Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HS4XuDmBschG1wJjmjJN6B8q76I.roa
File:                     HS4XuDmBschG1wJjmjJN6B8q76I.roa (raw, json)
Hash identifier:          lYyvx/ZPMkJzC0FoMDgCrjHJYxWiXoXtcstAuuQkECE=
Subject key identifier:   1D:2E:17:B8:39:81:B1:C8:46:D7:02:63:9A:32:4D:E8:1F:2A:EF:A2
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018D098A63968C0B340928D401C303228FFE
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HS4XuDmBschG1wJjmjJN6B8q76I.roa
Signing time:             Sun 14 Jan 2024 19:54:40 +0000
ROA not before:           Sun 14 Jan 2024 19:54:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        212.68.36.0/24 maxlen: 24
                          212.68.38.0/24 maxlen: 24
                          77.92.144.0/24 maxlen: 24
                          212.68.49.0/24 maxlen: 24
                          188.132.170.0/24 maxlen: 24
                          31.210.51.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          31.210.49.0/24 maxlen: 24
                          31.210.53.0/24 maxlen: 24
                          78.135.78.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 16 Feb 2024 13:11:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:09:8a:63:96:8c:0b:34:09:28:d4:01:c3:03:22:8f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan 14 19:54:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d2e17b83981b1c846d702639a324de81f2aefa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:22:9b:b1:20:2c:99:21:50:6e:3b:d9:41:
                    48:ec:ad:88:72:8a:72:c8:a4:5d:c5:83:74:19:0d:
                    b7:e5:ce:b8:b0:32:7c:03:3d:8b:9d:50:81:e2:a0:
                    45:6c:f6:ff:e3:7a:c4:15:a3:a4:5c:b5:c4:52:9c:
                    5e:84:99:be:bf:de:cb:1f:6f:58:7f:4e:37:fa:aa:
                    3e:aa:da:fa:ff:6b:db:15:7a:11:32:2a:0c:49:7c:
                    e4:22:af:dc:c4:b8:eb:5e:00:4d:f5:88:db:8b:ac:
                    11:53:c5:59:dd:43:5f:22:81:47:28:ff:b3:bd:2e:
                    57:cc:88:6e:0a:f5:d3:5f:b0:34:6b:b4:e4:a0:f1:
                    07:a7:0d:71:1c:a5:7b:01:49:e8:0a:ae:dd:b6:ac:
                    41:37:be:81:fc:e4:55:f2:05:8b:97:fc:3c:0b:e6:
                    e8:64:5b:42:89:fd:2b:97:b8:3a:cb:c7:b3:e3:ec:
                    8a:81:7b:1c:7d:96:19:0a:4a:c4:f7:0e:ca:63:33:
                    0e:3e:83:58:95:c5:23:4f:f0:e8:3e:ea:f1:e0:5f:
                    48:2d:41:e7:15:75:0b:a0:cc:2a:1f:9e:24:56:5e:
                    ee:fd:b7:8a:74:9d:75:b8:2c:d9:37:40:34:51:b3:
                    8e:62:c6:6d:ab:14:9a:54:02:1b:de:78:cf:4e:54:
                    64:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2E:17:B8:39:81:B1:C8:46:D7:02:63:9A:32:4D:E8:1F:2A:EF:A2
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HS4XuDmBschG1wJjmjJN6B8q76I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.49.0-31.210.51.255
                  31.210.53.0/24
                  77.92.144.0/24
                  78.135.78.0/24
                  188.132.170.0/24
                  212.68.36.0/24
                  212.68.38.0/24
                  212.68.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d6:0b:84:38:7a:21:b5:0b:a1:7a:ee:d2:14:89:f5:b1:13:
         92:38:a3:82:28:7b:d5:05:d6:51:8c:06:46:f3:c4:6a:ef:0a:
         44:19:4e:72:28:f9:45:52:b2:ad:fb:dd:c4:e5:2f:76:5f:84:
         c3:0c:f0:df:6c:d5:92:7e:e9:d1:4a:a7:35:c1:e4:4a:15:c7:
         ee:a2:c4:1d:9d:c7:57:f1:a7:0e:fa:fc:ad:81:7d:23:e5:5c:
         3f:f7:03:f9:6f:d8:7e:23:77:51:13:69:b3:9b:94:f0:01:81:
         08:32:5d:e3:f9:e6:62:b5:d2:85:ca:67:1e:c5:55:d9:82:74:
         98:d5:c8:ae:da:74:75:f3:84:ea:92:0f:de:a8:3a:6b:55:46:
         c9:b6:4f:55:0d:2b:8a:a2:fd:38:e9:c3:64:aa:2b:e6:46:a6:
         e6:af:44:b2:6f:2a:8c:17:45:f1:f6:11:05:e7:23:b2:06:2b:
         02:97:ed:9e:9f:9d:39:e6:8e:37:5b:80:9e:56:a9:7a:2c:d3:
         9c:32:35:ed:93:f7:ba:95:ec:75:bb:04:a1:8f:05:ea:b7:9a:
         8c:72:f0:32:c4:2a:c3:c2:47:ee:f3:de:9f:98:70:77:ce:20:
         b8:7c:55:4a:6c:18:62:5c:66:5f:61:68:9d:47:c1:0e:9c:3a:
         47:3a:49:8d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY0JimOWjAs0CSjUAcMDIo/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTE0MTk1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJlMTdiODM5ODFiMWM4NDZkNzAyNjM5YTMyNGRlODFmMmFlZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz4im7EgLJkhUG472UFI7K2Icopy
yKRdxYN0GQ235c64sDJ8Az2LnVCB4qBFbPb/43rEFaOkXLXEUpxehJm+v97LH29Y
f043+qo+qtr6/2vbFXoRMioMSXzkIq/cxLjrXgBN9Yjbi6wRU8VZ3UNfIoFHKP+z
vS5XzIhuCvXTX7A0a7TkoPEHpw1xHKV7AUnoCq7dtqxBN76B/ORV8gWLl/w8C+bo
ZFtCif0rl7g6y8ez4+yKgXscfZYZCkrE9w7KYzMOPoNYlcUjT/DoPurx4F9ILUHn
FXULoMwqH54kVl7u/beKdJ11uCzZN0A0UbOOYsZtqxSaVAIb3njPTlRkrwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB0uF7g5gbHIRtcCY5oyTegfKu+iMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSFM0WHVEbUJzY2hHMXdKam1qSk42QjhxNzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAAf0jED
BAIf0jADBAAf0jUDBABNXJADBABOh04DBAC8hKoDBADURCQDBADURCYDBADURDEw
DQYJKoZIhvcNAQELBQADggEBACLWC4Q4eiG1C6F67tIUifWxE5I4o4Ioe9UF1lGM
BkbzxGrvCkQZTnIo+UVSsq373cTlL3ZfhMMM8N9s1ZJ+6dFKpzXB5EoVx+6ixB2d
x1fxpw76/K2BfSPlXD/3A/lv2H4jd1ETabOblPABgQgyXeP55mK10oXKZx7FVdmC
dJjVyK7adHXzhOqSD96oOmtVRsm2T1UNK4qi/Tjpw2SqK+ZGpuavRLJvKowXRfH2
EQXnI7IGKwKX7Z6fnTnmjjdbgJ5WqXos05wyNe2T97qV7HW7BKGPBeq3moxy8DLE
KsPCR+7z3p+YcHfOILh8VUpsGGJcZl9haJ1HwQ6cOkc6SY0=
-----END CERTIFICATE-----