Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/OR63RjEMQusyrkjmZy0Oa_XTK7g.roa
File:                     OR63RjEMQusyrkjmZy0Oa_XTK7g.roa (raw, json)
Hash identifier:          FCK7R1JwdBdV/T7ybRhMByQsSn72rXetpigVStHSXy0=
Subject key identifier:   39:1E:B7:46:31:0C:42:EB:32:AE:48:E6:67:2D:0E:6B:F5:D3:2B:B8
Certificate issuer:       /CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
Certificate serial:       01919DF19CDFBEE4FFE40E68F920BA1F1C41
Authority key identifier: 45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/OR63RjEMQusyrkjmZy0Oa_XTK7g.roa
Signing time:             Thu 29 Aug 2024 11:42:22 +0000
ROA not before:           Thu 29 Aug 2024 11:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24679
IP address blocks:        81.3.0.0/18 maxlen: 24
                          83.246.0.0/17 maxlen: 24
                          185.148.168.0/22 maxlen: 24
                          193.201.52.0/22 maxlen: 24
                          193.238.228.0/22 maxlen: 24
                          195.47.229.0/24 maxlen: 24
                          217.175.224.0/19 maxlen: 24
                          217.195.32.0/20 maxlen: 24
                          2a02:790::/32 maxlen: 48
                          2a07:60c0::/29 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 17:47:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9d:f1:9c:df:be:e4:ff:e4:0e:68:f9:20:ba:1f:1c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
        Validity
            Not Before: Aug 29 11:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391eb746310c42eb32ae48e6672d0e6bf5d32bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:10:41:d1:7e:9b:08:2c:2d:2c:1b:e4:c1:c7:
                    73:a1:38:45:b3:49:48:1a:91:57:c4:6a:1f:22:8c:
                    13:05:14:12:0e:70:cb:a4:e1:db:d6:db:03:d2:c5:
                    4f:f6:18:22:c5:2c:3c:f8:ee:86:36:5c:b0:53:72:
                    93:10:71:94:1b:1b:04:47:2e:64:ef:04:e8:b3:1c:
                    ba:3f:6f:f7:c0:e0:ae:03:94:a9:5e:3d:ef:f7:a4:
                    9e:76:72:5d:c0:00:5f:90:16:69:93:41:2c:4c:11:
                    cd:5f:9a:60:c3:e0:31:ca:7c:5c:d7:ad:3f:b0:ac:
                    81:b8:bc:06:31:2a:f3:45:81:db:c4:78:dc:56:4f:
                    a0:49:67:6d:e5:49:ca:24:f1:1f:c6:ef:ca:20:ed:
                    3a:e5:e3:83:0e:71:2b:d3:6b:19:72:e4:ae:50:c9:
                    c9:54:8c:7f:53:7c:b4:d9:16:01:27:5b:41:f0:55:
                    c8:6a:d6:ea:70:34:0c:07:fd:42:b7:f6:36:e0:e4:
                    81:ea:95:8b:c8:e4:f2:46:7f:db:88:ed:b2:1e:f7:
                    32:c3:bc:20:70:3a:26:ab:5f:97:77:98:92:50:ee:
                    d0:da:ee:c3:5f:45:ab:c0:4b:f3:cd:5e:6c:2a:6f:
                    cf:d6:32:a3:b1:12:ef:ff:06:aa:22:16:ff:71:99:
                    c3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1E:B7:46:31:0C:42:EB:32:AE:48:E6:67:2D:0E:6B:F5:D3:2B:B8
            X509v3 Authority Key Identifier:
