Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/dmkq9CPEjyItANEhY7T6cJaz-_I.roa
File:                     dmkq9CPEjyItANEhY7T6cJaz-_I.roa (raw, json)
Hash identifier:          hytt1pHrwW3BeZol5gd0WcTz8a6IHsbP/eNXKB+XTLc=
Subject key identifier:   76:69:2A:F4:23:C4:8F:22:2D:00:D1:21:63:B4:FA:70:96:B3:FB:F2
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       0190B6CB97E1835E18F4CD09FC81997517F1
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/dmkq9CPEjyItANEhY7T6cJaz-_I.roa
Signing time:             Mon 15 Jul 2024 14:28:34 +0000
ROA not before:           Mon 15 Jul 2024 14:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205960
IP address blocks:        2.59.153.0/24 maxlen: 24
                          2.59.154.0/24 maxlen: 24
                          45.91.225.0/24 maxlen: 24
                          91.204.224.0/24 maxlen: 24
                          91.204.225.0/24 maxlen: 24
                          91.204.226.0/24 maxlen: 24
                          91.204.227.0/24 maxlen: 24
                          185.202.101.0/24 maxlen: 24
                          185.202.103.0/24 maxlen: 24
                          193.239.151.0/24 maxlen: 24
                          194.126.215.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:52:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b6:cb:97:e1:83:5e:18:f4:cd:09:fc:81:99:75:17:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jul 15 14:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76692af423c48f222d00d12163b4fa7096b3fbf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0d:ec:3b:c5:e4:4a:e5:85:dd:da:7d:9d:ed:
                    31:86:f3:81:2b:75:4b:91:7c:de:c5:07:2d:48:60:
                    af:50:ed:ef:c3:f3:e7:5f:34:5d:f4:9c:c9:ae:26:
                    fe:15:c1:7c:fa:78:96:f3:d0:7e:33:f2:05:f3:91:
                    9c:48:93:6a:64:f3:09:46:be:a1:65:a3:e7:20:c8:
                    76:4f:22:e8:d3:e7:00:99:7f:71:d1:b0:e9:0a:59:
                    2e:e4:93:5d:66:64:e8:79:d8:e1:10:1d:2d:ac:c3:
                    1b:61:f7:a9:f3:72:61:17:eb:88:e2:bc:e7:3c:d2:
                    79:c9:51:1c:72:6b:df:ae:70:ce:7b:5c:2d:c1:98:
                    90:ff:1c:bf:cb:5a:95:99:08:b4:87:32:31:1f:b1:
                    80:6e:a9:38:32:ff:08:31:3b:47:38:a4:5c:63:22:
                    73:75:c8:ed:47:41:d0:87:a7:c8:08:9a:89:1f:7c:
                    01:46:a7:5d:47:01:d1:9c:f5:e5:19:6b:54:54:cb:
                    d3:d9:f5:05:ac:e3:01:2e:12:79:d7:d8:59:12:84:
                    16:eb:5e:3a:5d:7b:1e:c7:3e:e1:93:2d:6d:c2:12:
                    3f:7e:94:4b:36:21:45:59:78:32:a3:9c:c1:92:a2:
                    c5:fc:c5:17:55:e3:e8:4f:0f:9b:88:c9:c7:08:99:
                    a2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:69:2A:F4:23:C4:8F:22:2D:00:D1:21:63:B4:FA:70:96:B3:FB:F2
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/dmkq9CPEjyItANEhY7T6cJaz-_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.153.0-2.59.154.255
                  45.91.225.0/24
                  91.204.224.0/22
                  185.202.101.0/24
                  185.202.103.0/24
                  193.239.151.0/24
                  194.126.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:87:3f:da:c7:2c:59:60:02:88:d0:88:63:5e:9b:a4:72:14:
         32:df:d1:9c:5d:48:06:0b:fb:38:4d:33:cb:d4:3c:e5:06:99:
         56:19:f3:7d:03:71:cf:2e:70:e2:45:8e:f0:27:87:a2:d1:ee:
         20:a9:b7:f1:bb:ad:da:87:0c:e1:18:af:4e:9c:a8:f9:02:c8:
         81:bb:9b:1f:d6:af:d3:b5:3a:a8:e1:d1:ea:80:f9:d1:7c:88:
         df:6e:52:3f:28:2c:8f:e0:2d:9e:e2:9a:c5:5d:ec:e3:b2:a9:
         f0:8a:25:61:4e:90:f0:2f:93:8c:09:9d:f9:d6:10:ca:c6:de:
         0a:d0:30:5d:45:f7:ef:6e:68:ab:0e:e5:dd:ee:fc:a7:6d:c9:
         f3:65:86:84:7e:4d:30:a8:6f:c9:49:55:94:2c:28:af:fb:e3:
         df:9c:55:74:b9:1e:bb:15:51:86:f9:09:b3:39:50:8e:96:d1:
         2c:8f:4a:27:f9:7f:3e:27:81:88:0f:c6:eb:cd:d9:82:cc:97:
         b0:65:7d:47:a7:69:d4:29:92:07:37:2b:52:7f:f9:0d:83:d6:
         95:12:9d:72:3b:22:27:62:11:b2:07:72:94:cf:4e:33:43:00:
         68:13:e8:9a:46:fd:db:25:a2:6b:67:bf:c9:06:4e:55:be:5b:
         3d:98:59:cb
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZC2y5fhg14Y9M0J/IGZdRfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwNzE1MTQyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY5MmFmNDIzYzQ4ZjIyMmQwMGQxMjE2M2I0ZmE3MDk2YjNmYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4w3sO8XkSuWF3dp9ne0xhvOBK3VL
kXzexQctSGCvUO3vw/PnXzRd9JzJrib+FcF8+niW89B+M/IF85GcSJNqZPMJRr6h
ZaPnIMh2TyLo0+cAmX9x0bDpClku5JNdZmToedjhEB0trMMbYfep83JhF+uI4rzn
PNJ5yVEccmvfrnDOe1wtwZiQ/xy/y1qVmQi0hzIxH7GAbqk4Mv8IMTtHOKRcYyJz
dcjtR0HQh6fICJqJH3wBRqddRwHRnPXlGWtUVMvT2fUFrOMBLhJ519hZEoQW6146
XXsexz7hky1twhI/fpRLNiFFWXgyo5zBkqLF/MUXVePoTw+biMnHCJmiTQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHZpKvQjxI8iLQDRIWO0+nCWs/vyMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvZG1rcTlDUEVqeUl0QU5FaFk3VDZjSmF6LV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAACO5kD
BAACO5oDBAAtW+EDBAJbzOADBAC5ymUDBAC5ymcDBADB75cDBADCftcwDQYJKoZI
hvcNAQELBQADggEBABKHP9rHLFlgAojQiGNem6RyFDLf0ZxdSAYL+zhNM8vUPOUG
mVYZ830Dcc8ucOJFjvAnh6LR7iCpt/G7rdqHDOEYr06cqPkCyIG7mx/Wr9O1Oqjh
0eqA+dF8iN9uUj8oLI/gLZ7imsVd7OOyqfCKJWFOkPAvk4wJnfnWEMrG3grQMF1F
9+9uaKsO5d3u/KdtyfNlhoR+TTCob8lJVZQsKK/749+cVXS5HrsVUYb5CbM5UI6W
0SyPSif5fz4ngYgPxuvN2YLMl7BlfUenadQpkgc3K1J/+Q2D1pUSnXI7IidiEbIH
cpTPTjNDAGgT6JpG/dslomtnv8kGTlW+Wz2YWcs=
-----END CERTIFICATE-----