Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/j9ZdIPVPBMG-PNheAnj3D-xdUgI.roa
File:                     j9ZdIPVPBMG-PNheAnj3D-xdUgI.roa (raw, json)
Hash identifier:          xDtOTaOM1QnCuuWmyyUFmmD3Djr4hpkBbQ8aRxeF9ms=
Subject key identifier:   8F:D6:5D:20:F5:4F:04:C1:BE:3C:D8:5E:02:78:F7:0F:EC:5D:52:02
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194D7A510FF2347E850393099632E8A4336
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/j9ZdIPVPBMG-PNheAnj3D-xdUgI.roa
Signing time:             Wed 05 Feb 2025 19:45:06 +0000
ROA not before:           Wed 05 Feb 2025 19:45:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3319
IP address blocks:        185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24
                          212.111.217.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 20 Feb 2025 16:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d7:a5:10:ff:23:47:e8:50:39:30:99:63:2e:8a:43:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Feb  5 19:45:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fd65d20f54f04c1be3cd85e0278f70fec5d5202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fa:20:65:e1:9d:dc:41:b4:f4:b4:b1:dd:a7:
                    42:5a:91:a1:9d:fd:52:0d:bd:5f:7a:d2:15:e5:19:
                    d1:90:b5:21:e2:00:b5:51:b2:12:4b:cc:5d:e5:77:
                    33:7d:f7:9e:aa:a6:3e:0a:09:0d:95:63:f3:f2:12:
                    2f:20:1f:fd:af:d6:79:36:b6:93:2b:63:c8:16:39:
                    00:4f:e3:12:e4:9c:c1:23:58:ea:a5:43:2f:06:ba:
                    71:a8:e9:fa:a3:a9:20:d8:cc:b8:11:7a:95:6c:f4:
                    d4:fd:8e:76:44:05:e4:b0:1b:0c:c8:73:7f:1e:d8:
                    ac:15:7b:a2:16:63:c5:b6:52:6d:80:d5:d1:45:f5:
                    9c:32:6f:62:e8:14:cf:00:0e:a3:d9:ea:e0:fd:75:
                    4d:74:74:0a:a4:c8:2a:62:1c:93:45:a6:cd:8d:02:
                    27:1e:0a:09:0d:84:c2:44:61:3d:7f:9b:c2:9d:9a:
                    5e:4f:b0:5b:be:40:a6:e6:2a:59:f5:6e:f5:3e:bd:
                    6f:9a:5a:62:cb:40:fb:72:3f:b5:69:39:a2:30:80:
                    4f:38:aa:b0:0c:af:fb:63:d3:58:b8:62:3c:ac:42:
                    91:8c:32:b5:3e:82:3d:8a:d2:1e:4c:cd:6e:0c:a9:
                    58:2e:eb:9a:7e:ee:0a:6e:d6:f8:17:d3:e7:31:9a:
                    e8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D6:5D:20:F5:4F:04:C1:BE:3C:D8:5E:02:78:F7:0F:EC:5D:52:02
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/j9ZdIPVPBMG-PNheAnj3D-xdUgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/23
                  195.178.147.0/24
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24
                  212.111.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:d3:4b:5b:7a:4a:36:e7:bf:49:15:06:90:2e:34:de:4b:3e:
         8c:00:8e:1e:e9:a4:d5:ed:44:86:ee:ec:42:3c:f8:8f:d5:56:
         69:a2:e9:03:06:b2:00:e8:78:81:33:e8:1f:b7:54:ed:f3:3c:
         78:1b:4d:63:fd:8a:70:55:1e:c4:98:78:a4:f7:86:4d:33:9b:
         7c:ae:e3:05:34:73:7d:bb:06:1f:69:75:82:2c:64:1d:2e:64:
         c1:db:44:12:8e:c5:bd:d5:ca:c8:c3:a7:8f:ee:1e:e0:05:a1:
         6b:36:29:4b:c7:9b:1b:f4:f9:53:8b:fb:44:cd:e8:9b:55:3e:
         7f:fb:62:65:b2:77:73:81:c8:08:e7:f7:78:24:8c:7d:cd:4e:
         72:03:72:08:02:ce:48:29:f6:82:7e:15:bb:8e:1f:c3:1d:c0:
         41:f0:16:28:e4:48:5c:05:f9:8e:99:83:b6:e3:34:f1:d5:ed:
         16:36:28:a5:2a:43:12:46:3e:5e:eb:45:7a:e5:5a:62:33:16:
         f0:2a:69:db:1a:ff:d7:0b:0b:dd:52:31:e3:09:30:52:60:6c:
         cd:2d:39:37:ee:db:83:cc:e3:21:fe:b5:da:20:7d:22:35:7d:
         22:cc:75:ca:38:21:5d:8c:65:87:6a:c2:50:ea:87:e1:6d:71:
         c8:0b:d0:9a
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZTXpRD/I0foUDkwmWMuikM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMjA1MTk0NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ2NWQyMGY1NGYwNGMxYmUzY2Q4NWUwMjc4ZjcwZmVjNWQ1MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/ogZeGd3EG09LSx3adCWpGhnf1S
Db1fetIV5RnRkLUh4gC1UbISS8xd5XczffeeqqY+CgkNlWPz8hIvIB/9r9Z5NraT
K2PIFjkAT+MS5JzBI1jqpUMvBrpxqOn6o6kg2My4EXqVbPTU/Y52RAXksBsMyHN/
HtisFXuiFmPFtlJtgNXRRfWcMm9i6BTPAA6j2erg/XVNdHQKpMgqYhyTRabNjQIn
HgoJDYTCRGE9f5vCnZpeT7BbvkCm5ipZ9W71Pr1vmlpiy0D7cj+1aTmiMIBPOKqw
DK/7Y9NYuGI8rEKRjDK1PoI9itIeTM1uDKlYLuuafu4Kbtb4F9PnMZroFQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFI/WXSD1TwTBvjzYXgJ49w/sXVICMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvajlaZElQVlBCTUctUE5oZUFuajNELXhkVWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCuY84AwQC
w7KEAwQBw7KQAwQAw7KTMAwDBAPDspgDBADDspwDBADUb88DBADUb9kwDQYJKoZI
hvcNAQELBQADggEBAGTTS1t6Sjbnv0kVBpAuNN5LPowAjh7ppNXtRIbu7EI8+I/V
Vmmi6QMGsgDoeIEz6B+3VO3zPHgbTWP9inBVHsSYeKT3hk0zm3yu4wU0c327Bh9p
dYIsZB0uZMHbRBKOxb3VysjDp4/uHuAFoWs2KUvHmxv0+VOL+0TN6JtVPn/7YmWy
d3OByAjn93gkjH3NTnIDcggCzkgp9oJ+FbuOH8MdwEHwFijkSFwF+Y6Zg7bjNPHV
7RY2KKUqQxJGPl7rRXrlWmIzFvAqadsa/9cLC91SMeMJMFJgbM0tOTfu24PM4yH+
tdogfSI1fSLMdco4IV2MZYdqwlDqh+FtccgL0Jo=
-----END CERTIFICATE-----