Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FaTE6UIymGghHtYjc2d5JBR4gSk.roa
File:                     FaTE6UIymGghHtYjc2d5JBR4gSk.roa (raw, json)
Hash identifier:          vy8sx0Yu9lCNzlQPi4lnBdKYMhRLF7E7c5uFi9PFXnc=
Subject key identifier:   15:A4:C4:E9:42:32:98:68:21:1E:D6:23:73:67:79:24:14:78:81:29
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018E0DAD3E4869162B81A90F24CF209AF68A
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FaTE6UIymGghHtYjc2d5JBR4gSk.roa
Signing time:             Tue 05 Mar 2024 08:14:01 +0000
ROA not before:           Tue 05 Mar 2024 08:14:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56882
IP address blocks:        37.209.160.0/21 maxlen: 21
                          45.252.236.0/22 maxlen: 22
                          46.251.252.0/23 maxlen: 23
                          46.251.254.0/23 maxlen: 23
                          91.228.91.0/24 maxlen: 24
                          115.42.52.0/22 maxlen: 22
                          168.245.196.0/23 maxlen: 23
                          185.59.64.0/24 maxlen: 24
                          185.59.65.0/24 maxlen: 24
                          185.59.66.0/24 maxlen: 24
                          185.59.67.0/24 maxlen: 24
                          185.130.152.0/22 maxlen: 22
                          185.193.8.0/22 maxlen: 22
                          188.227.128.0/19 maxlen: 19
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 09:49:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:ad:3e:48:69:16:2b:81:a9:0f:24:cf:20:9a:f6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Mar  5 08:14:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15a4c4e942329868211ed6237367792414788129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6c:48:fc:95:51:1d:b8:e1:af:5d:b9:f8:f3:
                    57:19:91:e4:c8:c2:ad:c0:0e:2e:e7:49:82:8a:69:
                    ac:3e:d6:1f:4e:21:9a:58:4b:e9:0f:6c:51:00:51:
                    44:3e:c2:43:94:89:4e:d1:c0:e8:40:d3:43:03:50:
                    c2:00:37:92:05:54:be:bf:79:b9:37:33:8c:f9:db:
                    56:4b:ce:ef:7d:97:11:9e:a2:85:3a:d9:61:1b:82:
                    53:d3:6f:01:a7:86:92:dd:9f:ff:83:7d:83:a8:ad:
                    2a:67:4a:03:50:01:f3:01:bb:07:66:5d:e9:b9:4e:
                    99:fd:2d:f5:70:db:57:31:04:ab:e4:fb:07:2b:2a:
                    13:32:0c:93:b8:a8:bc:3e:34:4f:d3:f4:f8:86:75:
                    5b:4f:83:8a:7d:06:93:86:dd:72:57:67:31:b3:ef:
                    e6:b6:f8:b4:a7:c8:62:51:f9:ad:3e:72:b2:94:42:
                    70:a5:16:9a:ba:2c:e8:72:76:03:88:d9:9d:89:09:
                    92:95:f2:79:e3:82:c1:41:df:8e:b1:74:f5:87:ae:
                    e5:b3:33:44:84:43:01:5c:74:bf:2f:c1:75:bd:83:
                    7e:4e:12:9e:0d:83:35:c7:ca:9a:bd:1c:fd:82:2c:
                    33:61:7a:0c:d2:2f:69:aa:f1:27:2d:82:7a:d4:e5:
