Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/y6QQu7gfGnBUHQE51z7NX8duv70.roa
File:                     y6QQu7gfGnBUHQE51z7NX8duv70.roa (raw, json)
Hash identifier:          eluolQfQdWW88Dv3B6g3En1oJAOTzFpVc/OdIOV/1B0=
Subject key identifier:   CB:A4:10:BB:B8:1F:1A:70:54:1D:01:39:D7:3E:CD:5F:C7:6E:BF:BD
Certificate issuer:       /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial:       018CC56E49DF86ED84BE255D134579F91DAC
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/y6QQu7gfGnBUHQE51z7NX8duv70.roa
Signing time:             Mon 01 Jan 2024 14:29:48 +0000
ROA not before:           Mon 01 Jan 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52102
IP address blocks:        5.102.136.0/24 maxlen: 24
                          5.102.136.0/23 maxlen: 23
                          5.102.138.0/23 maxlen: 23
                          5.102.138.0/24 maxlen: 24
                          5.102.137.0/24 maxlen: 24
                          5.102.139.0/24 maxlen: 24
                          5.102.143.0/24 maxlen: 24
                          5.102.142.0/24 maxlen: 24
                          5.102.142.0/23 maxlen: 23
                          5.102.140.0/24 maxlen: 24
                          5.102.140.0/23 maxlen: 23
                          5.102.141.0/24 maxlen: 24
                          91.221.230.0/23 maxlen: 24
                          91.221.230.0/24 maxlen: 24
                          91.221.231.0/24 maxlen: 24
                          2a04:8880::/32 maxlen: 32
                          2a04:8881::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 11:49:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:49:df:86:ed:84:be:25:5d:13:45:79:f9:1d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
        Validity
            Not Before: Jan  1 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba410bbb81f1a70541d0139d73ecd5fc76ebfbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:83:52:62:72:4b:46:c6:60:d0:e1:ae:eb:ae:
                    a4:65:52:e4:63:2b:e6:0c:30:3b:84:99:59:35:76:
                    8d:66:56:f7:19:21:af:91:e4:8a:6e:39:94:9b:0c:
                    91:42:27:d7:32:80:f8:cb:86:d9:b4:eb:42:aa:31:
                    f7:ec:3a:fb:b2:6a:bf:40:6a:dd:1c:63:9c:5b:46:
                    a6:e1:39:55:b5:ca:15:a1:30:20:48:a0:f4:35:a0:
                    85:e5:be:b8:b8:3a:a0:0b:a2:77:aa:81:31:b1:0e:
                    ab:30:f9:76:5f:5f:4a:b6:37:65:da:fb:bd:3e:85:
                    0b:f2:b5:3c:20:b8:6f:fa:1b:28:f4:f5:db:2d:6a:
                    f7:44:7c:c1:d3:7c:4b:ab:fc:d3:4c:1d:20:de:36:
                    ea:72:0c:42:5a:b3:e4:a6:a5:58:04:ea:cc:e8:e2:
                    0f:85:14:c5:bc:6a:24:dc:58:bf:37:8c:86:40:0b:
                    92:0c:ec:f1:ee:a4:1e:f7:5f:52:d1:bb:b4:53:2d:
                    c9:da:a2:8b:5d:34:56:9e:17:e1:f4:03:3e:52:5f:
                    19:d8:f6:66:7a:59:ee:03:d7:7b:fd:eb:37:47:43:
                    27:f6:72:68:7b:84:15:13:6a:54:dd:de:bd:00:2e:
                    b3:af:dc:ad:ea:3b:3b:12:9b:fe:14:35:06:98:f8:
                    26:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A4:10:BB:B8:1F:1A:70:54:1D:01:39:D7:3E:CD:5F:C7:6E:BF:BD
            X509v3 Authority Key Identifier:
                keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/y6QQu7gfGnBUHQE51z7NX8duv70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.136.0/21
                  91.221.230.0/23
                IPv6:
                  2a04:8880::/31

    Signature Algorithm: sha256WithRSAEncryption
         24:f9:f5:a8:ad:32:ed:25:12:9b:f1:4c:3a:bf:63:a5:e1:fd:
         f9:21:db:b0:b7:c4:94:de:2d:86:45:2b:d3:01:f6:52:61:b5:
         8d:4c:18:72:ed:47:45:a2:92:5b:57:36:8c:06:5a:42:f7:8f:
         08:3b:b9:59:df:6e:99:6c:17:80:1a:2e:06:6c:22:ad:21:eb:
         08:c1:09:7f:2a:21:fa:c9:39:ca:5a:47:47:36:78:d2:fe:6b:
         79:b1:1c:69:82:0c:3c:62:0c:bd:44:b4:a0:c7:3f:22:b0:cf:
         ca:26:3d:8b:e7:84:43:7f:88:6f:50:28:64:c6:13:5b:54:37:
         a7:f9:64:e8:2a:2e:73:61:2f:ce:98:39:3f:e0:59:bf:5a:26:
         a1:f6:af:dc:b6:0a:c4:db:c6:ae:b8:25:96:ee:47:9f:15:93:
         22:a7:e3:dd:f2:69:0a:fc:f0:56:a7:4e:8a:4a:c9:77:ce:42:
         eb:28:e8:c9:58:af:9e:f9:63:e9:4f:f7:1f:7f:ea:12:af:b3:
         db:1a:78:7f:2d:c1:1e:12:ce:eb:60:93:7d:52:bf:db:0e:07:
         62:94:d4:95:2d:48:9d:7a:25:2a:6f:89:17:9f:d0:54:bf:bd:
         78:51:95:af:30:01:91:65:a9:68:80:26:5a:11:be:90:6b:a0:
         d9:70:d2:d6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbknfhu2EviVdE0V5+R2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjQwMTAxMTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE0MTBiYmI4MWYxYTcwNTQxZDAxMzlkNzNlY2Q1ZmM3NmViZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoNSYnJLRsZg0OGu666kZVLkYyvm
DDA7hJlZNXaNZlb3GSGvkeSKbjmUmwyRQifXMoD4y4bZtOtCqjH37Dr7smq/QGrd
HGOcW0am4TlVtcoVoTAgSKD0NaCF5b64uDqgC6J3qoExsQ6rMPl2X19Ktjdl2vu9
PoUL8rU8ILhv+hso9PXbLWr3RHzB03xLq/zTTB0g3jbqcgxCWrPkpqVYBOrM6OIP
hRTFvGok3Fi/N4yGQAuSDOzx7qQe919S0bu0Uy3J2qKLXTRWnhfh9AM+Ul8Z2PZm
elnuA9d7/es3R0Mn9nJoe4QVE2pU3d69AC6zr9yt6js7Epv+FDUGmPgmtwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMukELu4HxpwVB0BOdc+zV/Hbr+9MB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEveTZRUXU3Z2ZHbkJVSFFFNTF6N05YOGR1djcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQAk+fWorTLtJRKb
8Uw6v2Ol4f35Iduwt8SU3i2GRSvTAfZSYbWNTBhy7UdFopJbVzaMBlpC948IO7lZ
326ZbBeAGi4GbCKtIesIwQl/KiH6yTnKWkdHNnjS/mt5sRxpggw8Ygy9RLSgxz8i
sM/KJj2L54RDf4hvUChkxhNbVDen+WToKi5zYS/OmDk/4Fm/Wiah9q/ctgrE28au
uCWW7kefFZMip+Pd8mkK/PBWp06KSsl3zkLrKOjJWK+e+WPpT/cff+oSr7PbGnh/
LcEeEs7rYJN9Ur/bDgdilNSVLUideiUqb4kXn9BUv714UZWvMAGRZalogCZaEb6Q
a6DZcNLW
-----END CERTIFICATE-----