Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6ABg5dWbux0wzshrmNxETvA4oYw.roa
File:                     6ABg5dWbux0wzshrmNxETvA4oYw.roa (raw, json)
Hash identifier:          UZYTAoNgLDQ3MiAB80CNkQRLAe6FEsJa6f1Evvm4K94=
Subject key identifier:   E8:00:60:E5:D5:9B:BB:1D:30:CE:C8:6B:98:DC:44:4E:F0:38:A1:8C
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       0190E96406CCC51020BCEE6012CD991F1813
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6ABg5dWbux0wzshrmNxETvA4oYw.roa
Signing time:             Thu 25 Jul 2024 10:16:04 +0000
ROA not before:           Thu 25 Jul 2024 10:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        82.140.134.0/24 maxlen: 24
                          82.140.138.0/24 maxlen: 24
                          82.140.143.0/24 maxlen: 24
                          82.140.170.0/24 maxlen: 24
                          84.46.177.0/24 maxlen: 24
                          84.46.181.0/24 maxlen: 24
                          84.46.183.0/24 maxlen: 24
                          84.46.188.0/24 maxlen: 24
                          84.46.190.0/24 maxlen: 24
                          84.46.191.0/24 maxlen: 24
                          84.46.194.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 25 Jul 2024 12:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:64:06:cc:c5:10:20:bc:ee:60:12:cd:99:1f:18:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jul 25 10:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e80060e5d59bbb1d30cec86b98dc444ef038a18c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4b:e8:3b:e6:36:4c:7d:11:3b:62:57:47:c2:
                    43:84:bd:d1:d1:71:71:4b:87:bf:27:b3:0f:8d:94:
                    62:a5:5b:66:d0:00:1c:4d:57:5d:80:5e:bc:e0:63:
                    ef:23:3e:29:d7:b6:f0:9d:d8:5c:5b:b0:b1:bd:95:
                    03:02:a9:7c:05:f6:5d:0e:f5:cb:32:cc:cf:ac:8e:
                    99:3f:b9:90:06:d4:3e:3f:7e:27:62:64:af:83:5a:
                    e2:47:26:be:c1:56:c5:bb:e4:ac:28:39:d1:29:98:
                    54:21:58:99:27:11:05:e2:fa:ea:14:a4:48:fa:58:
                    67:c2:5e:ad:91:7f:a9:53:3d:41:6d:43:be:ea:2f:
                    6e:9b:48:22:8a:8f:89:1e:0f:3d:c5:9c:df:5f:35:
                    9e:b6:17:87:73:a0:c0:74:44:62:ad:56:84:02:0a:
                    fe:2b:e9:fc:34:bd:38:ab:82:d4:43:02:17:86:c8:
                    04:24:3f:69:d3:87:1d:64:05:59:52:f6:c0:a3:4d:
                    2a:ee:7d:7a:40:7d:48:80:35:2f:5f:1c:1f:58:5c:
                    b6:d8:d5:b5:6c:b6:2a:58:4c:10:94:21:6b:f0:fc:
                    94:a8:64:fc:9d:5b:25:eb:6f:15:f6:c1:4b:a8:7f:
                    80:9b:91:69:85:1b:10:ce:da:ee:1c:f1:81:5d:b5:
                    cb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:00:60:E5:D5:9B:BB:1D:30:CE:C8:6B:98:DC:44:4E:F0:38:A1:8C
