Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/2BIfRmDsfBWveqJYmiU0A_-nFK8.roa
File:                     2BIfRmDsfBWveqJYmiU0A_-nFK8.roa (raw, json)
Hash identifier:          cLvcHIPJ0WJyhPWScNUadHhLgRI5xDdZsoDspuOPBEw=
Subject key identifier:   D8:12:1F:46:60:EC:7C:15:AF:7A:A2:58:9A:25:34:03:FF:A7:14:AF
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       01902FA7A65AE3DB1999CBA43CBEB727A7F8
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/2BIfRmDsfBWveqJYmiU0A_-nFK8.roa
Signing time:             Wed 19 Jun 2024 08:40:34 +0000
ROA not before:           Wed 19 Jun 2024 08:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        46.253.0.0/24 maxlen: 24
                          46.253.1.0/24 maxlen: 24
                          46.253.2.0/24 maxlen: 24
                          46.253.3.0/24 maxlen: 24
                          46.253.4.0/24 maxlen: 24
                          91.132.60.0/24 maxlen: 24
                          91.132.62.0/24 maxlen: 24
                          91.132.63.0/24 maxlen: 24
                          95.169.202.0/24 maxlen: 24
                          185.1.156.0/24 maxlen: 24
                          185.243.213.0/24 maxlen: 24
                          2a09:be80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 26 Aug 2024 14:21:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:a7:a6:5a:e3:db:19:99:cb:a4:3c:be:b7:27:a7:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Jun 19 08:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8121f4660ec7c15af7aa2589a253403ffa714af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ee:74:33:69:35:95:c1:10:60:d6:3c:09:29:
                    f4:3a:c9:a4:8d:46:69:05:1b:af:fd:76:3f:3a:11:
                    b0:db:f8:8c:fc:47:fb:7c:76:53:69:d5:88:62:f0:
                    ae:2c:22:90:6d:a3:9d:7d:3f:fe:5d:cf:49:1a:c7:
                    c5:f1:10:ae:dd:56:92:93:16:62:69:50:6f:0e:d6:
                    b3:ac:36:21:71:b2:10:0d:2a:2f:53:c0:8b:f9:0e:
                    79:da:02:fb:96:69:56:4f:92:ad:2d:2b:fe:3c:b5:
                    c7:b7:48:f9:a6:99:84:14:bd:85:3c:89:b7:19:d6:
                    a7:ab:df:32:c7:bf:99:40:3c:99:d9:13:91:a7:bc:
                    5c:d7:ac:11:2e:ed:fb:60:13:3c:2c:23:a2:37:99:
                    d8:39:b6:40:72:26:98:2f:5c:ec:0d:cb:c9:6c:fa:
                    0f:13:49:d5:77:a7:ad:d8:ff:1a:88:e2:09:37:65:
                    88:df:df:fe:49:44:64:14:7f:a5:8a:f1:5b:5d:77:
                    20:93:69:b2:6c:77:25:17:a4:8a:5a:03:45:a5:40:
                    c1:0c:cc:55:6f:c9:9a:fb:4c:95:76:8c:04:13:c9:
                    84:8b:03:f3:f6:b2:09:f3:7d:1d:29:fc:00:39:45:
                    e1:96:87:5f:fe:4d:08:0a:69:c7:4c:a6:0a:9a:c3:
