Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/oRuFB3pFspLpqLYa9_uc9LIgfRk.roa
File:                     oRuFB3pFspLpqLYa9_uc9LIgfRk.roa (raw, json)
Hash identifier:          XMpH472rjjeOzqqnL2MDIJEQEQc3M0bGj7nBs1slLjI=
Subject key identifier:   A1:1B:85:07:7A:45:B2:92:E9:A8:B6:1A:F7:FB:9C:F4:B2:20:7D:19
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B799B4FCE23E5685101AED48E005C
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/oRuFB3pFspLpqLYa9_uc9LIgfRk.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57782
IP address blocks:        185.202.104.0/24 maxlen: 24
                          79.110.168.0/23 maxlen: 24
                          139.28.206.0/24 maxlen: 24
                          2a0d:9cc0::/29 maxlen: 48
                          2a0d:1a45::/32 maxlen: 48
                          2a06:1e83:caff::/48 maxlen: 48
                          2a0d:1a40::/29 maxlen: 48
                          2a06:1e85::/32 maxlen: 48
                          2a06:1e83:cafe::/48 maxlen: 48
                          2a0d:1a40:5500::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 09:49:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:79:9b:4f:ce:23:e5:68:51:01:ae:d4:8e:00:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11b85077a45b292e9a8b61af7fb9cf4b2207d19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:dd:9b:6c:e8:d5:aa:f3:63:22:43:a4:6d:
                    e5:c1:e4:d4:47:bf:0a:fa:8e:ae:6d:b6:39:63:43:
                    54:9e:f6:8b:30:34:4e:04:85:ef:23:65:a9:6d:e4:
                    f4:8f:21:c3:d1:58:37:09:37:78:02:f0:cf:53:81:
                    a8:09:cb:b3:c6:18:78:18:fe:09:74:4d:5c:58:a8:
                    5c:6a:35:7e:67:40:27:81:e4:10:f0:81:80:5e:84:
                    22:34:9f:4b:5c:24:a2:fe:2b:2e:61:22:91:ab:f9:
                    b4:c1:48:18:c1:71:93:b3:55:05:07:3b:9c:3e:d3:
                    57:9a:20:32:94:77:a1:41:e1:ee:0d:49:75:f8:ae:
                    35:2c:2f:49:d1:8e:5d:0e:34:a5:bf:a4:53:23:97:
                    c5:c7:c2:87:f9:eb:0c:d8:9e:50:55:6b:68:60:3a:
                    5f:a1:90:63:ae:3f:21:20:28:e4:7c:32:c0:89:58:
                    5e:1c:2b:b5:53:a7:ae:d7:7a:fe:0d:f0:8b:f1:25:
                    5d:fe:f5:7e:69:9d:0a:66:e2:78:99:df:9f:5b:54:
                    e0:e6:cb:24:e2:92:2c:31:71:98:bb:4b:38:3a:4c:
                    9f:9b:d2:87:c1:e5:c2:72:d5:94:91:dc:65:37:d5:
                    22:e4:ae:9b:86:31:53:42:e0:8c:29:82:cb:97:af:
                    27:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1B:85:07:7A:45:B2:92:E9:A8:B6:1A:F7:FB:9C:F4:B2:20:7D:19
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/oRuFB3pFspLpqLYa9_uc9LIgfRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.168.0/23
                  139.28.206.0/24
                  185.202.104.0/24
                IPv6:
                  2a06:1e83:cafe::/47
                  2a06:1e85::/32
                  2a0d:1a40::/29
                  2a0d:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:11:ad:de:d1:c5:9e:06:51:13:52:a8:9b:df:a6:f8:6d:95:
         8b:cf:bd:03:72:bd:2c:a4:22:21:0d:d0:d7:aa:85:25:5a:a3:
         32:45:3f:83:9b:40:8b:f9:3e:43:29:61:fe:34:46:8c:ec:bc:
         2c:50:b6:23:be:78:79:11:04:23:15:59:2e:7d:ba:f8:1b:fb:
         ba:54:1f:91:6d:ce:40:e3:b9:d3:c2:ff:35:29:ae:62:34:48:
         16:8d:d8:fe:6c:b4:97:a6:2d:6f:93:8d:40:48:e9:0e:b6:39:
         4f:73:80:77:9a:e6:d8:09:12:fb:e9:18:f9:da:90:0f:78:c2:
         3a:4e:fc:9c:da:20:36:12:d0:6b:3a:06:c3:d6:91:20:3a:a8:
         8f:71:44:43:8b:0c:d2:7d:98:f9:38:e9:45:a1:c7:64:5b:b0:
         5b:2d:9a:e2:43:60:eb:13:a5:ba:a9:2d:0a:33:1b:ce:ad:1b:
         05:34:59:8e:89:08:65:23:0c:79:bc:8d:55:68:86:80:fe:c0:
         8d:a9:16:96:af:2e:fb:26:bc:0e:76:02:00:9c:51:fe:a3:8b:
         4f:ae:69:57:8f:56:10:bb:e4:af:58:73:6d:05:29:e5:d5:86:
         0e:b1:16:f0:81:db:6a:87:96:eb:9a:cc:e2:f5:5a:b5:6d:93:
         f7:0a:e0:66
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzGS3mbT84j5WhRAa7UjgBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFiODUwNzdhNDViMjkyZTlhOGI2MWFmN2ZiOWNmNGIyMjA3ZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWndm2zo1arzYyJDpG3lweTUR78K
+o6ubbY5Y0NUnvaLMDROBIXvI2WpbeT0jyHD0Vg3CTd4AvDPU4GoCcuzxhh4GP4J
dE1cWKhcajV+Z0AngeQQ8IGAXoQiNJ9LXCSi/isuYSKRq/m0wUgYwXGTs1UFBzuc
PtNXmiAylHehQeHuDUl1+K41LC9J0Y5dDjSlv6RTI5fFx8KH+esM2J5QVWtoYDpf
oZBjrj8hICjkfDLAiVheHCu1U6eu13r+DfCL8SVd/vV+aZ0KZuJ4md+fW1Tg5ssk
4pIsMXGYu0s4Okyfm9KHweXCctWUkdxlN9Ui5K6bhjFTQuCMKYLLl68noQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKEbhQd6RbKS6ai2Gvf7nPSyIH0ZMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvb1J1RkIzcEZzcExwcUxZYTlfdWM5TElnZlJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAYBAIAATASAwQBT26oAwQA
ixzOAwQAucpoMCQEAgACMB4DBwEqBh6Dyv4DBQAqBh6FAwUDKg0aQAMFAyoNnMAw
DQYJKoZIhvcNAQELBQADggEBAF0Rrd7RxZ4GURNSqJvfpvhtlYvPvQNyvSykIiEN
0NeqhSVaozJFP4ObQIv5PkMpYf40RozsvCxQtiO+eHkRBCMVWS59uvgb+7pUH5Ft
zkDjudPC/zUprmI0SBaN2P5stJemLW+TjUBI6Q62OU9zgHea5tgJEvvpGPnakA94
wjpO/JzaIDYS0Gs6BsPWkSA6qI9xREOLDNJ9mPk46UWhx2RbsFstmuJDYOsTpbqp
LQozG86tGwU0WY6JCGUjDHm8jVVohoD+wI2pFpavLvsmvA52AgCcUf6ji0+uaVeP
VhC75K9Yc20FKeXVhg6xFvCB22qHluuazOL1WrVtk/cK4GY=
-----END CERTIFICATE-----