Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/PeKXsd17j6ZHF1MzMo1FWaHLN3o.roa
File:                     PeKXsd17j6ZHF1MzMo1FWaHLN3o.roa (raw, json)
Hash identifier:          BJDiM7CNKARiJ2maeWwfEfviYYx+l46D5svz9L4EK/4=
Subject key identifier:   3D:E2:97:B1:DD:7B:8F:A6:47:17:53:33:32:8D:45:59:A1:CB:37:7A
Certificate issuer:       /CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
Certificate serial:       01934569ECC497252191E264FC5222BA31BE
Authority key identifier: C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/PeKXsd17j6ZHF1MzMo1FWaHLN3o.roa
Signing time:             Tue 19 Nov 2024 17:13:10 +0000
ROA not before:           Tue 19 Nov 2024 17:13:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49468
IP address blocks:        2.57.123.0/24 maxlen: 24
                          45.13.36.0/24 maxlen: 24
                          45.13.214.0/24 maxlen: 24
                          45.13.215.0/24 maxlen: 24
                          45.129.12.0/24 maxlen: 24
                          45.134.49.0/24 maxlen: 24
                          45.134.50.0/24 maxlen: 24
                          45.148.8.0/24 maxlen: 24
                          193.29.12.0/24 maxlen: 24
                          193.32.160.0/24 maxlen: 24
                          193.32.161.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 28 Nov 2024 22:55:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:69:ec:c4:97:25:21:91:e2:64:fc:52:22:ba:31:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
        Validity
            Not Before: Nov 19 17:13:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3de297b1dd7b8fa647175333328d4559a1cb377a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:86:1b:62:9f:92:fa:43:da:48:af:f5:85:7e:
                    b2:ca:5a:aa:c9:23:28:aa:b6:87:be:89:d8:de:69:
                    45:e2:ef:ab:70:15:68:00:b1:83:eb:1f:9b:f1:e6:
                    c5:b6:68:c5:91:08:94:49:ef:ba:56:60:3a:c8:cd:
                    dc:3d:d5:cf:cc:1b:53:87:be:0c:75:f2:20:85:b7:
                    67:85:77:64:e8:f9:f8:70:28:5c:29:f6:81:f2:a0:
                    30:65:fb:73:be:5d:14:09:88:99:cd:47:b5:8f:2b:
                    48:5c:d5:e3:e5:8d:17:32:0a:f4:d8:0c:dd:c6:5c:
                    4d:8c:31:ba:04:6f:b4:b9:a6:8c:b8:be:93:2d:53:
                    f3:ab:47:d2:c2:b9:e5:39:0a:1c:92:6f:c7:d4:56:
                    4b:82:50:f5:cc:b5:a0:0a:6c:75:a0:4d:ed:13:4f:
                    e9:60:b9:11:25:0a:11:84:85:67:88:ed:9a:7b:33:
                    a2:dd:76:2f:f0:05:dd:0d:6e:05:aa:bb:62:9a:07:
                    38:5e:61:08:d5:bf:1b:f2:57:be:ac:ff:dd:78:af:
                    d7:69:b7:f2:da:f0:ec:ae:48:39:de:cb:74:9f:74:
                    c6:d1:9b:85:fb:36:3b:38:60:31:b5:a1:9f:82:e9:
                    b2:5b:3d:c0:cb:aa:ca:41:06:d7:42:20:2f:fe:ea:
                    52:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E2:97:B1:DD:7B:8F:A6:47:17:53:33:32:8D:45:59:A1:CB:37:7A
