Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lxnIt301Z9pgEs1937Xe1xBJxew.roa
File:                     lxnIt301Z9pgEs1937Xe1xBJxew.roa (raw, json)
Hash identifier:          o6PciBwsND31WCnLJ1G9BO107YLhNXLUSVCnRaXv2nE=
Subject key identifier:   97:19:C8:B7:7D:35:67:DA:60:12:CD:7D:DF:B5:DE:D7:10:49:C5:EC
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01935671AB72AB8E8D3311A9F32CAA400A0E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lxnIt301Z9pgEs1937Xe1xBJxew.roa
Signing time:             Sat 23 Nov 2024 00:35:10 +0000
ROA not before:           Sat 23 Nov 2024 00:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        5.83.129.0/24 maxlen: 24
                          5.175.138.0/24 maxlen: 24
                          77.90.54.0/24 maxlen: 24
                          77.90.55.0/24 maxlen: 24
                          85.118.162.0/24 maxlen: 24
                          87.239.131.0/24 maxlen: 24
                          94.249.138.0/24 maxlen: 24
                          94.249.148.0/24 maxlen: 24
                          94.249.153.0/24 maxlen: 24
                          94.249.212.0/24 maxlen: 24
                          94.249.237.0/24 maxlen: 24
                          185.47.143.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 24 Nov 2024 05:13:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:56:71:ab:72:ab:8e:8d:33:11:a9:f3:2c:aa:40:0a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 23 00:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9719c8b77d3567da6012cd7ddfb5ded71049c5ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b6:c3:60:40:84:a8:ae:e8:91:aa:bf:1e:44:
                    ca:b4:dc:93:b1:75:58:6a:4c:ca:39:b4:3c:47:50:
                    7d:69:04:4a:14:de:59:d1:69:80:1b:09:12:7f:66:
                    cc:78:8e:19:10:b4:23:6c:b9:20:6d:f1:38:96:1e:
                    44:a0:3c:a5:b2:11:26:42:12:78:65:08:d8:ea:fc:
                    55:ed:12:d8:fc:1c:98:b1:5d:8d:7e:f6:d4:c2:a9:
                    0e:8d:c4:81:e4:d1:68:87:b2:5b:e5:0d:23:47:54:
                    70:ec:ca:c9:b4:b9:47:25:4e:9c:af:cb:7b:d2:53:
                    30:5c:83:03:d1:77:ae:e6:b9:ee:43:7e:60:fe:18:
                    b7:d6:3c:80:aa:3a:40:bf:39:ff:11:d1:b6:a9:5a:
                    f2:30:36:dd:3e:6e:27:cc:f4:60:81:5a:32:9c:a4:
                    77:38:07:fd:f3:18:90:8d:c7:0c:7e:bf:67:1b:6b:
                    69:ad:3b:08:83:8e:3a:6f:7b:3f:f7:86:5b:5e:3a:
                    80:17:ae:7c:ef:a5:30:14:c9:77:ce:2c:02:91:0f:
                    77:08:fd:f2:24:94:67:16:d7:b2:fc:0b:f5:1d:60:
                    04:16:f6:11:dd:e7:cd:99:ec:2f:e0:5a:1c:b6:b2:
                    89:64:23:70:aa:b0:99:76:e0:f7:88:13:47:5a:b0:
                    2e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:19:C8:B7:7D:35:67:DA:60:12:CD:7D:DF:B5:DE:D7:10:49:C5:EC