                    a3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A4:C4:E9:42:32:98:68:21:1E:D6:23:73:67:79:24:14:78:81:29
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/FaTE6UIymGghHtYjc2d5JBR4gSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.160.0/21
                  45.252.236.0/22
                  46.251.252.0/22
                  91.228.91.0/24
                  115.42.52.0/22
                  168.245.196.0/23
                  185.59.64.0/22
                  185.130.152.0/22
                  185.193.8.0/22
                  188.227.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2b:c5:e9:4e:92:b5:28:fa:8a:7e:b4:99:cc:09:21:8c:95:a0:
         84:77:bb:5c:02:37:4d:ab:66:34:06:10:16:3e:1d:dc:eb:6e:
         70:1a:68:b9:c5:2f:bb:de:c6:e4:d1:4e:c1:f8:a1:ca:3f:e1:
         04:47:7c:25:9f:fa:62:b3:30:e2:d3:69:a6:e4:a1:53:20:3a:
         cd:1d:ee:c0:75:9f:df:2a:0e:4b:85:82:67:e7:01:0d:24:5a:
         46:b1:0c:12:cb:6b:21:d4:4b:72:b9:b1:4f:5c:43:a3:85:0e:
         b7:cb:4f:1b:17:5f:e6:fb:a6:cc:01:5b:bb:f3:b0:08:53:df:
         77:2d:fb:a5:3f:6f:c0:c1:97:fe:c3:fb:26:89:02:e0:a5:7d:
         85:db:09:ca:94:fd:dc:2f:41:83:30:91:b2:81:94:e0:cb:4b:
         87:95:83:83:46:e9:a3:b8:b2:1e:f6:0d:fb:48:db:07:8e:78:
         fe:be:a1:ee:d0:19:01:39:ca:7b:d8:fa:be:7e:33:26:be:65:
         fd:f3:c3:93:4a:d8:dc:41:40:fd:31:d9:94:7e:a3:40:f2:a1:
         29:68:04:8b:8b:de:f0:b7:26:87:62:92:34:aa:25:43:ac:03:
         bc:3e:c6:95:95:7b:c4:a0:42:62:60:24:e5:10:52:56:4b:47:
         d6:f5:f1:47
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY4NrT5IaRYrgakPJM8gmvaKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMzA1MDgxNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWE0YzRlOTQyMzI5ODY4MjExZWQ2MjM3MzY3NzkyNDE0Nzg4MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGxI/JVRHbjhr125+PNXGZHkyMKt
wA4u50mCimmsPtYfTiGaWEvpD2xRAFFEPsJDlIlO0cDoQNNDA1DCADeSBVS+v3m5
NzOM+dtWS87vfZcRnqKFOtlhG4JT028Bp4aS3Z//g32DqK0qZ0oDUAHzAbsHZl3p
uU6Z/S31cNtXMQSr5PsHKyoTMgyTuKi8PjRP0/T4hnVbT4OKfQaTht1yV2cxs+/m
tvi0p8hiUfmtPnKylEJwpRaauizocnYDiNmdiQmSlfJ544LBQd+OsXT1h67lszNE
hEMBXHS/L8F1vYN+ThKeDYM1x8qavRz9giwzYXoM0i9pqvEnLYJ61OWjcwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBWkxOlCMphoIR7WI3NneSQUeIEpMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvRmFURTZVSXltR2doSHRZamMyZDVKQlI0Z1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDJdGgAwQC
LfzsAwQCLvv8AwQAW+RbAwQCcyo0AwQBqPXEAwQCuTtAAwQCuYKYAwQCucEIAwQF
vOOAMA0GCSqGSIb3DQEBCwUAA4IBAQArxelOkrUo+op+tJnMCSGMlaCEd7tcAjdN
q2Y0BhAWPh3c625wGmi5xS+73sbk0U7B+KHKP+EER3wln/piszDi02mm5KFTIDrN
He7AdZ/fKg5LhYJn5wENJFpGsQwSy2sh1EtyubFPXEOjhQ63y08bF1/m+6bMAVu7
87AIU993LfulP2/AwZf+w/smiQLgpX2F2wnKlP3cL0GDMJGygZTgy0uHlYODRumj
uLIe9g37SNsHjnj+vqHu0BkBOcp72Pq+fjMmvmX988OTStjcQUD9MdmUfqNA8qEp
aASLi97wtyaHYpI0qiVDrAO8PsaVlXvEoEJiYCTlEFJWS0fW9fFH
-----END CERTIFICATE-----