Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/snJdOVHCGCUhlSNkCHcwinPo_DE.roa
File:                     snJdOVHCGCUhlSNkCHcwinPo_DE.roa (raw, json)
Hash identifier:          Phvo6UZhKE0kEx/UEaaqPqK2srr8MlHHuSsASoWM788=
Subject key identifier:   B2:72:5D:39:51:C2:18:25:21:95:23:64:08:77:30:8A:73:E8:FC:31
Certificate issuer:       /CN=293e0cd8b3e044edb823aef688aafb0b75de8675
Certificate serial:       018FD0F8F50D917493686C2E89F7AAC734DD
Authority key identifier: 29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/snJdOVHCGCUhlSNkCHcwinPo_DE.roa
Signing time:             Fri 31 May 2024 23:25:27 +0000
ROA not before:           Fri 31 May 2024 23:25:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208555
IP address blocks:        45.129.36.0/22 maxlen: 22
                          45.129.36.0/24 maxlen: 24
                          45.129.37.0/24 maxlen: 24
                          45.129.38.0/23 maxlen: 23
                          45.129.38.0/24 maxlen: 24
                          45.129.39.0/24 maxlen: 24
                          185.53.140.0/22 maxlen: 24
                          185.53.140.0/23 maxlen: 23
                          185.53.140.0/24 maxlen: 24
                          185.53.141.0/24 maxlen: 24
                          185.53.142.0/23 maxlen: 23
                          185.53.142.0/24 maxlen: 24
                          185.53.143.0/24 maxlen: 24
                          185.126.202.0/24 maxlen: 24
                          2a0e:4a40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sun 23 Jun 2024 10:58:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d0:f8:f5:0d:91:74:93:68:6c:2e:89:f7:aa:c7:34:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=293e0cd8b3e044edb823aef688aafb0b75de8675
        Validity
            Not Before: May 31 23:25:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2725d3951c21825219523640877308a73e8fc31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c3:5e:93:1a:18:49:6e:b0:c5:ad:fd:f4:d5:
                    cd:bb:76:e3:d1:eb:94:a7:40:9a:2c:01:0f:42:57:
                    d8:41:80:1e:ef:46:84:85:fb:e2:1d:1a:fa:8f:14:
                    73:31:1b:c4:1a:11:9f:38:33:85:3a:5e:68:b6:81:
                    1e:84:47:c7:a1:15:88:37:42:a5:f1:83:4a:d8:ad:
                    e6:a6:9a:84:cc:de:8d:28:0d:c2:32:e8:19:39:b0:
                    01:12:f5:44:01:78:06:dc:1c:7e:88:0a:c6:57:3a:
                    54:0b:e4:b0:b5:9a:50:40:64:37:ee:04:fb:b0:9b:
                    3c:5b:fd:c3:dd:61:ac:6b:6f:e9:af:c3:21:47:2f:
                    3a:1b:b5:4c:41:b4:5d:f6:9b:f9:22:a6:f7:13:bd:
                    d2:73:a4:1f:2e:38:12:3f:33:e0:0f:77:9d:65:28:
                    c4:3b:fe:f4:3c:15:e5:64:49:69:c2:51:46:53:46:
                    40:6a:de:2a:a7:fc:2e:e3:2f:37:08:f1:1f:54:d2:
                    34:c3:41:e0:ff:cb:36:76:53:68:5f:e2:95:90:08:
                    f4:ea:e9:13:bf:10:7e:66:7e:d8:47:6d:c1:94:d0:
                    b7:dc:f9:8c:89:d1:d9:90:4b:96:bf:a8:35:ef:59:
