Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/BXiC40-Xyfrue0en-JGAA-l2I_s.roa
File:                     BXiC40-Xyfrue0en-JGAA-l2I_s.roa (raw, json)
Hash identifier:          Emd4YB7U7snmz0Rlq0QrH0G7rpJq9sWxoVCOtM364Bo=
Subject key identifier:   05:78:82:E3:4F:97:C9:FA:EE:7B:47:A7:F8:91:80:03:E9:76:23:FB
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019266B6092F7AB9F7ECFC26542ED41357A1
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/BXiC40-Xyfrue0en-JGAA-l2I_s.roa
Signing time:             Mon 07 Oct 2024 11:20:58 +0000
ROA not before:           Mon 07 Oct 2024 11:20:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.148.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24
                          212.111.216.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 14 Oct 2024 21:49:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:b6:09:2f:7a:b9:f7:ec:fc:26:54:2e:d4:13:57:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Oct  7 11:20:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=057882e34f97c9faee7b47a7f8918003e97623fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9b:45:0a:72:1a:9e:f9:5e:23:5d:c4:ec:38:
                    d4:9c:ee:f6:56:9b:82:92:dd:3c:c9:3a:28:79:c8:
                    4e:e5:de:2c:73:f4:27:f8:17:69:6b:28:5e:ea:c5:
                    30:e6:db:1a:8c:ac:fc:39:61:bf:3c:1c:7c:e5:b8:
                    31:57:03:b3:da:77:be:79:7d:9b:3a:c3:be:95:5d:
                    e9:f7:11:bf:3d:8e:b5:b0:22:65:3f:b4:51:24:22:
                    e7:27:4b:02:1c:71:04:50:5f:27:f3:e0:47:4d:0a:
                    d0:65:b5:f3:c7:90:aa:31:77:09:83:3d:d3:66:82:
                    5f:ce:69:8d:e1:d9:59:f7:80:00:86:5f:f2:ce:34:
                    e0:d4:39:11:36:cf:78:c9:3f:c6:84:b4:6d:42:18:
                    80:89:e8:60:33:a1:90:be:e1:77:af:86:ce:a2:39:
                    f1:bb:d4:56:04:39:04:a0:cc:8c:96:88:64:24:b8:
                    16:71:b8:c5:4e:8c:3d:00:46:cc:c8:9b:c5:05:2e:
                    a6:c0:40:7f:7d:16:e4:74:a3:cb:89:04:50:17:04:
                    73:5e:c7:99:8c:f2:5f:d7:9d:cf:6d:08:7f:88:39:
                    20:de:3c:e7:95:23:15:67:32:a4:db:d9:73:27:bb:
                    06:e2:82:02:7e:54:c1:a7:27:bc:2c:6e:92:bd:40:
                    d1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:78:82:E3:4F:97:C9:FA:EE:7B:47:A7:F8:91:80:03:E9:76:23:FB
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/BXiC40-Xyfrue0en-JGAA-l2I_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/22
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24
                  212.111.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:d4:29:68:8b:37:9a:ca:15:f5:cb:cc:66:6c:ac:09:ee:18:
         8c:ea:5a:f7:64:7e:3c:73:c7:c8:2d:da:17:d2:fb:77:db:3a:
         36:c7:f4:83:89:54:95:b3:f5:83:3b:49:02:28:c6:14:a9:a1:
         55:c5:07:c0:5b:33:5e:af:ae:5e:3f:ed:f0:07:27:ae:b2:1d:
         c4:db:1e:ee:4b:c2:31:f7:c7:01:6e:c6:77:9d:08:4e:8d:dc:
         01:7f:24:3e:ce:9d:98:fe:8c:45:1b:ff:9f:a7:aa:60:05:b8:
         b5:70:5d:59:a2:d5:2e:b7:5f:da:82:bd:dd:89:9f:55:29:d7:
         6a:fb:e7:7e:fd:43:15:fc:fa:3e:7b:66:7d:4a:2c:ad:df:4b:
         91:20:f8:4a:cd:81:31:4a:7d:bf:93:f1:92:4c:84:36:b7:9d:
         b7:b0:d2:2c:4c:cd:b3:6f:5e:e6:0d:18:28:b6:02:f3:16:c7:
         01:7b:07:bf:ce:2a:09:54:40:8c:87:70:b9:1b:38:ef:b5:d8:
         5a:1b:29:4a:d1:80:e3:08:a4:b8:59:75:e1:e4:7c:57:ae:62:
         90:3a:df:a5:ba:c5:01:07:35:52:a0:09:49:91:9a:c2:7f:57:
         86:c5:dd:94:5d:89:01:6f:86:63:77:2c:b3:aa:97:c1:68:32:
         e4:97:a1:2a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZJmtgkvern37PwmVC7UE1ehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMDA3MTEyMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTc4ODJlMzRmOTdjOWZhZWU3YjQ3YTdmODkxODAwM2U5NzYyM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5tFCnIanvleI13E7DjUnO72VpuC
kt08yTooechO5d4sc/Qn+Bdpayhe6sUw5tsajKz8OWG/PBx85bgxVwOz2ne+eX2b
OsO+lV3p9xG/PY61sCJlP7RRJCLnJ0sCHHEEUF8n8+BHTQrQZbXzx5CqMXcJgz3T
ZoJfzmmN4dlZ94AAhl/yzjTg1DkRNs94yT/GhLRtQhiAiehgM6GQvuF3r4bOojnx
u9RWBDkEoMyMlohkJLgWcbjFTow9AEbMyJvFBS6mwEB/fRbkdKPLiQRQFwRzXseZ
jPJf153PbQh/iDkg3jznlSMVZzKk29lzJ7sG4oICflTBpye8LG6SvUDR5QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFAV4guNPl8n67ntHp/iRgAPpdiP7MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvQlhpQzQwLVh5ZnJ1ZTBlbi1KR0FBLWwySV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCTS+UAwQB
TS/UAwQBTS/wAwQCuY84AwQCw7KEAwQCw7KQMAwDBAPDspgDBADDspwDBADUb88D
BADUb9gwDQYJKoZIhvcNAQELBQADggEBALvUKWiLN5rKFfXLzGZsrAnuGIzqWvdk
fjxzx8gt2hfS+3fbOjbH9IOJVJWz9YM7SQIoxhSpoVXFB8BbM16vrl4/7fAHJ66y
HcTbHu5LwjH3xwFuxnedCE6N3AF/JD7OnZj+jEUb/5+nqmAFuLVwXVmi1S63X9qC
vd2Jn1Up12r75379QxX8+j57Zn1KLK3fS5Eg+ErNgTFKfb+T8ZJMhDa3nbew0ixM
zbNvXuYNGCi2AvMWxwF7B7/OKglUQIyHcLkbOO+12FobKUrRgOMIpLhZdeHkfFeu
YpA636W6xQEHNVKgCUmRmsJ/V4bF3ZRdiQFvhmN3LLOql8FoMuSXoSo=
-----END CERTIFICATE-----