Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/LYTp8X12s5N_vo730amJTIVWTWs.roa
File:                     LYTp8X12s5N_vo730amJTIVWTWs.roa (raw, json)
Hash identifier:          Qy/lR3s++0R9/IIj990LNuiktgWK9khMcuKkMpGQK7c=
Subject key identifier:   2D:84:E9:F1:7D:76:B3:93:7F:BE:8E:F7:D1:A9:89:4C:85:56:4D:6B
Certificate issuer:       /CN=0966e05d152750dfaade5faf791bad391dc6d2d4
Certificate serial:       018CC794F6E319E46C30460CA7975927B601
Authority key identifier: 09:66:E0:5D:15:27:50:DF:AA:DE:5F:AF:79:1B:AD:39:1D:C6:D2:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWbgXRUnUN-q3l-veRutOR3G0tQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/LYTp8X12s5N_vo730amJTIVWTWs.roa
Signing time:             Tue 02 Jan 2024 00:31:17 +0000
ROA not before:           Tue 02 Jan 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42020
IP address blocks:        77.42.249.0/24 maxlen: 24
                          77.42.250.0/24 maxlen: 24
                          77.42.251.0/24 maxlen: 24
                          77.42.252.0/24 maxlen: 24
                          77.42.248.0/24 maxlen: 24
                          77.42.253.0/24 maxlen: 24
                          77.42.254.0/24 maxlen: 24
                          77.42.255.0/24 maxlen: 24
                          185.173.62.0/24 maxlen: 24
                          185.173.63.0/24 maxlen: 24
                          185.173.60.0/24 maxlen: 24
                          185.173.61.0/24 maxlen: 24
                          2a00:6920:1000::/40 maxlen: 40
                          2a00:6920::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:53:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f6:e3:19:e4:6c:30:46:0c:a7:97:59:27:b6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0966e05d152750dfaade5faf791bad391dc6d2d4
        Validity
            Not Before: Jan  2 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d84e9f17d76b3937fbe8ef7d1a9894c85564d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5c:11:68:b5:48:4f:85:ad:c6:9b:65:43:53:
                    ab:65:9e:7c:60:7f:4e:ef:2c:7e:af:55:39:1c:27:
                    c4:3d:f7:c7:1b:a1:e2:c1:f8:cf:19:0e:bd:61:3e:
                    5a:b5:de:65:ef:9c:07:04:72:46:24:d6:d8:67:e2:
                    ae:61:cb:44:53:db:46:2a:b7:3f:35:83:d9:a2:7c:
                    72:7f:81:5a:bc:1a:20:71:c4:44:bf:f1:d6:4a:be:
                    5b:6d:a3:6e:ab:d0:c8:31:b1:31:75:24:da:e7:63:
                    06:d5:63:56:82:22:16:e4:5b:9e:e6:7e:bb:1b:be:
                    99:14:52:ff:e6:fb:c8:e6:7f:3f:db:18:e6:a0:2c:
                    e5:b5:ef:ea:2c:84:64:3c:67:e8:f9:80:42:5f:54:
                    2c:d3:ad:4c:47:a1:61:67:24:14:04:ae:63:6e:68:
                    4d:b1:92:c3:24:bc:73:f6:f8:3a:d8:2b:01:ed:ac:
                    80:f2:dc:af:59:c4:92:79:64:eb:b1:ad:0b:06:48:
                    9d:4a:53:be:bf:14:c8:68:d4:26:09:da:a9:bb:de:
                    91:8b:51:b6:5e:35:9f:f8:ba:f4:6f:64:3d:08:38:
                    40:4d:58:96:6a:9c:3f:3e:36:24:5b:01:b5:54:54:
                    3d:cf:17:79:fb:07:49:90:66:01:c7:bc:c3:4d:ea:
                    ed:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:84:E9:F1:7D:76:B3:93:7F:BE:8E:F7:D1:A9:89:4C:85:56:4D:6B
