Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/HfGiu3L4TB5Riy2GchDYeLoiKdc.roa
File:                     HfGiu3L4TB5Riy2GchDYeLoiKdc.roa (raw, json)
Hash identifier:          8G+wXcLoU5Bu5uN2aTEn4wVE4uTjP2STQ+x22iMWryY=
Subject key identifier:   1D:F1:A2:BB:72:F8:4C:1E:51:8B:2D:86:72:10:D8:78:BA:22:29:D7
Certificate issuer:       /CN=12a657f3424c8dd55215af853b93307c366c538a
Certificate serial:       01910DE78E99E25C578A788A0FBAF7821D75
Authority key identifier: 12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/HfGiu3L4TB5Riy2GchDYeLoiKdc.roa
Signing time:             Thu 01 Aug 2024 12:26:04 +0000
ROA not before:           Thu 01 Aug 2024 12:26:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211995
IP address blocks:        46.28.237.0/24 maxlen: 24
                          93.114.130.0/24 maxlen: 24
                          109.237.112.0/20 maxlen: 20
                          185.77.3.0/24 maxlen: 24
                          185.136.207.0/24 maxlen: 24
                          185.233.35.0/24 maxlen: 24
                          194.164.222.0/24 maxlen: 24
                          213.142.158.0/24 maxlen: 24
                          2a10:d880::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sat 03 Aug 2024 09:12:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0d:e7:8e:99:e2:5c:57:8a:78:8a:0f:ba:f7:82:1d:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12a657f3424c8dd55215af853b93307c366c538a
        Validity
            Not Before: Aug  1 12:26:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1df1a2bb72f84c1e518b2d867210d878ba2229d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:22:ce:44:78:71:3f:58:00:fd:f6:b5:cb:05:
                    04:aa:30:2d:ba:32:6e:af:c0:e6:c1:7a:fd:db:ca:
                    90:45:37:ff:63:a7:3d:0d:35:38:a9:db:31:94:8c:
                    25:bb:a5:d5:3e:cb:52:62:95:14:f6:bb:45:f2:80:
                    7b:6f:99:63:c7:cd:9e:80:bc:16:b3:8f:ed:37:0a:
                    eb:76:c9:11:3d:4e:1a:74:e1:44:a6:6e:36:62:fa:
                    f1:54:9a:6c:9c:75:41:fa:a4:12:3c:84:73:a5:f7:
                    07:3b:9c:fb:17:99:a5:5b:5c:dc:2c:3e:79:53:f2:
                    ae:75:ae:92:7f:ed:42:fe:bc:5d:65:6d:f9:b1:38:
                    b3:d6:4f:ff:dd:6e:40:99:c3:59:4f:a8:9c:e1:e9:
                    fe:ff:38:41:90:a1:27:69:ad:5a:cf:39:a4:65:6e:
                    b3:26:87:e0:c7:c3:f1:95:8c:ab:4f:72:16:ee:b3:
                    89:0a:d7:1f:88:f6:c2:fe:c8:55:aa:a4:e8:71:51:
                    67:e7:8d:52:17:05:da:1c:f3:19:b7:8d:17:96:53:
                    8b:0c:84:d7:54:aa:97:47:09:13:20:b1:6a:38:1c:
                    7d:bd:3a:6e:2c:95:46:a8:a4:37:9d:85:03:64:62:
                    e3:f6:fd:0a:e6:37:92:a3:c0:ac:4f:7b:17:d9:ba:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F1:A2:BB:72:F8:4C:1E:51:8B:2D:86:72:10:D8:78:BA:22:29:D7
            X509v3 Authority Key Identifier:
