Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/fqAMm0CvOwiQkD6N03-uGzHHNY0.roa
File:                     fqAMm0CvOwiQkD6N03-uGzHHNY0.roa (raw, json)
Hash identifier:          C48KXkt6TxxQVKpkX62KhO+q24Mznt95OtQg3HIzOkE=
Subject key identifier:   7E:A0:0C:9B:40:AF:3B:08:90:90:3E:8D:D3:7F:AE:1B:31:C7:35:8D
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       0193F8976C097762DBC7D7F7BEADFA20A612
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/fqAMm0CvOwiQkD6N03-uGzHHNY0.roa
Signing time:             Tue 24 Dec 2024 12:14:53 +0000
ROA not before:           Tue 24 Dec 2024 12:14:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52023
IP address blocks:        37.143.162.0/24 maxlen: 24
                          37.143.163.0/24 maxlen: 24
                          37.143.164.0/24 maxlen: 24
                          37.143.165.0/24 maxlen: 24
                          37.143.166.0/24 maxlen: 24
                          37.143.167.0/24 maxlen: 24
                          37.143.170.0/24 maxlen: 24
                          37.143.171.0/24 maxlen: 24
                          37.143.172.0/24 maxlen: 24
                          37.143.173.0/24 maxlen: 24
                          193.32.141.0/24 maxlen: 24
                          193.32.142.0/23 maxlen: 23
                          2a03:8f84::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 05:48:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f8:97:6c:09:77:62:db:c7:d7:f7:be:ad:fa:20:a6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Dec 24 12:14:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ea00c9b40af3b0890903e8dd37fae1b31c7358d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:55:7b:79:10:e2:88:5c:3a:d5:32:94:e6:
                    35:d0:c2:40:a8:3c:6d:af:74:34:83:42:4d:74:25:
                    ac:64:22:03:bb:83:c9:5b:53:74:7d:08:c8:14:9f:
                    0d:b1:fe:e8:66:5d:01:05:d9:fd:32:3a:cb:1b:df:
                    88:03:d7:53:77:11:7a:3b:0c:53:99:b3:09:80:51:
                    e0:ad:82:22:91:ab:88:0f:d4:6c:08:78:40:c8:cf:
                    84:95:ab:b9:d6:28:2c:07:28:aa:48:aa:28:7b:6a:
                    d2:02:16:4a:16:43:51:77:3a:d7:3e:d7:e8:9c:43:
                    4a:32:b0:0e:65:70:c3:fb:9b:95:a4:a8:48:4a:4f:
                    77:b1:b5:d3:45:02:cb:04:8c:21:6e:e7:b0:5a:55:
                    3e:40:b8:f0:98:60:1b:8f:ab:ac:10:80:a2:1a:9d:
                    fc:51:e7:79:99:3b:df:a4:a6:0c:72:c5:7a:38:e8:
                    0a:41:6b:ad:63:d3:92:18:90:33:90:2d:22:de:99:
                    70:00:d4:fb:a5:ab:e3:5e:dd:f2:c3:7d:b6:4f:f2:
                    5f:09:2e:81:f5:f8:1e:1a:b0:f3:9a:f2:7d:13:32:
                    86:73:83:05:47:52:94:b4:10:7e:28:77:2d:9a:68:
                    12:3b:d0:09:20:7b:e4:ae:f7:cd:61:5d:14:5e:d9:
                    5f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A0:0C:9B:40:AF:3B:08:90:90:3E:8D:D3:7F:AE:1B:31:C7:35:8D
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/fqAMm0CvOwiQkD6N03-uGzHHNY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.162.0-37.143.167.255
                  37.143.170.0-37.143.173.255
                  193.32.141.0-193.32.143.255
                IPv6:
                  2a03:8f84::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:e1:c4:a1:73:f0:82:1f:82:2c:67:a1:74:c3:05:b4:2a:6a:
         3d:5c:da:6d:0a:cb:86:d6:ef:7e:98:be:68:e1:9c:00:20:90:
         a5:99:a4:ee:33:5a:44:d2:5f:7b:f2:c2:7b:79:a2:8e:71:45:
         e3:0d:1b:ee:b2:f6:7c:a0:9e:c7:c2:ca:09:1a:f9:d5:55:79:
         1c:02:91:7c:d1:3d:35:33:1e:b7:cb:3b:39:3a:e0:29:55:a9:
         84:ef:bd:a2:1a:aa:10:0c:2d:27:6a:c6:e8:02:f7:09:01:0b:
         d1:9f:1d:ec:35:a9:8c:7e:ad:ba:2d:74:a5:bf:8e:6f:18:6b:
         48:da:14:64:d8:52:00:0a:0d:02:09:b5:d2:78:c0:93:15:c3:
         ba:7a:c0:db:c9:67:d1:52:90:bf:bd:0d:73:43:cf:67:83:54:
         12:33:31:9c:18:d6:4d:f5:37:be:31:9c:d2:29:ad:df:d7:c2:
         9a:13:63:38:84:5a:5d:76:40:24:80:2e:be:61:a1:4b:34:50:
         28:d4:92:aa:c5:08:25:64:5f:58:40:0f:8d:0e:7e:60:3e:de:
         cf:a4:42:c0:fa:0d:15:50:96:f5:f1:e3:9d:60:18:f0:28:24:
         07:71:f7:42:ac:9c:15:45:bb:77:a0:ec:16:08:07:a4:1b:df:
         0d:25:5d:9b
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZP4l2wJd2Lbx9f3vq36IKYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjQxMjI0MTIxNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWEwMGM5YjQwYWYzYjA4OTA5MDNlOGRkMzdmYWUxYjMxYzczNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroBVe3kQ4ohcOtUylOY10MJAqDxt
r3Q0g0JNdCWsZCIDu4PJW1N0fQjIFJ8Nsf7oZl0BBdn9MjrLG9+IA9dTdxF6OwxT
mbMJgFHgrYIikauID9RsCHhAyM+Elau51igsByiqSKooe2rSAhZKFkNRdzrXPtfo
nENKMrAOZXDD+5uVpKhISk93sbXTRQLLBIwhbuewWlU+QLjwmGAbj6usEICiGp38
Ued5mTvfpKYMcsV6OOgKQWutY9OSGJAzkC0i3plwANT7pavjXt3yw322T/JfCS6B
9fgeGrDzmvJ9EzKGc4MFR1KUtBB+KHctmmgSO9AJIHvkrvfNYV0UXtlfHwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFH6gDJtArzsIkJA+jdN/rhsxxzWNMB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvZnFBTW0wQ3ZPd2lRa0Q2TjAzLXVHekhITlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqMAwDBAElj6ID
BAMlj6AwDAMEASWPqgMEASWPrDAMAwQAwSCNAwQEwSCAMA0EAgACMAcDBQAqA4+E
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ4cShc/CCH4IsZ6F0wwW0Kmo9XNptCsuG1u9+
mL5o4ZwAIJClmaTuM1pE0l978sJ7eaKOcUXjDRvusvZ8oJ7HwsoJGvnVVXkcApF8
0T01Mx63yzs5OuApVamE772iGqoQDC0nasboAvcJAQvRnx3sNamMfq26LXSlv45v
GGtI2hRk2FIACg0CCbXSeMCTFcO6esDbyWfRUpC/vQ1zQ89ng1QSMzGcGNZN9Te+
MZzSKa3f18KaE2M4hFpddkAkgC6+YaFLNFAo1JKqxQglZF9YQA+NDn5gPt7PpELA
+g0VUJb18eOdYBjwKCQHcfdCrJwVRbt3oOwWCAekG98NJV2b
-----END CERTIFICATE-----