Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/z046ge0StoXf8uh-hA-S0r0bW-0.roa
File:                     z046ge0StoXf8uh-hA-S0r0bW-0.roa (raw, json)
Hash identifier:          DIlBMaVqfCHOnfKsI06Dnq/XmoON9DXyCvrW09viUNY=
Subject key identifier:   CF:4E:3A:81:ED:12:B6:85:DF:F2:E8:7E:84:0F:92:D2:BD:1B:5B:ED
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       01939C6C49F0FD984F3B8E1A4C338DF86AA7
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/z046ge0StoXf8uh-hA-S0r0bW-0.roa
Signing time:             Fri 06 Dec 2024 14:42:42 +0000
ROA not before:           Fri 06 Dec 2024 14:42:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        147.136.64.0/22 maxlen: 22
                          147.136.70.0/24 maxlen: 24
                          168.199.141.0/24 maxlen: 24
                          168.199.159.0/24 maxlen: 24
                          168.199.209.0/24 maxlen: 24
                          168.199.225.0/24 maxlen: 24
                          185.101.253.0/24 maxlen: 24
                          185.101.254.0/24 maxlen: 24
                          192.95.85.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:9c:6c:49:f0:fd:98:4f:3b:8e:1a:4c:33:8d:f8:6a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Dec  6 14:42:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf4e3a81ed12b685dff2e87e840f92d2bd1b5bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b4:63:8c:ae:70:d6:6c:59:95:47:a3:19:b8:
                    2e:11:93:fc:70:00:23:cd:e3:4e:1a:7d:60:15:90:
                    c7:cf:77:cf:90:6a:50:da:95:63:26:10:e2:3b:03:
                    9f:96:bd:3b:8e:21:47:79:92:1d:ff:52:84:11:a9:
                    b3:f0:6e:6d:a9:98:56:65:35:f3:a6:81:e7:61:52:
                    3d:0d:cc:7f:92:7e:0c:cb:7c:84:bc:5e:0b:2b:5e:
                    40:e6:8f:f4:b4:95:4f:31:5c:f6:f9:9e:6a:80:b2:
                    1e:bb:5c:b4:7d:f0:1c:3b:15:ee:38:d9:a3:88:f9:
                    c6:36:68:a5:66:c4:da:25:2c:c1:3d:5a:b1:2a:5f:
                    2e:b6:b6:7f:3d:fa:a3:d9:8c:36:8c:83:f1:bb:9b:
                    00:9f:e1:38:ca:2c:aa:7f:0c:70:9b:48:fa:1c:64:
                    da:11:c6:09:df:8a:78:96:a2:27:48:d4:5b:c8:60:
                    57:36:36:99:61:fd:3c:e3:99:22:da:48:87:aa:84:
                    1e:7c:fb:74:97:99:f6:dd:7f:bf:2a:a2:1d:05:a0:
                    12:7a:c7:ee:fb:8e:23:c0:4f:f2:9c:2d:83:09:83:
                    96:c1:aa:02:f8:f6:da:00:0f:0d:21:d6:5a:29:ba:
                    bc:58:c3:18:67:f7:5c:b0:b5:ab:03:4c:c6:b8:ef:
                    8f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4E:3A:81:ED:12:B6:85:DF:F2:E8:7E:84:0F:92:D2:BD:1B:5B:ED
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/z046ge0StoXf8uh-hA-S0r0bW-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.136.64.0/22
                  147.136.70.0/24
                  168.199.141.0/24
                  168.199.159.0/24
                  168.199.209.0/24
                  168.199.225.0/24
                  185.101.253.0-185.101.254.255
                  192.95.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:cb:75:03:74:c2:58:37:15:80:99:97:c3:68:d5:05:6d:54:
         7b:0e:05:68:f3:76:c9:99:8b:df:29:e9:0a:40:19:de:16:59:
         8c:23:4c:1f:09:7a:22:e3:13:7c:19:d2:8b:00:de:d4:95:27:
         7b:80:fe:16:8f:dd:57:0e:63:61:fb:c1:07:74:96:56:60:20:
         1c:12:ce:20:df:b5:f4:2a:32:4d:c0:a6:fa:36:90:f0:e2:20:
         d2:ec:a2:16:3c:4c:2a:a9:69:52:f9:08:1a:5a:15:ca:d1:79:
         35:c9:37:89:4f:42:ee:7a:55:ed:e5:60:00:4d:33:4f:90:00:
         db:2b:e1:38:fa:78:b2:21:4f:0a:b0:ea:cf:65:8e:a3:4c:f5:
         8e:c3:56:42:30:44:ff:02:df:1a:6c:fc:9e:b4:8b:2f:7f:5d:
         ab:14:15:20:7b:a7:ff:97:bf:ff:11:9c:6f:61:3a:eb:9b:0b:
         8c:f9:7e:75:42:92:50:e5:d2:80:40:ce:ac:af:78:92:01:2d:
         f6:58:54:a6:86:c4:1e:8e:53:a7:f9:18:18:e4:f8:b7:4d:fd:
         0b:fc:27:e2:16:54:68:20:74:94:a1:5c:de:4f:0a:30:34:86:
         a5:7a:be:b8:46:dc:d9:31:a6:5c:9d:f2:83:be:a8:89:64:45:
         6d:2f:49:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZOcbEnw/ZhPO44aTDON+GqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQxMjA2MTQ0MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRlM2E4MWVkMTJiNjg1ZGZmMmU4N2U4NDBmOTJkMmJkMWI1YmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrRjjK5w1mxZlUejGbguEZP8cAAj
zeNOGn1gFZDHz3fPkGpQ2pVjJhDiOwOflr07jiFHeZId/1KEEamz8G5tqZhWZTXz
poHnYVI9Dcx/kn4My3yEvF4LK15A5o/0tJVPMVz2+Z5qgLIeu1y0ffAcOxXuONmj
iPnGNmilZsTaJSzBPVqxKl8utrZ/Pfqj2Yw2jIPxu5sAn+E4yiyqfwxwm0j6HGTa
EcYJ34p4lqInSNRbyGBXNjaZYf0845ki2kiHqoQefPt0l5n23X+/KqIdBaASesfu
+44jwE/ynC2DCYOWwaoC+PbaAA8NIdZaKbq8WMMYZ/dcsLWrA0zGuO+PVwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFM9OOoHtEraF3/LofoQPktK9G1vtMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvejA0NmdlMFN0b1hmOHVoLWhBLVMwcjBiVy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCk4hAAwQA
k4hGAwQAqMeNAwQAqMefAwQAqMfRAwQAqMfhMAwDBAC5Zf0DBAC5Zf4DBADAX1Uw
DQYJKoZIhvcNAQELBQADggEBAFnLdQN0wlg3FYCZl8No1QVtVHsOBWjzdsmZi98p
6QpAGd4WWYwjTB8JeiLjE3wZ0osA3tSVJ3uA/haP3VcOY2H7wQd0llZgIBwSziDf
tfQqMk3Apvo2kPDiINLsohY8TCqpaVL5CBpaFcrReTXJN4lPQu56Ve3lYABNM0+Q
ANsr4Tj6eLIhTwqw6s9ljqNM9Y7DVkIwRP8C3xps/J60iy9/XasUFSB7p/+Xv/8R
nG9hOuubC4z5fnVCklDl0oBAzqyveJIBLfZYVKaGxB6OU6f5GBjk+LdN/Qv8J+IW
VGggdJShXN5PCjA0hqV6vrhG3Nkxplyd8oO+qIlkRW0vSW4=
-----END CERTIFICATE-----