Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/QYd04xfa8wWdYzxI8IT5kKugQBo.roa
File:                     QYd04xfa8wWdYzxI8IT5kKugQBo.roa (raw, json)
Hash identifier:          Vdm7FUFbawhlGDjO9i4tkcNcZpgsfzbGWwvnPQijb2M=
Subject key identifier:   41:87:74:E3:17:DA:F3:05:9D:63:3C:48:F0:84:F9:90:AB:A0:40:1A
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0192FAF2AFBD1A1834BCDA9C75D86645E018
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/QYd04xfa8wWdYzxI8IT5kKugQBo.roa
Signing time:             Tue 05 Nov 2024 06:11:01 +0000
ROA not before:           Tue 05 Nov 2024 06:11:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.148.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.148.0/23 maxlen: 24
                          195.178.151.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 07 Nov 2024 18:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fa:f2:af:bd:1a:18:34:bc:da:9c:75:d8:66:45:e0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Nov  5 06:11:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=418774e317daf3059d633c48f084f990aba0401a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:26:0b:ac:60:03:63:3d:6d:bb:c3:fe:30:f4:
                    1b:5b:c1:aa:64:71:ec:9d:8d:51:39:89:bf:da:07:
                    5b:b3:e9:78:de:49:85:5b:d5:71:f3:ec:79:4d:4b:
                    1e:c0:99:d2:fb:2d:ca:6d:9d:38:2b:5b:57:a0:80:
                    0a:85:3b:2f:39:a6:c3:f9:39:8b:fb:87:c1:23:56:
                    bd:5b:7f:1b:8c:19:fa:93:30:2b:7d:b9:06:6d:22:
                    45:66:80:d5:00:6c:48:7c:e3:8f:fc:a8:6d:01:f3:
                    f8:f2:f9:37:73:d6:56:3b:51:4d:e9:39:d3:aa:08:
                    15:79:4d:a7:50:76:ba:48:fd:90:be:ca:e0:c6:4d:
                    81:75:19:a7:10:c5:cb:e0:8e:b5:56:00:6c:4a:3e:
                    06:b3:62:79:68:15:53:a8:08:a1:19:4f:0c:b0:48:
                    90:44:30:28:88:d6:43:86:6b:8d:01:0b:9c:92:3c:
                    d0:4c:8b:33:ac:fd:5a:93:f5:6c:59:a0:ae:35:e1:
                    75:9a:64:c4:a4:fa:05:59:8b:76:d5:35:2e:06:f8:
                    a5:04:d9:17:8b:77:da:ac:6d:5e:6c:77:a9:93:e4:
                    a7:b5:1f:bb:f5:00:02:40:a0:a1:94:9c:ec:73:89:
                    39:cb:f2:36:6f:48:04:f2:db:c5:28:2e:f6:ac:2c:
                    37:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:87:74:E3:17:DA:F3:05:9D:63:3C:48:F0:84:F9:90:AB:A0:40:1A
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/QYd04xfa8wWdYzxI8IT5kKugQBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0-195.178.149.255
                  195.178.151.0-195.178.156.255
                  212.111.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:15:13:b8:25:cf:c3:ac:d0:b7:16:e7:78:b8:b2:4c:a9:20:
         34:79:70:a1:47:92:18:57:7a:ca:9c:b1:93:a8:b4:f2:01:24:
         60:f9:2b:a4:8e:57:f4:7b:63:85:e4:e6:40:6c:91:2d:13:06:
         03:9e:61:12:cd:22:7a:2a:ab:af:6d:4e:37:21:c5:02:76:21:
         35:10:72:22:e9:21:8b:b7:4e:f2:99:69:e6:ca:b3:90:d3:c3:
         b8:03:5b:84:e4:8f:c5:68:f7:c7:75:d8:06:da:fe:b2:56:5b:
         93:3d:12:41:10:60:d1:c3:d1:17:76:2f:27:01:20:c9:9d:d9:
         1a:60:68:d1:f7:27:7d:45:58:07:ec:68:ca:60:b8:5f:45:ac:
         12:49:cf:20:ba:20:73:2d:69:66:2b:5c:56:24:a0:3e:4a:01:
         3a:dc:db:42:ee:42:53:ac:f3:af:ab:97:5b:04:22:3e:e6:ac:
         2c:6f:7d:d6:11:b6:f0:21:e0:a9:8e:4b:9a:64:a2:8d:99:dd:
         fe:3e:d7:9e:d5:7b:23:fc:10:0b:24:cf:74:c4:43:1b:b8:4e:
         ea:a8:47:68:75:64:8d:b3:47:ff:c9:b3:a6:cf:e1:10:43:11:
         da:2a:28:9e:74:60:c7:16:dc:e4:c3:11:3b:75:9d:4d:92:4f:
         2d:49:36:a4
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZL68q+9Ghg0vNqcddhmReAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMTA1MDYxMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTg3NzRlMzE3ZGFmMzA1OWQ2MzNjNDhmMDg0Zjk5MGFiYTA0MDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYLrGADYz1tu8P+MPQbW8GqZHHs
nY1ROYm/2gdbs+l43kmFW9Vx8+x5TUsewJnS+y3KbZ04K1tXoIAKhTsvOabD+TmL
+4fBI1a9W38bjBn6kzArfbkGbSJFZoDVAGxIfOOP/KhtAfP48vk3c9ZWO1FN6TnT
qggVeU2nUHa6SP2Qvsrgxk2BdRmnEMXL4I61VgBsSj4Gs2J5aBVTqAihGU8MsEiQ
RDAoiNZDhmuNAQuckjzQTIszrP1ak/VsWaCuNeF1mmTEpPoFWYt21TUuBvilBNkX
i3farG1ebHepk+SntR+79QACQKChlJzsc4k5y/I2b0gE8tvFKC72rCw3cQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFEGHdOMX2vMFnWM8SPCE+ZCroEAaMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvUVlkMDR4ZmE4d1dkWXp4SThJVDVrS3VnUUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCTS+UAwQB
TS/UAwQBTS/wAwQCuY84AwQCw7KEMAwDBATDspADBAHDspQwDAMEAMOylwMEAMOy
nAMEANRvzzANBgkqhkiG9w0BAQsFAAOCAQEATxUTuCXPw6zQtxbneLiyTKkgNHlw
oUeSGFd6ypyxk6i08gEkYPkrpI5X9HtjheTmQGyRLRMGA55hEs0ieiqrr21ONyHF
AnYhNRByIukhi7dO8plp5sqzkNPDuANbhOSPxWj3x3XYBtr+slZbkz0SQRBg0cPR
F3YvJwEgyZ3ZGmBo0fcnfUVYB+xoymC4X0WsEknPILogcy1pZitcViSgPkoBOtzb
Qu5CU6zzr6uXWwQiPuasLG991hG28CHgqY5LmmSijZnd/j7XntV7I/wQCyTPdMRD
G7hO6qhHaHVkjbNH/8mzps/hEEMR2ioonnRgxxbc5MMRO3WdTZJPLUk2pA==
-----END CERTIFICATE-----