Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/Peo8zQ94Cj_vtrF6rvmTH_r5hNQ.roa
File:                     Peo8zQ94Cj_vtrF6rvmTH_r5hNQ.roa (raw, json)
Hash identifier:          NYaKhT7wPwGToy56Cyg7HEv1xmJMl1+XqVXEazbLs2k=
Subject key identifier:   3D:EA:3C:CD:0F:78:0A:3F:EF:B6:B1:7A:AE:F9:93:1F:FA:F9:84:D4
Certificate issuer:       /CN=8c186a56ea84c13c62768a9d17bae133cedf1045
Certificate serial:       019426D96D45999813A44209187F98835BB9
Authority key identifier: 8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/Peo8zQ94Cj_vtrF6rvmTH_r5hNQ.roa
Signing time:             Thu 02 Jan 2025 11:49:30 +0000
ROA not before:           Thu 02 Jan 2025 11:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208687
IP address blocks:        45.89.4.0/22 maxlen: 24
                          141.195.128.0/18 maxlen: 24
                          141.195.160.0/24 maxlen: 24
                          141.195.161.0/24 maxlen: 24
                          141.195.162.0/24 maxlen: 24
                          141.195.179.0/24 maxlen: 24
                          141.195.181.0/24 maxlen: 24
                          141.195.182.0/24 maxlen: 24
                          141.195.184.0/24 maxlen: 24
                          141.195.188.0/24 maxlen: 24
                          141.195.189.0/24 maxlen: 24
                          141.195.190.0/23 maxlen: 24
                          185.147.244.0/23 maxlen: 24
                          185.147.244.0/24 maxlen: 24
                          185.147.245.0/24 maxlen: 24
                          2a0a:5580::/29 maxlen: 48
Validation:               Failed, certificate revoked on Mon 06 Jan 2025 15:33:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6d:45:99:98:13:a4:42:09:18:7f:98:83:5b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c186a56ea84c13c62768a9d17bae133cedf1045
        Validity
            Not Before: Jan  2 11:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dea3ccd0f780a3fefb6b17aaef9931ffaf984d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:86:41:25:af:bc:21:c6:03:c2:08:72:53:a7:
                    f5:a2:87:ff:c4:91:d7:23:d2:65:c1:10:cb:23:f6:
                    51:96:d9:1a:47:1d:22:44:f1:0a:a6:b5:34:a4:2c:
                    ba:1e:46:c8:0f:c4:ed:96:6e:bf:8f:3b:e2:ef:ed:
                    df:35:b1:74:ff:b4:eb:a9:6d:9c:57:a0:8a:f6:c4:
                    66:d6:6d:04:5a:e7:df:20:71:33:f8:f7:27:3b:51:
                    a1:b0:94:22:ee:29:38:6d:5e:99:84:10:63:7e:e3:
                    34:1b:01:bd:a1:cf:2d:47:ef:00:fd:1d:5e:7e:b2:
                    18:21:e4:7e:97:da:75:c8:07:2e:77:b9:97:3d:1a:
                    5c:95:31:6b:e5:06:4d:e6:b2:f4:2d:f9:57:91:08:
                    b3:d7:7d:f4:40:d3:d9:42:17:9f:43:39:cf:d0:45:
                    9e:30:60:cd:b1:d1:09:4e:7b:4f:03:e6:d0:38:75:
                    cd:11:09:73:e9:0c:9e:27:1c:71:d0:a2:a1:ca:75:
                    46:97:e5:52:42:32:72:da:2e:32:3b:11:f2:13:37:
                    63:d1:99:d7:78:94:5d:fd:08:fc:00:65:ea:1e:88:
