Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oaa22Nd2it2sj_jAe6NsBo6kwfY.roa
File:                     oaa22Nd2it2sj_jAe6NsBo6kwfY.roa (raw, json)
Hash identifier:          HFxdEFmNbYiUfl7PuN2fCVZ0CI5miCaz173ITZgb3QU=
Subject key identifier:   A1:A6:B6:D8:D7:76:8A:DD:AC:8F:F8:C0:7B:A3:6C:06:8E:A4:C1:F6
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       018DC63F66482E656BDE686ECF57138DB14E
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oaa22Nd2it2sj_jAe6NsBo6kwfY.roa
Signing time:             Tue 20 Feb 2024 11:21:00 +0000
ROA not before:           Tue 20 Feb 2024 11:21:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29180
IP address blocks:        82.132.128.0/22 maxlen: 24
                          82.132.132.0/22 maxlen: 24
                          82.132.136.0/23 maxlen: 24
                          82.132.140.0/23 maxlen: 24
                          82.132.142.0/23 maxlen: 24
                          82.132.144.0/21 maxlen: 24
                          82.132.152.0/21 maxlen: 24
                          82.132.178.0/23 maxlen: 24
                          82.132.188.0/23 maxlen: 24
                          82.132.190.0/23 maxlen: 24
                          185.238.16.0/23 maxlen: 24
                          185.238.18.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 16:33:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:3f:66:48:2e:65:6b:de:68:6e:cf:57:13:8d:b1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Feb 20 11:21:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1a6b6d8d7768addac8ff8c07ba36c068ea4c1f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:60:cf:a5:ec:95:c2:0f:74:b3:2a:8c:87:52:
                    4e:d3:89:7e:d1:6e:7e:d2:47:6a:ad:b9:23:91:0f:
                    1f:b0:9c:6c:12:87:18:2b:4f:d9:71:9c:39:9e:12:
                    c2:01:d9:de:21:57:7d:63:c3:c1:1c:33:ac:28:44:
                    36:38:e6:f2:5b:79:a7:59:46:77:80:2c:94:c2:43:
                    fa:d3:6c:fc:1f:ed:c5:c2:22:84:d3:fa:b6:ae:70:
                    cb:a6:67:eb:df:de:84:44:38:00:15:d4:dd:06:9b:
                    c6:51:b9:33:d3:c3:32:da:74:b3:1d:cd:97:1e:70:
                    33:0a:de:59:fb:4b:3f:1b:99:e4:62:da:8d:f0:36:
                    62:f1:0b:ca:61:5e:da:e2:05:fa:09:38:df:a7:25:
                    63:b4:2e:66:6a:4c:89:44:0a:d5:dd:9d:67:96:4e:
                    11:e4:75:48:78:17:70:69:6d:99:38:56:35:5e:0f:
                    46:64:2c:cf:23:6a:7b:97:43:0b:5f:fb:11:d4:08:
                    d0:99:af:f4:36:d6:b2:8e:29:44:74:65:88:bc:09:
                    52:4e:70:f5:30:fa:76:98:5a:5c:e2:3e:b2:61:e9:
                    a0:46:5b:37:8c:e5:c9:01:7f:b7:a3:35:f9:5e:60:
                    d9:bd:38:12:03:b0:8d:33:8f:a7:c2:d5:d8:97:7d:
                    cc:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:A6:B6:D8:D7:76:8A:DD:AC:8F:F8:C0:7B:A3:6C:06:8E:A4:C1:F6
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/oaa22Nd2it2sj_jAe6NsBo6kwfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.128.0-82.132.137.255
                  82.132.140.0-82.132.159.255
                  82.132.178.0/23
                  82.132.188.0/22
                  185.238.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:ab:c5:4c:91:4b:0d:b2:b3:34:2a:f3:e3:d9:30:21:7a:c2:
         0b:3f:c0:4b:1f:dd:4e:14:e8:a1:d7:9f:3a:16:d3:92:51:c1:
         a1:13:36:82:0d:3c:e9:c2:f2:20:ea:02:33:4d:b1:1e:0d:ab:
         b9:fd:7b:ee:8c:70:47:f8:fb:72:b5:4c:3a:6c:34:52:4c:82:
         19:74:fa:93:6f:78:54:37:33:f2:45:8e:2f:4b:85:be:73:d6:
         56:d5:e5:86:4f:b2:75:7d:55:f5:04:f2:d8:76:e0:90:b5:9d:
         a5:4b:0d:4d:8d:88:53:fc:e1:d4:b5:63:3a:2e:19:7c:19:f3:
         1d:cf:52:17:06:30:6b:4a:f3:d0:90:38:90:ac:ca:46:87:97:
         df:64:81:98:8e:cb:11:08:d6:55:86:b8:b4:4e:d9:0f:31:ad:
         d2:21:34:26:f7:c5:9b:b7:07:ae:ea:1e:16:e7:c2:63:56:78:
         28:12:35:f0:21:ca:f7:af:19:88:c2:d0:54:e5:83:a5:f5:ea:
         23:67:d2:82:fd:c2:a6:6f:0f:c0:0d:13:24:ed:04:d3:24:d6:
         77:22:db:f1:da:d6:d1:be:14:a9:2b:bd:2d:6c:c1:09:cb:35:
         f8:a7:5a:59:a3:8d:c5:54:68:cf:cc:09:1a:12:e2:81:0b:40:
         85:f4:fa:c2
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY3GP2ZILmVr3mhuz1cTjbFOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjQwMjIwMTEyMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE2YjZkOGQ3NzY4YWRkYWM4ZmY4YzA3YmEzNmMwNjhlYTRjMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmDPpeyVwg90syqMh1JO04l+0W5+
0kdqrbkjkQ8fsJxsEocYK0/ZcZw5nhLCAdneIVd9Y8PBHDOsKEQ2OObyW3mnWUZ3
gCyUwkP602z8H+3FwiKE0/q2rnDLpmfr396ERDgAFdTdBpvGUbkz08My2nSzHc2X
HnAzCt5Z+0s/G5nkYtqN8DZi8QvKYV7a4gX6CTjfpyVjtC5makyJRArV3Z1nlk4R
5HVIeBdwaW2ZOFY1Xg9GZCzPI2p7l0MLX/sR1AjQma/0NtayjilEdGWIvAlSTnD1
MPp2mFpc4j6yYemgRls3jOXJAX+3ozX5XmDZvTgSA7CNM4+nwtXYl33MVQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKGmttjXdordrI/4wHujbAaOpMH2MB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvb2FhMjJOZDJpdDJzal9qQWU2TnNCbzZrd2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAdShIAD
BAFShIgwDAMEAlKEjAMEBVKEgAMEAVKEsgMEAlKEvAMEArnuEDANBgkqhkiG9w0B
AQsFAAOCAQEAIqvFTJFLDbKzNCrz49kwIXrCCz/ASx/dThToodefOhbTklHBoRM2
gg086cLyIOoCM02xHg2ruf177oxwR/j7crVMOmw0UkyCGXT6k294VDcz8kWOL0uF
vnPWVtXlhk+ydX1V9QTy2HbgkLWdpUsNTY2IU/zh1LVjOi4ZfBnzHc9SFwYwa0rz
0JA4kKzKRoeX32SBmI7LEQjWVYa4tE7ZDzGt0iE0JvfFm7cHruoeFufCY1Z4KBI1
8CHK968ZiMLQVOWDpfXqI2fSgv3Cpm8PwA0TJO0E0yTWdyLb8drW0b4UqSu9LWzB
Ccs1+KdaWaONxVRoz8wJGhLigQtAhfT6wg==
-----END CERTIFICATE-----