Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8gtzI1yWlLtZEwZXpzy7y0KCkjM.roa
File:                     8gtzI1yWlLtZEwZXpzy7y0KCkjM.roa (raw, json)
Hash identifier:          xovlPoS6kNtj1Fs7FNDXzJYZrC5zf0TZS29ktZTnqVk=
Subject key identifier:   F2:0B:73:23:5C:96:94:BB:59:13:06:57:A7:3C:BB:CB:42:82:92:33
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01916B7D5A748DBA4B860CBA3DA15A6461E1
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8gtzI1yWlLtZEwZXpzy7y0KCkjM.roa
Signing time:             Mon 19 Aug 2024 16:34:22 +0000
ROA not before:           Mon 19 Aug 2024 16:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        91.194.55.0/24 maxlen: 24
                          185.88.175.0/24 maxlen: 24
                          185.184.24.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24
                          185.249.200.0/24 maxlen: 24
                          185.249.201.0/24 maxlen: 24
                          185.249.203.0/24 maxlen: 24
                          193.35.152.0/24 maxlen: 24
                          193.35.155.0/24 maxlen: 24
                          193.160.140.0/24 maxlen: 24
                          193.223.106.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 05 Oct 2024 19:12:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:7d:5a:74:8d:ba:4b:86:0c:ba:3d:a1:5a:64:61:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Aug 19 16:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f20b73235c9694bb59130657a73cbbcb42829233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:62:3d:04:8a:0e:1c:56:a1:bf:a2:ae:51:
                    68:dd:84:9c:b1:7a:8c:ef:b1:7a:d1:2d:f5:86:44:
                    cb:33:97:ca:3b:e3:25:e2:83:fd:75:f7:4d:be:a6:
                    9e:6b:f8:bb:1e:d8:0f:4a:a6:c6:e5:1f:29:69:b6:
                    8d:98:db:61:1d:7e:d8:76:dd:b0:6d:9c:b7:c1:70:
                    4e:95:01:99:3d:31:f4:34:09:de:43:21:17:f7:90:
                    7c:43:c1:e3:6a:92:64:98:02:5b:de:29:17:72:88:
                    4f:4a:c3:e9:b0:4b:e0:0d:b4:79:d2:f0:2c:50:2e:
                    26:9d:87:5e:34:63:97:65:1d:1d:1c:b4:c4:2b:82:
                    71:83:ef:5e:09:26:53:78:a7:ce:04:46:63:47:b6:
                    13:0c:d0:7b:48:95:f0:57:4c:99:e3:00:53:0d:81:
                    66:60:f8:f6:43:9d:2a:f8:1c:3a:6d:f7:14:77:c1:
                    a7:a6:f2:7c:65:03:1b:79:31:a2:36:30:32:30:99:
                    60:7b:40:1a:2f:b3:74:dd:ca:ff:96:a8:b0:a9:59:
                    db:c9:b9:c0:c1:ba:1e:db:34:a2:02:d1:f2:76:16:
                    53:0f:8c:b8:0b:c8:9d:c9:16:d3:93:6e:63:f7:ec:
                    61:16:43:38:67:38:9b:40:68:bf:5d:ad:3f:a2:38:
                    e3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:0B:73:23:5C:96:94:BB:59:13:06:57:A7:3C:BB:CB:42:82:92:33
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8gtzI1yWlLtZEwZXpzy7y0KCkjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.55.0/24
                  185.88.175.0/24
                  185.184.24.0/24
                  185.243.181.0/24
                  185.249.200.0/23
                  185.249.203.0/24
                  193.35.152.0/24
                  193.35.155.0/24
                  193.160.140.0/24
                  193.223.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:6d:a7:d4:c3:95:ab:6e:e6:39:cf:b3:71:c2:b3:da:2f:26:
         07:37:5d:8a:22:89:0d:d7:38:9f:83:d8:2b:a2:90:4a:7c:2f:
         b8:43:81:bc:2f:63:fb:9e:5a:46:01:61:7c:c0:9d:38:e3:d5:
         07:e7:4c:6c:00:73:87:be:1d:db:59:da:3c:a6:0b:fc:5a:42:
         bc:e5:d8:3e:d7:47:5a:d2:5e:d6:10:f6:a7:33:33:1f:5e:ac:
         b6:13:37:d4:8c:84:ae:61:92:ee:b8:fd:dd:b3:f0:10:c7:28:
         b3:28:23:20:1d:e7:50:0c:17:09:92:9c:90:98:95:cd:5c:1b:
         0a:18:31:87:b8:e4:77:b0:0c:c3:7e:9a:5d:46:e4:3c:35:f7:
         56:ee:16:70:1e:a0:59:89:2c:08:b9:7b:c2:fc:00:9f:a4:1c:
         bd:26:26:99:5f:a2:d1:85:12:f3:2d:fb:4a:ef:ed:d2:99:dd:
         14:25:a4:0a:c8:c4:73:a1:41:30:da:07:c6:b8:dc:8b:24:01:
         e3:43:c5:fd:ee:b7:45:84:1b:60:55:ff:ce:a0:41:8a:26:1e:
         82:8a:ea:2b:4d:da:2e:e8:76:7e:21:a0:ae:99:bd:7f:b4:50:
         37:45:7a:25:8b:24:3d:71:11:34:39:9e:78:76:e9:f1:4e:9f:
         57:f6:62:8b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZFrfVp0jbpLhgy6PaFaZGHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwODE5MTYzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjBiNzMyMzVjOTY5NGJiNTkxMzA2NTdhNzNjYmJjYjQyODI5MjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD1iPQSKDhxWob+irlFo3YScsXqM
77F60S31hkTLM5fKO+Ml4oP9dfdNvqaea/i7HtgPSqbG5R8pabaNmNthHX7Ydt2w
bZy3wXBOlQGZPTH0NAneQyEX95B8Q8HjapJkmAJb3ikXcohPSsPpsEvgDbR50vAs
UC4mnYdeNGOXZR0dHLTEK4Jxg+9eCSZTeKfOBEZjR7YTDNB7SJXwV0yZ4wBTDYFm
YPj2Q50q+Bw6bfcUd8GnpvJ8ZQMbeTGiNjAyMJlge0AaL7N03cr/lqiwqVnbybnA
wboe2zSiAtHydhZTD4y4C8idyRbTk25j9+xhFkM4ZzibQGi/Xa0/ojjj0wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPILcyNclpS7WRMGV6c8u8tCgpIzMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvOGd0ekkxeVdsTHRaRXdaWHB6eTd5MEtDa2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAW8I3AwQA
uVivAwQAubgYAwQAufO1AwQBufnIAwQAufnLAwQAwSOYAwQAwSObAwQAwaCMAwQA
wd9qMA0GCSqGSIb3DQEBCwUAA4IBAQCwbafUw5WrbuY5z7NxwrPaLyYHN12KIokN
1zifg9gropBKfC+4Q4G8L2P7nlpGAWF8wJ0449UH50xsAHOHvh3bWdo8pgv8WkK8
5dg+10da0l7WEPanMzMfXqy2EzfUjISuYZLuuP3ds/AQxyizKCMgHedQDBcJkpyQ
mJXNXBsKGDGHuOR3sAzDfppdRuQ8NfdW7hZwHqBZiSwIuXvC/ACfpBy9JiaZX6LR
hRLzLftK7+3Smd0UJaQKyMRzoUEw2gfGuNyLJAHjQ8X97rdFhBtgVf/OoEGKJh6C
iuorTdou6HZ+IaCumb1/tFA3RXoliyQ9cRE0OZ54dunxTp9X9mKL
-----END CERTIFICATE-----