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6ABg5dWbux0wzshrmNxETvA4oYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.140.134.0/24
                  82.140.138.0/24
                  82.140.143.0/24
                  82.140.170.0/24
                  84.46.177.0/24
                  84.46.181.0/24
                  84.46.183.0/24
                  84.46.188.0/24
                  84.46.190.0/23
                  84.46.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a1:bf:72:ae:f1:6a:42:1f:9b:a5:e9:d4:d4:16:84:4c:00:
         3d:b4:40:99:8c:30:98:6a:de:c8:83:65:ad:07:5d:46:9b:ba:
         27:e8:51:91:56:11:5e:97:e8:94:c8:44:5f:c0:22:5a:f3:a3:
         ff:7c:c8:a2:45:40:89:97:fb:b4:73:2b:b7:51:aa:0e:7c:cf:
         a2:b5:8a:98:d7:bb:fa:bf:25:e7:2e:6d:2f:ec:70:98:b5:bb:
         22:43:a2:a2:09:f6:0f:80:f5:f7:fc:69:a7:c7:d7:29:4b:55:
         d8:ad:d0:d3:d4:3b:e1:0a:e6:cf:a7:36:bc:29:10:3d:22:fd:
         b0:92:16:34:19:d7:6f:bd:0d:08:11:01:42:ec:a0:81:82:36:
         8a:d7:39:53:de:52:25:0d:54:8b:c7:31:ac:dd:15:8a:b4:19:
         ec:51:3d:47:89:91:bf:6e:9c:79:92:35:ad:2c:52:b8:60:88:
         25:7c:42:db:d5:7b:c7:9f:f4:a8:4e:3f:48:c0:74:c3:fc:4a:
         48:cf:14:e8:97:33:75:66:63:29:63:66:fe:66:c0:e9:81:af:
         70:f3:42:2f:15:01:0b:eb:19:83:ef:fe:84:c8:6a:45:c6:ea:
         09:30:0e:90:14:fd:a3:c6:9e:6d:d9:e0:aa:18:7b:cf:60:a9:
         8c:c6:30:e4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZDpZAbMxRAgvO5gEs2ZHxgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwNzI1MTAxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODAwNjBlNWQ1OWJiYjFkMzBjZWM4NmI5OGRjNDQ0ZWYwMzhhMThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0voO+Y2TH0RO2JXR8JDhL3R0XFx
S4e/J7MPjZRipVtm0AAcTVddgF684GPvIz4p17bwndhcW7CxvZUDAql8BfZdDvXL
MszPrI6ZP7mQBtQ+P34nYmSvg1riRya+wVbFu+SsKDnRKZhUIViZJxEF4vrqFKRI
+lhnwl6tkX+pUz1BbUO+6i9um0giio+JHg89xZzfXzWetheHc6DAdERirVaEAgr+
K+n8NL04q4LUQwIXhsgEJD9p04cdZAVZUvbAo00q7n16QH1IgDUvXxwfWFy22NW1
bLYqWEwQlCFr8PyUqGT8nVsl628V9sFLqH+Am5FphRsQztruHPGBXbXLCQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFOgAYOXVm7sdMM7Ia5jcRE7wOKGMMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvNkFCZzVkV2J1eDB3enNocm1OeEVUdkE0b1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUoyGAwQA
UoyKAwQAUoyPAwQAUoyqAwQAVC6xAwQAVC61AwQAVC63AwQAVC68AwQBVC6+AwQA
VC7CMA0GCSqGSIb3DQEBCwUAA4IBAQAhob9yrvFqQh+bpenU1BaETAA9tECZjDCY
at7Ig2WtB11Gm7on6FGRVhFel+iUyERfwCJa86P/fMiiRUCJl/u0cyu3UaoOfM+i
tYqY17v6vyXnLm0v7HCYtbsiQ6KiCfYPgPX3/Gmnx9cpS1XYrdDT1DvhCubPpza8
KRA9Iv2wkhY0GddvvQ0IEQFC7KCBgjaK1zlT3lIlDVSLxzGs3RWKtBnsUT1HiZG/
bpx5kjWtLFK4YIglfELb1XvHn/SoTj9IwHTD/EpIzxTolzN1ZmMpY2b+ZsDpga9w
80IvFQEL6xmD7/6EyGpFxuoJMA6QFP2jxp5t2eCqGHvPYKmMxjDk
-----END CERTIFICATE-----