Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/UMOdjm7cBIXoE3gMPaLgP9_6UP0.roa
File:                     UMOdjm7cBIXoE3gMPaLgP9_6UP0.roa (raw, json)
Hash identifier:          T5qXmi8SS++XX3Ab7Rw+MHqtEWendtYkq41cJQGofrQ=
Subject key identifier:   50:C3:9D:8E:6E:DC:04:85:E8:13:78:0C:3D:A2:E0:3F:DF:FA:50:FD
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       019423D6E658DFC8DBAB1244BCABE545FF0C
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/UMOdjm7cBIXoE3gMPaLgP9_6UP0.roa
Signing time:             Wed 01 Jan 2025 21:47:53 +0000
ROA not before:           Wed 01 Jan 2025 21:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207144
IP address blocks:        85.11.167.0/24 maxlen: 24
                          85.11.172.0/24 maxlen: 24
                          85.11.173.0/24 maxlen: 24
                          85.11.175.0/24 maxlen: 24
                          85.11.176.0/24 maxlen: 24
                          85.11.178.0/24 maxlen: 24
                          85.11.184.0/24 maxlen: 24
                          85.11.188.0/24 maxlen: 24
                          185.164.240.0/24 maxlen: 24
                          185.164.241.0/24 maxlen: 24
                          185.164.242.0/24 maxlen: 24
                          185.164.243.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 11 Feb 2025 11:55:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e6:58:df:c8:db:ab:12:44:bc:ab:e5:45:ff:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Jan  1 21:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50c39d8e6edc0485e813780c3da2e03fdffa50fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:99:38:b3:6b:7d:65:e6:6f:af:39:35:bb:0d:
                    e5:1a:b9:b8:51:41:2e:6d:7d:98:6d:96:c5:1d:62:
                    b9:e7:9f:3e:5e:55:db:4b:9f:f1:88:31:18:90:e5:
                    eb:b6:b8:75:22:bd:f5:4a:7f:cf:87:e9:38:7d:66:
                    1a:51:7e:23:da:5a:1a:34:f4:70:99:ab:be:04:ed:
                    13:66:16:db:f3:cf:b6:4b:05:eb:2e:94:ef:30:04:
                    c9:c5:77:a4:1e:85:79:85:a2:b6:d1:28:29:53:8d:
                    52:26:83:12:2e:b2:cc:6e:a0:da:b2:c7:ed:96:27:
                    bb:db:a8:ec:d5:ec:2b:30:f3:56:dc:11:21:2b:c8:
                    6a:9c:13:65:00:4b:30:03:4f:39:08:54:6e:83:4d:
                    8a:13:48:05:67:1e:44:ca:db:a1:66:b8:df:b8:b3:
                    60:8a:04:e8:0b:08:a7:78:7f:7e:53:ff:c6:d6:88:
                    c9:09:3c:a2:e9:09:6d:da:42:ba:93:8c:97:23:00:
                    04:fa:78:7a:be:d6:c0:34:a1:e3:69:73:91:44:97:
                    6a:42:68:bd:fd:a7:d7:65:35:e0:36:14:cb:6d:28:
                    30:94:b5:20:03:c2:1b:9c:b0:46:d6:3b:2b:5b:be:
                    3e:e1:1d:2e:1c:53:ac:14:58:cd:1b:5b:df:c5:33:
                    4a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:C3:9D:8E:6E:DC:04:85:E8:13:78:0C:3D:A2:E0:3F:DF:FA:50:FD
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/UMOdjm7cBIXoE3gMPaLgP9_6UP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.167.0/24
                  85.11.172.0/23
                  85.11.175.0-85.11.176.255
                  85.11.178.0/24
                  85.11.184.0/24
                  85.11.188.0/24
                  185.164.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:1a:cc:a8:64:77:88:39:a2:f7:12:c5:38:76:5d:54:35:f6:
         2b:46:dc:3c:58:b7:1f:b5:44:18:3e:dd:39:a9:73:70:ad:6a:
         d5:fc:e2:5f:4a:a1:41:49:16:b8:ca:a3:21:a4:66:e6:df:ba:
         ee:19:be:a6:fe:d9:b4:a1:0a:15:79:30:c8:bc:ee:ce:55:2b:
         da:b8:7b:89:7d:0e:1f:72:2c:c3:11:24:2b:ad:bc:a4:8e:20:
         01:ee:40:bf:10:17:af:90:2d:f1:44:0b:58:9f:82:2a:24:86:
         f8:35:9d:5d:58:47:8e:57:40:8b:15:df:ef:65:bf:f6:30:cf:
         a5:44:7c:cd:60:f6:36:c6:95:ab:b6:f1:6f:3b:b5:bf:b8:b5:
         46:75:ad:c7:61:2f:27:92:c9:57:07:2d:d5:c5:a5:29:d6:7d:
         6a:d5:80:c2:a6:a4:d7:33:74:d0:d0:e6:67:00:3e:bb:54:37:
         ab:e0:2a:50:2f:fb:1e:3b:9c:d8:88:07:93:63:de:01:f9:76:
         9f:b1:08:ad:1b:d2:3a:e7:35:3c:10:ec:fc:05:56:4c:e6:a9:
         50:75:63:8b:b4:ff:f7:38:b8:b8:c2:53:1e:a5:df:8d:d4:a4:
         c1:6d:b4:e5:35:90:9c:4e:9b:06:26:77:15:62:fc:c4:39:77:
         7c:e0:66:df
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQj1uZY38jbqxJEvKvlRf8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjUwMTAxMjE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGMzOWQ4ZTZlZGMwNDg1ZTgxMzc4MGMzZGEyZTAzZmRmZmE1MGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJk4s2t9ZeZvrzk1uw3lGrm4UUEu
bX2YbZbFHWK5558+XlXbS5/xiDEYkOXrtrh1Ir31Sn/Ph+k4fWYaUX4j2loaNPRw
mau+BO0TZhbb88+2SwXrLpTvMATJxXekHoV5haK20SgpU41SJoMSLrLMbqDassft
lie726js1ewrMPNW3BEhK8hqnBNlAEswA085CFRug02KE0gFZx5EytuhZrjfuLNg
igToCwineH9+U//G1ojJCTyi6Qlt2kK6k4yXIwAE+nh6vtbANKHjaXORRJdqQmi9
/afXZTXgNhTLbSgwlLUgA8IbnLBG1jsrW74+4R0uHFOsFFjNG1vfxTNK4wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFDDnY5u3ASF6BN4DD2i4D/f+lD9MB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvVU1PZGptN2NCSVhvRTNnTVBhTGdQOV82VVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAVQunAwQB
VQusMAwDBABVC68DBABVC7ADBABVC7IDBABVC7gDBABVC7wDBAK5pPAwDQYJKoZI
hvcNAQELBQADggEBAB8azKhkd4g5ovcSxTh2XVQ19itG3DxYtx+1RBg+3Tmpc3Ct
atX84l9KoUFJFrjKoyGkZubfuu4Zvqb+2bShChV5MMi87s5VK9q4e4l9Dh9yLMMR
JCutvKSOIAHuQL8QF6+QLfFEC1ifgiokhvg1nV1YR45XQIsV3+9lv/Ywz6VEfM1g
9jbGlau28W87tb+4tUZ1rcdhLyeSyVcHLdXFpSnWfWrVgMKmpNczdNDQ5mcAPrtU
N6vgKlAv+x47nNiIB5Nj3gH5dp+xCK0b0jrnNTwQ7PwFVkzmqVB1Y4u0//c4uLjC
Ux6l343UpMFttOU1kJxOmwYmdxVi/MQ5d3zgZt8=
-----END CERTIFICATE-----