                    15:ee:bb:f6:68:7f:fb:3c:94:77:66:09:ee:df:13:
                    3a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:72:5D:39:51:C2:18:25:21:95:23:64:08:77:30:8A:73:E8:FC:31
            X509v3 Authority Key Identifier:
                keyid:29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/snJdOVHCGCUhlSNkCHcwinPo_DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.36.0/22
                  185.53.140.0/22
                  185.126.202.0/24
                IPv6:
                  2a0e:4a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:f0:06:2a:28:84:eb:d9:b0:39:2f:61:47:76:a1:46:1b:08:
         f7:96:0d:75:fd:48:8c:fd:b4:dc:1c:28:9e:93:3d:50:d1:d6:
         93:b7:14:db:fb:ed:5c:ec:1b:70:d0:eb:b2:e6:58:c4:f5:ba:
         03:34:81:53:21:83:58:a3:c1:69:a6:9b:fb:91:7d:97:08:32:
         52:b7:b1:82:c2:1c:44:b2:69:16:a7:ca:59:76:9e:a7:42:a7:
         70:af:22:19:6f:8d:c1:89:19:3a:43:bb:c5:51:cb:08:bb:95:
         20:c1:97:40:89:9e:4b:a7:14:18:06:61:89:e0:51:0b:c6:40:
         c1:87:39:17:33:0f:5c:19:45:88:b5:a1:8c:2e:bb:01:60:15:
         ed:1d:0e:e7:00:ca:c5:6c:17:03:83:81:da:4d:ca:e9:5e:fe:
         ed:a2:6d:f6:b0:07:65:9f:86:03:0b:79:e0:70:40:83:c0:2d:
         dc:ae:d5:cf:5e:ba:17:d3:f9:00:d4:4e:f8:13:d7:02:a5:40:
         e6:ed:d5:f3:b5:f1:b2:5e:15:72:71:32:c8:10:60:ae:a1:74:
         eb:58:4a:8b:7f:d5:d4:b3:07:6e:13:3b:82:56:96:1c:09:3e:
         25:8b:b0:14:72:e1:03:f7:03:a5:2d:33:5a:e3:e4:36:3b:67:
         da:05:af:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY/Q+PUNkXSTaGwuifeqxzTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5M2UwY2Q4YjNlMDQ0ZWRiODIzYWVmNjg4YWFmYjBiNzVk
ZTg2NzUwHhcNMjQwNTMxMjMyNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjcyNWQzOTUxYzIxODI1MjE5NTIzNjQwODc3MzA4YTczZThmYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8NekxoYSW6wxa399NXNu3bj0euU
p0CaLAEPQlfYQYAe70aEhfviHRr6jxRzMRvEGhGfODOFOl5otoEehEfHoRWIN0Kl
8YNK2K3mppqEzN6NKA3CMugZObABEvVEAXgG3Bx+iArGVzpUC+SwtZpQQGQ37gT7
sJs8W/3D3WGsa2/pr8MhRy86G7VMQbRd9pv5Iqb3E73Sc6QfLjgSPzPgD3edZSjE
O/70PBXlZElpwlFGU0ZAat4qp/wu4y83CPEfVNI0w0Hg/8s2dlNoX+KVkAj06ukT
vxB+Zn7YR23BlNC33PmMidHZkEuWv6g171kV7rv2aH/7PJR3Zgnu3xM6SQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLJyXTlRwhglIZUjZAh3MIpz6PwxMB8GA1UdIwQY
MBaAFCk+DNiz4ETtuCOu9oiq+wt13oZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMt
YmIyMTdjYzNiNzhkLzEvc25KZE9WSENHQ1VobFNOa0NIY3dpblBvX0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMtYmIyMTdjYzNiNzhk
LzEvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLYEkAwQC
uTWMAwQAuX7KMA0EAgACMAcDBQMqDkpAMA0GCSqGSIb3DQEBCwUAA4IBAQAr8AYq
KITr2bA5L2FHdqFGGwj3lg11/UiM/bTcHCiekz1Q0daTtxTb++1c7Btw0Ouy5ljE
9boDNIFTIYNYo8Fpppv7kX2XCDJSt7GCwhxEsmkWp8pZdp6nQqdwryIZb43BiRk6
Q7vFUcsIu5UgwZdAiZ5LpxQYBmGJ4FELxkDBhzkXMw9cGUWItaGMLrsBYBXtHQ7n
AMrFbBcDg4HaTcrpXv7tom32sAdln4YDC3ngcECDwC3crtXPXroX0/kA1E74E9cC
pUDm7dXztfGyXhVycTLIEGCuoXTrWEqLf9XUswduEzuCVpYcCT4li7AUcuED9wOl
LTNa4+Q2O2faBa/U
-----END CERTIFICATE-----