Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZmVQsfwD-ThKjVi3XYhLo_H1o3E.roa
File:                     ZmVQsfwD-ThKjVi3XYhLo_H1o3E.roa (raw, json)
Hash identifier:          maCQ53nkSFRNbSHAOc8U523GgoWK8jcQivXjKCEUltk=
Subject key identifier:   66:65:50:B1:FC:03:F9:38:4A:8D:58:B7:5D:88:4B:A3:F1:F5:A3:71
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       0192E043EEF80036500A37D88817C2F84DE2
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZmVQsfwD-ThKjVi3XYhLo_H1o3E.roa
Signing time:             Thu 31 Oct 2024 01:50:01 +0000
ROA not before:           Thu 31 Oct 2024 01:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54994
IP address blocks:        140.150.0.0/24 maxlen: 24
                          140.150.1.0/24 maxlen: 24
                          140.150.2.0/24 maxlen: 24
                          140.150.3.0/24 maxlen: 24
                          140.150.4.0/24 maxlen: 24
                          140.150.5.0/24 maxlen: 24
                          140.150.6.0/24 maxlen: 24
                          140.150.7.0/24 maxlen: 24
                          140.150.8.0/23 maxlen: 24
                          140.150.12.0/24 maxlen: 24
                          140.150.18.0/24 maxlen: 24
                          140.150.19.0/24 maxlen: 24
                          140.150.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 01 Nov 2024 09:46:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e0:43:ee:f8:00:36:50:0a:37:d8:88:17:c2:f8:4d:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Oct 31 01:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=666550b1fc03f9384a8d58b75d884ba3f1f5a371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:03:45:0a:33:40:7b:2f:5d:c3:82:de:e1:e5:
                    45:14:33:3a:ee:68:fc:cb:f7:c3:97:0b:e0:2e:3e:
                    4c:fb:23:41:5d:fd:15:60:b1:1b:73:39:c6:d6:a5:
                    ea:ae:c9:9d:ed:ee:48:77:c8:89:53:47:61:db:72:
                    9f:1f:bf:03:39:c3:f2:2a:67:42:00:9f:56:5c:2a:
                    51:cb:56:ba:2b:32:4a:05:ae:e0:42:e5:88:e6:64:
                    a8:cd:c9:e6:65:8b:ab:5e:3e:ad:e9:cb:c3:2a:92:
                    8d:3d:ed:30:8d:86:de:da:53:e2:30:b2:9e:25:b4:
                    a9:fd:57:30:b7:be:45:99:5a:52:af:71:0b:cc:11:
                    0d:0c:53:4f:d6:29:31:25:9d:34:43:21:36:17:63:
                    ca:fe:c4:8e:9b:1e:29:58:b2:d5:9b:4b:bd:38:70:
                    1d:54:6f:9b:6a:eb:14:31:1c:f9:c0:d1:65:dd:9a:
                    c4:d4:c5:5b:34:f5:19:3b:55:2f:47:f4:56:40:e5:
                    d9:aa:0a:d5:87:3c:05:26:70:fa:87:90:67:4e:74:
                    45:89:e3:b7:cb:60:99:5c:4d:5d:9d:86:44:6c:0f:
                    66:20:78:a4:00:a7:b9:4d:6e:37:7b:17:72:b2:e5:
                    c6:3b:c4:76:92:c2:08:57:94:41:f4:44:bf:6d:94:
                    53:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:65:50:B1:FC:03:F9:38:4A:8D:58:B7:5D:88:4B:A3:F1:F5:A3:71
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZmVQsfwD-ThKjVi3XYhLo_H1o3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.0.0-140.150.9.255
                  140.150.12.0/24
                  140.150.18.0/23
                  140.150.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:a1:d2:b0:f3:37:70:7c:09:10:ca:c0:73:0a:41:ec:0d:64:
         2b:64:a0:31:36:15:d9:9c:96:55:4e:06:61:b7:c7:1e:21:e2:
         87:34:54:18:a9:06:a9:22:d7:cb:6a:12:1f:9d:c3:9b:d8:d0:
         17:f8:43:ba:17:aa:18:98:95:be:f0:4e:c0:b2:34:d7:2a:ce:
         81:9b:59:2e:ed:43:53:fd:33:56:55:fe:aa:c6:ba:2a:9a:83:
         91:b7:ca:49:d6:05:e3:a5:07:a6:06:3f:ef:2b:74:0f:91:96:
         c1:8c:bf:dd:91:19:06:20:8a:51:3c:10:67:fd:66:99:b4:23:
         34:b4:1c:fb:46:9c:22:86:ee:10:f9:f8:b8:7b:96:74:4a:1a:
         e2:31:7c:74:1c:d6:f3:11:1d:a6:0b:d6:01:51:1a:0d:79:dd:
         de:40:e0:90:fc:4e:7d:bd:04:18:ce:f4:82:72:bb:a1:e0:b5:
         77:75:9c:e0:0d:2e:b5:9f:18:4c:4c:7c:b9:60:60:e3:39:14:
         74:27:41:38:14:d2:1b:f3:02:43:b5:14:08:5c:d8:09:f9:12:
         78:3e:5e:28:e3:2a:12:c5:ae:d6:bd:0c:6c:c6:8e:be:b1:53:
         50:02:84:1a:71:02:dc:9b:a4:67:be:e4:09:08:7e:09:a7:4f:
         fd:4e:b2:82
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZLgQ+74ADZQCjfYiBfC+E3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjQxMDMxMDE1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY1NTBiMWZjMDNmOTM4NGE4ZDU4Yjc1ZDg4NGJhM2YxZjVhMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ANFCjNAey9dw4Le4eVFFDM67mj8
y/fDlwvgLj5M+yNBXf0VYLEbcznG1qXqrsmd7e5Id8iJU0dh23KfH78DOcPyKmdC
AJ9WXCpRy1a6KzJKBa7gQuWI5mSozcnmZYurXj6t6cvDKpKNPe0wjYbe2lPiMLKe
JbSp/Vcwt75FmVpSr3ELzBENDFNP1ikxJZ00QyE2F2PK/sSOmx4pWLLVm0u9OHAd
VG+bausUMRz5wNFl3ZrE1MVbNPUZO1UvR/RWQOXZqgrVhzwFJnD6h5BnTnRFieO3
y2CZXE1dnYZEbA9mIHikAKe5TW43exdysuXGO8R2ksIIV5RB9ES/bZRTewIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGZlULH8A/k4So1Yt12IS6Px9aNxMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvWm1WUXNmd0QtVGhLalZpM1hZaExvX0gxbzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfMAsDAwGMlgME
AYyWCAMEAIyWDAMEAYyWEgMEAIyWFTANBgkqhkiG9w0BAQsFAAOCAQEAyaHSsPM3
cHwJEMrAcwpB7A1kK2SgMTYV2ZyWVU4GYbfHHiHihzRUGKkGqSLXy2oSH53Dm9jQ
F/hDuheqGJiVvvBOwLI01yrOgZtZLu1DU/0zVlX+qsa6KpqDkbfKSdYF46UHpgY/
7yt0D5GWwYy/3ZEZBiCKUTwQZ/1mmbQjNLQc+0acIobuEPn4uHuWdEoa4jF8dBzW
8xEdpgvWAVEaDXnd3kDgkPxOfb0EGM70gnK7oeC1d3Wc4A0utZ8YTEx8uWBg4zkU
dCdBOBTSG/MCQ7UUCFzYCfkSeD5eKOMqEsWu1r0MbMaOvrFTUAKEGnEC3JukZ77k
CQh+CadP/U6ygg==
-----END CERTIFICATE-----