:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199484
IP address blocks:        185.40.72.0/22 maxlen: 24
                          195.142.152.0/22 maxlen: 24
                          195.142.154.0/24 maxlen: 24
                          195.142.184.0/22 maxlen: 22
                          195.142.184.0/24 maxlen: 24
                          195.142.185.0/24 maxlen: 24
                          195.142.186.0/24 maxlen: 24
                          195.142.187.0/24 maxlen: 24
                          195.142.192.0/22 maxlen: 24
                          195.142.194.0/24 maxlen: 24
                          195.155.96.0/24 maxlen: 24
                          195.155.97.0/24 maxlen: 24
                          195.155.98.0/24 maxlen: 24
                          195.155.99.0/24 maxlen: 24
                          2a01:4c20::/29 maxlen: 48
Validation:               Failed, certificate revoked on Wed 22 Jan 2025 11:05:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:84:d3:70:c1:7d:cd:4d:01:da:39:37:22:4b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e234242957bb1be129681721f9c2cd08df07baa
        Validity
            Not Before: Jan  2 17:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edef33fcecfec6dbbbc4bb2cc8f7e23d31574f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a9:e7:34:52:8a:a1:71:8b:f4:3a:1e:12:28:
                    7b:3b:dc:0c:c2:ab:47:01:71:7f:a9:43:f0:53:18:
                    28:e7:61:48:66:04:77:d5:87:13:2f:2a:97:cb:16:
                    d6:a7:1f:36:a1:40:1d:c3:19:dc:39:77:b2:30:c9:
                    42:d1:b5:16:8a:2e:b2:9f:24:16:42:0f:35:8a:4c:
                    26:ab:16:21:1f:f6:5b:e5:62:8e:a9:f7:5f:d0:89:
                    10:62:27:cc:15:4f:59:85:17:3c:53:44:15:ca:66:
                    a4:fb:27:42:63:a7:f7:34:95:3f:ef:e4:84:69:d6:
                    30:e6:51:d4:3f:42:74:ff:e1:6f:ae:d7:da:42:44:
                    73:d9:6d:8e:9b:87:23:a0:4c:87:b5:0a:c8:c8:f3:
                    55:a6:f5:3f:85:b3:53:e3:9c:eb:fa:ea:8c:a2:7b:
                    17:43:ba:87:71:57:46:58:2f:c9:c9:40:93:b4:a4:
                    1f:db:02:ae:a0:48:55:34:4c:ef:27:03:8a:ef:03:
                    8a:be:a8:23:b6:79:75:c5:92:f2:ab:6d:42:ac:fd:
                    65:4a:3d:13:90:5e:7b:26:26:aa:f3:e6:44:9d:2f:
                    dd:9e:18:bd:4f:b0:0c:44:c4:e3:84:cd:3a:0d:2a:
                    d3:7a:53:b6:c4:b0:88:df:d2:6a:55:61:b7:d0:82:
                    7e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:EF:33:FC:EC:FE:C6:DB:BB:C4:BB:2C:C8:F7:E2:3D:31:57:4F:58
            X509v3 Authority Key Identifier:
                keyid:1E:23:42:42:95:7B:B1:BE:12:96:81:72:1F:9C:2C:D0:8D:F0:7B:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HiNCQpV7sb4SloFyH5ws0I3we6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/7e8z_Oz-xtu7xLssyPfiPTFXT1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b3ae33-6d62-4093-92ec-5638526ff641/1/HiNCQpV7sb4SloFyH5ws0I3we6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.72.0/22
