Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/tKjvCXSLytXA804DUA0DtXHfE9o.roa
File:                     tKjvCXSLytXA804DUA0DtXHfE9o.roa (raw, json)
Hash identifier:          Qy/nAz7oPj/XpT0vM4IAIiv6iDYZ8BawplycgoXaREM=
Subject key identifier:   B4:A8:EF:09:74:8B:CA:D5:C0:F3:4E:03:50:0D:03:B5:71:DF:13:DA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0191138F01E8E9192FF567EF3AA8FE35A798
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/tKjvCXSLytXA804DUA0DtXHfE9o.roa
Signing time:             Fri 02 Aug 2024 14:47:04 +0000
ROA not before:           Fri 02 Aug 2024 14:47:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        77.47.142.0/24 maxlen: 24
                          77.47.143.0/24 maxlen: 24
                          77.47.148.0/24 maxlen: 24
                          77.47.149.0/24 maxlen: 24
                          77.47.150.0/24 maxlen: 24
                          77.47.151.0/24 maxlen: 24
                          77.47.156.0/24 maxlen: 24
                          77.47.157.0/24 maxlen: 24
                          77.47.158.0/24 maxlen: 24
                          77.47.159.0/24 maxlen: 24
                          77.47.212.0/24 maxlen: 24
                          77.47.213.0/24 maxlen: 24
                          77.47.243.0/24 maxlen: 24
                          195.178.140.0/24 maxlen: 24
                          195.178.141.0/24 maxlen: 24
                          212.111.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 11 Sep 2024 10:13:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:8f:01:e8:e9:19:2f:f5:67:ef:3a:a8:fe:35:a7:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Aug  2 14:47:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4a8ef09748bcad5c0f34e03500d03b571df13da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:22:f4:7a:5a:8d:0e:2d:95:1c:42:d7:5e:f8:
                    4b:93:15:2e:4d:75:cd:3e:9e:05:b2:1b:30:97:d4:
                    5f:c8:7a:8c:17:a4:eb:04:b0:ce:19:c0:eb:5b:9a:
                    ae:9e:15:9b:67:32:8f:73:c1:6b:c4:03:a0:7e:51:
                    63:2a:af:49:6a:1a:79:dc:45:58:d0:2f:18:21:5d:
                    92:16:51:61:07:3e:3b:69:be:55:9d:f3:d9:09:c3:
                    e1:3b:df:ab:3d:67:0c:11:02:61:83:64:b2:c9:8c:
                    61:35:98:b8:00:be:df:0b:01:57:b2:30:23:ef:7a:
                    54:35:ba:48:8a:58:63:43:c7:80:d0:96:a3:24:43:
                    64:61:ec:39:00:aa:dd:f7:2f:ca:95:f4:cd:14:0d:
                    a4:e5:68:12:d5:60:c5:1a:26:47:6b:68:93:69:47:
                    34:fb:11:4b:6c:9e:6e:21:e1:4d:c5:57:85:f7:fd:
                    a1:6b:a2:dd:c2:e5:09:ed:77:06:9a:16:93:e3:8e:
                    dc:5f:4f:9c:c8:b9:7e:39:a3:7c:6f:61:ea:22:5d:
                    f3:95:76:25:2b:ed:c9:21:1c:e1:da:c5:11:3e:95:
                    34:ec:a4:9b:73:44:03:74:90:ea:0c:b5:58:cf:e8:
                    ea:7c:90:7e:a4:e9:01:80:91:c9:dc:ac:21:b1:bd:
                    5d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A8:EF:09:74:8B:CA:D5:C0:F3:4E:03:50:0D:03:B5:71:DF:13:DA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/tKjvCXSLytXA804DUA0DtXHfE9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.142.0/23
                  77.47.148.0/22
                  77.47.156.0/22
                  77.47.212.0/23
                  77.47.243.0/24
                  195.178.140.0/23
                  212.111.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:a4:3d:c1:64:95:49:fa:f2:9b:66:97:36:35:b4:5b:04:dd:
         a6:e3:cc:86:e6:aa:d4:7f:e1:31:de:e3:f7:ea:8e:fd:ff:29:
         9e:ca:5b:ea:e8:ee:d2:c2:98:72:f8:08:6e:34:1c:46:b0:9b:
         d6:be:3f:55:3c:b0:13:04:f6:d4:5c:f1:09:73:22:61:2d:93:
         e1:c4:bb:eb:4d:c3:11:a3:a7:bd:d5:87:88:a7:b8:c6:83:6e:
         6a:2a:61:e0:92:39:59:ff:bb:fc:00:6f:e0:eb:8d:88:7f:79:
         79:2d:0e:de:ee:27:0a:54:cb:80:6b:c7:c6:8a:65:df:78:c7:
         b9:34:5d:69:0b:0c:1d:30:ee:d3:ea:70:76:46:a2:57:03:89:
         7d:96:e3:56:03:22:e5:ac:a8:71:fe:13:e5:f9:be:1e:e9:9f:
         f9:fb:7c:30:cc:b4:55:69:d3:10:87:a8:89:44:e5:af:24:b1:
         13:2a:48:66:82:73:24:67:b0:98:80:92:20:4f:1b:64:98:e8:
         ec:95:2a:62:76:84:70:52:19:53:79:e6:2d:11:32:07:7d:95:
         b4:37:28:7d:26:85:2e:87:03:8f:11:f1:b5:60:1b:d0:7b:c5:
         51:d4:0b:a5:4d:8c:5c:05:f7:a3:ad:b1:a2:f8:ee:72:68:c8:
         2e:95:8b:a8
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZETjwHo6Rkv9WfvOqj+NaeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwODAyMTQ0NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4ZWYwOTc0OGJjYWQ1YzBmMzRlMDM1MDBkMDNiNTcxZGYxM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CL0elqNDi2VHELXXvhLkxUuTXXN
Pp4Fshswl9RfyHqMF6TrBLDOGcDrW5qunhWbZzKPc8FrxAOgflFjKq9Jahp53EVY
0C8YIV2SFlFhBz47ab5VnfPZCcPhO9+rPWcMEQJhg2SyyYxhNZi4AL7fCwFXsjAj
73pUNbpIilhjQ8eA0JajJENkYew5AKrd9y/KlfTNFA2k5WgS1WDFGiZHa2iTaUc0
+xFLbJ5uIeFNxVeF9/2ha6LdwuUJ7XcGmhaT447cX0+cyLl+OaN8b2HqIl3zlXYl
K+3JIRzh2sURPpU07KSbc0QDdJDqDLVYz+jqfJB+pOkBgJHJ3Kwhsb1dGQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLSo7wl0i8rVwPNOA1ANA7Vx3xPaMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvdEtqdkNYU0x5dFhBODA0RFVBMER0WEhmRTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBTS+OAwQC
TS+UAwQCTS+cAwQBTS/UAwQATS/zAwQBw7KMAwQA1G/ZMA0GCSqGSIb3DQEBCwUA
A4IBAQCXpD3BZJVJ+vKbZpc2NbRbBN2m48yG5qrUf+Ex3uP36o79/ymeylvq6O7S
wphy+AhuNBxGsJvWvj9VPLATBPbUXPEJcyJhLZPhxLvrTcMRo6e91YeIp7jGg25q
KmHgkjlZ/7v8AG/g642If3l5LQ7e7icKVMuAa8fGimXfeMe5NF1pCwwdMO7T6nB2
RqJXA4l9luNWAyLlrKhx/hPl+b4e6Z/5+3wwzLRVadMQh6iJROWvJLETKkhmgnMk
Z7CYgJIgTxtkmOjslSpidoRwUhlTeeYtETIHfZW0Nyh9JoUuhwOPEfG1YBvQe8VR
1AulTYxcBfejrbGi+O5yaMgulYuo
-----END CERTIFICATE-----