            X509v3 Authority Key Identifier:
                keyid:C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/PeKXsd17j6ZHF1MzMo1FWaHLN3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.123.0/24
                  45.13.36.0/24
                  45.13.214.0/23
                  45.129.12.0/24
                  45.134.49.0-45.134.50.255
                  45.148.8.0/24
                  193.29.12.0/24
                  193.32.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:fc:40:10:35:57:68:83:7c:58:68:e1:bd:72:3b:40:53:91:
         d5:f1:2d:8c:b1:d7:da:55:a5:2c:4c:84:92:9a:cb:d0:57:e8:
         b0:e6:43:d9:32:31:46:61:6f:97:21:79:d4:a7:94:2e:6d:bb:
         52:f9:00:70:9f:3c:09:c3:b3:b2:58:0a:60:58:8a:88:d1:ab:
         b3:4d:1b:8a:fc:74:f5:ba:84:c0:d1:c5:e7:f2:c9:be:5e:8c:
         26:ff:ab:3a:21:af:0a:18:ec:a5:cc:4e:68:90:26:10:ca:0f:
         5e:54:ca:2a:ec:57:d1:d2:82:85:d9:4c:1b:65:d2:62:7b:47:
         f6:30:0f:49:1d:6c:82:80:b2:35:8c:06:77:f2:b8:a6:90:7c:
         7e:14:a0:43:72:f0:3e:5e:40:df:3a:cc:48:5e:04:aa:64:c6:
         a3:ec:36:4e:c8:f9:77:ff:84:f8:ff:fc:98:d7:c7:d5:3e:6a:
         de:2e:b8:66:ca:af:c9:70:2d:bd:88:77:ff:46:18:b9:dc:0d:
         17:2c:a0:17:b4:96:ee:f0:a6:12:0b:80:6b:78:dc:43:c5:9f:
         0e:e3:35:69:e1:63:0f:58:bd:ea:82:74:3b:64:7d:96:d2:65:
         f8:12:44:64:53:8a:53:24:a3:5f:29:db:45:e6:0c:21:13:ed:
         d7:f6:e4:1e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZNFaezElyUhkeJk/FIiujG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYzEyYjUyN2E1ZDFmOGI4YmNmMjMwZWI2MTFmNTJmMTFk
NTJiYmYwHhcNMjQxMTE5MTcxMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUyOTdiMWRkN2I4ZmE2NDcxNzUzMzMzMjhkNDU1OWExY2IzNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24YbYp+S+kPaSK/1hX6yylqqySMo
qraHvonY3mlF4u+rcBVoALGD6x+b8ebFtmjFkQiUSe+6VmA6yM3cPdXPzBtTh74M
dfIghbdnhXdk6Pn4cChcKfaB8qAwZftzvl0UCYiZzUe1jytIXNXj5Y0XMgr02Azd
xlxNjDG6BG+0uaaMuL6TLVPzq0fSwrnlOQockm/H1FZLglD1zLWgCmx1oE3tE0/p
YLkRJQoRhIVniO2aezOi3XYv8AXdDW4Fqrtimgc4XmEI1b8b8le+rP/deK/Xabfy
2vDsrkg53st0n3TG0ZuF+zY7OGAxtaGfgumyWz3Ay6rKQQbXQiAv/upSywIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFD3il7Hde4+mRxdTMzKNRVmhyzd6MB8GA1UdIwQY
MBaAFMLBK1J6XR+Li88jDrYR9S8R1Su/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMt
NDZlZTU3OGEwYmZlLzEvUGVLWHNkMTdqNlpIRjFNek1vMUZXYUhMTjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMtNDZlZTU3OGEwYmZl
LzEvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAAjl7AwQA
LQ0kAwQBLQ3WAwQALYEMMAwDBAAthjEDBAAthjIDBAAtlAgDBADBHQwDBAHBIKAw
DQYJKoZIhvcNAQELBQADggEBAHn8QBA1V2iDfFho4b1yO0BTkdXxLYyx19pVpSxM
hJKay9BX6LDmQ9kyMUZhb5chedSnlC5tu1L5AHCfPAnDs7JYCmBYiojRq7NNG4r8
dPW6hMDRxefyyb5ejCb/qzohrwoY7KXMTmiQJhDKD15UyirsV9HSgoXZTBtl0mJ7
R/YwD0kdbIKAsjWMBnfyuKaQfH4UoENy8D5eQN86zEheBKpkxqPsNk7I+Xf/hPj/
/JjXx9U+at4uuGbKr8lwLb2Id/9GGLncDRcsoBe0lu7wphILgGt43EPFnw7jNWnh
Yw9YveqCdDtkfZbSZfgSRGRTilMko18p20XmDCET7df25B4=
-----END CERTIFICATE-----