Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/UVfuc6gRyjDxq787j0RLpFkjycw.roa
File:                     UVfuc6gRyjDxq787j0RLpFkjycw.roa (raw, json)
Hash identifier:          AyhlazS6ILOIc2i62xQ12iWtPWDvrlDUVaTzIfJh/UU=
Subject key identifier:   51:57:EE:73:A8:11:CA:30:F1:AB:BF:3B:8F:44:4B:A4:59:23:C9:CC
Certificate issuer:       /CN=0b1870c96ef09723811fb89250eea6eba963c0df
Certificate serial:       0191414A27EF9B32BFA23D554D9667FB1446
Authority key identifier: 0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/UVfuc6gRyjDxq787j0RLpFkjycw.roa
Signing time:             Sun 11 Aug 2024 11:54:24 +0000
ROA not before:           Sun 11 Aug 2024 11:54:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        132.64.1.0/24 maxlen: 24
                          132.64.2.0/24 maxlen: 24
                          132.64.3.0/24 maxlen: 24
                          132.64.5.0/24 maxlen: 24
                          132.64.6.0/24 maxlen: 24
                          132.64.7.0/24 maxlen: 24
                          132.64.16.0/24 maxlen: 24
                          132.64.17.0/24 maxlen: 24
                          132.64.40.0/24 maxlen: 24
                          132.64.43.0/24 maxlen: 24
                          132.64.44.0/24 maxlen: 24
                          132.64.45.0/24 maxlen: 24
                          132.64.254.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:47:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:41:4a:27:ef:9b:32:bf:a2:3d:55:4d:96:67:fb:14:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1870c96ef09723811fb89250eea6eba963c0df
        Validity
            Not Before: Aug 11 11:54:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5157ee73a811ca30f1abbf3b8f444ba45923c9cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:56:8c:d6:2d:ec:c5:af:3e:d7:fc:c6:b6:83:
                    5f:a0:f8:e4:f2:c1:8c:9c:50:f8:1d:40:d0:e1:68:
                    d2:5d:cb:06:01:ca:b3:37:84:b3:8b:58:06:9b:3b:
                    a5:77:ac:10:c4:f5:72:89:5f:2a:0d:43:97:8e:e8:
                    2e:15:88:36:26:87:7c:c2:81:bb:10:a8:11:af:54:
                    df:00:03:5e:83:02:3d:e1:0a:fc:61:dd:77:16:52:
                    01:cd:4e:16:e8:8f:bf:df:04:44:0f:15:99:38:40:
                    e8:11:b2:de:49:2f:58:84:53:24:c6:38:56:c4:40:
                    72:e9:f5:ba:13:74:1f:13:da:e2:f6:ab:a3:c1:6e:
                    c5:86:ab:1a:0e:93:37:1c:42:2d:e6:f9:25:00:25:
                    55:cb:ea:cc:58:5e:08:58:34:02:28:f0:93:b4:a9:
                    4e:7b:e4:b9:36:ae:06:e6:a4:97:62:a5:52:c0:24:
                    12:02:33:a1:dc:d0:66:ba:bb:05:98:c0:88:5c:ba:
                    d3:9b:31:7f:3f:56:05:b6:d9:c4:29:97:fb:8d:48:
                    b0:02:98:16:77:ab:75:27:c4:b1:6b:2c:93:1d:f3:
                    69:8d:68:77:18:47:cb:be:6f:d3:43:e5:38:a7:e4:
                    71:8c:9f:ea:4a:74:b2:66:55:e3:38:06:75:25:8e:
                    52:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:57:EE:73:A8:11:CA:30:F1:AB:BF:3B:8F:44:4B:A4:59:23:C9:CC
            X509v3 Authority Key Identifier:
                keyid:0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/UVfuc6gRyjDxq787j0RLpFkjycw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.64.1.0-132.64.3.255
                  132.64.5.0-132.64.7.255
                  132.64.16.0/23
                  132.64.40.0/24
                  132.64.43.0-132.64.45.255
                  132.64.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:83:da:dc:ad:dd:05:ef:63:82:1b:fb:ae:7d:55:32:e3:6d:
         45:c9:ff:55:45:f5:88:40:ba:3d:48:dd:75:cc:24:94:a8:73:
         46:ae:e0:ad:c0:9e:54:e2:79:9c:51:f5:87:bf:5f:60:08:84:
         13:29:c9:64:de:de:20:a4:fb:22:71:a7:cd:1f:26:a0:4f:a3:
         5d:f3:bb:dc:56:6a:0d:6b:40:e6:ef:39:98:b6:03:f3:83:c3:
         15:05:5c:93:f5:f3:98:08:f8:97:c4:f4:08:4a:4d:7f:a1:9d:
         75:28:0e:22:d5:d8:6a:14:bf:4e:b0:1a:a7:1b:53:a6:c6:38:
         2d:7b:10:24:c8:e2:62:22:a2:96:65:00:e8:92:69:30:65:ee:
         f1:fd:4c:f0:97:15:8a:29:4d:2a:9b:b7:2e:d4:f9:88:43:e8:
         50:97:0f:f6:6b:51:e3:27:60:56:ac:9d:f4:99:5a:9f:de:79:
         36:ad:97:c4:ec:ee:87:d3:be:19:52:c7:ad:15:98:b1:21:f6:
         57:76:e6:fc:c7:b1:9e:53:7e:fb:37:b3:39:ba:77:c3:72:ad:
         37:cf:d9:9d:56:7c:f8:57:70:c0:f1:d2:e8:74:6f:6c:17:68:
         3d:1e:60:c6:a2:63:0f:af:f2:2a:e2:97:be:b9:c9:e4:41:74:
         0c:6a:32:6b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZFBSifvmzK/oj1VTZZn+xRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTg3MGM5NmVmMDk3MjM4MTFmYjg5MjUwZWVhNmViYTk2
M2MwZGYwHhcNMjQwODExMTE1NDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTU3ZWU3M2E4MTFjYTMwZjFhYmJmM2I4ZjQ0NGJhNDU5MjNjOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlaM1i3sxa8+1/zGtoNfoPjk8sGM
nFD4HUDQ4WjSXcsGAcqzN4Szi1gGmzuld6wQxPVyiV8qDUOXjuguFYg2Jod8woG7
EKgRr1TfAANegwI94Qr8Yd13FlIBzU4W6I+/3wREDxWZOEDoEbLeSS9YhFMkxjhW
xEBy6fW6E3QfE9ri9qujwW7FhqsaDpM3HEIt5vklACVVy+rMWF4IWDQCKPCTtKlO
e+S5Nq4G5qSXYqVSwCQSAjOh3NBmursFmMCIXLrTmzF/P1YFttnEKZf7jUiwApgW
d6t1J8SxayyTHfNpjWh3GEfLvm/TQ+U4p+RxjJ/qSnSyZlXjOAZ1JY5SUwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFFX7nOoEcow8au/O49ES6RZI8nMMB8GA1UdIwQY
MBaAFAsYcMlu8JcjgR+4klDupuupY8DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMt
YTJlMjRmOTgwYjNmLzEvVVZmdWM2Z1J5akR4cTc4N2owUkxwRmtqeWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMtYTJlMjRmOTgwYjNm
LzEvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBACEQAED
BAKEQAAwDAMEAIRABQMEA4RAAAMEAYRAEAMEAIRAKDAMAwQAhEArAwQBhEAsAwQA
hED+MA0GCSqGSIb3DQEBCwUAA4IBAQAhg9rcrd0F72OCG/uufVUy421Fyf9VRfWI
QLo9SN11zCSUqHNGruCtwJ5U4nmcUfWHv19gCIQTKclk3t4gpPsicafNHyagT6Nd
87vcVmoNa0Dm7zmYtgPzg8MVBVyT9fOYCPiXxPQISk1/oZ11KA4i1dhqFL9OsBqn
G1OmxjgtexAkyOJiIqKWZQDokmkwZe7x/UzwlxWKKU0qm7cu1PmIQ+hQlw/2a1Hj
J2BWrJ30mVqf3nk2rZfE7O6H074ZUsetFZixIfZXdub8x7GeU377N7M5unfDcq03
z9mdVnz4V3DA8dLodG9sF2g9HmDGomMPr/Iq4pe+ucnkQXQMajJr
-----END CERTIFICATE-----