                    4f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:12:1F:46:60:EC:7C:15:AF:7A:A2:58:9A:25:34:03:FF:A7:14:AF
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/2BIfRmDsfBWveqJYmiU0A_-nFK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.0.0-46.253.4.255
                  91.132.60.0/24
                  91.132.62.0/23
                  95.169.202.0/24
                  185.1.156.0/24
                  185.243.213.0/24
                IPv6:
                  2a09:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:c3:d2:f3:3f:79:14:3a:26:e1:9e:aa:11:36:1d:06:99:3c:
         7a:bc:20:17:54:2e:31:3d:77:d0:c1:7d:ad:61:2f:27:f2:31:
         e3:2e:13:43:74:94:4c:de:ca:c8:ad:b5:59:a6:03:9c:04:59:
         97:d2:46:eb:07:dd:a8:c9:12:b1:eb:53:45:a6:68:64:3c:98:
         a1:e4:4b:ef:e3:a9:f3:cf:23:44:36:8d:6f:8c:02:6a:9a:f7:
         23:a2:c1:28:d5:94:70:05:f4:c0:7c:ca:41:15:91:99:a7:eb:
         ce:2b:2a:b1:e0:7b:ff:72:e6:17:8f:c3:b3:03:a8:10:b8:dd:
         7e:01:a2:a8:54:30:af:37:e0:43:a2:8d:37:68:eb:80:99:82:
         3f:23:5b:91:0c:8e:01:a8:fb:1e:a8:02:86:87:f1:20:4e:37:
         9f:c3:e0:66:1b:e2:5e:b9:f9:64:8d:1d:2d:4d:c9:7b:d4:ac:
         b6:ce:89:f2:f8:87:1d:9c:fa:eb:a9:16:bd:fe:74:c9:55:82:
         d8:2c:18:29:87:97:c8:8c:07:47:6e:cd:f0:cc:07:51:8e:a2:
         8f:ae:58:dc:f6:e4:36:e8:47:ba:0d:06:98:91:59:05:10:db:
         27:0a:b8:15:eb:cf:03:44:b5:26:9b:df:a8:7a:e5:39:35:88:
         2d:42:25:f6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZAvp6Za49sZmcukPL63J6f4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwNjE5MDg0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODEyMWY0NjYwZWM3YzE1YWY3YWEyNTg5YTI1MzQwM2ZmYTcxNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxe50M2k1lcEQYNY8CSn0OsmkjUZp
BRuv/XY/OhGw2/iM/Ef7fHZTadWIYvCuLCKQbaOdfT/+Xc9JGsfF8RCu3VaSkxZi
aVBvDtazrDYhcbIQDSovU8CL+Q552gL7lmlWT5KtLSv+PLXHt0j5ppmEFL2FPIm3
Gdanq98yx7+ZQDyZ2RORp7xc16wRLu37YBM8LCOiN5nYObZAciaYL1zsDcvJbPoP
E0nVd6et2P8aiOIJN2WI39/+SURkFH+livFbXXcgk2mybHclF6SKWgNFpUDBDMxV
b8ma+0yVdowEE8mEiwPz9rIJ830dKfwAOUXhlodf/k0ICmnHTKYKmsNPaQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNgSH0Zg7HwVr3qiWJolNAP/pxSvMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvMkJJZlJtRHNmQld2ZXFKWW1pVTBBXy1uRks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArMAsDAwAu/QME
AC79BAMEAFuEPAMEAVuEPgMEAF+pygMEALkBnAMEALnz1TANBAIAAjAHAwUAKgm+
gDANBgkqhkiG9w0BAQsFAAOCAQEAWsPS8z95FDom4Z6qETYdBpk8erwgF1QuMT13
0MF9rWEvJ/Ix4y4TQ3SUTN7KyK21WaYDnARZl9JG6wfdqMkSsetTRaZoZDyYoeRL
7+Op888jRDaNb4wCapr3I6LBKNWUcAX0wHzKQRWRmafrzisqseB7/3LmF4/DswOo
ELjdfgGiqFQwrzfgQ6KNN2jrgJmCPyNbkQyOAaj7HqgChofxIE43n8PgZhviXrn5
ZI0dLU3Je9Ssts6J8viHHZz666kWvf50yVWC2CwYKYeXyIwHR27N8MwHUY6ij65Y
3PbkNuhHug0GmJFZBRDbJwq4FevPA0S1JpvfqHrlOTWILUIl9g==
-----END CERTIFICATE-----