Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/v9AxHB5jv3Q66vMAlmak_0B1jlc.roa
File:                     v9AxHB5jv3Q66vMAlmak_0B1jlc.roa (raw, json)
Hash identifier:          mrv85zD2aqP5lskE3aBx5t6gq4axLlBxEAQbD+SXERQ=
Subject key identifier:   BF:D0:31:1C:1E:63:BF:74:3A:EA:F3:00:96:66:A4:FF:40:75:8E:57
Certificate issuer:       /CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
Certificate serial:       018DF46619B46ED6E4B7C2BCE4F7DFBCC402
Authority key identifier: B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/v9AxHB5jv3Q66vMAlmak_0B1jlc.roa
Signing time:             Thu 29 Feb 2024 10:25:48 +0000
ROA not before:           Thu 29 Feb 2024 10:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47952
IP address blocks:        45.139.221.0/24 maxlen: 24
                          91.194.52.0/24 maxlen: 24
                          91.194.54.0/24 maxlen: 24
                          185.82.220.0/24 maxlen: 24
                          185.82.221.0/24 maxlen: 24
                          185.82.222.0/24 maxlen: 24
                          185.82.223.0/24 maxlen: 24
                          185.201.212.0/24 maxlen: 24
                          185.201.213.0/24 maxlen: 24
                          185.201.214.0/24 maxlen: 24
                          185.201.215.0/24 maxlen: 24
                          2a0a:c4c0::/48 maxlen: 48
                          2a0a:c4c0:1::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 08 Mar 2024 11:57:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:66:19:b4:6e:d6:e4:b7:c2:bc:e4:f7:df:bc:c4:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
        Validity
            Not Before: Feb 29 10:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd0311c1e63bf743aeaf3009666a4ff40758e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:10:b4:4e:1e:02:9b:29:6b:a4:98:be:46:6a:
                    1b:eb:e7:24:49:7f:34:fe:52:7e:b1:44:2d:90:40:
                    42:63:42:b6:8f:5e:d2:1c:22:36:d4:3f:41:7c:1e:
                    48:3e:ff:7f:1b:49:3f:31:54:72:46:b9:58:d8:f9:
                    a4:ca:71:5e:e4:37:d6:65:07:ee:27:7a:18:15:2a:
                    49:ad:1b:62:8b:a2:9c:9d:75:e7:8c:bd:fa:e8:89:
                    2e:1e:3a:de:a5:f6:1b:78:a8:19:44:35:8e:30:cd:
                    83:d8:e7:05:d0:ca:86:8e:48:8c:52:8d:08:ed:91:
                    6c:db:ec:9a:38:a3:58:57:35:51:c1:db:fb:f3:d7:
                    43:2b:d1:76:97:4a:98:82:c6:ab:f0:a1:73:ad:e2:
                    f3:c0:c1:38:05:2c:34:b9:7d:2d:02:21:a4:b8:bf:
                    4e:d1:c1:d6:c8:a1:4d:19:57:07:2d:66:d6:a1:58:
                    62:50:3f:75:50:f5:f0:5e:ad:c1:4d:ea:73:ba:b8:
                    03:5e:35:d3:05:40:b8:73:87:9f:99:fb:82:25:8f:
                    b8:2f:bb:6e:c3:2e:27:36:08:1d:0d:27:cc:03:d1:
                    9c:70:50:ea:d6:69:77:23:40:24:9c:d4:c1:9d:90:
                    43:82:cc:60:c7:7c:05:95:93:92:79:43:8a:52:57:
                    e6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D0:31:1C:1E:63:BF:74:3A:EA:F3:00:96:66:A4:FF:40:75:8E:57
