Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/PbS9zWYy57z41G15YMYmSUi6fN0.roa
File:                     PbS9zWYy57z41G15YMYmSUi6fN0.roa (raw, json)
Hash identifier:          HRt4/YyOG9FnnVleez1kUk7C6atcUig81TzAUD3SioQ=
Subject key identifier:   3D:B4:BD:CD:66:32:E7:BC:F8:D4:6D:79:60:C6:26:49:48:BA:7C:DD
Certificate issuer:       /CN=8a4000101ad393cadf7fc8fd63daad3c6dae124f
Certificate serial:       019289548B00CAFF95A1138D0109C5B0797F
Authority key identifier: 8A:40:00:10:1A:D3:93:CA:DF:7F:C8:FD:63:DA:AD:3C:6D:AE:12:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ikAAEBrTk8rff8j9Y9qtPG2uEk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/PbS9zWYy57z41G15YMYmSUi6fN0.roa
Signing time:             Mon 14 Oct 2024 04:41:12 +0000
ROA not before:           Mon 14 Oct 2024 04:41:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41549
IP address blocks:        88.84.0.0/19 maxlen: 19
                          89.186.208.0/21 maxlen: 21
                          146.185.0.0/21 maxlen: 21
                          178.21.224.0/21 maxlen: 21
                          185.37.72.0/22 maxlen: 22
                          194.11.218.0/23 maxlen: 23
                          195.20.64.0/19 maxlen: 19
                          213.159.144.0/20 maxlen: 20
                          217.67.128.0/20 maxlen: 20
                          2a01:aec0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 19:47:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:89:54:8b:00:ca:ff:95:a1:13:8d:01:09:c5:b0:79:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a4000101ad393cadf7fc8fd63daad3c6dae124f
        Validity
            Not Before: Oct 14 04:41:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db4bdcd6632e7bcf8d46d7960c6264948ba7cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ad:a6:70:a5:45:e6:be:99:33:dd:1b:92:62:
                    f0:61:01:ca:38:ca:83:ef:e4:ee:0c:e0:59:34:b4:
                    bc:ef:35:da:02:16:9e:42:1f:1e:3b:50:5c:e2:1a:
                    ab:57:e3:37:4e:6a:a9:3b:71:5b:df:4e:1b:ec:fb:
                    2d:d3:22:b0:c6:a4:c0:84:93:fa:a2:a1:40:00:69:
                    23:bc:7a:5f:7f:46:6e:de:24:16:83:86:4d:fd:57:
                    61:d7:e9:13:b1:f3:63:2c:c1:87:70:ac:38:47:03:
                    71:51:33:6f:ac:30:f2:2c:0e:50:e6:57:f5:2c:69:
                    b1:aa:da:1e:b2:02:7e:6e:06:67:63:ce:e8:14:ad:
                    01:22:cc:67:43:5d:e9:5c:2a:24:a6:aa:b5:84:f6:
                    92:10:df:d0:4a:ec:04:36:d3:b7:00:27:ec:4f:f1:
                    07:60:93:b0:84:a6:87:e7:89:5b:eb:09:fb:5b:cc:
                    ae:69:28:7c:a7:05:c0:66:31:3f:8a:2d:85:d6:a0:
                    d2:45:e0:b3:a9:f1:ab:92:3c:ed:c1:90:43:c0:2b:
                    8c:35:49:87:f2:c0:c1:15:c0:f3:b2:73:95:d1:50:
                    c0:c6:6f:90:46:92:98:2c:f1:75:eb:93:83:8f:33:
                    e3:81:be:a9:39:ac:72:33:24:d6:a3:3c:ed:cb:0a:
                    37:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B4:BD:CD:66:32:E7:BC:F8:D4:6D:79:60:C6:26:49:48:BA:7C:DD
            X509v3 Authority Key Identifier:
                keyid:8A:40:00:10:1A:D3:93:CA:DF:7F:C8:FD:63:DA:AD:3C:6D:AE:12:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ikAAEBrTk8rff8j9Y9qtPG2uEk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/PbS9zWYy57z41G15YMYmSUi6fN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/ikAAEBrTk8rff8j9Y9qtPG2uEk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.0.0/19
                  89.186.208.0/21
                  146.185.0.0/21
                  178.21.224.0/21
                  185.37.72.0/22
                  194.11.218.0/23
                  195.20.64.0/19
                  213.159.144.0/20
                  217.67.128.0/20
                IPv6:
                  2a01:aec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:bc:bc:b0:62:eb:0d:c5:5b:e4:0e:b7:98:81:c0:48:f3:78:
         e9:82:4e:5b:94:f4:e7:90:a6:83:1c:19:ac:d2:be:56:11:02:
         4b:17:b6:5c:7a:a6:b0:b4:d4:9e:36:d8:e6:46:8f:2c:3d:76:
         b5:c3:46:cb:35:51:9f:a7:22:d5:a9:0c:7e:a6:dd:68:16:ae:
         25:fc:a5:d3:4c:62:ab:a6:98:7f:92:b1:fd:e5:a2:fc:8b:8c:
         22:1c:4e:8c:09:33:f1:6b:5b:ad:bb:2f:25:c2:4c:d3:59:03:
         28:23:e1:14:3f:06:c0:74:c1:5c:6e:24:3a:4a:8b:90:49:b8:
         a0:de:5c:ed:c3:41:cd:f9:d9:6e:63:f7:35:d0:8f:91:bc:e8:
         41:e9:33:b3:8f:63:69:04:c0:03:fa:c3:9f:7b:74:40:85:f7:
         a1:28:aa:7c:20:5f:56:69:db:76:5e:fd:dc:b2:f4:d5:13:97:
         40:2b:80:ef:32:48:f9:d5:7a:27:b1:0b:b2:13:e5:1d:5e:8a:
         e4:4b:83:1b:a9:eb:ad:e4:12:98:88:4e:a5:a2:5c:6c:4a:1c:
         0e:2d:a0:7b:6b:ad:c4:90:28:26:c1:30:d6:2e:9d:9b:d4:4b:
         ee:7f:56:3a:12:5f:82:d3:de:86:0f:29:d5:a7:74:14:9b:5c:
         a1:10:b4:0d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZKJVIsAyv+VoRONAQnFsHl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNDAwMDEwMWFkMzkzY2FkZjdmYzhmZDYzZGFhZDNjNmRh
ZTEyNGYwHhcNMjQxMDE0MDQ0MTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI0YmRjZDY2MzJlN2JjZjhkNDZkNzk2MGM2MjY0OTQ4YmE3Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza2mcKVF5r6ZM90bkmLwYQHKOMqD
7+TuDOBZNLS87zXaAhaeQh8eO1Bc4hqrV+M3TmqpO3Fb304b7Pst0yKwxqTAhJP6
oqFAAGkjvHpff0Zu3iQWg4ZN/Vdh1+kTsfNjLMGHcKw4RwNxUTNvrDDyLA5Q5lf1
LGmxqtoesgJ+bgZnY87oFK0BIsxnQ13pXCokpqq1hPaSEN/QSuwENtO3ACfsT/EH
YJOwhKaH54lb6wn7W8yuaSh8pwXAZjE/ii2F1qDSReCzqfGrkjztwZBDwCuMNUmH
8sDBFcDzsnOV0VDAxm+QRpKYLPF165ODjzPjgb6pOaxyMyTWozztywo3EQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFD20vc1mMue8+NRteWDGJklIunzdMB8GA1UdIwQY
MBaAFIpAABAa05PK33/I/WParTxtrhJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWtBQUVCclRrOHJmZjhqOVk5cXRQRzJ1RWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9iMjdiZDAtM2QzOS00ZDc4LWFhMmMt
MWYzY2NmYTYxYWFjLzEvUGJTOXpXWXk1N3o0MUcxNVlNWW1TVWk2Zk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9iMjdiZDAtM2QzOS00ZDc4LWFhMmMtMWYzY2NmYTYxYWFj
LzEvaWtBQUVCclRrOHJmZjhqOVk5cXRQRzJ1RWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFWFQAAwQD
WbrQAwQDkrkAAwQDshXgAwQCuSVIAwQBwgvaAwQFwxRAAwQE1Z+QAwQE2UOAMA0E
AgACMAcDBQAqAa7AMA0GCSqGSIb3DQEBCwUAA4IBAQC0vLywYusNxVvkDreYgcBI
83jpgk5blPTnkKaDHBms0r5WEQJLF7ZceqawtNSeNtjmRo8sPXa1w0bLNVGfpyLV
qQx+pt1oFq4l/KXTTGKrpph/krH95aL8i4wiHE6MCTPxa1utuy8lwkzTWQMoI+EU
PwbAdMFcbiQ6SouQSbig3lztw0HN+dluY/c10I+RvOhB6TOzj2NpBMAD+sOfe3RA
hfehKKp8IF9Wadt2Xv3csvTVE5dAK4DvMkj51XonsQuyE+UdXorkS4Mbqeut5BKY
iE6lolxsShwOLaB7a63EkCgmwTDWLp2b1Evuf1Y6El+C096GDynVp3QUm1yhELQN
-----END CERTIFICATE-----