                    54:5e:3f:3c:7b:54:a1:f4:23:39:2d:21:d9:9e:54:
                    8f:a0:6d:65:22:5e:be:3e:68:e7:e6:a1:1b:a3:b0:
                    cb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:EA:3C:CD:0F:78:0A:3F:EF:B6:B1:7A:AE:F9:93:1F:FA:F9:84:D4
            X509v3 Authority Key Identifier:
                keyid:8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/Peo8zQ94Cj_vtrF6rvmTH_r5hNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.4.0/22
                  141.195.128.0/18
                  185.147.244.0/23
                IPv6:
                  2a0a:5580::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:71:87:90:98:cc:c0:2a:fb:3b:ca:f0:3a:df:0b:d0:c1:0c:
         7d:bf:e7:cc:dc:08:55:47:5f:87:82:23:be:60:3f:86:85:6a:
         20:80:bf:5a:dd:51:58:83:66:b2:42:eb:01:4a:f2:5c:b7:45:
         31:b4:fd:d9:2b:7e:d5:4e:fe:40:9e:0d:25:8c:f4:f9:07:b2:
         6d:90:ce:87:c6:ad:27:cf:e0:e3:9e:2f:a9:d7:12:cf:c3:37:
         dd:7f:30:03:d9:c7:34:b9:cb:0b:85:d9:88:45:cd:fb:37:66:
         4b:96:4a:25:83:7c:90:46:fe:96:e6:02:de:4c:6a:60:c2:6c:
         1f:e8:c2:28:a1:f4:45:df:f9:4e:4c:b9:b1:4f:ed:2a:eb:f4:
         12:5d:ff:55:55:5e:c1:dd:0a:9d:ba:6e:7a:04:c3:f5:b9:ce:
         b5:17:27:73:e7:25:89:e9:37:21:38:af:27:4c:d3:7f:fa:28:
         c5:ad:96:69:53:6f:b5:98:25:97:f2:98:85:d6:6e:26:a5:17:
         8c:67:13:07:a5:92:31:aa:70:72:c8:a0:4f:44:bf:67:dd:e5:
         1a:c4:fb:64:88:30:75:4c:6f:00:5d:97:52:e1:f8:2a:5e:03:
         15:2d:3a:1b:18:ad:95:19:a4:74:68:70:ee:ea:1c:7c:0c:25:
         0b:74:71:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQm2W1FmZgTpEIJGH+Yg1u5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTg2YTU2ZWE4NGMxM2M2Mjc2OGE5ZDE3YmFlMTMzY2Vk
ZjEwNDUwHhcNMjUwMTAyMTE0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGVhM2NjZDBmNzgwYTNmZWZiNmIxN2FhZWY5OTMxZmZhZjk4NGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYZBJa+8IcYDwghyU6f1oof/xJHX
I9JlwRDLI/ZRltkaRx0iRPEKprU0pCy6HkbID8Ttlm6/jzvi7+3fNbF0/7TrqW2c
V6CK9sRm1m0EWuffIHEz+PcnO1GhsJQi7ik4bV6ZhBBjfuM0GwG9oc8tR+8A/R1e
frIYIeR+l9p1yAcud7mXPRpclTFr5QZN5rL0LflXkQiz1330QNPZQhefQznP0EWe
MGDNsdEJTntPA+bQOHXNEQlz6QyeJxxx0KKhynVGl+VSQjJy2i4yOxHyEzdj0ZnX
eJRd/Qj8AGXqHohUXj88e1Sh9CM5LSHZnlSPoG1lIl6+Pmjn5qEbo7DL7QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFD3qPM0PeAo/77axeq75kx/6+YTUMB8GA1UdIwQY
MBaAFIwYalbqhME8YnaKnRe64TPO3xBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2Qt
MjA5MmFmNjQ3MDcwLzEvUGVvOHpROTRDal92dHJGNnJ2bVRIX3I1aE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2QtMjA5MmFmNjQ3MDcw
LzEvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLVkEAwQG
jcOAAwQBuZP0MA0EAgACMAcDBQMqClWAMA0GCSqGSIb3DQEBCwUAA4IBAQC6cYeQ
mMzAKvs7yvA63wvQwQx9v+fM3AhVR1+HgiO+YD+GhWoggL9a3VFYg2ayQusBSvJc
t0UxtP3ZK37VTv5Ang0ljPT5B7JtkM6Hxq0nz+Djni+p1xLPwzfdfzAD2cc0ucsL
hdmIRc37N2ZLlkolg3yQRv6W5gLeTGpgwmwf6MIoofRF3/lOTLmxT+0q6/QSXf9V
VV7B3Qqdum56BMP1uc61Fydz5yWJ6TchOK8nTNN/+ijFrZZpU2+1mCWX8piF1m4m
pReMZxMHpZIxqnByyKBPRL9n3eUaxPtkiDB1TG8AXZdS4fgqXgMVLTobGK2VGaR0
aHDu6hx8DCULdHGQ
-----END CERTIFICATE-----