                keyid:45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/OR63RjEMQusyrkjmZy0Oa_XTK7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.3.0.0/18
                  83.246.0.0/17
                  185.148.168.0/22
                  193.201.52.0/22
                  193.238.228.0/22
                  195.47.229.0/24
                  217.175.224.0/19
                  217.195.32.0/20
                IPv6:
                  2a02:790::/32
                  2a07:60c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:fc:42:c5:70:de:68:40:19:72:c4:23:10:77:8d:56:82:26:
         1a:9f:8d:9a:31:17:25:75:80:5d:ec:59:92:f7:e7:91:6a:67:
         83:00:0e:2e:27:3f:c3:a6:56:53:35:44:8a:f2:71:8d:d1:61:
         60:d3:a4:f1:27:e6:f3:83:b1:42:fc:2e:25:09:2e:54:84:3b:
         87:05:3e:0b:c2:04:bb:4f:eb:42:1c:82:25:7e:e4:9e:b1:48:
         53:3d:93:cf:a5:c3:84:f3:c4:2d:7f:db:15:c8:0e:91:08:95:
         b5:1e:56:44:00:78:0d:dd:c3:c6:65:85:82:2d:a7:83:2a:24:
         ea:82:68:d5:31:83:fb:a6:8f:88:6c:e9:e8:ae:ad:0d:3e:0c:
         e2:d2:bf:aa:0e:b3:63:d6:33:98:42:d3:8d:07:f9:84:4e:5d:
         a5:74:e9:3a:45:d0:54:fc:10:1f:06:03:c9:5c:d3:f2:59:5a:
         8f:ca:52:36:fc:73:7d:90:7a:61:d3:43:6f:c5:4d:d6:eb:6f:
         df:66:9f:36:47:92:3d:14:dd:36:90:42:93:df:8c:62:b0:7b:
         25:8b:6e:2f:60:b3:d9:fa:d5:c5:80:10:0f:d7:b0:4b:13:11:
         b2:9f:01:3d:fd:b2:d9:84:89:15:7c:98:c8:5c:6c:82:04:db:
         2d:20:98:79
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZGd8ZzfvuT/5A5o+SC6HxxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Yjk4NTRiMDQ0NTk0ZTZjZjA4NDZmYjQxZGU3YjA5MDhm
YjVmNzIwHhcNMjQwODI5MTE0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFlYjc0NjMxMGM0MmViMzJhZTQ4ZTY2NzJkMGU2YmY1ZDMyYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hBB0X6bCCwtLBvkwcdzoThFs0lI
GpFXxGofIowTBRQSDnDLpOHb1tsD0sVP9hgixSw8+O6GNlywU3KTEHGUGxsERy5k
7wTosxy6P2/3wOCuA5SpXj3v96SednJdwABfkBZpk0EsTBHNX5pgw+Axynxc160/
sKyBuLwGMSrzRYHbxHjcVk+gSWdt5UnKJPEfxu/KIO065eODDnEr02sZcuSuUMnJ
VIx/U3y02RYBJ1tB8FXIatbqcDQMB/1Ct/Y24OSB6pWLyOTyRn/biO2yHvcyw7wg
cDomq1+Xd5iSUO7Q2u7DX0WrwEvzzV5sKm/P1jKjsRLv/waqIhb/cZnDBwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDket0YxDELrMq5I5mctDmv10yu4MB8GA1UdIwQY
MBaAFEW5hUsERZTmzwhG+0HeewkI+19yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMt
NGIyMmZjNTE4NGEyLzEvT1I2M1JqRU1RdXN5cmtqbVp5ME9hX1hUSzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMtNGIyMmZjNTE4NGEy
LzEvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQGUQMAAwQH
U/YAAwQCuZSoAwQCwck0AwQCwe7kAwQAwy/lAwQF2a/gAwQE2cMgMBQEAgACMA4D
BQAqAgeQAwUDKgdgwDANBgkqhkiG9w0BAQsFAAOCAQEARPxCxXDeaEAZcsQjEHeN
VoImGp+NmjEXJXWAXexZkvfnkWpngwAOLic/w6ZWUzVEivJxjdFhYNOk8Sfm84Ox
QvwuJQkuVIQ7hwU+C8IEu0/rQhyCJX7knrFIUz2Tz6XDhPPELX/bFcgOkQiVtR5W
RAB4Dd3DxmWFgi2ngyok6oJo1TGD+6aPiGzp6K6tDT4M4tK/qg6zY9YzmELTjQf5
hE5dpXTpOkXQVPwQHwYDyVzT8llaj8pSNvxzfZB6YdNDb8VN1utv32afNkeSPRTd
NpBCk9+MYrB7JYtuL2Cz2frVxYAQD9ewSxMRsp8BPf2y2YSJFXyYyFxsggTbLSCY
eQ==
-----END CERTIFICATE-----