Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ClHPY6tZFVEmtzYVbNzspEChV0k.roa
File:                     ClHPY6tZFVEmtzYVbNzspEChV0k.roa (raw, json)
Hash identifier:          33SNedcBRG2rlJIPeVBDELn8t8kybYE9T9xHI4qKiAs=
Subject key identifier:   0A:51:CF:63:AB:59:15:51:26:B7:36:15:6C:DC:EC:A4:40:A1:57:49
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018FCB75381FCF530A454D631324A29ADFD7
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ClHPY6tZFVEmtzYVbNzspEChV0k.roa
Signing time:             Thu 30 May 2024 21:43:27 +0000
ROA not before:           Thu 30 May 2024 21:43:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 11 Jul 2024 10:20:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cb:75:38:1f:cf:53:0a:45:4d:63:13:24:a2:9a:df:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 30 21:43:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a51cf63ab59155126b736156cdceca440a15749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:99:fb:82:11:17:68:c5:24:83:fd:b9:fb:d8:
                    05:60:1a:7a:0e:e1:89:b7:77:74:82:23:75:b1:83:
                    fb:cc:9c:dd:2f:2a:7b:81:dc:78:9b:45:bd:9a:11:
                    4d:0a:2f:ae:77:77:bc:f4:e0:ba:38:8c:82:be:ab:
                    9c:c6:a7:48:29:6f:99:50:17:8d:60:9c:96:cb:9c:
                    18:23:c0:26:81:e8:ee:6c:17:75:f0:62:39:30:54:
                    0e:14:80:81:9c:08:1f:02:a6:45:c1:d1:f3:9c:f0:
                    6a:ae:a2:d5:c9:20:27:2a:a9:cc:d6:9a:a6:b2:12:
                    5b:f6:f8:4f:90:ce:6e:30:d5:2d:e5:a2:bc:13:35:
                    03:ca:1f:7f:86:82:c5:36:86:0f:91:89:08:80:61:
                    cb:b5:0f:71:84:d5:7e:9b:68:71:dd:f3:85:54:f5:
                    cd:6e:48:71:b8:1f:13:6d:4a:55:be:66:13:a7:32:
                    01:66:0c:0a:65:41:e8:da:0e:f4:50:ec:b1:63:01:
                    07:11:d3:7f:b6:ac:af:bd:2f:69:85:d1:e6:59:09:
                    44:fd:16:13:06:86:07:7f:21:6d:e3:8b:30:39:35:
                    e5:05:dd:45:83:bf:25:c8:93:80:95:7c:ac:3b:0b:
                    8a:c5:f5:d9:7f:2e:c2:00:2e:24:3f:b8:f7:34:eb:
                    68:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:51:CF:63:AB:59:15:51:26:B7:36:15:6C:DC:EC:A4:40:A1:57:49
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ClHPY6tZFVEmtzYVbNzspEChV0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:60::/44
                  2a0c:b641:540::/44
                  2a0c:b641:70f::/48
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:b7:2c:d2:8f:d9:9d:46:70:e3:d3:d2:41:17:f6:e9:3a:8c:
         36:b6:1d:9a:23:7a:16:b3:28:24:fd:78:4a:87:5e:87:4e:7d:
         21:f1:86:0f:ae:cd:25:d1:55:31:49:7c:9c:f2:de:bf:78:49:
         4c:33:17:c1:d9:29:5e:0a:04:11:62:34:fd:27:51:64:f0:1e:
         9e:e8:11:79:31:13:cb:b8:46:97:90:8d:66:1b:15:6b:60:47:
         58:bc:ef:49:ab:06:fa:94:d6:62:87:82:16:d1:1f:71:76:b1:
         80:2c:30:3c:af:0c:09:02:ab:0c:ef:1a:05:5c:24:23:24:3f:
         b0:f4:af:07:b6:54:a0:d4:5e:3b:16:87:94:7c:12:af:6a:03:
         01:30:1b:b0:d8:31:08:07:71:c4:e9:8b:0f:f6:83:4f:33:ea:
         a3:f6:54:99:fc:50:f1:53:9a:4d:db:00:92:fe:47:8d:f2:ec:
         ab:ce:34:af:5e:54:ad:de:d6:df:bc:42:d5:54:57:84:61:ec:
         1b:19:42:79:ef:d1:eb:ad:be:3b:05:6a:10:54:15:4c:43:cd:
         ce:e7:c3:ae:62:39:a7:22:73:ea:a5:fc:da:86:fa:92:1f:b9:
         b9:6c:dd:42:e6:c1:d1:9c:00:9e:c7:13:7f:ab:12:ab:f3:46:
         f2:5e:78:eb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY/LdTgfz1MKRU1jEySimt/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNTMwMjE0MzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTUxY2Y2M2FiNTkxNTUxMjZiNzM2MTU2Y2RjZWNhNDQwYTE1NzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZn7ghEXaMUkg/25+9gFYBp6DuGJ
t3d0giN1sYP7zJzdLyp7gdx4m0W9mhFNCi+ud3e89OC6OIyCvqucxqdIKW+ZUBeN
YJyWy5wYI8AmgejubBd18GI5MFQOFICBnAgfAqZFwdHznPBqrqLVySAnKqnM1pqm
shJb9vhPkM5uMNUt5aK8EzUDyh9/hoLFNoYPkYkIgGHLtQ9xhNV+m2hx3fOFVPXN
bkhxuB8TbUpVvmYTpzIBZgwKZUHo2g70UOyxYwEHEdN/tqyvvS9phdHmWQlE/RYT
BoYHfyFt44swOTXlBd1Fg78lyJOAlXysOwuKxfXZfy7CAC4kP7j3NOtokwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFApRz2OrWRVRJrc2FWzc7KRAoVdJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQ2xIUFk2dFpGVkVtdHpZVmJOenNwRUNoVjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAYBAIAATASAwQALZphAwQA
PgMyAwQBwhxiMDoEAgACMDQwEAMFBioMtkADBwUqDLZBAAADBwQqDLZBAGADBwQq
DLZBBUADBwAqDLZBBw8DBQAqD4QAMA0GCSqGSIb3DQEBCwUAA4IBAQAItyzSj9md
RnDj09JBF/bpOow2th2aI3oWsygk/XhKh16HTn0h8YYPrs0l0VUxSXyc8t6/eElM
MxfB2SleCgQRYjT9J1Fk8B6e6BF5MRPLuEaXkI1mGxVrYEdYvO9Jqwb6lNZih4IW
0R9xdrGALDA8rwwJAqsM7xoFXCQjJD+w9K8HtlSg1F47FoeUfBKvagMBMBuw2DEI
B3HE6YsP9oNPM+qj9lSZ/FDxU5pN2wCS/keN8uyrzjSvXlSt3tbfvELVVFeEYewb
GUJ579Hrrb47BWoQVBVMQ83O58OuYjmnInPqpfzahvqSH7m5bN1C5sHRnACexxN/
qxKr80byXnjr
-----END CERTIFICATE-----