Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/maRfJbPOiTlv1efHvsyef_32YJY.roa
File:                     maRfJbPOiTlv1efHvsyef_32YJY.roa (raw, json)
Hash identifier:          yK0jvjpkgpb4CUlsFnuZc1JVScjWbny3mdWjzUqlTT0=
Subject key identifier:   99:A4:5F:25:B3:CE:89:39:6F:D5:E7:C7:BE:CC:9E:7F:FD:F6:60:96
Certificate issuer:       /CN=6107e2e2e8171d319da1bc64b36c3c985e646c2a
Certificate serial:       018F641915EC1E164262A41445A0F8B4ED6C
Authority key identifier: 61:07:E2:E2:E8:17:1D:31:9D:A1:BC:64:B3:6C:3C:98:5E:64:6C:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YQfi4ugXHTGdobxks2w8mF5kbCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/maRfJbPOiTlv1efHvsyef_32YJY.roa
Signing time:             Fri 10 May 2024 20:01:56 +0000
ROA not before:           Fri 10 May 2024 20:01:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42868
IP address blocks:        77.245.144.0/24 maxlen: 24
                          77.245.145.0/24 maxlen: 24
                          77.245.146.0/24 maxlen: 24
                          77.245.147.0/24 maxlen: 24
                          77.245.148.0/24 maxlen: 24
                          77.245.149.0/24 maxlen: 24
                          77.245.150.0/24 maxlen: 24
                          77.245.151.0/24 maxlen: 24
                          77.245.152.0/24 maxlen: 24
                          77.245.153.0/24 maxlen: 24
                          77.245.154.0/24 maxlen: 24
                          77.245.155.0/24 maxlen: 24
                          77.245.156.0/24 maxlen: 24
                          77.245.157.0/24 maxlen: 24
                          77.245.158.0/24 maxlen: 24
                          77.245.159.0/24 maxlen: 24
                          185.87.252.0/24 maxlen: 24
                          185.87.253.0/24 maxlen: 24
                          185.87.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Sep 2024 19:46:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:64:19:15:ec:1e:16:42:62:a4:14:45:a0:f8:b4:ed:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6107e2e2e8171d319da1bc64b36c3c985e646c2a
        Validity
            Not Before: May 10 20:01:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99a45f25b3ce89396fd5e7c7becc9e7ffdf66096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bb:b2:da:45:ca:56:dc:99:fe:b8:9f:03:d0:
                    6b:0d:0c:c5:ac:d3:f5:86:68:9a:e0:92:a1:a9:91:
                    78:cf:44:46:7d:14:b9:85:af:92:05:a6:84:db:62:
                    6c:b5:eb:95:8d:de:9f:05:6d:c4:8b:07:04:50:5f:
                    51:53:6c:c5:00:26:da:9e:78:b9:2b:54:41:33:ab:
                    71:04:95:2e:d3:2b:8e:60:15:ff:7c:54:1a:03:b2:
                    bf:59:ed:4f:94:6e:d5:c7:4d:4b:06:dc:73:56:0c:
                    9e:9d:d5:f4:fd:50:4e:3d:d5:a2:67:63:16:f6:ac:
                    8f:9d:77:65:ea:51:31:8d:bd:44:c0:76:da:b8:73:
                    c6:10:11:24:28:aa:65:9a:61:48:56:ae:a3:7b:6d:
                    2b:92:81:7b:fd:cf:a8:70:60:5f:17:86:93:ad:e5:
                    cb:72:02:01:57:97:3f:08:73:2b:00:81:b1:e2:8c:
                    86:0b:5a:55:c2:d4:9a:0d:f6:31:56:2c:50:5a:6a:
                    aa:34:d7:e4:4f:e8:fa:44:a9:e9:2e:85:7a:7c:08:
                    16:f3:0c:f1:5a:fa:bf:0c:6a:61:13:50:51:57:7a:
                    41:c8:a6:23:b4:55:a1:35:c5:6d:14:ac:25:92:a9:
                    59:87:ed:8d:62:f1:16:fe:09:ac:e9:68:81:c7:55:
                    66:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A4:5F:25:B3:CE:89:39:6F:D5:E7:C7:BE:CC:9E:7F:FD:F6:60:96
            X509v3 Authority Key Identifier:
                keyid:61:07:E2:E2:E8:17:1D:31:9D:A1:BC:64:B3:6C:3C:98:5E:64:6C:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YQfi4ugXHTGdobxks2w8mF5kbCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/maRfJbPOiTlv1efHvsyef_32YJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/b07e58-f93a-4d5f-b92d-6016d5c05f30/1/YQfi4ugXHTGdobxks2w8mF5kbCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.245.144.0/20
                  185.87.252.0-185.87.254.255

    Signature Algorithm: sha256WithRSAEncryption
         19:96:73:2b:c2:6c:a7:c7:37:ce:d4:e0:1b:3f:0b:bf:0c:d2:
         56:1c:4c:20:81:c8:b9:04:4b:8b:d1:57:ab:e6:05:04:13:19:
         1c:b2:04:1d:69:da:9f:aa:b6:1f:7b:c9:ed:b9:20:7d:65:65:
         69:7c:d2:eb:44:73:e9:71:81:05:27:30:cb:86:f0:21:74:42:
         62:49:d9:de:83:06:b8:dc:9f:9f:17:60:ad:f0:83:4f:0d:50:
         b9:09:09:45:90:67:d9:9c:3b:37:89:33:64:e4:9e:47:b2:de:
         d7:08:e1:3b:da:62:b3:f9:f9:df:79:15:71:42:90:19:47:2b:
         fa:24:e7:5f:5f:46:ee:fc:89:20:ab:ad:0f:be:9d:4e:90:f6:
         ae:06:90:d2:5a:d4:79:00:36:0c:93:90:f2:dd:4f:dc:32:91:
         41:b8:32:ba:1e:e9:06:ba:34:df:6f:1b:96:26:4d:6b:5f:69:
         77:4b:39:7b:ed:03:36:e7:a3:2b:f4:d7:14:7f:63:09:af:46:
         39:23:37:29:f7:07:61:18:a7:42:cc:4e:10:30:78:45:fb:84:
         52:68:26:19:ca:12:2b:b0:56:3e:6b:2c:03:43:fb:06:ce:8e:
         e0:42:95:40:e9:fc:75:2b:29:86:3e:16:15:49:0d:c1:7e:c8:
         e9:b4:e6:c9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY9kGRXsHhZCYqQURaD4tO1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMDdlMmUyZTgxNzFkMzE5ZGExYmM2NGIzNmMzYzk4NWU2
NDZjMmEwHhcNMjQwNTEwMjAwMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWE0NWYyNWIzY2U4OTM5NmZkNWU3YzdiZWNjOWU3ZmZkZjY2MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7uy2kXKVtyZ/rifA9BrDQzFrNP1
hmia4JKhqZF4z0RGfRS5ha+SBaaE22JsteuVjd6fBW3EiwcEUF9RU2zFACbanni5
K1RBM6txBJUu0yuOYBX/fFQaA7K/We1PlG7Vx01LBtxzVgyendX0/VBOPdWiZ2MW
9qyPnXdl6lExjb1EwHbauHPGEBEkKKplmmFIVq6je20rkoF7/c+ocGBfF4aTreXL
cgIBV5c/CHMrAIGx4oyGC1pVwtSaDfYxVixQWmqqNNfkT+j6RKnpLoV6fAgW8wzx
Wvq/DGphE1BRV3pByKYjtFWhNcVtFKwlkqlZh+2NYvEW/gms6WiBx1VmWQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJmkXyWzzok5b9Xnx77Mnn/99mCWMB8GA1UdIwQY
MBaAFGEH4uLoFx0xnaG8ZLNsPJheZGwqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVFmaTR1Z1hIVEdkb2J4a3MydzhtRjVrYkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9iMDdlNTgtZjkzYS00ZDVmLWI5MmQt
NjAxNmQ1YzA1ZjMwLzEvbWFSZkpiUE9pVGx2MWVmSHZzeWVmXzMyWUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9iMDdlNTgtZjkzYS00ZDVmLWI5MmQtNjAxNmQ1YzA1ZjMw
LzEvWVFmaTR1Z1hIVEdkb2J4a3MydzhtRjVrYkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQETfWQMAwD
BAK5V/wDBAC5V/4wDQYJKoZIhvcNAQELBQADggEBABmWcyvCbKfHN87U4Bs/C78M
0lYcTCCByLkES4vRV6vmBQQTGRyyBB1p2p+qth97ye25IH1lZWl80utEc+lxgQUn
MMuG8CF0QmJJ2d6DBrjcn58XYK3wg08NULkJCUWQZ9mcOzeJM2Tknkey3tcI4Tva
YrP5+d95FXFCkBlHK/ok519fRu78iSCrrQ++nU6Q9q4GkNJa1HkANgyTkPLdT9wy
kUG4Mroe6Qa6NN9vG5YmTWtfaXdLOXvtAzbnoyv01xR/YwmvRjkjNyn3B2EYp0LM
ThAweEX7hFJoJhnKEiuwVj5rLAND+wbOjuBClUDp/HUrKYY+FhVJDcF+yOm05sk=
-----END CERTIFICATE-----