Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/c8aa09-bdfb-43ca-8522-fa75cbe9bead/1/C0-QIL1NGEiJ97N37eUVnLa8LrQ.roa
File:                     C0-QIL1NGEiJ97N37eUVnLa8LrQ.roa (raw, json)
Hash identifier:          XMwDyhF9MBI84zxB25qjL9L5gvBEabu0AY/q8HI02a8=
Subject key identifier:   0B:4F:90:20:BD:4D:18:48:89:F7:B3:77:ED:E5:15:9C:B6:BC:2E:B4
Certificate issuer:       /CN=8812a0a809dc3cd1fbd8951a8f80f69925e11908
Certificate serial:       0192226923B1080D9351D0985D9C67679159
Authority key identifier: 88:12:A0:A8:09:DC:3C:D1:FB:D8:95:1A:8F:80:F6:99:25:E1:19:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBKgqAncPNH72JUaj4D2mSXhGQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/c8aa09-bdfb-43ca-8522-fa75cbe9bead/1/C0-QIL1NGEiJ97N37eUVnLa8LrQ.roa
Signing time:             Tue 24 Sep 2024 05:02:48 +0000
ROA not before:           Tue 24 Sep 2024 05:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51013
IP address blocks:        92.118.24.0/22 maxlen: 24
                          92.118.24.0/24 maxlen: 24
                          92.118.26.0/24 maxlen: 24
                          92.118.27.0/24 maxlen: 24
                          185.111.88.0/22 maxlen: 24
                          185.111.88.0/24 maxlen: 24
                          185.111.89.0/24 maxlen: 24
                          185.111.90.0/24 maxlen: 24
                          185.111.91.0/24 maxlen: 24
                          185.140.108.0/24 maxlen: 24
                          193.32.232.0/22 maxlen: 24
                          193.32.232.0/24 maxlen: 24
                          193.32.233.0/24 maxlen: 24
                          193.32.234.0/24 maxlen: 24
                          193.32.235.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 17:49:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:22:69:23:b1:08:0d:93:51:d0:98:5d:9c:67:67:91:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8812a0a809dc3cd1fbd8951a8f80f69925e11908
        Validity
            Not Before: Sep 24 05:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b4f9020bd4d184889f7b377ede5159cb6bc2eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1d:ac:29:c6:c2:67:51:16:f6:2c:51:30:23:
                    b4:aa:40:ce:bc:37:70:36:22:f2:2f:22:41:8d:ba:
                    65:4b:9b:7f:df:63:5a:e2:f7:4e:08:a1:3c:a6:8e:
                    e9:24:b6:3b:16:52:1e:6b:d3:fb:17:c5:3c:06:c0:
                    80:9a:35:3c:34:0b:1e:b0:96:0b:fd:76:b0:d5:7d:
                    3d:68:ba:f5:34:2f:a7:d5:ca:71:78:c2:c8:5a:e8:
                    d9:95:82:68:35:91:cb:ad:8a:36:4b:fe:54:ec:36:
                    db:d7:30:41:f1:dc:9c:80:f5:57:62:b2:10:5c:2c:
                    a5:8e:b7:17:fe:ec:af:b9:b0:6d:bf:58:fa:6a:77:
                    8e:d6:44:eb:a0:69:06:35:44:f5:84:f2:e2:ed:5d:
                    e8:8b:ac:7a:3e:23:fd:56:8c:f7:d5:aa:d3:ad:df:
                    c6:36:06:4f:31:5a:24:91:af:38:8e:04:8d:d4:7e:
                    ca:42:d6:73:fd:f4:38:f5:6c:2a:43:1f:5c:5e:4a:
                    c3:a6:84:71:5f:9f:eb:2c:1e:7c:d8:21:3b:f9:a4:
                    04:da:93:f4:da:e4:50:2e:56:51:34:3a:d7:9a:88:
                    d5:12:ce:89:ea:f5:e0:9c:b2:60:1c:f6:d5:6a:1c:
                    a8:90:42:e3:ff:2b:f3:be:08:cc:c3:7b:7b:6a:82:
                    3f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4F:90:20:BD:4D:18:48:89:F7:B3:77:ED:E5:15:9C:B6:BC:2E:B4
            X509v3 Authority Key Identifier:
                keyid:88:12:A0:A8:09:DC:3C:D1:FB:D8:95:1A:8F:80:F6:99:25:E1:19:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBKgqAncPNH72JUaj4D2mSXhGQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c8aa09-bdfb-43ca-8522-fa75cbe9bead/1/C0-QIL1NGEiJ97N37eUVnLa8LrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c8aa09-bdfb-43ca-8522-fa75cbe9bead/1/iBKgqAncPNH72JUaj4D2mSXhGQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.24.0/22
                  185.111.88.0/22
                  185.140.108.0/24
                  193.32.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:83:dc:64:0a:83:64:ae:f8:80:f0:cd:5b:32:75:16:95:4e:
         5e:39:a9:61:b3:69:3f:c2:bb:c7:28:e5:96:2d:55:67:a0:7e:
         df:b3:59:9b:9b:21:60:d1:b1:51:92:d6:7e:80:0e:6c:12:31:
         17:54:8e:a2:a9:1a:be:79:7c:6d:89:31:60:d5:31:5e:11:8e:
         65:61:cf:f9:a5:04:a9:1f:73:cd:24:71:48:88:0c:5e:24:fc:
         a0:f6:dc:2d:0f:03:fa:12:95:5a:9d:72:f8:ed:00:2e:e9:d0:
         6c:6e:b7:c6:61:81:b1:4f:81:5a:5d:41:ae:18:33:e6:31:a7:
         b9:90:63:5a:62:53:a7:9e:ef:df:e6:cc:8b:cf:20:7f:77:57:
         f7:91:56:b3:0b:d3:bf:1c:1d:f7:a7:53:e6:3f:f4:78:a4:63:
         bd:0d:1f:d6:1e:8f:72:43:ee:ec:34:70:48:75:d6:5f:18:12:
         c0:01:e7:60:39:5d:b5:5f:86:18:61:57:77:22:0d:f7:eb:76:
         16:0c:ae:2b:14:aa:b6:06:7b:5f:1d:18:67:e8:89:13:7d:88:
         5b:30:a9:b5:3e:40:99:22:d4:d1:f4:29:3c:9a:92:d1:92:ed:
         16:14:e3:63:55:50:5f:cf:8d:68:c6:f4:f3:eb:68:d3:f0:10:
         72:bc:f7:0b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZIiaSOxCA2TUdCYXZxnZ5FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTJhMGE4MDlkYzNjZDFmYmQ4OTUxYThmODBmNjk5MjVl
MTE5MDgwHhcNMjQwOTI0MDUwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRmOTAyMGJkNGQxODQ4ODlmN2IzNzdlZGU1MTU5Y2I2YmMyZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB2sKcbCZ1EW9ixRMCO0qkDOvDdw
NiLyLyJBjbplS5t/32Na4vdOCKE8po7pJLY7FlIea9P7F8U8BsCAmjU8NAsesJYL
/Xaw1X09aLr1NC+n1cpxeMLIWujZlYJoNZHLrYo2S/5U7Dbb1zBB8dycgPVXYrIQ
XCyljrcX/uyvubBtv1j6aneO1kTroGkGNUT1hPLi7V3oi6x6PiP9Voz31arTrd/G
NgZPMVokka84jgSN1H7KQtZz/fQ49WwqQx9cXkrDpoRxX5/rLB582CE7+aQE2pP0
2uRQLlZRNDrXmojVEs6J6vXgnLJgHPbVahyokELj/yvzvgjMw3t7aoI/zQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAtPkCC9TRhIifezd+3lFZy2vC60MB8GA1UdIwQY
MBaAFIgSoKgJ3DzR+9iVGo+A9pkl4RkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJLZ3FBbmNQTkg3MkpVYWo0RDJtU1hoR1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9jOGFhMDktYmRmYi00M2NhLTg1MjIt
ZmE3NWNiZTliZWFkLzEvQzAtUUlMMU5HRWlKOTdOMzdlVVZuTGE4THJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9jOGFhMDktYmRmYi00M2NhLTg1MjItZmE3NWNiZTliZWFk
LzEvaUJLZ3FBbmNQTkg3MkpVYWo0RDJtU1hoR1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCXHYYAwQC
uW9YAwQAuYxsAwQCwSDoMA0GCSqGSIb3DQEBCwUAA4IBAQAhg9xkCoNkrviA8M1b
MnUWlU5eOalhs2k/wrvHKOWWLVVnoH7fs1mbmyFg0bFRktZ+gA5sEjEXVI6iqRq+
eXxtiTFg1TFeEY5lYc/5pQSpH3PNJHFIiAxeJPyg9twtDwP6EpVanXL47QAu6dBs
brfGYYGxT4FaXUGuGDPmMae5kGNaYlOnnu/f5syLzyB/d1f3kVazC9O/HB33p1Pm
P/R4pGO9DR/WHo9yQ+7sNHBIddZfGBLAAedgOV21X4YYYVd3Ig3363YWDK4rFKq2
BntfHRhn6IkTfYhbMKm1PkCZItTR9Ck8mpLRku0WFONjVVBfz41oxvTz62jT8BBy
vPcL
-----END CERTIFICATE-----