            X509v3 Authority Key Identifier:
                keyid:09:66:E0:5D:15:27:50:DF:AA:DE:5F:AF:79:1B:AD:39:1D:C6:D2:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWbgXRUnUN-q3l-veRutOR3G0tQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/LYTp8X12s5N_vo730amJTIVWTWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/CWbgXRUnUN-q3l-veRutOR3G0tQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.42.248.0/21
                  185.173.60.0/22
                IPv6:
                  2a00:6920::/48
                  2a00:6920:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:7d:a0:db:91:5c:93:b8:6a:f1:b3:d0:ff:01:11:89:8a:1e:
         dd:33:28:09:00:7b:0f:90:e6:45:84:07:bf:b4:f2:21:43:dc:
         6d:25:d9:18:43:91:03:cf:a3:dd:1c:d8:dd:e1:24:3b:66:ce:
         08:bb:94:28:1e:1b:1f:56:b0:82:90:af:7d:a5:6e:16:24:5d:
         2c:c0:fb:45:8c:c7:f5:15:cd:f2:0d:a7:8c:38:f5:06:d6:67:
         5a:92:0f:89:0a:a0:6b:3f:83:5d:52:fb:39:dc:93:05:c5:e4:
         f4:5e:97:1a:51:97:b7:6e:29:52:10:ee:88:9f:57:82:e6:bb:
         33:50:46:b7:76:47:11:5d:b6:2b:96:d1:36:6b:49:96:75:22:
         c6:ab:0b:e6:d5:39:12:20:6c:2d:e5:ef:7d:1e:37:83:35:6e:
         4c:56:9e:ba:c7:e1:6b:1f:63:c8:57:63:12:e4:b0:4d:9b:0d:
         f6:be:ec:ad:e2:5c:b7:f2:fe:d2:ff:cb:80:40:9b:86:f5:75:
         0d:8c:28:b2:2a:32:6a:a0:23:a5:e5:e6:0d:e3:90:0d:af:55:
         c6:a3:e0:9b:b5:f1:62:57:03:0b:8a:ac:04:ee:38:37:d7:33:
         11:bc:d3:44:72:88:87:17:06:88:f4:9a:d4:bf:c5:d2:f9:09:
         26:2d:c8:b6
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzHlPbjGeRsMEYMp5dZJ7YBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjZlMDVkMTUyNzUwZGZhYWRlNWZhZjc5MWJhZDM5MWRj
NmQyZDQwHhcNMjQwMTAyMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg0ZTlmMTdkNzZiMzkzN2ZiZThlZjdkMWE5ODk0Yzg1NTY0ZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1wRaLVIT4WtxptlQ1OrZZ58YH9O
7yx+r1U5HCfEPffHG6HiwfjPGQ69YT5atd5l75wHBHJGJNbYZ+KuYctEU9tGKrc/
NYPZonxyf4FavBogccREv/HWSr5bbaNuq9DIMbExdSTa52MG1WNWgiIW5Fue5n67
G76ZFFL/5vvI5n8/2xjmoCzlte/qLIRkPGfo+YBCX1Qs061MR6FhZyQUBK5jbmhN
sZLDJLxz9vg62CsB7ayA8tyvWcSSeWTrsa0LBkidSlO+vxTIaNQmCdqpu96Ri1G2
XjWf+Lr0b2Q9CDhATViWapw/PjYkWwG1VFQ9zxd5+wdJkGYBx7zDTertfwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFC2E6fF9drOTf76O99GpiUyFVk1rMB8GA1UdIwQY
MBaAFAlm4F0VJ1Dfqt5fr3kbrTkdxtLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1diZ1hSVW5VTi1xM2wtdmVSdXRPUjNHMHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80ZTFiYzgtZjgxMC00MTgyLWE2ZTMt
NzIxYmI0ZmM4YzE2LzEvTFlUcDhYMTJzNU5fdm83MzBhbUpUSVZXVFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80ZTFiYzgtZjgxMC00MTgyLWE2ZTMtNzIxYmI0ZmM4YzE2
LzEvQ1diZ1hSVW5VTi1xM2wtdmVSdXRPUjNHMHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQDTSr4AwQC
ua08MBcEAgACMBEDBwAqAGkgAAADBgAqAGkgEDANBgkqhkiG9w0BAQsFAAOCAQEA
hX2g25Fck7hq8bPQ/wERiYoe3TMoCQB7D5DmRYQHv7TyIUPcbSXZGEORA8+j3RzY
3eEkO2bOCLuUKB4bH1awgpCvfaVuFiRdLMD7RYzH9RXN8g2njDj1BtZnWpIPiQqg
az+DXVL7OdyTBcXk9F6XGlGXt24pUhDuiJ9Xgua7M1BGt3ZHEV22K5bRNmtJlnUi
xqsL5tU5EiBsLeXvfR43gzVuTFaeusfhax9jyFdjEuSwTZsN9r7sreJct/L+0v/L
gECbhvV1DYwosioyaqAjpeXmDeOQDa9VxqPgm7XxYlcDC4qsBO44N9czEbzTRHKI
hxcGiPSa1L/F0vkJJi3Itg==
-----END CERTIFICATE-----