Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KYFybKEhz2Qb0-jGRlBKZDiNcic.roa
File:                     KYFybKEhz2Qb0-jGRlBKZDiNcic.roa (raw, json)
Hash identifier:          V2kr/70E6+R3l7fd1IMoYNbZSValgZkhMR840soim6A=
Subject key identifier:   29:81:72:6C:A1:21:CF:64:1B:D3:E8:C6:46:50:4A:64:38:8D:72:27
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348CF7E1C7E6BD2303BB3297769B8BF
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KYFybKEhz2Qb0-jGRlBKZDiNcic.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8300
IP address blocks:        193.134.248.0/23 maxlen: 23
                          212.243.101.0/24 maxlen: 24
                          194.209.74.0/24 maxlen: 24
                          193.5.30.0/24 maxlen: 24
                          193.5.252.0/24 maxlen: 24
                          193.5.158.0/23 maxlen: 24
                          2001:918:ffb7::/48 maxlen: 48
                          2001:918:ff70::/44 maxlen: 48
                          2001:918:f00::/40 maxlen: 40
                          2001:918:1ab::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 25 Mar 2024 13:23:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cf:7e:1c:7e:6b:d2:30:3b:b3:29:77:69:b8:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2981726ca121cf641bd3e8c646504a64388d7227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:82:0d:32:03:98:5d:59:48:9e:90:61:3a:9c:
                    8e:8b:48:2a:97:84:a1:1f:54:29:d0:dc:a0:0e:0f:
                    12:36:64:39:59:e0:c2:a0:00:73:83:d9:66:2a:e1:
                    58:51:78:6c:6a:d4:1f:e8:c3:08:16:91:fd:09:65:
                    61:30:7b:70:e9:06:52:27:b7:ce:43:73:49:26:2b:
                    45:6e:aa:3c:65:5b:43:76:4c:78:52:bc:62:bf:8c:
                    f8:39:00:6a:c4:59:84:33:6b:fe:c0:46:b9:1c:a9:
                    99:b4:84:0a:da:17:12:44:db:13:d8:5a:df:f6:8a:
                    d8:7b:3a:96:42:b4:f8:37:49:7f:2f:96:e2:a7:76:
                    dc:7c:2e:7f:63:44:ce:89:9e:2e:e6:b0:23:e8:30:
                    59:b6:c5:fe:3c:10:be:f2:b0:32:1e:f0:7a:f0:59:
                    85:91:4e:b4:c0:b4:79:96:b7:ad:eb:c6:1f:81:2c:
                    4a:dd:d0:10:84:02:fc:53:47:98:f9:e9:a7:c2:12:
                    e2:1f:46:30:87:ab:55:44:b0:a5:69:6a:d1:3b:2f:
                    1e:11:9b:c8:92:7c:c1:49:cf:74:df:75:93:40:63:
                    b5:36:4d:95:f7:0e:67:2c:d4:5b:70:e8:91:fa:1f:
                    24:49:49:4d:b8:46:03:46:96:e7:0c:cc:94:64:a0:
                    e5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:81:72:6C:A1:21:CF:64:1B:D3:E8:C6:46:50:4A:64:38:8D:72:27
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KYFybKEhz2Qb0-jGRlBKZDiNcic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.30.0/24
                  193.5.158.0/23
                  193.5.252.0/24
                  193.134.248.0/23
                  194.209.74.0/24
                  212.243.101.0/24
                IPv6:
                  2001:918:1ab::/48
                  2001:918:f00::/40
                  2001:918:ff70::/44
                  2001:918:ffb7::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:23:7d:2e:92:6c:fe:ad:33:73:c5:6f:17:fc:3f:7d:70:49:
         6d:da:83:67:57:df:49:63:b0:b1:82:73:8b:f3:56:70:cc:e5:
         55:cd:83:18:5c:13:dc:58:bf:a3:24:87:46:b4:cb:78:f3:08:
         8c:f9:81:09:9d:9f:e0:18:fc:9a:90:1b:b6:5e:58:2a:3a:97:
         56:92:07:ad:48:b3:94:0e:38:cd:35:09:02:6c:7e:2f:57:9a:
         94:45:1f:e3:2f:f0:9b:92:a4:f1:95:30:3a:b4:ee:c0:d4:5d:
         ec:8a:25:67:cb:38:76:02:e7:14:08:ea:6d:96:78:1c:56:e1:
         f4:96:ec:be:3b:ee:fa:4d:18:39:b6:2b:22:ff:4b:36:a6:92:
         f2:b7:0a:49:24:08:b1:12:79:0a:b4:4f:cd:65:10:e8:6b:49:
         af:48:ef:b9:7d:ba:da:44:de:9f:7f:6c:03:ce:44:ce:dd:dd:
         db:4b:fd:19:69:6a:4a:08:65:bd:50:e4:a3:0d:d9:82:ec:49:
         95:15:06:46:c8:c9:46:09:21:e9:6b:de:b0:26:df:55:c9:43:
         c3:5a:cb:1b:c0:ac:86:f0:1d:32:8c:75:44:ea:a6:d5:85:89:
         2a:4f:5f:9d:b5:8a:6a:fd:5f:5a:49:be:af:15:45:49:f4:fc:
         f6:a2:43:ba
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYzDSM9+HH5r0jA7syl3abi/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTgxNzI2Y2ExMjFjZjY0MWJkM2U4YzY0NjUwNGE2NDM4OGQ3MjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4INMgOYXVlInpBhOpyOi0gql4Sh
H1Qp0NygDg8SNmQ5WeDCoABzg9lmKuFYUXhsatQf6MMIFpH9CWVhMHtw6QZSJ7fO
Q3NJJitFbqo8ZVtDdkx4Urxiv4z4OQBqxFmEM2v+wEa5HKmZtIQK2hcSRNsT2Frf
9orYezqWQrT4N0l/L5bip3bcfC5/Y0TOiZ4u5rAj6DBZtsX+PBC+8rAyHvB68FmF
kU60wLR5lret68YfgSxK3dAQhAL8U0eY+emnwhLiH0Ywh6tVRLClaWrROy8eEZvI
knzBSc9033WTQGO1Nk2V9w5nLNRbcOiR+h8kSUlNuEYDRpbnDMyUZKDlOwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFCmBcmyhIc9kG9PoxkZQSmQ4jXInMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvS1lGeWJLRWh6MlFiMC1qR1JsQktaRGlOY2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzAqBAIAATAkAwQAwQUeAwQB
wQWeAwQAwQX8AwQBwYb4AwQAwtFKAwQA1PNlMCkEAgACMCMDBwAgAQkYAasDBgAg
AQkYDwMHBCABCRj/cAMHACABCRj/tzANBgkqhkiG9w0BAQsFAAOCAQEArSN9LpJs
/q0zc8VvF/w/fXBJbdqDZ1ffSWOwsYJzi/NWcMzlVc2DGFwT3Fi/oySHRrTLePMI
jPmBCZ2f4Bj8mpAbtl5YKjqXVpIHrUizlA44zTUJAmx+L1ealEUf4y/wm5Kk8ZUw
OrTuwNRd7IolZ8s4dgLnFAjqbZZ4HFbh9Jbsvjvu+k0YObYrIv9LNqaS8rcKSSQI
sRJ5CrRPzWUQ6GtJr0jvuX262kTen39sA85Ezt3d20v9GWlqSghlvVDkow3ZguxJ
lRUGRsjJRgkh6WvesCbfVclDw1rLG8CshvAdMox1ROqm1YWJKk9fnbWKav1fWkm+
rxVFSfT89qJDug==
-----END CERTIFICATE-----