Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/laxmDoZvPBdpZ1GNzOLODpBGyYE.roa
File:                     laxmDoZvPBdpZ1GNzOLODpBGyYE.roa (raw, json)
Hash identifier:          xQt0dqPw/nahYuGh5lH9nB9s2RYkm0pQSHJ+1w7VWWk=
Subject key identifier:   95:AC:66:0E:86:6F:3C:17:69:67:51:8D:CC:E2:CE:0E:90:46:C9:81
Certificate issuer:       /CN=8e36117135f6b86d0a9e1fa67e04baf5bcd86169
Certificate serial:       018CC4246928CF2584B27DA33E25BED71398
Authority key identifier: 8E:36:11:71:35:F6:B8:6D:0A:9E:1F:A6:7E:04:BA:F5:BC:D8:61:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjYRcTX2uG0Knh-mfgS69bzYYWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/laxmDoZvPBdpZ1GNzOLODpBGyYE.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200064
IP address blocks:        92.118.252.0/22 maxlen: 24
                          79.98.216.0/21 maxlen: 24
                          185.28.140.0/22 maxlen: 24
                          92.118.172.0/22 maxlen: 22
                          92.118.172.0/24 maxlen: 24
                          92.118.174.0/24 maxlen: 24
                          92.118.173.0/24 maxlen: 24
                          92.118.175.0/24 maxlen: 24
                          45.156.40.0/22 maxlen: 24
                          139.28.56.0/22 maxlen: 24
                          141.105.96.0/20 maxlen: 24
                          2a02:2f80::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:69:28:cf:25:84:b2:7d:a3:3e:25:be:d7:13:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e36117135f6b86d0a9e1fa67e04baf5bcd86169
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95ac660e866f3c176967518dcce2ce0e9046c981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1a:39:d1:bb:cf:57:47:95:af:58:46:dc:8e:
                    d1:29:5e:bc:5f:25:3c:ed:1d:c1:25:e6:f0:1b:bb:
                    c4:e7:b1:ff:6a:19:9c:d9:98:df:79:72:1f:14:66:
                    b8:c1:f8:e8:c0:25:83:ab:48:05:61:25:c4:2c:f7:
                    c7:8f:ef:72:58:05:a8:1d:d2:b4:4c:2a:78:f4:a7:
                    34:96:8a:05:dc:0c:65:4a:31:ed:25:15:a5:5c:2f:
                    40:cc:a8:6a:5c:ab:e1:ef:7a:9c:8c:db:1a:45:f0:
                    08:7f:32:4c:63:a2:30:4e:75:ab:96:94:be:8e:f8:
                    fa:11:12:88:30:78:93:46:27:6c:db:7d:72:24:f7:
                    17:09:4c:79:25:8b:a1:a0:e2:96:c5:14:f0:ff:c8:
                    a1:de:bb:c7:20:b6:d2:de:4c:06:d4:18:9e:61:2a:
                    a1:5b:3c:a6:e8:01:0b:fb:f6:bf:41:cf:02:1b:cc:
                    06:6f:ef:de:7b:1f:d7:cc:99:82:d2:8a:5e:88:64:
                    8f:02:bc:22:ea:1f:5e:1c:ff:67:99:c8:15:39:df:
                    56:4c:46:23:dd:f5:5e:8b:87:1c:4f:fb:65:3c:8d:
                    e1:51:3e:5a:50:ea:26:05:0b:57:88:91:b4:c5:16:
                    75:5c:7d:fa:6c:b6:1d:9c:73:18:ef:13:27:ec:31:
                    78:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:AC:66:0E:86:6F:3C:17:69:67:51:8D:CC:E2:CE:0E:90:46:C9:81
            X509v3 Authority Key Identifier:
