Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/aaFzyir6TcBKITpHsttxrLtpmWU.roa
File:                     aaFzyir6TcBKITpHsttxrLtpmWU.roa (raw, json)
Hash identifier:          kLS1My9qgF97BjklRoMsYOcps4P9x0UTf6SXdKbOv2w=
Subject key identifier:   69:A1:73:CA:2A:FA:4D:C0:4A:21:3A:47:B2:DB:71:AC:BB:69:99:65
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0193B9ABED7C24E70AC254A8FB9C21FA66D0
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/aaFzyir6TcBKITpHsttxrLtpmWU.roa
Signing time:             Thu 12 Dec 2024 07:01:12 +0000
ROA not before:           Thu 12 Dec 2024 07:01:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216050
IP address blocks:        37.49.146.0/24 maxlen: 24
                          37.49.149.0/24 maxlen: 24
                          94.74.140.0/24 maxlen: 24
                          109.203.160.0/24 maxlen: 24
                          109.203.162.0/24 maxlen: 24
                          109.203.164.0/24 maxlen: 24
                          109.203.165.0/24 maxlen: 24
                          109.203.167.0/24 maxlen: 24
                          176.46.128.0/24 maxlen: 24
                          176.46.131.0/24 maxlen: 24
                          185.34.160.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 11:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b9:ab:ed:7c:24:e7:0a:c2:54:a8:fb:9c:21:fa:66:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Dec 12 07:01:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69a173ca2afa4dc04a213a47b2db71acbb699965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:9c:75:54:82:b9:4c:66:9b:f1:83:2a:48:16:
                    7e:ec:be:4b:cc:11:4c:51:29:a1:45:b1:d6:4a:a3:
                    79:ac:5e:9a:6a:f6:a5:ab:c5:83:47:cc:84:8a:ec:
                    d1:81:2e:66:95:44:97:66:79:85:dc:43:b9:0e:b3:
                    fd:f6:71:11:ee:bd:b0:50:f8:6e:cd:ed:f1:33:65:
                    29:6d:34:fc:47:be:30:ca:79:97:89:eb:fe:0a:2b:
                    28:88:07:a8:6e:4f:f1:4e:00:1a:76:b2:e3:ff:bd:
                    d6:34:58:8c:ba:48:58:7a:1b:27:12:08:d3:a2:bc:
                    85:41:97:ef:39:85:ea:e3:50:78:56:3a:c9:ce:68:
                    4f:f9:a5:c1:f6:5b:41:7e:46:9a:75:33:7f:f6:56:
                    33:6a:69:cb:9a:ac:65:17:36:2d:f2:35:21:ea:59:
                    db:97:97:74:41:ca:75:ad:12:01:c8:17:25:10:c8:
                    7f:bb:cd:e0:a6:e7:7a:df:5c:5f:12:b8:5a:5c:99:
                    67:9e:54:16:d7:0e:6a:8a:ed:0a:7b:86:5b:3d:5d:
                    93:6f:1c:5d:78:84:ee:43:df:5e:3e:dd:80:fe:b8:
                    04:cb:8c:60:eb:12:24:c7:9b:04:a9:32:54:f0:fe:
                    63:42:bd:39:c1:ae:78:d5:7d:e2:54:9d:d2:a0:03:
                    8b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A1:73:CA:2A:FA:4D:C0:4A:21:3A:47:B2:DB:71:AC:BB:69:99:65
