Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kEZiF5TUXnlLq_spiRRMF-45FAg.roa
File:                     kEZiF5TUXnlLq_spiRRMF-45FAg.roa (raw, json)
Hash identifier:          TfGZ0RQuG7VcgHY5AUes/lGAmbV4QkSnyiAeRLHf9Ro=
Subject key identifier:   90:46:62:17:94:D4:5E:79:4B:AB:FB:29:89:14:4C:17:EE:39:14:08
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       01948A69AEBA1422385BF193422FA5069634
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kEZiF5TUXnlLq_spiRRMF-45FAg.roa
Signing time:             Tue 21 Jan 2025 19:49:29 +0000
ROA not before:           Tue 21 Jan 2025 19:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.212.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24
                          212.111.217.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 28 Jan 2025 21:53:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8a:69:ae:ba:14:22:38:5b:f1:93:42:2f:a5:06:96:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan 21 19:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9046621794d45e794babfb2989144c17ee391408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7b:49:91:2a:20:10:16:ef:46:28:c6:fc:e0:
                    18:15:b0:71:6e:61:cf:e5:fa:76:8e:1e:2d:ad:6a:
                    11:bd:23:e1:5f:a0:74:1d:e1:5d:26:62:ae:d0:c4:
                    fd:52:9c:46:ee:21:42:c3:55:82:44:fb:fb:45:94:
                    72:cb:32:df:45:cc:86:80:13:5e:29:2e:20:2d:95:
                    12:0d:8c:a5:8a:04:28:05:fb:e9:ac:29:b1:42:6a:
                    af:bb:ca:3c:34:9f:bb:93:f2:2f:ee:10:0a:4d:ec:
                    3b:33:8d:ad:45:a4:97:00:f8:ed:e3:e7:f0:49:55:
                    c8:6c:d3:6f:99:f5:cf:c4:44:10:02:89:94:f2:12:
                    b3:16:da:3a:e4:09:6e:d3:c3:79:fe:56:dc:45:0b:
                    25:ca:94:db:8a:15:40:9c:58:57:a4:c8:a4:fa:0b:
                    0f:25:eb:77:21:c1:f8:0d:f8:70:60:4e:ef:a7:65:
                    06:b3:5e:e8:f7:6c:64:5f:ac:a1:93:af:24:0b:b8:
                    75:83:b3:81:69:6e:76:a0:75:f8:d1:39:21:71:aa:
                    91:ef:20:a6:a2:00:25:f5:4c:47:11:b3:23:40:72:
                    e5:f3:43:2c:64:00:74:6a:10:88:c2:11:c5:27:b5:
                    aa:b7:e5:83:92:51:14:46:a4:42:19:e9:be:90:0e:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:46:62:17:94:D4:5E:79:4B:AB:FB:29:89:14:4C:17:EE:39:14:08
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/kEZiF5TUXnlLq_spiRRMF-45FAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.212.0/23
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/23
                  195.178.147.0/24
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24
                  212.111.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:a6:6e:c2:5d:9a:66:67:7f:0a:b8:d4:b6:4c:97:8f:0b:ce:
         b5:c7:bf:e9:31:1e:58:75:2b:fc:7d:36:7e:ad:c3:ef:17:41:
         64:98:51:d2:9c:31:24:25:3b:84:47:af:20:f6:e3:46:90:95:
         1e:6d:ae:c0:08:4c:08:54:80:61:e1:5a:73:33:12:0d:6e:20:
         a7:80:0d:2a:47:0e:eb:45:1d:50:d1:e9:5d:6e:84:8b:81:a1:
         00:fe:f2:28:55:5c:32:63:6e:64:89:30:01:d8:cd:04:36:4e:
         a7:3d:52:13:0b:66:3d:7d:e7:ee:e8:ad:1c:6f:fe:9f:4b:18:
         53:0b:d1:79:a4:2a:da:68:26:59:c2:04:d9:87:9b:90:3a:b9:
         b4:b3:31:02:56:18:68:c9:b5:74:cc:ab:c4:69:58:00:2e:ff:
         c7:75:bd:98:ed:9f:32:a4:77:41:5c:aa:c7:7c:52:e3:14:67:
         43:00:fb:3b:8f:82:ca:34:50:6d:85:97:b1:a2:06:cd:b9:2e:
         c4:b2:fa:6b:95:26:bd:b7:90:05:54:30:01:76:df:99:4b:f7:
         44:31:7f:ae:48:00:ab:7d:66:a2:72:71:05:7d:0b:30:9f:f1:
         2a:2e:30:1e:fc:cb:92:da:9a:4b:7e:0c:55:9b:2a:43:72:17:
         8f:44:29:9c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZSKaa66FCI4W/GTQi+lBpY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTIxMTk0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQ2NjIxNzk0ZDQ1ZTc5NGJhYmZiMjk4OTE0NGMxN2VlMzkxNDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHtJkSogEBbvRijG/OAYFbBxbmHP
5fp2jh4trWoRvSPhX6B0HeFdJmKu0MT9UpxG7iFCw1WCRPv7RZRyyzLfRcyGgBNe
KS4gLZUSDYyligQoBfvprCmxQmqvu8o8NJ+7k/Iv7hAKTew7M42tRaSXAPjt4+fw
SVXIbNNvmfXPxEQQAomU8hKzFto65Alu08N5/lbcRQslypTbihVAnFhXpMik+gsP
Jet3IcH4DfhwYE7vp2UGs17o92xkX6yhk68kC7h1g7OBaW52oHX40TkhcaqR7yCm
ogAl9UxHEbMjQHLl80MsZAB0ahCIwhHFJ7Wqt+WDklEURqRCGem+kA4D0QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJBGYheU1F55S6v7KYkUTBfuORQIMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEva0VaaUY1VFVYbmxMcV9zcGlSUk1GLTQ1RkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBTS/UAwQC
uY84AwQCw7KEAwQBw7KQAwQAw7KTMAwDBAPDspgDBADDspwDBADUb88DBADUb9kw
DQYJKoZIhvcNAQELBQADggEBAMmmbsJdmmZnfwq41LZMl48LzrXHv+kxHlh1K/x9
Nn6tw+8XQWSYUdKcMSQlO4RHryD240aQlR5trsAITAhUgGHhWnMzEg1uIKeADSpH
DutFHVDR6V1uhIuBoQD+8ihVXDJjbmSJMAHYzQQ2Tqc9UhMLZj195+7orRxv/p9L
GFML0XmkKtpoJlnCBNmHm5A6ubSzMQJWGGjJtXTMq8RpWAAu/8d1vZjtnzKkd0Fc
qsd8UuMUZ0MA+zuPgso0UG2Fl7GiBs25LsSy+muVJr23kAVUMAF235lL90Qxf65I
AKt9ZqJycQV9CzCf8SouMB78y5Lamkt+DFWbKkNyF49EKZw=
-----END CERTIFICATE-----