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lxnIt301Z9pgEs1937Xe1xBJxew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.129.0/24
                  5.175.138.0/24
                  77.90.54.0/23
                  85.118.162.0/24
                  87.239.131.0/24
                  94.249.138.0/24
                  94.249.148.0/24
                  94.249.153.0/24
                  94.249.212.0/24
                  94.249.237.0/24
                  185.47.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:70:02:f2:1a:16:ca:fa:b4:e4:29:2f:74:52:bb:9d:c1:e9:
         fd:4d:03:08:56:11:9c:12:ca:80:be:1b:72:1f:71:7a:dd:07:
         09:51:76:4b:68:ff:a5:17:ac:02:32:e5:c3:37:06:97:51:a8:
         a3:a0:98:ac:a5:6d:17:75:19:d1:f8:c8:25:cf:8c:f3:4c:7b:
         fc:1e:bb:a5:65:3d:5b:60:bf:39:71:af:ee:54:f6:1c:cc:90:
         30:ce:bc:9e:97:8f:70:cd:8a:e3:a4:0d:dd:17:35:12:b4:91:
         8a:c3:9c:5d:45:a1:b1:bb:57:dc:a3:4f:53:97:0d:0a:c2:d5:
         f5:b9:29:7f:7c:e4:2f:f6:c1:68:2e:94:b0:58:59:6a:38:f1:
         5c:93:e8:26:eb:95:29:d4:e4:79:1c:a2:7b:a0:3a:87:09:40:
         10:39:2d:61:e8:60:0d:bf:8a:94:5c:ef:9f:7f:0f:17:c3:0a:
         7f:fe:0f:cc:66:d9:4d:d0:04:82:21:b1:6e:d5:7f:da:fb:b3:
         a2:d5:04:83:67:83:dd:24:9c:bc:ad:38:c8:3c:38:b5:a5:57:
         c0:5e:06:31:4e:72:29:b2:48:c6:67:b9:f7:ef:48:9c:62:52:
         56:bc:be:24:e2:a4:ce:d0:a4:dc:25:79:ea:66:62:4b:10:45:
         31:4a:1b:b1
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZNWcatyq46NMxGp8yyqQAoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTIzMDAzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzE5YzhiNzdkMzU2N2RhNjAxMmNkN2RkZmI1ZGVkNzEwNDljNWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bbDYECEqK7okaq/HkTKtNyTsXVY
akzKObQ8R1B9aQRKFN5Z0WmAGwkSf2bMeI4ZELQjbLkgbfE4lh5EoDylshEmQhJ4
ZQjY6vxV7RLY/ByYsV2NfvbUwqkOjcSB5NFoh7Jb5Q0jR1Rw7MrJtLlHJU6cr8t7
0lMwXIMD0Xeu5rnuQ35g/hi31jyAqjpAvzn/EdG2qVryMDbdPm4nzPRggVoynKR3
OAf98xiQjccMfr9nG2tprTsIg446b3s/94ZbXjqAF65876UwFMl3ziwCkQ93CP3y
JJRnFtey/Av1HWAEFvYR3efNmewv4FoctrKJZCNwqrCZduD3iBNHWrAuHwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJcZyLd9NWfaYBLNfd+13tcQScXsMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbHhuSXQzMDFaOXBnRXMxOTM3WGUxeEJKeGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABVOBAwQA
Ba+KAwQBTVo2AwQAVXaiAwQAV++DAwQAXvmKAwQAXvmUAwQAXvmZAwQAXvnUAwQA
XvntAwQAuS+PMA0GCSqGSIb3DQEBCwUAA4IBAQB2cALyGhbK+rTkKS90Urudwen9
TQMIVhGcEsqAvhtyH3F63QcJUXZLaP+lF6wCMuXDNwaXUaijoJispW0XdRnR+Mgl
z4zzTHv8HrulZT1bYL85ca/uVPYczJAwzryel49wzYrjpA3dFzUStJGKw5xdRaGx
u1fco09Tlw0KwtX1uSl/fOQv9sFoLpSwWFlqOPFck+gm65Up1OR5HKJ7oDqHCUAQ
OS1h6GANv4qUXO+ffw8Xwwp//g/MZtlN0ASCIbFu1X/a+7Oi1QSDZ4PdJJy8rTjI
PDi1pVfAXgYxTnIpskjGZ7n370icYlJWvL4k4qTO0KTcJXnqZmJLEEUxShux
-----END CERTIFICATE-----