Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Re9UImJDTnpEFh24Z9TOH_lWdRk.roa
File:                     Re9UImJDTnpEFh24Z9TOH_lWdRk.roa (raw, json)
Hash identifier:          lN1aep2iP9+Zs0Fyy5PlhqeGLBt+8Dj5D/DO9UzYDk0=
Subject key identifier:   45:EF:54:22:62:43:4E:7A:44:16:1D:B8:67:D4:CE:1F:F9:56:75:19
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       01942143FC93541A4166F3A40FB57AB2C190
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Re9UImJDTnpEFh24Z9TOH_lWdRk.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196755
IP address blocks:        80.251.108.0/22 maxlen: 22
                          80.251.108.0/23 maxlen: 23
                          80.251.110.0/23 maxlen: 23
                          157.143.248.0/21 maxlen: 21
                          178.157.18.0/23 maxlen: 23
                          178.157.20.0/22 maxlen: 22
                          178.157.24.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          178.157.28.0/22 maxlen: 22
                          178.157.40.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22
                          178.174.106.0/23 maxlen: 23
                          178.174.108.0/23 maxlen: 24
                          217.181.252.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Tue 21 Jan 2025 09:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fc:93:54:1a:41:66:f3:a4:0f:b5:7a:b2:c1:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45ef542262434e7a44161db867d4ce1ff9567519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d5:2e:3e:cf:e9:72:bb:5e:0a:10:7b:fa:3f:
                    b3:1d:8a:da:d2:42:0d:9b:3c:e5:7e:7e:72:7b:a8:
                    a5:71:62:81:80:3f:1b:38:36:eb:6f:67:a6:b6:5e:
                    56:10:1b:64:29:79:80:7e:3d:fc:e4:f0:fb:2c:6e:
                    30:1c:6f:05:a4:74:c7:12:cd:a5:9f:5d:5a:eb:90:
                    dc:d7:13:f9:aa:43:79:82:63:fe:20:10:73:17:b7:
                    ef:7a:e7:a1:d4:4b:6a:ee:22:e2:43:95:9a:90:21:
                    2c:79:ef:56:dd:e2:8e:f3:83:97:42:01:b6:6d:46:
                    ae:04:b7:93:ad:e6:5a:ec:53:50:1d:e6:f8:e1:8d:
                    ba:2d:10:ad:b1:41:64:4a:1f:ef:82:54:e9:48:21:
                    b0:0c:40:a0:43:bc:21:dd:02:6e:02:d0:bf:cc:5c:
                    d7:56:05:43:1b:1e:8e:70:32:87:85:59:3b:24:eb:
                    4f:d2:0a:7c:98:8c:f7:ca:53:4e:27:96:aa:74:50:
                    9c:f0:30:4e:48:88:d2:00:47:ee:07:7f:9f:f9:a4:
                    b0:8f:92:90:01:73:04:87:e2:c5:e7:86:b3:19:d8:
                    cb:f9:f8:28:24:74:84:1b:85:2e:76:92:26:93:3e:
                    3a:c7:ed:7c:31:f5:5b:53:82:0b:f6:f7:2d:4d:4c:
                    e5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:EF:54:22:62:43:4E:7A:44:16:1D:B8:67:D4:CE:1F:F9:56:75:19
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Re9UImJDTnpEFh24Z9TOH_lWdRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.18.0-178.157.31.255
                  178.157.40.0/21
                  178.174.106.0-178.174.109.255
                  217.181.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:e9:55:36:70:7f:1b:f2:c1:b7:96:0d:f5:13:88:47:54:ce:
         a5:7a:d3:3f:d9:af:63:38:05:de:2c:45:2f:d3:c0:96:c6:af:
         3b:ce:8f:cd:b2:64:5e:5d:31:8d:ae:45:eb:5c:0f:47:dc:9c:
         ac:53:bf:ad:bf:4d:56:41:01:98:ea:c3:ca:9b:c0:f3:24:ff:
         37:a5:31:0c:2f:b9:2b:c6:a7:74:3b:22:28:9e:c2:c4:1c:a3:
         91:cf:c8:dc:ad:e1:ed:cd:54:c1:5c:c3:89:56:bd:77:3a:7a:
         77:9b:88:fd:a8:e1:03:67:30:c5:05:ff:ac:ed:3b:11:99:f6:
         c3:56:6d:46:da:17:58:ad:1c:d8:17:ef:c4:41:ff:85:ba:4e:
         b8:f2:d0:08:b1:09:26:f9:1a:71:55:4b:8b:71:23:83:42:c9:
         fb:f3:c4:b8:6a:51:30:4d:eb:3e:bf:20:c4:46:20:ec:4a:53:
         1f:0f:16:58:9c:0a:91:75:75:4d:8a:bf:4b:83:b0:06:84:e6:
         51:f3:9c:bf:17:71:67:b7:cd:9b:c9:c0:2d:a7:dc:b5:61:f5:
         bb:a7:31:7e:56:9a:e7:69:cc:4a:2e:fa:8a:9b:d2:20:53:4e:
         5e:09:ce:ff:1c:1d:42:55:7d:f9:0a:d3:5e:85:53:38:47:b4:
         17:b3:b5:19
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQhQ/yTVBpBZvOkD7V6ssGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWVmNTQyMjYyNDM0ZTdhNDQxNjFkYjg2N2Q0Y2UxZmY5NTY3NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09UuPs/pcrteChB7+j+zHYra0kIN
mzzlfn5ye6ilcWKBgD8bODbrb2emtl5WEBtkKXmAfj385PD7LG4wHG8FpHTHEs2l
n11a65Dc1xP5qkN5gmP+IBBzF7fveueh1Etq7iLiQ5WakCEsee9W3eKO84OXQgG2
bUauBLeTreZa7FNQHeb44Y26LRCtsUFkSh/vglTpSCGwDECgQ7wh3QJuAtC/zFzX
VgVDGx6OcDKHhVk7JOtP0gp8mIz3ylNOJ5aqdFCc8DBOSIjSAEfuB3+f+aSwj5KQ
AXMEh+LF54azGdjL+fgoJHSEG4UudpImkz46x+18MfVbU4IL9vctTUzl4QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEXvVCJiQ056RBYduGfUzh/5VnUZMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvUmU5VUltSkRUbnBFRmgyNFo5VE9IX2xXZFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAOynSgwDAMEAbKuagMEAbKubAMEAdm1/DANBgkq
hkiG9w0BAQsFAAOCAQEAYOlVNnB/G/LBt5YN9ROIR1TOpXrTP9mvYzgF3ixFL9PA
lsavO86PzbJkXl0xja5F61wPR9ycrFO/rb9NVkEBmOrDypvA8yT/N6UxDC+5K8an
dDsiKJ7CxByjkc/I3K3h7c1UwVzDiVa9dzp6d5uI/ajhA2cwxQX/rO07EZn2w1Zt
RtoXWK0c2BfvxEH/hbpOuPLQCLEJJvkacVVLi3Ejg0LJ+/PEuGpRME3rPr8gxEYg
7EpTHw8WWJwKkXV1TYq/S4OwBoTmUfOcvxdxZ7fNm8nALafctWH1u6cxflaa52nM
Si76ipvSIFNOXgnO/xwdQlV9+QrTXoVTOEe0F7O1GQ==
-----END CERTIFICATE-----