Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/G1prV8uFQCx6mEJ5uk0QatrZvtg.roa
File:                     G1prV8uFQCx6mEJ5uk0QatrZvtg.roa (raw, json)
Hash identifier:          dGXIFIfaEzNegxxUDQKbyZKUL+PR5tViKx4oSBsy+7M=
Subject key identifier:   1B:5A:6B:57:CB:85:40:2C:7A:98:42:79:BA:4D:10:6A:DA:D9:BE:D8
Certificate issuer:       /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial:       018CCA2A966C24B2AB04DCA04AC8DDD0CB9A
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/G1prV8uFQCx6mEJ5uk0QatrZvtg.roa
Signing time:             Tue 02 Jan 2024 12:33:57 +0000
ROA not before:           Tue 02 Jan 2024 12:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210278
IP address blocks:        101.56.192.0/18 maxlen: 18
                          101.56.128.0/18 maxlen: 18
                          101.59.0.0/16 maxlen: 16
                          195.162.92.0/22 maxlen: 22
                          101.56.64.0/18 maxlen: 18
                          101.63.0.0/16 maxlen: 16
                          101.58.0.0/16 maxlen: 16
                          101.58.0.0/15 maxlen: 15
                          101.56.0.0/18 maxlen: 18
                          101.62.194.0/23 maxlen: 23
                          101.62.196.0/23 maxlen: 23
                          101.56.0.0/15 maxlen: 15
                          101.62.0.0/16 maxlen: 16
                          101.62.0.0/15 maxlen: 15
                          101.57.0.0/16 maxlen: 16
                          2a0e:400::/25 maxlen: 25
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:47:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:96:6c:24:b2:ab:04:dc:a0:4a:c8:dd:d0:cb:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b5a6b57cb85402c7a984279ba4d106adad9bed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:b0:d7:02:1f:b5:53:c8:3b:fb:6d:4c:ce:
                    e2:da:e9:ae:4b:dd:68:f7:95:3d:4e:64:63:02:12:
                    05:4a:96:bd:88:82:71:0c:08:08:c1:f1:17:d6:f6:
                    5d:fd:fe:98:fd:92:13:05:4c:2b:34:1c:a0:5a:fc:
                    5f:8b:9d:3f:27:01:4e:23:d2:68:f0:89:a2:80:90:
                    c7:43:18:c2:02:9e:42:92:4a:30:ed:49:81:32:39:
                    67:e8:e3:d0:f2:55:39:c9:73:75:5d:dc:27:c9:9f:
                    f0:42:7a:d2:d7:91:23:e7:03:fc:3d:24:55:3d:c8:
                    f2:8e:8c:87:f2:51:af:17:08:bf:49:f6:39:56:36:
                    c0:6a:f1:3c:b3:17:91:54:9a:48:28:16:3c:32:b1:
                    e3:6b:bb:1c:77:a3:c5:e3:95:b5:6f:c8:f7:f3:28:
                    65:ae:74:50:07:1f:20:58:e8:5e:b8:6e:a8:3d:1f:
                    d1:f6:5c:d6:3d:d9:d1:33:cb:41:61:a5:56:ae:df:
                    00:53:5f:04:df:9a:8e:57:15:3e:85:40:b3:ae:ce:
                    55:22:8e:e0:a8:40:8e:27:3f:39:32:40:3a:79:46:
                    80:aa:45:30:ed:ac:10:f5:3e:ec:b2:0a:5b:ef:f5:
                    a1:80:52:6b:7a:6c:e4:17:9c:f9:53:5f:54:3a:2c:
                    8e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:5A:6B:57:CB:85:40:2C:7A:98:42:79:BA:4D:10:6A:DA:D9:BE:D8
            X509v3 Authority Key Identifier:
                keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/G1prV8uFQCx6mEJ5uk0QatrZvtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.56.0.0/14
                  101.62.0.0/15
                  195.162.92.0/22
                IPv6:
                  2a0e:400::/25

    Signature Algorithm: sha256WithRSAEncryption
         1c:9e:bc:8b:81:7c:06:d1:bd:05:7d:5d:69:93:f3:63:31:bd:
         fa:64:ec:35:99:85:81:c2:95:96:61:31:9a:b0:6c:d4:b6:05:
         78:b2:c5:31:0b:0b:9c:66:67:84:0f:0b:89:30:77:50:4b:38:
         fd:17:74:a6:de:b3:3f:47:6e:7b:eb:3e:be:5b:9b:95:a0:61:
         2c:f5:fe:3c:6f:c4:6f:79:02:f0:99:0a:b6:5a:2b:9a:96:0f:
         fb:b7:5a:8f:70:e2:0d:3b:32:71:57:39:eb:58:39:37:53:d5:
         ef:77:ac:53:55:73:6c:71:54:52:66:64:c3:ee:2f:b2:08:34:
         89:19:ed:1c:c3:41:7d:78:a9:6c:e6:d4:87:3c:85:d7:c9:ad:
         30:45:96:ca:9b:7a:2c:4b:66:9b:9b:3d:49:db:28:42:12:1d:
         62:1b:53:0d:22:3c:ee:d1:81:83:37:ee:d1:83:b9:63:18:fd:
         08:0b:55:48:65:b6:a7:9e:7a:c5:00:b2:1a:4c:c0:f1:7b:ea:
         ac:01:02:e5:3a:d1:e7:0f:c5:00:0d:48:2d:1d:5c:bf:ee:f2:
         35:6d:68:a6:df:b1:6a:55:c6:90:1e:aa:7c:f8:61:39:d0:03:
         bd:7e:42:e9:ee:4d:5e:98:7d:6b:d0:e0:23:0f:90:95:ec:94:
         02:fe:d0:83
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzKKpZsJLKrBNygSsjd0MuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjVhNmI1N2NiODU0MDJjN2E5ODQyNzliYTRkMTA2YWRhZDliZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNOw1wIftVPIO/ttTM7i2umuS91o
95U9TmRjAhIFSpa9iIJxDAgIwfEX1vZd/f6Y/ZITBUwrNBygWvxfi50/JwFOI9Jo
8ImigJDHQxjCAp5Ckkow7UmBMjln6OPQ8lU5yXN1XdwnyZ/wQnrS15Ej5wP8PSRV
PcjyjoyH8lGvFwi/SfY5VjbAavE8sxeRVJpIKBY8MrHja7scd6PF45W1b8j38yhl
rnRQBx8gWOheuG6oPR/R9lzWPdnRM8tBYaVWrt8AU18E35qOVxU+hUCzrs5VIo7g
qECOJz85MkA6eUaAqkUw7awQ9T7ssgpb7/WhgFJremzkF5z5U19UOiyOuQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBtaa1fLhUAsephCebpNEGra2b7YMB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvRzFwclY4dUZRQ3g2bUVKNXVrMFFhdHJadnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAWBAIAATAQAwMCZTgDAwFl
PgMEAsOiXDANBAIAAjAHAwUHKg4EADANBgkqhkiG9w0BAQsFAAOCAQEAHJ68i4F8
BtG9BX1daZPzYzG9+mTsNZmFgcKVlmExmrBs1LYFeLLFMQsLnGZnhA8LiTB3UEs4
/Rd0pt6zP0due+s+vlublaBhLPX+PG/Eb3kC8JkKtlormpYP+7daj3DiDTsycVc5
61g5N1PV73esU1VzbHFUUmZkw+4vsgg0iRntHMNBfXipbObUhzyF18mtMEWWypt6
LEtmm5s9SdsoQhIdYhtTDSI87tGBgzfu0YO5Yxj9CAtVSGW2p556xQCyGkzA8Xvq
rAEC5TrR5w/FAA1ILR1cv+7yNW1opt+xalXGkB6qfPhhOdADvX5C6e5NXph9a9Dg
Iw+QleyUAv7Qgw==
-----END CERTIFICATE-----