Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dssYdz1y4C7HacHGts1Bdrf3RIs.roa
File:                     dssYdz1y4C7HacHGts1Bdrf3RIs.roa (raw, json)
Hash identifier:          1rGD0bKU5vRY9ABIhDTkI06ozCZFE3qvcQz7FWM0SRo=
Subject key identifier:   76:CB:18:77:3D:72:E0:2E:C7:69:C1:C6:B6:CD:41:76:B7:F7:44:8B
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019427473118E9551EC8BE2A4A19797C239C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dssYdz1y4C7HacHGts1Bdrf3RIs.roa
Signing time:             Thu 02 Jan 2025 13:49:24 +0000
ROA not before:           Thu 02 Jan 2025 13:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        93.190.12.0/24 maxlen: 24
                          109.236.51.0/24 maxlen: 24
                          160.20.109.0/24 maxlen: 24
                          185.86.6.0/24 maxlen: 24
                          185.243.181.0/24 maxlen: 24
                          185.254.28.0/24 maxlen: 24
                          185.254.29.0/24 maxlen: 24
                          185.254.239.0/24 maxlen: 24
                          193.35.152.0/24 maxlen: 24
                          193.35.155.0/24 maxlen: 24
                          193.160.143.0/24 maxlen: 24
                          194.62.54.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 05 Jan 2025 15:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:31:18:e9:55:1e:c8:be:2a:4a:19:79:7c:23:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  2 13:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76cb18773d72e02ec769c1c6b6cd4176b7f7448b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f4:73:02:23:71:c1:cc:30:9f:c3:c3:9c:5a:
                    fe:3a:f3:13:e0:bc:6e:32:7d:85:88:1c:c5:d7:54:
                    14:48:62:66:9f:2c:aa:1d:2b:da:2a:0a:7a:b5:b1:
                    b3:b5:2c:76:8c:1b:48:77:65:02:4f:4d:d5:22:03:
                    d0:1a:b6:7e:aa:b1:3f:73:13:c3:1d:ef:02:b2:92:
                    e3:17:8b:60:ed:84:0e:02:70:77:49:8e:47:86:ef:
                    61:60:b0:21:b5:ab:b2:04:c9:36:4e:21:27:7a:40:
                    61:b5:58:c9:63:1a:32:10:f9:4a:e1:74:56:1f:06:
                    b0:72:04:bf:50:ba:0d:2e:97:50:20:ff:9d:39:46:
                    17:5e:98:c8:9b:ac:8b:af:42:7c:37:51:dd:95:96:
                    ab:b0:2b:a2:55:50:7a:bd:3e:24:68:18:36:c9:e4:
                    cb:6a:72:88:a4:03:54:a7:0e:e5:50:7b:29:73:e7:
                    b9:b1:71:21:66:16:cc:92:5c:bc:b2:78:d9:aa:83:
                    18:bd:7c:ff:de:e9:df:04:f1:4a:ad:e7:67:44:2c:
                    78:c0:d1:fc:09:c9:70:45:35:96:b7:8b:74:f4:76:
                    df:3f:db:96:6e:75:e2:83:e6:a4:2f:66:3d:95:19:
                    94:09:a1:17:a3:3e:cb:ed:71:38:aa:95:cf:84:8b:
                    bf:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:CB:18:77:3D:72:E0:2E:C7:69:C1:C6:B6:CD:41:76:B7:F7:44:8B