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/aaFzyir6TcBKITpHsttxrLtpmWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.146.0/24
                  37.49.149.0/24
                  94.74.140.0/24
                  109.203.160.0/24
                  109.203.162.0/24
                  109.203.164.0/23
                  109.203.167.0/24
                  176.46.128.0/24
                  176.46.131.0/24
                  185.34.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:75:07:eb:f1:71:6c:dd:aa:5c:b4:c9:2f:45:52:2e:47:b9:
         22:bd:95:c2:2b:b3:93:b4:b5:b1:b3:a3:da:b1:c6:59:96:8d:
         59:56:f9:bb:fc:07:6c:84:f2:59:72:06:54:3c:48:5a:2e:3d:
         98:8f:35:0a:9a:54:22:d0:00:1b:75:82:e3:26:85:63:4e:2c:
         ff:3b:ec:71:6b:60:d0:cd:17:19:61:e5:2a:5d:b1:cb:9f:16:
         5b:df:f1:7a:5f:aa:a2:01:ff:b7:4f:e0:89:09:d3:ee:50:d6:
         cb:d6:43:9f:1d:d1:11:06:33:59:79:f6:48:f8:f0:24:1c:68:
         4d:b5:52:02:b6:61:8d:5a:59:9b:f9:b8:c7:7b:62:d4:74:a9:
         95:b1:f1:38:ad:b9:ce:18:2d:24:88:ce:0b:aa:95:9a:e2:b4:
         b9:e6:f6:7e:c8:4b:a0:66:00:75:14:a1:a9:13:5b:48:84:2f:
         71:47:1d:f3:0c:0c:4f:54:66:70:28:54:76:e5:ef:61:42:32:
         cd:72:45:d3:15:59:a6:47:e5:28:c9:34:d1:e4:1a:cf:70:e4:
         df:a6:7b:e3:22:8f:08:cf:08:08:d2:dd:1c:c3:6e:86:52:7d:
         ee:d1:ca:4b:38:a1:d8:0a:1f:03:f1:82:5a:8b:c5:6b:fe:59:
         6f:75:1c:7a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZO5q+18JOcKwlSo+5wh+mbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQxMjEyMDcwMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWExNzNjYTJhZmE0ZGMwNGEyMTNhNDdiMmRiNzFhY2JiNjk5OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95x1VIK5TGab8YMqSBZ+7L5LzBFM
USmhRbHWSqN5rF6aavalq8WDR8yEiuzRgS5mlUSXZnmF3EO5DrP99nER7r2wUPhu
ze3xM2UpbTT8R74wynmXiev+CisoiAeobk/xTgAadrLj/73WNFiMukhYehsnEgjT
oryFQZfvOYXq41B4VjrJzmhP+aXB9ltBfkaadTN/9lYzamnLmqxlFzYt8jUh6lnb
l5d0Qcp1rRIByBclEMh/u83gpud631xfErhaXJlnnlQW1w5qiu0Ke4ZbPV2Tbxxd
eITuQ99ePt2A/rgEy4xg6xIkx5sEqTJU8P5jQr05wa541X3iVJ3SoAOLzwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGmhc8oq+k3ASiE6R7Lbcay7aZllMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvYWFGenlpcjZUY0JLSVRwSHN0dHhyTHRwbVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAJTGSAwQA
JTGVAwQAXkqMAwQAbcugAwQAbcuiAwQBbcukAwQAbcunAwQAsC6AAwQAsC6DAwQC
uSKgMA0GCSqGSIb3DQEBCwUAA4IBAQADdQfr8XFs3apctMkvRVIuR7kivZXCK7OT
tLWxs6PascZZlo1ZVvm7/AdshPJZcgZUPEhaLj2YjzUKmlQi0AAbdYLjJoVjTiz/
O+xxa2DQzRcZYeUqXbHLnxZb3/F6X6qiAf+3T+CJCdPuUNbL1kOfHdERBjNZefZI
+PAkHGhNtVICtmGNWlmb+bjHe2LUdKmVsfE4rbnOGC0kiM4LqpWa4rS55vZ+yEug
ZgB1FKGpE1tIhC9xRx3zDAxPVGZwKFR25e9hQjLNckXTFVmmR+UoyTTR5BrPcOTf
pnvjIo8IzwgI0t0cw26GUn3u0cpLOKHYCh8D8YJai8Vr/llvdRx6
-----END CERTIFICATE-----