Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/JySlQOyX4y0xiG8AvlP01qR9yvo.roa
File:                     JySlQOyX4y0xiG8AvlP01qR9yvo.roa (raw, json)
Hash identifier:          3FbalGjTBk+cnYukL4GKpzM4v6hmrFD4JIEjl06k02k=
Subject key identifier:   27:24:A5:40:EC:97:E3:2D:31:88:6F:00:BE:53:F4:D6:A4:7D:CA:FA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018DF0761A730FBF8D0A45F6E25BAE3CBA7D
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/JySlQOyX4y0xiG8AvlP01qR9yvo.roa
Signing time:             Wed 28 Feb 2024 16:04:48 +0000
ROA not before:           Wed 28 Feb 2024 16:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.143.0/24 maxlen: 24
                          77.47.156.0/24 maxlen: 24
                          77.47.157.0/24 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.141.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          212.111.207.0/24 maxlen: 24
                          212.111.216.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 11:10:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:76:1a:73:0f:bf:8d:0a:45:f6:e2:5b:ae:3c:ba:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Feb 28 16:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2724a540ec97e32d31886f00be53f4d6a47dcafa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9b:75:be:f0:6b:2b:f6:8a:44:81:4d:70:d1:
                    ad:d2:9f:a8:b4:8a:c7:6d:82:18:e6:83:38:77:66:
                    7a:a6:43:7e:59:68:78:a2:03:3e:4c:c7:e3:b7:b0:
                    03:e9:a3:b7:30:fc:6e:cf:d2:1a:15:bb:0a:db:b6:
                    80:da:91:33:75:01:e2:7e:66:68:7f:47:b4:4a:cb:
                    80:29:bb:10:2a:37:41:b6:b1:a1:a3:91:e6:5a:6e:
                    e0:64:2b:86:2a:e0:65:e6:59:82:20:e2:77:df:31:
                    c1:83:d4:87:22:13:e5:6d:45:e3:68:e3:ec:56:54:
                    ef:8c:d5:13:83:6b:87:09:d6:e2:08:04:bc:16:d8:
                    a8:e5:fd:35:e7:28:06:34:fa:76:f1:6f:41:20:3f:
                    c3:8a:a1:d8:02:17:10:51:86:7c:ad:f4:aa:fd:3c:
                    f2:d5:5e:31:db:59:12:1e:f3:01:51:5c:7e:1a:02:
                    8e:3d:e7:80:dd:c5:f8:13:ab:d2:7e:59:5e:a8:b8:
                    1e:c0:1a:63:2a:95:69:fa:17:26:b0:f0:90:9e:86:
                    92:a8:56:a7:7c:e5:ef:2d:09:13:38:c2:ab:d2:58:
                    2d:83:87:47:79:f3:bb:af:cc:a5:29:8f:5d:65:9a:
                    16:e9:0c:c7:20:e5:d4:04:59:2e:64:37:10:e9:ab:
                    30:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:24:A5:40:EC:97:E3:2D:31:88:6F:00:BE:53:F4:D6:A4:7D:CA:FA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/JySlQOyX4y0xiG8AvlP01qR9yvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.143.0/24
                  77.47.156.0/23
                  185.143.56.0/22
                  195.178.141.0/24
                  195.178.144.0/23
                  195.178.147.0/24
                  195.178.152.0/22
                  212.111.207.0/24
                  212.111.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:f9:37:ed:4a:7b:61:08:02:9b:77:03:e7:9e:e7:ff:3f:e3:
         bf:66:36:c8:c7:49:2b:b8:3e:90:2b:10:0b:7d:b6:00:ec:6e:
         b0:33:ea:d3:bd:29:4d:49:05:14:f0:94:dc:82:ad:5e:ef:54:
         87:11:5e:e0:01:5d:99:39:a9:5a:25:34:13:a4:88:90:1f:43:
         1a:02:00:4c:2b:78:d0:bd:df:ec:09:2e:52:1f:75:85:23:82:
         77:03:50:4e:09:be:c2:26:67:c2:83:40:5c:de:42:e6:9f:c1:
         22:b6:07:f1:55:47:c3:68:38:c9:f1:e3:86:54:0a:23:26:44:
         de:d7:6a:3c:08:dc:6d:9e:2a:af:64:c8:8a:5c:5b:01:bb:82:
         da:96:3e:8c:6f:31:0f:78:d9:d5:a0:30:a2:f2:98:4c:1c:0d:
         92:86:0e:78:d9:b2:a9:59:c1:ee:2e:2d:ba:fc:65:24:da:d0:
         d5:53:e0:fd:cb:32:a4:86:0a:d4:fa:8f:32:4e:12:64:86:51:
         c2:27:5e:fc:8b:08:c1:74:85:ba:af:2f:be:9b:31:4f:12:fe:
         65:54:69:9d:22:77:af:25:e8:aa:70:8f:af:10:d5:d6:55:e2:
         53:c0:4e:3b:77:4f:37:d0:97:e2:6f:b6:7b:91:4f:97:98:0c:
         0f:dd:b4:72
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY3wdhpzD7+NCkX24luuPLp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMjI4MTYwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI0YTU0MGVjOTdlMzJkMzE4ODZmMDBiZTUzZjRkNmE0N2RjYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJt1vvBrK/aKRIFNcNGt0p+otIrH
bYIY5oM4d2Z6pkN+WWh4ogM+TMfjt7AD6aO3MPxuz9IaFbsK27aA2pEzdQHifmZo
f0e0SsuAKbsQKjdBtrGho5HmWm7gZCuGKuBl5lmCIOJ33zHBg9SHIhPlbUXjaOPs
VlTvjNUTg2uHCdbiCAS8Ftio5f015ygGNPp28W9BID/DiqHYAhcQUYZ8rfSq/Tzy
1V4x21kSHvMBUVx+GgKOPeeA3cX4E6vSflleqLgewBpjKpVp+hcmsPCQnoaSqFan
fOXvLQkTOMKr0lgtg4dHefO7r8ylKY9dZZoW6QzHIOXUBFkuZDcQ6aswjwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCckpUDsl+MtMYhvAL5T9Nakfcr6MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvSnlTbFFPeVg0eTB4aUc4QXZsUDAxcVI5eXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATS+PAwQB
TS+cAwQCuY84AwQAw7KNAwQBw7KQAwQAw7KTAwQCw7KYAwQA1G/PAwQB1G/YMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+TftSnthCAKbdwPnnuf/P+O/ZjbIx0kruD6QKxAL
fbYA7G6wM+rTvSlNSQUU8JTcgq1e71SHEV7gAV2ZOalaJTQTpIiQH0MaAgBMK3jQ
vd/sCS5SH3WFI4J3A1BOCb7CJmfCg0Bc3kLmn8EitgfxVUfDaDjJ8eOGVAojJkTe
12o8CNxtniqvZMiKXFsBu4Lalj6MbzEPeNnVoDCi8phMHA2Shg542bKpWcHuLi26
/GUk2tDVU+D9yzKkhgrU+o8yThJkhlHCJ178iwjBdIW6ry++mzFPEv5lVGmdInev
JeiqcI+vENXWVeJTwE47d0830Jfib7Z7kU+XmAwP3bRy
-----END CERTIFICATE-----