Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/6a3215-6b62-4363-9abc-7a54db59ec2d/1/5BcoojzdBu18fFgree1svAnleq0.roa
File:                     5BcoojzdBu18fFgree1svAnleq0.roa (raw, json)
Hash identifier:          WIDY1WbAtgZHB9jw0uNC78KWyAXaR2hzipsr6RL0k1s=
Subject key identifier:   E4:17:28:A2:3C:DD:06:ED:7C:7C:58:2B:79:ED:6C:BC:09:E5:7A:AD
Certificate issuer:       /CN=46bb8215b2266da3c0f6ca55cc7ba800e9ade2a2
Certificate serial:       018CC4935F2CD420A3D31FF742122A25A587
Authority key identifier: 46:BB:82:15:B2:26:6D:A3:C0:F6:CA:55:CC:7B:A8:00:E9:AD:E2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RruCFbImbaPA9spVzHuoAOmt4qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/6a3215-6b62-4363-9abc-7a54db59ec2d/1/5BcoojzdBu18fFgree1svAnleq0.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29695
IP address blocks:        213.167.96.0/19 maxlen: 19
                          141.0.64.0/18 maxlen: 18
                          92.220.0.0/15 maxlen: 21
                          109.247.0.0/16 maxlen: 21
                          45.14.52.0/22 maxlen: 22
                          84.234.128.0/17 maxlen: 24
                          79.160.0.0/15 maxlen: 24
                          80.203.0.0/17 maxlen: 17
                          89.11.128.0/17 maxlen: 17
                          81.166.0.0/15 maxlen: 24
                          2a01:798::/29 maxlen: 32
Validation:               Failed, certificate revoked on Mon 29 Jan 2024 08:16:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:2c:d4:20:a3:d3:1f:f7:42:12:2a:25:a5:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46bb8215b2266da3c0f6ca55cc7ba800e9ade2a2
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e41728a23cdd06ed7c7c582b79ed6cbc09e57aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:37:84:1a:82:70:17:57:97:56:8f:2b:a5:27:
                    51:59:c9:40:d8:c1:83:ec:97:87:52:7e:cf:cf:e6:
                    bf:cc:82:b1:38:e2:ba:de:32:57:cb:a7:59:e8:65:
                    56:1f:c0:79:88:16:10:c3:9f:55:b9:91:97:d1:95:
                    17:13:95:74:79:25:b4:c1:99:58:aa:d7:6b:a5:8d:
                    06:9a:b1:ad:b5:97:d1:7d:cb:d4:dd:4e:35:90:ec:
                    7f:5c:b1:c9:1d:b7:3d:a7:3d:84:38:4c:10:2b:b0:
                    1c:f4:1f:94:2b:6e:cb:6f:a8:45:9b:45:53:bc:7b:
                    cc:91:db:1d:08:f9:34:f9:ca:e5:80:7b:d7:c7:c2:
                    fc:57:c9:26:df:3c:f7:c2:58:8a:7d:d3:a7:d2:5c:
                    af:2c:50:d6:05:a1:c4:0f:60:97:49:e6:e1:15:e5:
                    08:64:20:72:c3:6f:05:3a:58:cc:13:5b:21:1f:6f:
                    f1:8b:37:54:dc:ed:4b:30:f6:13:f2:fd:03:16:7c:
                    d3:94:88:b5:58:b8:5d:41:e0:95:4f:ca:c3:68:c9:
                    1f:4a:b7:a7:56:66:fd:33:38:48:f6:01:0a:62:1d:
                    89:53:02:74:a2:a2:c4:5e:2d:9a:47:2b:91:7a:22:
                    04:84:11:fe:a6:ad:92:12:ec:7d:c8:79:2d:97:c5:
                    4d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:17:28:A2:3C:DD:06:ED:7C:7C:58:2B:79:ED:6C:BC:09:E5:7A:AD
            X509v3 Authority Key Identifier:
                keyid:46:BB:82:15:B2:26:6D:A3:C0:F6:CA:55:CC:7B:A8:00:E9:AD:E2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RruCFbImbaPA9spVzHuoAOmt4qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/6a3215-6b62-4363-9abc-7a54db59ec2d/1/5BcoojzdBu18fFgree1svAnleq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/6a3215-6b62-4363-9abc-7a54db59ec2d/1/RruCFbImbaPA9spVzHuoAOmt4qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.52.0/22
                  79.160.0.0/15
                  80.203.0.0/17
                  81.166.0.0/15
                  84.234.128.0/17
                  89.11.128.0/17
                  92.220.0.0/15
                  109.247.0.0/16
                  141.0.64.0/18
                  213.167.96.0/19
                IPv6:
                  2a01:798::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:ac:06:11:ee:01:7f:dc:0d:db:21:0f:79:7c:ef:83:c2:
         80:2f:11:48:85:7e:b7:fa:7e:81:45:41:ac:01:56:48:08:64:
         f5:c0:ed:08:e9:e0:ea:a9:03:9e:b7:75:da:e5:df:13:01:29:
         b6:38:d1:4a:b0:8a:11:cd:cc:5a:c1:eb:d7:d9:1e:49:a7:8a:
         a4:41:a9:85:bb:44:61:a3:d4:b5:b8:74:25:b0:41:79:b4:5e:
         b8:9f:69:be:81:16:6b:59:ba:5c:34:42:a8:7e:0a:e9:84:e2:
         71:72:e9:c2:88:ba:b7:cc:84:e1:2e:d7:22:5d:40:06:e6:42:
         40:90:aa:d7:0a:64:3e:bf:9d:8c:da:b4:40:10:19:59:4d:cb:
         89:d6:96:72:98:0f:31:34:0e:e9:08:4e:ff:2c:dc:a1:99:a5:
         e7:5f:77:55:60:1f:bd:e2:8e:92:9b:d3:4c:19:c8:47:71:a5:
         1c:d6:01:3a:8b:37:7f:a5:18:25:d0:60:65:2f:11:e1:84:f8:
         00:a6:aa:4c:b3:7f:8a:0d:30:2b:bf:d0:95:59:0c:64:6e:8b:
         fd:2b:60:5e:bd:e9:c6:55:72:d5:a6:61:f8:36:34:eb:cd:44:
         c9:0b:a8:d7:52:cd:4a:67:e6:a0:f8:c3:6b:4e:55:85:ce:fc:
         d7:1e:db:e4
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzEk18s1CCj0x/3QhIqJaWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmI4MjE1YjIyNjZkYTNjMGY2Y2E1NWNjN2JhODAwZTlh
ZGUyYTIwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDE3MjhhMjNjZGQwNmVkN2M3YzU4MmI3OWVkNmNiYzA5ZTU3YWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDeEGoJwF1eXVo8rpSdRWclA2MGD
7JeHUn7Pz+a/zIKxOOK63jJXy6dZ6GVWH8B5iBYQw59VuZGX0ZUXE5V0eSW0wZlY
qtdrpY0GmrGttZfRfcvU3U41kOx/XLHJHbc9pz2EOEwQK7Ac9B+UK27Lb6hFm0VT
vHvMkdsdCPk0+crlgHvXx8L8V8km3zz3wliKfdOn0lyvLFDWBaHED2CXSebhFeUI
ZCByw28FOljME1shH2/xizdU3O1LMPYT8v0DFnzTlIi1WLhdQeCVT8rDaMkfSren
Vmb9MzhI9gEKYh2JUwJ0oqLEXi2aRyuReiIEhBH+pq2SEux9yHktl8VNlwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOQXKKI83QbtfHxYK3ntbLwJ5XqtMB8GA1UdIwQY
MBaAFEa7ghWyJm2jwPbKVcx7qADpreKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJ1Q0ZiSW1iYVBBOXNwVnpIdW9BT210NHFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny82YTMyMTUtNmI2Mi00MzYzLTlhYmMt
N2E1NGRiNTllYzJkLzEvNUJjb29qemRCdTE4ZkZncmVlMXN2QW5sZXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny82YTMyMTUtNmI2Mi00MzYzLTlhYmMtN2E1NGRiNTllYzJk
LzEvUnJ1Q0ZiSW1iYVBBOXNwVnpIdW9BT210NHFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQCLQ40AwMB
T6ADBAdQywADAwFRpgMEB1TqgAMEB1kLgAMDAVzcAwMAbfcDBAaNAEADBAXVp2Aw
DQQCAAIwBwMFAyoBB5gwDQYJKoZIhvcNAQELBQADggEBAJBKrAYR7gF/3A3bIQ95
fO+DwoAvEUiFfrf6foFFQawBVkgIZPXA7Qjp4OqpA563ddrl3xMBKbY40UqwihHN
zFrB69fZHkmniqRBqYW7RGGj1LW4dCWwQXm0Xrifab6BFmtZulw0Qqh+CumE4nFy
6cKIurfMhOEu1yJdQAbmQkCQqtcKZD6/nYzatEAQGVlNy4nWlnKYDzE0DukITv8s
3KGZpedfd1VgH73ijpKb00wZyEdxpRzWATqLN3+lGCXQYGUvEeGE+ACmqkyzf4oN
MCu/0JVZDGRui/0rYF696cZVctWmYfg2NOvNRMkLqNdSzUpn5qD4w2tOVYXO/Nce
2+Q=
-----END CERTIFICATE-----