                keyid:8E:36:11:71:35:F6:B8:6D:0A:9E:1F:A6:7E:04:BA:F5:BC:D8:61:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjYRcTX2uG0Knh-mfgS69bzYYWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/laxmDoZvPBdpZ1GNzOLODpBGyYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/jjYRcTX2uG0Knh-mfgS69bzYYWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.40.0/22
                  79.98.216.0/21
                  92.118.172.0/22
                  92.118.252.0/22
                  139.28.56.0/22
                  141.105.96.0/20
                  185.28.140.0/22
                IPv6:
                  2a02:2f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:d9:43:ed:72:c2:e8:ef:d9:de:37:f8:8f:14:14:98:42:21:
         e0:97:a2:00:92:6d:74:98:96:df:65:3f:93:d9:4b:82:cf:e8:
         76:cb:76:f0:bd:b7:e2:e3:8e:84:9d:95:c8:33:eb:38:ea:7f:
         66:c5:c1:4a:f0:b0:f8:c8:fe:2d:fd:96:8c:ea:17:8c:eb:fe:
         05:0e:e8:dd:bb:6b:4d:79:84:0a:1c:f3:60:f8:2c:a1:ac:a3:
         1b:b3:11:c7:89:86:37:5e:df:b1:0a:4f:9c:3c:3f:58:f0:f9:
         6d:07:73:db:67:4b:05:8a:42:22:2d:b3:e0:49:7e:84:7a:05:
         cb:6e:18:a3:0f:07:59:60:bd:48:d0:ad:18:1f:16:06:f3:a6:
         bb:81:0c:3a:fb:26:f4:34:dc:be:e2:4c:fd:f0:63:0a:d0:9d:
         d7:7b:a3:bb:8b:15:2a:90:e2:73:4c:aa:bb:97:2e:ac:34:23:
         d7:93:90:06:2f:98:c9:81:2b:68:4e:e8:21:45:30:e8:05:69:
         56:2f:52:a0:ec:23:df:09:68:0f:09:f1:64:88:c4:85:8b:13:
         b0:04:2a:e3:95:d9:bb:da:67:98:09:dc:76:77:21:a3:8b:97:
         3b:02:12:c6:28:46:fe:df:8a:b0:cd:35:85:f7:e5:91:b9:07:
         d7:e4:0d:8d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzEJGkozyWEsn2jPiW+1xOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMzYxMTcxMzVmNmI4NmQwYTllMWZhNjdlMDRiYWY1YmNk
ODYxNjkwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWFjNjYwZTg2NmYzYzE3Njk2NzUxOGRjY2UyY2UwZTkwNDZjOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxo50bvPV0eVr1hG3I7RKV68XyU8
7R3BJebwG7vE57H/ahmc2ZjfeXIfFGa4wfjowCWDq0gFYSXELPfHj+9yWAWoHdK0
TCp49Kc0looF3AxlSjHtJRWlXC9AzKhqXKvh73qcjNsaRfAIfzJMY6IwTnWrlpS+
jvj6ERKIMHiTRids231yJPcXCUx5JYuhoOKWxRTw/8ih3rvHILbS3kwG1BieYSqh
Wzym6AEL+/a/Qc8CG8wGb+/eex/XzJmC0opeiGSPArwi6h9eHP9nmcgVOd9WTEYj
3fVei4ccT/tlPI3hUT5aUOomBQtXiJG0xRZ1XH36bLYdnHMY7xMn7DF4qQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJWsZg6GbzwXaWdRjczizg6QRsmBMB8GA1UdIwQY
MBaAFI42EXE19rhtCp4fpn4EuvW82GFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvampZUmNUWDJ1RzBLbmgtbWZnUzY5YnpZWVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lZGI0ZDMtMzNjOC00NWRjLWE0MGUt
Yzg1YjYwZmQ4YzhiLzEvbGF4bURvWnZQQmRwWjFHTnpPTE9EcEJHeVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lZGI0ZDMtMzNjOC00NWRjLWE0MGUtYzg1YjYwZmQ4Yzhi
LzEvampZUmNUWDJ1RzBLbmgtbWZnUzY5YnpZWVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLZwoAwQD
T2LYAwQCXHasAwQCXHb8AwQCixw4AwQEjWlgAwQCuRyMMA0EAgACMAcDBQMqAi+A
MA0GCSqGSIb3DQEBCwUAA4IBAQBD2UPtcsLo79neN/iPFBSYQiHgl6IAkm10mJbf
ZT+T2UuCz+h2y3bwvbfi446EnZXIM+s46n9mxcFK8LD4yP4t/ZaM6heM6/4FDujd
u2tNeYQKHPNg+CyhrKMbsxHHiYY3Xt+xCk+cPD9Y8PltB3PbZ0sFikIiLbPgSX6E
egXLbhijDwdZYL1I0K0YHxYG86a7gQw6+yb0NNy+4kz98GMK0J3Xe6O7ixUqkOJz
TKq7ly6sNCPXk5AGL5jJgStoTughRTDoBWlWL1Kg7CPfCWgPCfFkiMSFixOwBCrj
ldm72meYCdx2dyGji5c7AhLGKEb+34qwzTWF9+WRuQfX5A2N
-----END CERTIFICATE-----