                  195.142.152.0/22
                  195.142.184.0/22
                  195.142.192.0/22
                  195.155.96.0/22
                IPv6:
                  2a01:4c20::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:db:8f:0d:d2:b3:c2:11:04:0a:f0:4e:15:1c:a4:58:4f:60:
         8b:b5:01:16:83:66:57:ce:36:e2:68:a6:b7:7c:c0:7a:cd:34:
         b4:cd:fe:92:01:ba:a2:db:cf:7e:e2:69:b7:4f:aa:78:b1:e0:
         a6:7a:d7:85:f8:eb:8a:fe:b2:4c:5a:ff:7f:3a:20:57:60:5f:
         d6:31:b0:d1:f5:8d:86:b5:c7:91:0c:94:27:5f:76:93:51:1e:
         8d:c3:fc:93:10:4e:f1:c5:b2:5e:be:12:7d:0f:b3:a0:3b:83:
         89:f8:fd:3d:43:98:cf:5b:61:9d:73:3e:dc:69:99:2f:1c:1e:
         20:c9:84:77:37:08:e6:9c:44:88:51:67:1f:57:69:74:b6:c4:
         ed:f3:47:8d:96:0e:90:1a:dd:8f:a9:1c:e2:24:cd:d2:85:b5:
         de:10:70:4b:cf:46:ee:c4:f7:42:cf:a3:c2:e8:98:cf:71:d4:
         30:c1:82:ec:6c:17:97:28:f4:e8:01:26:0e:51:62:7e:5e:fc:
         91:9b:70:e3:b7:b1:93:10:65:fc:3f:74:af:a9:80:75:2a:af:
         a0:9f:6f:28:05:94:9d:62:84:19:c3:94:06:d5:22:d6:00:2f:
         6a:95:aa:d4:28:5c:25:62:25:64:73:9a:a8:23:00:03:ba:46:
         6f:35:d7:29
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQoJoTTcMF9zU0B2jk3Ikt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMjM0MjQyOTU3YmIxYmUxMjk2ODE3MjFmOWMyY2QwOGRm
MDdiYWEwHhcNMjUwMTAyMTc1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGVmMzNmY2VjZmVjNmRiYmJjNGJiMmNjOGY3ZTIzZDMxNTc0ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKnnNFKKoXGL9DoeEih7O9wMwqtH
AXF/qUPwUxgo52FIZgR31YcTLyqXyxbWpx82oUAdwxncOXeyMMlC0bUWii6ynyQW
Qg81ikwmqxYhH/Zb5WKOqfdf0IkQYifMFU9ZhRc8U0QVymak+ydCY6f3NJU/7+SE
adYw5lHUP0J0/+FvrtfaQkRz2W2Om4cjoEyHtQrIyPNVpvU/hbNT45zr+uqMonsX
Q7qHcVdGWC/JyUCTtKQf2wKuoEhVNEzvJwOK7wOKvqgjtnl1xZLyq21CrP1lSj0T
kF57Jiaq8+ZEnS/dnhi9T7AMRMTjhM06DSrTelO2xLCI39JqVWG30IJ+dQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFO3vM/zs/sbbu8S7LMj34j0xV09YMB8GA1UdIwQY
MBaAFB4jQkKVe7G+EpaBch+cLNCN8HuqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGlOQ1FwVjdzYjRTbG9GeUg1d3MwSTN3ZTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iM2FlMzMtNmQ2Mi00MDkzLTkyZWMt
NTYzODUyNmZmNjQxLzEvN2U4el9Pei14dHU3eExzc3lQZmlQVEZYVDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iM2FlMzMtNmQ2Mi00MDkzLTkyZWMtNTYzODUyNmZmNjQx
LzEvSGlOQ1FwVjdzYjRTbG9GeUg1d3MwSTN3ZTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuShIAwQC
w46YAwQCw464AwQCw47AAwQCw5tgMA0EAgACMAcDBQMqAUwgMA0GCSqGSIb3DQEB
CwUAA4IBAQCA248N0rPCEQQK8E4VHKRYT2CLtQEWg2ZXzjbiaKa3fMB6zTS0zf6S
Abqi289+4mm3T6p4seCmeteF+OuK/rJMWv9/OiBXYF/WMbDR9Y2GtceRDJQnX3aT
UR6Nw/yTEE7xxbJevhJ9D7OgO4OJ+P09Q5jPW2Gdcz7caZkvHB4gyYR3NwjmnESI
UWcfV2l0tsTt80eNlg6QGt2PqRziJM3ShbXeEHBLz0buxPdCz6PC6JjPcdQwwYLs
bBeXKPToASYOUWJ+XvyRm3Djt7GTEGX8P3SvqYB1Kq+gn28oBZSdYoQZw5QG1SLW
AC9qlarUKFwlYiVkc5qoIwADukZvNdcp
-----END CERTIFICATE-----