Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BIEjjSykGjoWyYPNCph8fxiNAWo.roa
File:                     BIEjjSykGjoWyYPNCph8fxiNAWo.roa (raw, json)
Hash identifier:          3t+cgC+hVqwCNg/RmCGxwG7tn3BpTY4HtpfNiE8nk+U=
Subject key identifier:   04:81:23:8D:2C:A4:1A:3A:16:C9:83:CD:0A:98:7C:7F:18:8D:01:6A
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E40DDDB54608C14F3CA1DE870AB5626E3
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BIEjjSykGjoWyYPNCph8fxiNAWo.roa
Signing time:             Fri 15 Mar 2024 06:47:45 +0000
ROA not before:           Fri 15 Mar 2024 06:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.94.170.0/24 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          146.19.125.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 13:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:40:dd:db:54:60:8c:14:f3:ca:1d:e8:70:ab:56:26:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 15 06:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0481238d2ca41a3a16c983cd0a987c7f188d016a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:11:01:45:bd:39:09:1f:97:e3:08:f0:c6:c4:
                    98:9d:76:7c:ad:35:df:a7:4c:a2:9b:ee:f4:77:cb:
                    82:a1:51:5a:32:c6:d0:d8:98:fc:79:5e:8f:7c:b8:
                    34:6f:8e:1d:4e:e9:67:88:b0:9d:58:e5:f1:cc:56:
                    82:61:9d:2f:a8:da:31:21:36:44:99:ca:8b:7c:8d:
                    76:6f:ee:3f:05:fd:f8:c2:a1:85:88:66:65:a6:1c:
                    40:89:ac:70:19:69:97:d0:41:01:02:06:15:d6:53:
                    50:04:08:1a:9d:d6:54:50:ac:68:b4:b5:6e:72:0a:
                    4c:ce:ee:de:e1:50:3f:e8:b5:12:ea:82:24:00:99:
                    9a:ae:d6:ef:15:d6:23:8e:70:44:a5:59:dd:2a:b0:
                    2d:0f:d0:75:36:f2:81:7f:00:dc:ea:30:82:90:8d:
                    17:bb:4a:99:97:e8:44:66:f5:7b:fb:2e:6c:cb:18:
                    c3:36:16:8a:61:05:d4:e6:c3:a6:40:6b:e0:88:f4:
                    99:e1:1b:7b:0b:25:07:2e:12:90:75:2f:fc:20:30:
                    4e:1d:5d:df:8e:4b:1e:35:49:56:87:4d:36:53:41:
                    1b:cc:33:7c:2d:ab:96:ee:b9:99:12:a3:25:a4:1c:
                    d5:06:6a:2c:ad:87:83:73:a5:d4:b8:a0:83:89:cc:
                    7b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:81:23:8D:2C:A4:1A:3A:16:C9:83:CD:0A:98:7C:7F:18:8D:01:6A
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BIEjjSykGjoWyYPNCph8fxiNAWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23
                  5.181.87.0/24
                  45.88.139.0/24
                  45.94.170.0/23
                  85.209.120.0/23
                  146.19.125.0/24
                  193.30.241.0/24
                  193.57.41.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:97:16:40:74:03:26:20:5d:d4:f5:e3:53:ab:ff:44:99:73:
         57:29:18:cd:86:c7:f0:98:02:08:8b:24:ae:d8:a8:37:60:bf:
         83:e8:59:c7:e3:1c:cd:4c:98:55:47:ff:ba:e0:d3:9f:f1:e6:
         0d:31:f8:59:2b:ad:b5:99:c9:b9:5c:0e:88:d3:56:04:82:57:
         43:a6:63:f3:cf:85:e4:9d:a7:85:e3:8f:d6:10:dd:a5:7b:2e:
         80:a9:98:87:cc:48:c0:83:a7:24:c8:e3:b6:74:73:42:11:c1:
         2e:a0:d4:fa:47:92:0e:b8:cb:91:ee:7e:7b:48:42:e3:ba:cc:
         d5:8f:72:23:89:fc:c2:10:f9:a7:28:a8:0a:4f:88:de:bc:f8:
         e0:da:56:22:88:04:f8:9b:c0:47:a5:55:db:c3:d5:20:2e:50:
         d9:9a:49:74:3b:02:fe:c7:b7:34:58:1d:d8:77:2c:65:06:a5:
         4e:df:6b:9c:ec:3b:87:de:2e:a6:0f:da:3e:05:ee:b8:13:34:
         5d:7b:03:ba:08:eb:e0:81:cf:8c:73:7b:e2:16:3b:79:b7:4a:
         e2:5a:68:79:f7:46:b3:7a:34:18:05:95:b9:6a:2e:49:5f:d2:
         fe:70:ad:15:12:05:90:31:9f:62:f1:45:fe:b7:40:f1:bf:95:
         80:73:0f:08
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY5A3dtUYIwU88od6HCrVibjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzE1MDY0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgxMjM4ZDJjYTQxYTNhMTZjOTgzY2QwYTk4N2M3ZjE4OGQwMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhEBRb05CR+X4wjwxsSYnXZ8rTXf
p0yim+70d8uCoVFaMsbQ2Jj8eV6PfLg0b44dTulniLCdWOXxzFaCYZ0vqNoxITZE
mcqLfI12b+4/Bf34wqGFiGZlphxAiaxwGWmX0EEBAgYV1lNQBAgandZUUKxotLVu
cgpMzu7e4VA/6LUS6oIkAJmartbvFdYjjnBEpVndKrAtD9B1NvKBfwDc6jCCkI0X
u0qZl+hEZvV7+y5syxjDNhaKYQXU5sOmQGvgiPSZ4Rt7CyUHLhKQdS/8IDBOHV3f
jkseNUlWh002U0EbzDN8LauW7rmZEqMlpBzVBmosrYeDc6XUuKCDicx7uwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFASBI40spBo6FsmDzQqYfH8YjQFqMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvQklFampTeWtHam9XeVlQTkNwaDhmeGlOQVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBBbVUAwQA
BbVXAwQALViLAwQBLV6qAwQBVdF4AwQAkhN9AwQAwR7xAwQAwTkpAwQAw7FfMA0G
CSqGSIb3DQEBCwUAA4IBAQCRlxZAdAMmIF3U9eNTq/9EmXNXKRjNhsfwmAIIiySu
2Kg3YL+D6FnH4xzNTJhVR/+64NOf8eYNMfhZK621mcm5XA6I01YEgldDpmPzz4Xk
naeF44/WEN2ley6AqZiHzEjAg6ckyOO2dHNCEcEuoNT6R5IOuMuR7n57SELjuszV
j3IjifzCEPmnKKgKT4jevPjg2lYiiAT4m8BHpVXbw9UgLlDZmkl0OwL+x7c0WB3Y
dyxlBqVO32uc7DuH3i6mD9o+Be64EzRdewO6COvggc+Mc3viFjt5t0riWmh590az
ejQYBZW5ai5JX9L+cK0VEgWQMZ9i8UX+t0Dxv5WAcw8I
-----END CERTIFICATE-----