Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RdELbu1K4J7u7V8EQHEwwtIWGnE.roa
File:                     RdELbu1K4J7u7V8EQHEwwtIWGnE.roa (raw, json)
Hash identifier:          EM3/ycQlm3Rwu97YXm0Vf9GkaBovbHM1o5RuwZM8Rfk=
Subject key identifier:   45:D1:0B:6E:ED:4A:E0:9E:EE:ED:5F:04:40:71:30:C2:D2:16:1A:71
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       018CC56EFC991E1E466041FBB25DEE2F1245
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RdELbu1K4J7u7V8EQHEwwtIWGnE.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196925
IP address blocks:        149.126.112.0/20 maxlen: 20
                          149.126.118.0/24 maxlen: 24
                          149.126.117.0/24 maxlen: 24
                          149.126.116.0/24 maxlen: 24
                          149.126.119.0/24 maxlen: 24
                          185.138.12.0/22 maxlen: 22
                          109.235.192.0/21 maxlen: 21
                          109.235.193.0/24 maxlen: 24
                          109.235.199.0/24 maxlen: 24
                          5.133.224.0/20 maxlen: 20
                          134.19.208.0/20 maxlen: 20
                          131.117.128.0/20 maxlen: 20
                          134.19.217.0/24 maxlen: 24
                          134.19.216.0/24 maxlen: 24
                          2a00:9100::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 11:48:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fc:99:1e:1e:46:60:41:fb:b2:5d:ee:2f:12:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45d10b6eed4ae09eeeed5f04407130c2d2161a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:91:02:ee:fc:64:76:95:45:17:36:2e:1c:10:
                    ef:ab:87:bf:d2:2a:81:b0:6c:fd:d3:57:30:0e:a1:
                    45:bc:0e:46:99:73:cc:f7:3f:ec:92:7c:47:d9:1b:
                    0d:e3:48:50:78:3e:f3:ce:67:b3:0f:73:56:3a:ce:
                    b6:b5:81:3f:54:8f:4d:40:80:ab:e0:af:8c:87:43:
                    05:87:23:3a:d0:3d:fd:8c:68:5f:11:db:cf:39:ef:
                    94:a5:f1:e3:98:20:8a:bb:5e:53:34:20:ea:d8:12:
                    f7:a4:a8:20:1e:8a:b4:36:7a:51:73:ee:44:74:b0:
                    40:5a:a1:d9:31:8a:df:e0:f9:a5:42:9d:bc:f1:de:
                    0e:f2:39:1c:cd:cf:db:a6:59:4e:c5:34:65:5c:a7:
                    79:b0:05:8e:36:ca:4a:1b:7b:99:f0:97:88:5b:f9:
                    72:e9:fd:20:12:c9:8d:a1:c4:ba:47:67:87:51:92:
                    60:92:e8:a1:e9:5d:62:56:96:f5:7a:c5:70:3f:16:
                    6a:01:8b:fd:90:f7:98:e9:5f:74:1d:9a:01:c9:fb:
                    1d:a8:c8:76:4e:7f:63:f4:cb:35:be:7b:49:db:d3:
                    e1:67:cf:7c:bb:90:55:3f:9e:38:38:4e:1c:ff:7c:
                    8e:da:f2:dc:a6:c8:8d:77:ca:6a:b2:cc:04:aa:21:
                    0f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D1:0B:6E:ED:4A:E0:9E:EE:ED:5F:04:40:71:30:C2:D2:16:1A:71
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/RdELbu1K4J7u7V8EQHEwwtIWGnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.224.0/20
                  109.235.192.0/21
                  131.117.128.0/20
                  134.19.208.0/20
                  149.126.112.0/20
                  185.138.12.0/22
                IPv6:
                  2a00:9100::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:ec:2a:fd:a4:e2:58:94:c2:14:69:4a:90:99:bc:af:c5:27:
         05:33:9b:d6:d6:2f:d4:ae:75:bf:b3:ed:0b:38:9a:57:75:67:
         c7:5e:37:65:50:78:a5:c9:b0:46:50:0a:c1:ea:80:b4:39:f7:
         92:dd:b3:8f:1e:6c:6e:a2:75:89:a2:38:f1:30:83:cd:d7:d6:
         af:fb:8e:d9:5d:15:0b:79:68:2c:20:43:0b:21:dd:fa:f3:de:
         40:50:c7:f2:7b:d2:b9:d9:79:ee:7a:78:a1:b8:30:cf:85:4a:
         26:7e:28:4b:f4:d0:23:79:68:d3:82:ad:fc:81:e8:6a:8f:28:
         23:99:80:f8:cb:66:69:1d:72:22:f0:ec:e5:0c:e4:4b:da:39:
         05:c2:50:05:e1:16:e1:cf:e5:22:43:16:4e:e2:54:85:71:68:
         e7:11:e6:b1:ec:f1:67:89:97:b1:f7:16:36:e8:37:2f:91:8a:
         35:cc:35:b8:5b:36:35:19:2f:59:26:76:94:ef:cd:dc:84:01:
         21:85:a7:0c:86:24:40:ec:79:7c:df:be:d0:87:32:87:c4:55:
         85:56:c7:a7:63:b2:fc:6f:2c:f3:16:67:e1:66:1a:f9:a5:47:
         7a:9b:f5:e0:44:f9:5a:7f:98:6b:6e:ef:16:16:28:13:df:07:
         91:91:2b:22
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzFbvyZHh5GYEH7sl3uLxJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQxMGI2ZWVkNGFlMDllZWVlZDVmMDQ0MDcxMzBjMmQyMTYxYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5EC7vxkdpVFFzYuHBDvq4e/0iqB
sGz901cwDqFFvA5GmXPM9z/sknxH2RsN40hQeD7zzmezD3NWOs62tYE/VI9NQICr
4K+Mh0MFhyM60D39jGhfEdvPOe+UpfHjmCCKu15TNCDq2BL3pKggHoq0NnpRc+5E
dLBAWqHZMYrf4PmlQp288d4O8jkczc/bpllOxTRlXKd5sAWONspKG3uZ8JeIW/ly
6f0gEsmNocS6R2eHUZJgkuih6V1iVpb1esVwPxZqAYv9kPeY6V90HZoByfsdqMh2
Tn9j9Ms1vntJ29PhZ898u5BVP544OE4c/3yO2vLcpsiNd8pqsswEqiEPuQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFEXRC27tSuCe7u1fBEBxMMLSFhpxMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvUmRFTGJ1MUs0Sjd1N1Y4RVFIRXd3dElXR25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBYXgAwQD
bevAAwQEg3WAAwQEhhPQAwQElX5wAwQCuYoMMA0EAgACMAcDBQAqAJEAMA0GCSqG
SIb3DQEBCwUAA4IBAQA57Cr9pOJYlMIUaUqQmbyvxScFM5vW1i/UrnW/s+0LOJpX
dWfHXjdlUHilybBGUArB6oC0OfeS3bOPHmxuonWJojjxMIPN19av+47ZXRULeWgs
IEMLId36895AUMfye9K52XnuenihuDDPhUomfihL9NAjeWjTgq38gehqjygjmYD4
y2ZpHXIi8OzlDORL2jkFwlAF4Rbhz+UiQxZO4lSFcWjnEeax7PFniZex9xY26Dcv
kYo1zDW4WzY1GS9ZJnaU783chAEhhacMhiRA7Hl8377QhzKHxFWFVsenY7L8byzz
FmfhZhr5pUd6m/XgRPlaf5hrbu8WFigT3weRkSsi
-----END CERTIFICATE-----