Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HgDLoWOJPuOIeOeczrPs0jXM4Wg.roa
File:                     HgDLoWOJPuOIeOeczrPs0jXM4Wg.roa (raw, json)
Hash identifier:          LgtsP0oz0dQPQERLfEnx6v9iq22z9orGNvHq7nXjfdg=
Subject key identifier:   1E:00:CB:A1:63:89:3E:E3:88:78:E7:9C:CE:B3:EC:D2:35:CC:E1:68
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018DB0D762D6C15C021D1758D790635737C2
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HgDLoWOJPuOIeOeczrPs0jXM4Wg.roa
Signing time:             Fri 16 Feb 2024 07:35:21 +0000
ROA not before:           Fri 16 Feb 2024 07:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        45.87.245.0/24 maxlen: 24
                          185.224.212.0/24 maxlen: 24
                          2a10:9680::/29 maxlen: 29
                          2a10:9680::/32 maxlen: 32
                          2a10:9685::/32 maxlen: 32
                          2a11:e140::/29 maxlen: 29
                          2a12:6c40::/29 maxlen: 29
                          2a12:7f40::/29 maxlen: 29
                          2a12:92c0::/29 maxlen: 29
                          2a12:b3c0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sat 02 Mar 2024 21:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b0:d7:62:d6:c1:5c:02:1d:17:58:d7:90:63:57:37:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Feb 16 07:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e00cba163893ee38878e79cceb3ecd235cce168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b9:76:05:43:65:29:88:61:d0:8d:ce:a1:d9:
                    d4:e4:87:5a:b3:1d:5f:df:57:b6:2c:b0:3b:18:19:
                    02:bc:f6:31:3c:c0:c0:78:ac:99:15:0e:bb:05:d1:
                    8d:ec:7d:17:9a:3e:be:c8:e3:50:91:26:1e:87:e7:
                    55:f8:60:ec:9e:c2:01:6e:d6:13:ef:ad:8c:6c:14:
                    d4:19:a5:09:72:77:21:8a:b9:db:b5:c2:63:b1:26:
                    70:87:5b:72:63:2b:97:d7:fd:f2:c2:6b:48:b2:08:
                    e9:db:99:0c:35:51:ae:a0:56:0b:2c:a7:fb:8f:81:
                    ca:aa:06:f5:5d:b1:a2:93:22:f5:2b:ac:3c:bd:8b:
                    2f:5e:43:1b:08:a0:95:77:e4:d4:f9:bc:b2:18:26:
                    b5:cb:d9:23:f5:ca:0e:d4:94:45:dd:fd:10:12:e9:
                    85:19:44:3a:8c:ef:e8:8f:9d:c9:44:2e:2c:a0:41:
                    93:b6:35:e6:0c:58:89:6d:63:4d:3c:c6:11:3f:84:
                    da:73:72:5d:bd:92:1f:ba:20:28:01:7e:d9:65:43:
                    d0:25:28:e8:c0:54:bb:a3:a9:0f:78:d9:65:de:b9:
                    97:e7:3a:26:26:c2:41:c5:79:3f:f4:75:d6:6a:3f:
                    bc:0b:97:2f:07:4f:69:9e:b0:2e:b7:e8:e1:a9:df:
                    d1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:00:CB:A1:63:89:3E:E3:88:78:E7:9C:CE:B3:EC:D2:35:CC:E1:68