            X509v3 Authority Key Identifier:
                keyid:B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/v9AxHB5jv3Q66vMAlmak_0B1jlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/tjC3O1HLxTgN1K2z1ar_TXozTF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.221.0/24
                  91.194.52.0/24
                  91.194.54.0/24
                  185.82.220.0/22
                  185.201.212.0/22
                IPv6:
                  2a0a:c4c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         72:84:74:38:ce:74:b7:09:f8:11:81:ca:4b:16:f4:a8:c7:89:
         34:eb:70:1d:af:4e:f9:ee:34:af:66:dc:61:45:6c:54:0a:a8:
         7b:f3:dc:40:5c:74:32:7b:2e:d3:d7:c1:5f:d3:b0:ef:4f:15:
         c3:38:2a:ce:88:de:be:ef:0c:c4:96:f4:55:6d:0c:e8:37:1f:
         88:76:08:da:a0:44:06:68:70:7d:fe:04:3f:85:da:b3:11:96:
         9c:38:f6:d2:06:65:98:e4:63:0a:c1:af:45:1a:8b:ad:ed:41:
         c9:c6:c7:db:ae:2a:aa:09:bc:54:00:80:fa:b9:4d:4d:39:27:
         b7:d2:f5:e8:69:a2:79:db:ad:1a:fd:a4:b7:d9:85:26:c3:80:
         69:ed:ed:29:60:e8:47:08:ce:0c:c1:c5:cf:9b:67:34:a6:f8:
         10:68:97:c7:9f:c4:22:f4:2d:e1:d3:89:7a:bf:25:00:fd:07:
         86:98:41:ba:b1:21:a9:3a:26:39:3d:a4:0d:cb:60:78:f3:04:
         6e:ac:b7:63:6e:c6:30:f0:84:38:e9:9d:d8:36:55:f9:b3:05:
         67:9c:f1:ae:3f:cd:d2:da:bd:26:88:33:50:99:00:b8:85:9b:
         84:6b:43:0c:6c:2e:93:bc:9e:09:6b:5a:0e:ca:d1:2b:0e:79:
         43:02:32:68
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAY30Zhm0btbkt8K85PffvMQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzBiNzNiNTFjYmM1MzgwZGQ0YWRiM2Q1YWFmZjRkN2Ez
MzRjNWUwHhcNMjQwMjI5MTAyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQwMzExYzFlNjNiZjc0M2FlYWYzMDA5NjY2YTRmZjQwNzU4ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBC0Th4CmylrpJi+Rmob6+ckSX80
/lJ+sUQtkEBCY0K2j17SHCI21D9BfB5IPv9/G0k/MVRyRrlY2PmkynFe5DfWZQfu
J3oYFSpJrRtii6KcnXXnjL366IkuHjrepfYbeKgZRDWOMM2D2OcF0MqGjkiMUo0I
7ZFs2+yaOKNYVzVRwdv789dDK9F2l0qYgsar8KFzreLzwME4BSw0uX0tAiGkuL9O
0cHWyKFNGVcHLWbWoVhiUD91UPXwXq3BTepzurgDXjXTBUC4c4efmfuCJY+4L7tu
wy4nNggdDSfMA9GccFDq1ml3I0AknNTBnZBDgsxgx3wFlZOSeUOKUlfmgwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFL/QMRweY790OurzAJZmpP9AdY5XMB8GA1UdIwQY
MBaAFLYwtztRy8U4DdSts9Wq/016M0xeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQt
MGQ0OGU2ODk1ZjEyLzEvdjlBeEhCNWp2M1E2NnZNQWxtYWtfMEIxamxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQtMGQ0OGU2ODk1ZjEy
LzEvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQALYvdAwQA
W8I0AwQAW8I2AwQCuVLcAwQCucnUMA8EAgACMAkDBwEqCsTAAAAwDQYJKoZIhvcN
AQELBQADggEBAHKEdDjOdLcJ+BGByksW9KjHiTTrcB2vTvnuNK9m3GFFbFQKqHvz
3EBcdDJ7LtPXwV/TsO9PFcM4Ks6I3r7vDMSW9FVtDOg3H4h2CNqgRAZocH3+BD+F
2rMRlpw49tIGZZjkYwrBr0Uai63tQcnGx9uuKqoJvFQAgPq5TU05J7fS9ehponnb
rRr9pLfZhSbDgGnt7Slg6EcIzgzBxc+bZzSm+BBol8efxCL0LeHTiXq/JQD9B4aY
QbqxIak6Jjk9pA3LYHjzBG6st2NuxjDwhDjpndg2VfmzBWec8a4/zdLavSaIM1CZ
ALiFm4RrQwxsLpO8nglrWg7K0SsOeUMCMmg=
-----END CERTIFICATE-----