Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/JIp-fU8bk9FSlZc8yJ8CYkRado8.roa
File:                     JIp-fU8bk9FSlZc8yJ8CYkRado8.roa (raw, json)
Hash identifier:          lMUD2e78h5adwfdIay6xEGzK75NVoBrd/MfVFXsakpI=
Subject key identifier:   24:8A:7E:7D:4F:1B:93:D1:52:95:97:3C:C8:9F:02:62:44:5A:76:8F
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       01902BD14987FD4FB5831FE90A6A70990237
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/JIp-fU8bk9FSlZc8yJ8CYkRado8.roa
Signing time:             Tue 18 Jun 2024 14:47:34 +0000
ROA not before:           Tue 18 Jun 2024 14:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        46.253.0.0/24 maxlen: 24
                          46.253.1.0/24 maxlen: 24
                          46.253.2.0/24 maxlen: 24
                          46.253.3.0/24 maxlen: 24
                          46.253.4.0/24 maxlen: 24
                          46.253.5.0/24 maxlen: 24
                          91.132.60.0/24 maxlen: 24
                          91.132.62.0/24 maxlen: 24
                          91.132.63.0/24 maxlen: 24
                          95.169.202.0/24 maxlen: 24
                          185.1.156.0/24 maxlen: 24
                          185.243.213.0/24 maxlen: 24
                          2a09:be80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 19 Jun 2024 08:40:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:d1:49:87:fd:4f:b5:83:1f:e9:0a:6a:70:99:02:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Jun 18 14:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=248a7e7d4f1b93d15295973cc89f0262445a768f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8b:ea:3c:01:f9:17:16:5b:1f:3c:34:12:0f:
                    91:d5:90:d3:b3:3f:05:8b:30:6b:52:42:32:8c:4c:
                    b9:fb:b1:70:c2:63:5f:1f:77:01:3e:7a:5f:1e:d3:
                    94:14:62:48:f9:be:08:67:a6:17:e2:1a:dc:85:be:
                    f0:91:d7:3a:44:9d:53:4b:6f:5d:42:f1:4d:04:e5:
                    8d:80:db:02:e9:b5:0b:6f:e6:82:d5:c1:4d:76:5f:
                    3d:b9:f2:89:51:93:dc:2e:e2:d7:7a:7c:f1:48:8d:
                    6b:91:57:56:3f:d8:e0:97:38:ce:3e:10:f4:24:f5:
                    28:18:11:05:fe:b9:d3:af:01:9d:d1:f1:79:66:3a:
                    9f:37:e2:60:eb:91:cc:58:d4:67:1d:e5:0f:e7:6c:
                    f0:c5:96:eb:d7:fd:b1:0f:0d:4d:06:eb:ec:4b:99:
                    13:53:f7:c0:e3:b3:67:31:cd:d2:3d:2e:cb:31:25:
                    29:eb:9b:ca:3d:ae:17:ce:9b:9d:3f:bc:29:26:64:
                    00:4a:e0:c7:2d:7c:2b:00:1f:a6:c4:17:73:ce:59:
                    f8:9c:f5:12:2e:79:5d:1e:c5:af:bf:7a:b2:a1:9b:
                    10:89:45:8f:18:0c:e3:16:d2:85:c4:50:0f:f1:53:
                    ed:cd:d6:4a:ef:dd:57:50:b5:98:62:a2:65:d9:bd:
                    73:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8A:7E:7D:4F:1B:93:D1:52:95:97:3C:C8:9F:02:62:44:5A:76:8F
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/JIp-fU8bk9FSlZc8yJ8CYkRado8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.0.0-46.253.5.255
                  91.132.60.0/24
                  91.132.62.0/23
                  95.169.202.0/24
                  185.1.156.0/24
                  185.243.213.0/24
                IPv6:
                  2a09:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:a8:c1:12:5d:37:fe:92:51:20:f6:49:46:d3:fc:6c:5b:99:
         2f:3a:94:85:4a:fb:e0:4f:50:e8:64:d6:ce:f0:81:67:15:90:
         1c:23:f6:9c:95:2c:1a:d8:13:6c:bd:43:36:0f:e3:c1:0b:c1:
         64:9b:f9:c3:08:71:20:4a:60:bb:b1:b4:a7:19:87:93:4e:df:
         e8:45:da:14:6d:34:64:76:1c:0c:7f:04:2e:25:71:8a:da:b1:
         e9:32:50:71:98:2b:a3:cd:be:b3:48:88:43:0f:a5:01:f7:ac:
         52:f7:bb:0c:b7:ce:ea:a3:1e:b7:36:02:d9:9d:e8:26:33:e3:
         f2:1f:6c:d7:be:cb:a6:f5:b5:e6:bb:ac:cc:0f:ca:5e:4f:76:
         a3:6f:71:85:63:15:37:79:1c:13:be:d1:71:fd:92:4a:77:1f:
         60:a6:06:3d:37:11:5d:38:68:7c:bb:21:db:51:2a:6c:83:e7:
         5b:c5:d8:17:cc:b8:ac:1c:59:fe:c6:0f:93:2d:a1:8f:ae:a9:
         c6:31:18:1c:4e:38:16:ef:74:b5:ff:df:9a:c2:48:c1:12:97:
         50:be:e4:d2:91:c8:5c:d6:8b:99:ae:29:df:20:65:13:61:51:
         66:35:8a:4a:35:d0:73:50:90:17:54:21:95:e2:18:7a:39:34:
         d3:d9:16:cd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZAr0UmH/U+1gx/pCmpwmQI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwNjE4MTQ0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhhN2U3ZDRmMWI5M2QxNTI5NTk3M2NjODlmMDI2MjQ0NWE3NjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnovqPAH5FxZbHzw0Eg+R1ZDTsz8F
izBrUkIyjEy5+7FwwmNfH3cBPnpfHtOUFGJI+b4IZ6YX4hrchb7wkdc6RJ1TS29d
QvFNBOWNgNsC6bULb+aC1cFNdl89ufKJUZPcLuLXenzxSI1rkVdWP9jglzjOPhD0
JPUoGBEF/rnTrwGd0fF5ZjqfN+Jg65HMWNRnHeUP52zwxZbr1/2xDw1NBuvsS5kT
U/fA47NnMc3SPS7LMSUp65vKPa4XzpudP7wpJmQASuDHLXwrAB+mxBdzzln4nPUS
LnldHsWvv3qyoZsQiUWPGAzjFtKFxFAP8VPtzdZK791XULWYYqJl2b1zyQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFCSKfn1PG5PRUpWXPMifAmJEWnaPMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvSklwLWZVOGJrOUZTbFpjOHlKOENZa1JhZG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArMAsDAwAu/QME
AS79BAMEAFuEPAMEAVuEPgMEAF+pygMEALkBnAMEALnz1TANBAIAAjAHAwUAKgm+
gDANBgkqhkiG9w0BAQsFAAOCAQEAdqjBEl03/pJRIPZJRtP8bFuZLzqUhUr74E9Q
6GTWzvCBZxWQHCP2nJUsGtgTbL1DNg/jwQvBZJv5wwhxIEpgu7G0pxmHk07f6EXa
FG00ZHYcDH8ELiVxitqx6TJQcZgro82+s0iIQw+lAfesUve7DLfO6qMetzYC2Z3o
JjPj8h9s177LpvW15ruszA/KXk92o29xhWMVN3kcE77Rcf2SSncfYKYGPTcRXTho
fLsh21EqbIPnW8XYF8y4rBxZ/sYPky2hj66pxjEYHE44Fu90tf/fmsJIwRKXUL7k
0pHIXNaLma4p3yBlE2FRZjWKSjXQc1CQF1QhleIYejk009kWzQ==
-----END CERTIFICATE-----