Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/gaY7k9aevxxHmDNqMCBNhpm4q9Y.roa
File:                     gaY7k9aevxxHmDNqMCBNhpm4q9Y.roa (raw, json)
Hash identifier:          0aBUX9QoiffGtpWWGwDRmjbU1zMPfo+gyIXRpvK0xxM=
Subject key identifier:   81:A6:3B:93:D6:9E:BF:1C:47:98:33:6A:30:20:4D:86:99:B8:AB:D6
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       018CC7274CA27635E067001F81CE2F403B0D
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/gaY7k9aevxxHmDNqMCBNhpm4q9Y.roa
Signing time:             Mon 01 Jan 2024 22:31:30 +0000
ROA not before:           Mon 01 Jan 2024 22:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59645
IP address blocks:        193.104.168.0/24 maxlen: 24
                          195.191.196.0/23 maxlen: 24
                          2a06:d1c0:deae::/48 maxlen: 48
                          2a06:d1c7:d::/48 maxlen: 48
                          2a06:d1c0::/29 maxlen: 29
                          2a06:d1c1:e::/48 maxlen: 48
                          2a06:d1c0:dead::/48 maxlen: 48
                          2a06:d1c7:b::/48 maxlen: 48
                          2a06:d1c7::/48 maxlen: 48
                          2a06:d1c1:a::/48 maxlen: 48
                          2a06:d1c0:f761::/48 maxlen: 48
                          2a06:d1c0:a761::/48 maxlen: 48
                          2a06:d1c7:a::/48 maxlen: 48
                          2a06:d1c0:deac::/48 maxlen: 48
                          2a06:d1c1::/32 maxlen: 48
Validation:               Failed, certificate revoked on Fri 23 Feb 2024 10:41:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4c:a2:76:35:e0:67:00:1f:81:ce:2f:40:3b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Jan  1 22:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a63b93d69ebf1c4798336a30204d8699b8abd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e4:7d:e1:f1:29:a4:12:49:d7:b1:1b:88:6c:
                    44:8b:6f:f2:38:7c:76:b9:cb:bf:1b:e4:aa:69:4a:
                    d9:f8:05:10:4f:27:7f:bf:64:74:fb:79:cc:40:1e:
                    78:c0:83:7f:ce:65:c2:c3:8f:9d:52:d6:58:98:6c:
                    e2:ac:f6:15:0b:07:ab:d4:32:42:cf:b5:8f:5d:ce:
                    79:54:70:7c:48:79:dd:c4:56:ff:07:f4:46:fe:8b:
                    91:60:c9:99:67:d9:b6:a4:2a:1a:69:2b:6a:bf:1c:
                    14:77:bd:66:45:06:ae:c8:36:95:e1:63:9d:ea:f6:
                    c0:83:c8:ce:d3:25:1f:38:83:79:90:25:fb:b8:79:
                    9d:fa:b8:af:8b:8b:d2:fa:29:47:ad:1d:a6:9b:19:
                    05:5a:f3:03:83:52:e9:29:5b:17:01:29:fb:9c:01:
                    3b:9b:f4:2a:97:04:d6:e5:44:4e:ce:9e:87:ed:ba:
                    9f:2e:88:45:4c:46:03:7b:42:8e:14:d9:fc:57:f4:
                    61:6c:87:36:52:5e:27:1f:d2:fe:28:16:27:7d:df:
                    5e:ba:cb:e8:c9:c7:46:a4:21:bf:62:0e:15:d0:27:
                    07:70:9a:20:1b:df:19:8c:88:51:fd:83:ca:db:4d:
                    99:e4:2a:8d:a4:89:88:09:62:6a:52:89:e1:fe:21:
                    20:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A6:3B:93:D6:9E:BF:1C:47:98:33:6A:30:20:4D:86:99:B8:AB:D6
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/gaY7k9aevxxHmDNqMCBNhpm4q9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.168.0/24
                  195.191.196.0/23
                IPv6:
                  2a06:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:e8:48:94:7f:77:7b:70:1a:c3:bb:83:ea:b2:37:e4:91:29:
         12:89:30:6d:b3:bf:19:26:af:a2:98:f8:b9:7f:34:fd:80:69:
         f3:06:b0:18:ce:de:d1:aa:0c:b0:57:2b:05:a7:b3:07:0a:db:
         79:4a:fb:d3:0e:9a:04:25:a6:46:01:13:8b:08:4f:64:04:d5:
         17:2a:be:01:dd:01:e3:de:fb:c0:86:90:09:f4:a6:db:ae:fe:
         d5:55:2f:f7:76:1c:a6:f2:d0:4f:87:50:52:f4:76:4b:81:27:
         66:0f:19:22:67:08:cf:66:93:6f:c4:67:8e:a5:94:5f:c6:78:
         86:ee:d1:40:d9:c4:65:50:f5:d7:4e:9c:aa:9f:f0:2e:c5:16:
         3a:82:f6:d4:72:50:77:eb:c4:10:74:9b:b5:a2:5c:91:8d:b9:
         7a:b3:50:be:07:e9:92:b7:00:72:ca:19:04:17:83:4f:cb:a7:
         2b:51:e5:b7:b0:3a:40:1b:c1:a3:7b:22:68:8b:0a:9f:f4:d9:
         46:93:06:b2:7c:4f:95:7d:ef:72:c0:e5:f0:5f:74:00:e3:c9:
         75:a3:a5:93:d8:c3:b8:44:e5:bc:b8:ea:5f:cd:df:2f:44:a1:
         e2:64:ee:da:2c:37:2c:77:2c:ce:6b:7d:2b:f0:8c:0b:c4:05:
         68:5a:e4:65
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJ0yidjXgZwAfgc4vQDsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWE2M2I5M2Q2OWViZjFjNDc5ODMzNmEzMDIwNGQ4Njk5YjhhYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuR94fEppBJJ17EbiGxEi2/yOHx2
ucu/G+SqaUrZ+AUQTyd/v2R0+3nMQB54wIN/zmXCw4+dUtZYmGzirPYVCwer1DJC
z7WPXc55VHB8SHndxFb/B/RG/ouRYMmZZ9m2pCoaaStqvxwUd71mRQauyDaV4WOd
6vbAg8jO0yUfOIN5kCX7uHmd+rivi4vS+ilHrR2mmxkFWvMDg1LpKVsXASn7nAE7
m/QqlwTW5UROzp6H7bqfLohFTEYDe0KOFNn8V/RhbIc2Ul4nH9L+KBYnfd9eusvo
ycdGpCG/Yg4V0CcHcJogG98ZjIhR/YPK202Z5CqNpImICWJqUonh/iEgpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIGmO5PWnr8cR5gzajAgTYaZuKvWMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvZ2FZN2s5YWV2eHhIbUROcU1DQk5ocG00cTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwWioAwQB
w7/EMA0EAgACMAcDBQMqBtHAMA0GCSqGSIb3DQEBCwUAA4IBAQB36EiUf3d7cBrD
u4PqsjfkkSkSiTBts78ZJq+imPi5fzT9gGnzBrAYzt7RqgywVysFp7MHCtt5SvvT
DpoEJaZGAROLCE9kBNUXKr4B3QHj3vvAhpAJ9Kbbrv7VVS/3dhym8tBPh1BS9HZL
gSdmDxkiZwjPZpNvxGeOpZRfxniG7tFA2cRlUPXXTpyqn/AuxRY6gvbUclB368QQ
dJu1olyRjbl6s1C+B+mStwByyhkEF4NPy6crUeW3sDpAG8GjeyJoiwqf9NlGkway
fE+Vfe9ywOXwX3QA48l1o6WT2MO4ROW8uOpfzd8vRKHiZO7aLDcsdyzOa30r8IwL
xAVoWuRl
-----END CERTIFICATE-----