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/dssYdz1y4C7HacHGts1Bdrf3RIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.12.0/24
                  109.236.51.0/24
                  160.20.109.0/24
                  185.86.6.0/24
                  185.243.181.0/24
                  185.254.28.0/23
                  185.254.239.0/24
                  193.35.152.0/24
                  193.35.155.0/24
                  193.160.143.0/24
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:67:a3:f1:e4:22:25:c9:48:db:3d:18:06:33:60:e0:d1:df:
         d7:53:27:4f:a3:1e:1b:59:26:82:ae:c3:60:af:fb:5b:82:32:
         7f:79:e9:2f:1e:89:af:03:35:41:df:6b:0f:19:3f:a3:6f:a5:
         bc:d1:69:b5:c5:6e:fe:89:1f:90:bc:4c:ec:09:4d:0a:a8:1a:
         76:3b:49:e4:87:11:00:5e:d7:82:f3:9b:13:08:b4:ab:60:5b:
         ab:bc:9f:07:f5:4d:cf:e0:e3:03:6c:9b:91:2c:9d:d0:c5:ef:
         6b:93:2e:57:a0:5a:d3:15:a0:68:44:33:66:f1:19:86:95:0c:
         06:be:31:f1:9b:ba:cf:57:25:18:b4:6f:02:20:8d:1a:74:a6:
         16:0f:b7:ae:24:69:dc:2a:42:bd:c8:84:f3:05:7a:d4:1e:ff:
         f1:8d:ed:3d:15:5c:67:58:4f:9c:50:35:13:7f:aa:b8:61:1f:
         00:dd:11:61:e9:5d:e1:03:48:0a:e5:f6:75:6e:b3:f4:61:f0:
         a4:7e:0b:80:ac:85:19:b2:29:2f:7d:5b:3b:cf:88:c1:50:45:
         9d:99:98:5f:2d:0d:4b:b0:a5:e1:87:3c:cd:47:10:8c:2f:33:
         bd:62:a4:70:1c:17:d6:7f:75:bf:c2:f8:92:ad:f1:cf:07:9c:
         1e:08:a2:74
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQnRzEY6VUeyL4qShl5fCOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTAyMTM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmNiMTg3NzNkNzJlMDJlYzc2OWMxYzZiNmNkNDE3NmI3Zjc0NDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPRzAiNxwcwwn8PDnFr+OvMT4Lxu
Mn2FiBzF11QUSGJmnyyqHSvaKgp6tbGztSx2jBtId2UCT03VIgPQGrZ+qrE/cxPD
He8CspLjF4tg7YQOAnB3SY5Hhu9hYLAhtauyBMk2TiEnekBhtVjJYxoyEPlK4XRW
HwawcgS/ULoNLpdQIP+dOUYXXpjIm6yLr0J8N1HdlZarsCuiVVB6vT4kaBg2yeTL
anKIpANUpw7lUHspc+e5sXEhZhbMkly8snjZqoMYvXz/3unfBPFKrednRCx4wNH8
CclwRTWWt4t09HbfP9uWbnXig+akL2Y9lRmUCaEXoz7L7XE4qpXPhIu/bQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHbLGHc9cuAux2nBxrbNQXa390SLMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZHNzWWR6MXk0QzdIYWNIR3RzMUJkcmYzUklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAXb4MAwQA
bewzAwQAoBRtAwQAuVYGAwQAufO1AwQBuf4cAwQAuf7vAwQAwSOYAwQAwSObAwQA
waCPAwQAwj42MA0GCSqGSIb3DQEBCwUAA4IBAQA1Z6Px5CIlyUjbPRgGM2Dg0d/X
UydPox4bWSaCrsNgr/tbgjJ/eekvHomvAzVB32sPGT+jb6W80Wm1xW7+iR+QvEzs
CU0KqBp2O0nkhxEAXteC85sTCLSrYFurvJ8H9U3P4OMDbJuRLJ3Qxe9rky5XoFrT
FaBoRDNm8RmGlQwGvjHxm7rPVyUYtG8CII0adKYWD7euJGncKkK9yITzBXrUHv/x
je09FVxnWE+cUDUTf6q4YR8A3RFh6V3hA0gK5fZ1brP0YfCkfguArIUZsikvfVs7
z4jBUEWdmZhfLQ1LsKXhhzzNRxCMLzO9YqRwHBfWf3W/wviSrfHPB5weCKJ0
-----END CERTIFICATE-----