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/HgDLoWOJPuOIeOeczrPs0jXM4Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                  185.224.212.0/24
                IPv6:
                  2a10:9680::/29
                  2a11:e140::/29
                  2a12:6c40::/29
                  2a12:7f40::/29
                  2a12:92c0::/29
                  2a12:b3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:a3:7f:a5:21:7c:34:25:a8:20:94:af:d7:8a:17:21:60:60:
         5b:d1:2e:35:28:f4:19:24:fe:47:d0:d3:18:5a:48:11:bb:dc:
         39:eb:7f:ad:12:25:ea:b4:c1:cb:b0:12:d2:d9:a9:d5:67:6e:
         1b:4c:1f:02:90:c7:ed:52:2f:0b:bf:0d:96:d5:b9:07:c9:79:
         6c:21:e3:19:c8:fc:6e:52:10:ef:cf:9b:70:58:9d:fd:e1:f2:
         9c:6d:09:dd:a1:95:5f:1f:c9:4d:74:88:03:e7:c2:1f:10:69:
         a6:e8:d4:d3:d1:5a:1e:cf:56:f8:58:a7:42:fb:33:6c:b8:77:
         32:46:1c:ce:f6:69:00:ff:8b:0f:42:1b:16:a4:46:06:73:bc:
         1b:05:99:55:1b:b5:6c:c2:fc:2f:1c:3a:34:cb:92:e5:b1:41:
         ce:82:58:22:9b:e2:41:65:7a:c9:1d:aa:cc:85:06:a9:34:ca:
         22:e0:7c:2e:c1:4e:bb:55:14:91:d7:f0:f8:80:f6:45:e6:06:
         52:79:c7:0c:e5:58:c2:05:39:7c:9f:ef:3b:59:12:0a:d2:09:
         5e:7e:9d:ec:09:a8:22:db:2b:48:b1:8a:4a:e1:c5:39:10:2a:
         6b:d2:c8:c2:5f:d8:b1:f4:09:cf:f7:b2:44:16:12:60:4d:53:
         4c:3f:8f:ed
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY2w12LWwVwCHRdY15BjVzfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMjE2MDczNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAwY2JhMTYzODkzZWUzODg3OGU3OWNjZWIzZWNkMjM1Y2NlMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7l2BUNlKYhh0I3OodnU5Idasx1f
31e2LLA7GBkCvPYxPMDAeKyZFQ67BdGN7H0Xmj6+yONQkSYeh+dV+GDsnsIBbtYT
762MbBTUGaUJcnchirnbtcJjsSZwh1tyYyuX1/3ywmtIsgjp25kMNVGuoFYLLKf7
j4HKqgb1XbGikyL1K6w8vYsvXkMbCKCVd+TU+byyGCa1y9kj9coO1JRF3f0QEumF
GUQ6jO/oj53JRC4soEGTtjXmDFiJbWNNPMYRP4Tac3JdvZIfuiAoAX7ZZUPQJSjo
wFS7o6kPeNll3rmX5zomJsJBxXk/9HXWaj+8C5cvB09pnrAut+jhqd/RxwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB4Ay6FjiT7jiHjnnM6z7NI1zOFoMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvSGdETG9XT0pQdU9JZU9lY3pyUHMwalhNNFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjASBAIAATAMAwQALVf1AwQA
ueDUMDAEAgACMCoDBQMqEJaAAwUDKhHhQAMFAyoSbEADBQMqEn9AAwUDKhKSwAMF
AyoSs8AwDQYJKoZIhvcNAQELBQADggEBAJijf6UhfDQlqCCUr9eKFyFgYFvRLjUo
9Bkk/kfQ0xhaSBG73Dnrf60SJeq0wcuwEtLZqdVnbhtMHwKQx+1SLwu/DZbVuQfJ
eWwh4xnI/G5SEO/Pm3BYnf3h8pxtCd2hlV8fyU10iAPnwh8Qaabo1NPRWh7PVvhY
p0L7M2y4dzJGHM72aQD/iw9CGxakRgZzvBsFmVUbtWzC/C8cOjTLkuWxQc6CWCKb
4kFleskdqsyFBqk0yiLgfC7BTrtVFJHX8PiA9kXmBlJ5xwzlWMIFOXyf7ztZEgrS
CV5+newJqCLbK0ixikrhxTkQKmvSyMJf2LH0Cc/3skQWEmBNU0w/j+0=
-----END CERTIFICATE-----