Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/bMZcKg8ZT5gqKX45_ppFp37ommE.roa
File:                     bMZcKg8ZT5gqKX45_ppFp37ommE.roa (raw, json)
Hash identifier:          sAersG1TivmEKleSzrz96m0JADIHaUuDkEAXBdwqrRg=
Subject key identifier:   6C:C6:5C:2A:0F:19:4F:98:2A:29:7E:39:FE:9A:45:A7:7E:E8:9A:61
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019209AC702BD0208D940651D149B6E35B15
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/bMZcKg8ZT5gqKX45_ppFp37ommE.roa
Signing time:             Thu 19 Sep 2024 09:45:48 +0000
ROA not before:           Thu 19 Sep 2024 09:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210423
IP address blocks:        84.232.35.0/24 maxlen: 24
                          84.232.88.0/23 maxlen: 23
                          84.236.226.0/23 maxlen: 23
                          84.236.234.0/23 maxlen: 23
                          94.24.46.0/23 maxlen: 23
                          95.178.112.0/22 maxlen: 22
                          95.178.112.0/23 maxlen: 23
                          95.178.114.0/23 maxlen: 23
                          217.61.80.0/24 maxlen: 24
                          217.61.81.0/24 maxlen: 24
                          217.61.82.0/24 maxlen: 24
                          217.61.83.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 23 Sep 2024 09:28:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:ac:70:2b:d0:20:8d:94:06:51:d1:49:b6:e3:5b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Sep 19 09:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cc65c2a0f194f982a297e39fe9a45a77ee89a61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1d:1a:5f:59:37:4a:5b:6c:21:1b:88:12:51:
                    ea:77:86:0b:a7:ce:16:a5:29:69:59:1f:66:f1:40:
                    0c:da:b2:f8:1a:d7:9f:e7:45:ec:bf:2e:45:23:84:
                    13:0f:45:21:3b:4b:8a:a2:5b:1c:de:c8:37:49:b4:
                    5a:92:12:84:02:da:40:82:35:ad:77:41:48:e4:fe:
                    0f:4b:c7:9d:d5:36:4a:d2:42:a6:73:ef:62:23:2e:
                    3a:e4:e9:70:7b:24:95:7a:8b:8f:06:28:40:3f:e8:
                    5f:0b:33:0b:50:9f:57:05:c4:1e:2e:28:b0:83:da:
                    1e:a0:dc:36:09:99:e4:c6:be:f6:1a:53:b9:5e:33:
                    3a:dc:f6:3f:4a:5d:28:8b:1e:87:e4:e4:2f:8f:e6:
                    2b:aa:6a:cf:08:fd:93:2d:c7:f1:ae:1d:0e:bb:b0:
                    64:89:99:2c:0c:c9:52:da:d5:35:1a:89:a6:83:ea:
                    09:90:f7:e4:44:90:7d:e7:02:77:15:3b:9a:cd:3e:
                    e3:96:a7:c6:c8:b3:ce:62:7c:fa:d1:2e:0f:10:a3:
                    6e:69:b2:55:58:1d:29:0f:48:6c:b7:62:bc:83:eb:
                    00:54:18:3d:d5:4b:eb:08:af:7b:b4:2e:da:13:ac:
                    4a:20:fa:53:2e:eb:36:0a:62:bb:9c:c7:86:5f:17:
                    3c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C6:5C:2A:0F:19:4F:98:2A:29:7E:39:FE:9A:45:A7:7E:E8:9A:61
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/bMZcKg8ZT5gqKX45_ppFp37ommE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.35.0/24
                  84.232.88.0/23
                  84.236.226.0/23
                  84.236.234.0/23
                  94.24.46.0/23
                  95.178.112.0/22
                  217.61.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:8f:7b:f0:35:6a:de:e2:c5:3f:d7:dc:60:00:10:75:4b:60:
         a7:61:1b:ca:f9:84:c2:b3:69:fa:14:18:3b:1f:51:e1:0f:26:
         18:26:64:de:10:91:56:9b:b5:40:a5:fd:65:45:37:e9:82:6c:
         9f:7c:30:79:5b:01:9d:a2:47:b7:5a:74:89:66:45:7e:94:d4:
         10:ba:4e:87:87:69:8f:97:6c:36:18:a8:6b:d5:d9:be:59:39:
         fe:88:f2:f4:a4:66:11:91:68:29:18:aa:0b:6a:87:f0:37:33:
         8b:c9:6c:d1:bd:1e:ce:6e:60:bb:95:08:3f:a6:ce:6c:e2:00:
         c3:bf:23:f5:31:51:1b:f1:95:4a:9e:ef:8c:e2:ca:f6:b8:c9:
         66:33:ef:5c:4f:92:02:41:08:41:a9:3f:76:6d:42:93:87:7a:
         0d:f1:c5:60:d4:13:ff:77:8f:ab:37:7a:66:2c:00:3d:61:23:
         bb:8b:f5:34:e6:9d:88:cd:41:11:65:30:57:6f:ae:ef:50:89:
         02:02:90:da:f8:d4:23:ed:ea:53:85:da:e5:82:9d:84:89:4d:
         6f:b9:38:4f:29:9e:1a:d1:75:9b:58:64:98:be:fe:02:cf:80:
         b3:08:54:8f:d6:40:ed:4a:76:d5:66:c3:a1:9c:81:37:c6:6a:
         2b:8d:6f:38
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZIJrHAr0CCNlAZR0Um241sVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwOTE5MDk0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M2NWMyYTBmMTk0Zjk4MmEyOTdlMzlmZTlhNDVhNzdlZTg5YTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh0aX1k3SltsIRuIElHqd4YLp84W
pSlpWR9m8UAM2rL4Gtef50Xsvy5FI4QTD0UhO0uKolsc3sg3SbRakhKEAtpAgjWt
d0FI5P4PS8ed1TZK0kKmc+9iIy465OlweySVeouPBihAP+hfCzMLUJ9XBcQeLiiw
g9oeoNw2CZnkxr72GlO5XjM63PY/Sl0oix6H5OQvj+YrqmrPCP2TLcfxrh0Ou7Bk
iZksDMlS2tU1Gommg+oJkPfkRJB95wJ3FTuazT7jlqfGyLPOYnz60S4PEKNuabJV
WB0pD0hst2K8g+sAVBg91UvrCK97tC7aE6xKIPpTLus2CmK7nMeGXxc8wQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGzGXCoPGU+YKil+Of6aRad+6JphMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvYk1aY0tnOFpUNWdxS1g0NV9wcEZwMzdvbW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVOgjAwQB
VOhYAwQBVOziAwQBVOzqAwQBXhguAwQCX7JwAwQC2T1QMA0GCSqGSIb3DQEBCwUA
A4IBAQBIj3vwNWre4sU/19xgABB1S2CnYRvK+YTCs2n6FBg7H1HhDyYYJmTeEJFW
m7VApf1lRTfpgmyffDB5WwGdoke3WnSJZkV+lNQQuk6Hh2mPl2w2GKhr1dm+WTn+
iPL0pGYRkWgpGKoLaofwNzOLyWzRvR7ObmC7lQg/ps5s4gDDvyP1MVEb8ZVKnu+M
4sr2uMlmM+9cT5ICQQhBqT92bUKTh3oN8cVg1BP/d4+rN3pmLAA9YSO7i/U05p2I
zUERZTBXb67vUIkCApDa+NQj7epThdrlgp2EiU1vuThPKZ4a0XWbWGSYvv4Cz4Cz
CFSP1kDtSnbVZsOhnIE3xmorjW84
-----END CERTIFICATE-----