                keyid:12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/HfGiu3L4TB5Riy2GchDYeLoiKdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/EqZX80JMjdVSFa-FO5MwfDZsU4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.237.0/24
                  93.114.130.0/24
                  109.237.112.0/20
                  185.77.3.0/24
                  185.136.207.0/24
                  185.233.35.0/24
                  194.164.222.0/24
                  213.142.158.0/24
                IPv6:
                  2a10:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:58:3d:23:27:c0:c0:4d:f7:94:b2:0d:e4:f8:b2:9e:96:dc:
         ef:dd:dc:e3:0d:8f:cb:f4:6b:15:07:24:0b:6a:e9:e3:7f:60:
         3e:6f:52:a8:5b:ad:98:61:87:0b:01:9c:3a:8c:05:92:41:ee:
         18:d5:6f:42:5f:2d:64:d5:06:01:f2:8f:54:a3:34:b9:1d:42:
         ae:fd:3c:36:f2:79:cc:15:17:b2:45:c6:4c:a3:17:a1:cb:56:
         6f:f0:c3:09:36:04:93:82:53:c6:d1:fb:99:5a:fe:34:c0:c8:
         47:88:37:20:2a:4e:54:56:80:c1:a3:2a:b4:8b:af:e5:da:36:
         58:e4:40:6e:a3:7e:12:eb:80:1f:21:a4:a2:2e:83:ee:14:b8:
         35:ba:59:42:6c:36:e0:be:d8:7a:f1:17:d2:2b:3e:39:96:a6:
         7c:9b:74:64:f5:aa:f9:ad:24:d7:b5:0f:6f:08:a9:9d:c2:6c:
         33:a6:f1:b1:18:65:62:9a:0f:23:26:24:7e:53:3e:a4:1e:07:
         3a:c1:bb:93:b2:51:c7:d9:a1:78:10:a1:47:74:8b:75:95:0f:
         c9:c2:48:21:e4:b4:e7:cc:a2:a7:04:5f:48:26:6d:84:be:c4:
         a2:89:29:e2:b1:1e:34:1b:6a:4f:7b:01:94:a5:e6:f9:3d:ef:
         68:f2:b2:53
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZEN546Z4lxXiniKD7r3gh11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYTY1N2YzNDI0YzhkZDU1MjE1YWY4NTNiOTMzMDdjMzY2
YzUzOGEwHhcNMjQwODAxMTIyNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGYxYTJiYjcyZjg0YzFlNTE4YjJkODY3MjEwZDg3OGJhMjIyOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiLORHhxP1gA/fa1ywUEqjAtujJu
r8DmwXr928qQRTf/Y6c9DTU4qdsxlIwlu6XVPstSYpUU9rtF8oB7b5ljx82egLwW
s4/tNwrrdskRPU4adOFEpm42YvrxVJpsnHVB+qQSPIRzpfcHO5z7F5mlW1zcLD55
U/Kuda6Sf+1C/rxdZW35sTiz1k//3W5AmcNZT6ic4en+/zhBkKEnaa1azzmkZW6z
Jofgx8PxlYyrT3IW7rOJCtcfiPbC/shVqqTocVFn541SFwXaHPMZt40XllOLDITX
VKqXRwkTILFqOBx9vTpuLJVGqKQ3nYUDZGLj9v0K5jeSo8CsT3sX2boLDQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFB3xorty+EweUYsthnIQ2Hi6IinXMB8GA1UdIwQY
MBaAFBKmV/NCTI3VUhWvhTuTMHw2bFOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMt
MDVmMDkzMzg1YWM4LzEvSGZHaXUzTDRUQjVSaXkyR2NoRFllTG9pS2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMtMDVmMDkzMzg1YWM4
LzEvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQALhztAwQA
XXKCAwQEbe1wAwQAuU0DAwQAuYjPAwQAuekjAwQAwqTeAwQA1Y6eMA0EAgACMAcD
BQMqENiAMA0GCSqGSIb3DQEBCwUAA4IBAQCjWD0jJ8DATfeUsg3k+LKeltzv3dzj
DY/L9GsVByQLaunjf2A+b1KoW62YYYcLAZw6jAWSQe4Y1W9CXy1k1QYB8o9UozS5
HUKu/Tw28nnMFReyRcZMoxehy1Zv8MMJNgSTglPG0fuZWv40wMhHiDcgKk5UVoDB
oyq0i6/l2jZY5EBuo34S64AfIaSiLoPuFLg1ullCbDbgvth68RfSKz45lqZ8m3Rk
9ar5rSTXtQ9vCKmdwmwzpvGxGGVimg8jJiR+Uz6kHgc6wbuTslHH2aF4EKFHdIt1
lQ/Jwkgh5LTnzKKnBF9IJm2EvsSiiSnisR40G2pPewGUpeb5Pe9o8rJT
-----END CERTIFICATE-----