Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/criSFiVSrOQMLyn0rZ_V65Qkj9Y.roa
File:                     criSFiVSrOQMLyn0rZ_V65Qkj9Y.roa (raw, json)
Hash identifier:          ZHE3+RjG41473gxesXvgOmZ7tdE3MJh3kkWM8c8/kxQ=
Subject key identifier:   72:B8:92:16:25:52:AC:E4:0C:2F:29:F4:AD:9F:D5:EB:94:24:8F:D6
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94C19D80C926A20BC6003FF3F7DCA
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/criSFiVSrOQMLyn0rZ_V65Qkj9Y.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56630
IP address blocks:        213.183.55.0/24 maxlen: 24
                          213.183.54.0/24 maxlen: 24
                          213.183.57.0/24 maxlen: 24
                          213.183.56.0/24 maxlen: 24
                          2a03:f80:370::/48 maxlen: 48
                          2a03:f80:70::/48 maxlen: 48
                          2a03:f80:3991::/48 maxlen: 48
                          2a03:f80:359::/48 maxlen: 48
                          2a03:f80:371::/48 maxlen: 48
                          2a03:f80:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 09:36:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4c:19:d8:0c:92:6a:20:bc:60:03:ff:3f:7d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b892162552ace40c2f29f4ad9fd5eb94248fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:34:5e:24:30:9d:02:0c:40:56:14:92:19:66:
                    09:cb:7f:f6:d1:26:22:44:80:f3:53:6a:5f:57:0f:
                    ba:cf:21:0b:1c:c0:ba:db:14:6d:53:e7:67:60:2a:
                    0e:78:ba:f4:e0:76:a7:bb:3d:74:f3:74:d6:62:d7:
                    63:09:69:a9:b0:ab:ea:fc:fb:79:c0:13:38:7b:20:
                    5f:a5:e9:da:f4:ca:a7:a5:d1:ee:ac:6d:06:55:ce:
                    2f:ac:a2:99:00:83:a3:9c:3e:9c:c3:ea:2a:71:a1:
                    23:f3:c9:63:89:ea:90:4e:3a:73:1e:da:fe:44:f4:
                    3f:9c:f5:49:71:7b:0f:e9:f3:96:4b:dd:bb:c3:60:
                    fb:8e:d6:1b:03:90:6b:4d:1e:23:df:37:7c:27:58:
                    f5:d6:bb:86:8d:06:4f:db:1e:14:90:fa:86:c1:31:
                    c6:f2:1d:4f:3b:ad:23:56:5c:3a:13:20:4f:aa:fe:
                    eb:70:59:10:03:21:1a:b8:25:3f:b4:3a:79:c8:96:
                    40:16:3e:b3:4b:b0:3d:4d:db:e9:ff:33:3d:fb:b5:
                    57:71:69:00:85:78:76:15:d6:7b:76:e4:d0:db:74:
                    1a:df:a9:88:46:ea:c2:f8:39:d6:65:b6:30:08:3e:
                    b5:b5:86:c4:ce:78:b8:69:cc:e5:b4:19:d4:42:b0:
                    1b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B8:92:16:25:52:AC:E4:0C:2F:29:F4:AD:9F:D5:EB:94:24:8F:D6
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/criSFiVSrOQMLyn0rZ_V65Qkj9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.183.54.0-213.183.57.255
                IPv6:
                  2a03:f80:7::/48
                  2a03:f80:70::/48
                  2a03:f80:359::/48
                  2a03:f80:370::/47
                  2a03:f80:3991::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:80:0c:e2:fd:3b:36:a8:e9:66:9d:9c:ca:2e:1b:40:02:31:
         57:99:b0:74:f9:71:01:a5:e2:dd:da:a9:03:1e:8f:3e:1a:d6:
         73:47:fb:9b:f4:33:48:c7:43:9e:68:fe:6c:66:03:59:51:34:
         c4:85:0f:c3:2d:b8:41:bf:c4:50:88:63:b0:67:dd:df:66:91:
         e4:7f:1f:5d:6d:60:ef:67:ae:21:81:7b:15:70:41:a8:88:de:
         3b:ac:3c:50:e5:4a:2b:b4:ad:6a:09:85:2c:f2:d3:38:33:8a:
         97:da:a8:92:72:96:35:7d:54:b0:af:69:b2:0a:91:93:ae:5a:
         a8:40:98:ac:83:6d:ed:1a:54:cd:21:5b:b9:a1:55:4f:37:10:
         b1:d3:11:b3:e7:fc:d6:60:1e:13:7b:6b:fa:d8:8e:da:43:eb:
         d3:58:ef:3c:41:b3:9d:33:e0:ab:57:94:ec:ce:ff:30:a9:0b:
         db:3d:91:ac:4d:39:d8:ed:90:50:28:93:d5:9b:51:12:77:64:
         83:f2:b2:c2:08:7d:d6:30:49:7f:0f:37:ff:96:1f:53:b9:dc:
         84:e2:7e:d8:81:6e:99:40:eb:b8:02:0e:ae:7a:53:85:ec:1b:
         e8:5f:8a:4f:18:e0:39:68:93:54:03:ea:18:7f:ab:53:a3:fb:
         c4:da:8c:5a
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYzGuUwZ2AySaiC8YAP/P33KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI4OTIxNjI1NTJhY2U0MGMyZjI5ZjRhZDlmZDVlYjk0MjQ4ZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTReJDCdAgxAVhSSGWYJy3/20SYi
RIDzU2pfVw+6zyELHMC62xRtU+dnYCoOeLr04Hanuz1083TWYtdjCWmpsKvq/Pt5
wBM4eyBfpena9MqnpdHurG0GVc4vrKKZAIOjnD6cw+oqcaEj88ljieqQTjpzHtr+
RPQ/nPVJcXsP6fOWS927w2D7jtYbA5BrTR4j3zd8J1j11ruGjQZP2x4UkPqGwTHG
8h1PO60jVlw6EyBPqv7rcFkQAyEauCU/tDp5yJZAFj6zS7A9Tdvp/zM9+7VXcWkA
hXh2FdZ7duTQ23Qa36mIRurC+DnWZbYwCD61tYbEzni4aczltBnUQrAbuwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFHK4khYlUqzkDC8p9K2f1euUJI/WMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvY3JpU0ZpVlNyT1FNTHluMHJaX1Y2NVFrajlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAUBAIAATAOMAwDBAHVtzYD
BAHVtzgwMwQCAAIwLQMHACoDD4AABwMHACoDD4AAcAMHACoDD4ADWQMHASoDD4AD
cAMHACoDD4A5kTANBgkqhkiG9w0BAQsFAAOCAQEAToAM4v07NqjpZp2cyi4bQAIx
V5mwdPlxAaXi3dqpAx6PPhrWc0f7m/QzSMdDnmj+bGYDWVE0xIUPwy24Qb/EUIhj
sGfd32aR5H8fXW1g72euIYF7FXBBqIjeO6w8UOVKK7StagmFLPLTODOKl9qoknKW
NX1UsK9psgqRk65aqECYrINt7RpUzSFbuaFVTzcQsdMRs+f81mAeE3tr+tiO2kPr
01jvPEGznTPgq1eU7M7/MKkL2z2RrE052O2QUCiT1ZtREndkg/Kywgh91jBJfw83
/5YfU7nchOJ+2IFumUDruAIOrnpThewb6F+KTxjgOWiTVAPqGH+rU6P7xNqMWg==
-----END CERTIFICATE-----