Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XsJcJBizBbet3tzA1_x2pu_fr68.roa
File:                     XsJcJBizBbet3tzA1_x2pu_fr68.roa (raw, json)
Hash identifier:          z1V6mtW/Xespfw6+zZsFhqpn1j4qgnjcPcP1778fmsU=
Subject key identifier:   5E:C2:5C:24:18:B3:05:B7:AD:DE:DC:C0:D7:FC:76:A6:EF:DF:AF:AF
Certificate issuer:       /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial:       01942368EE5335AD572C8ED5BADF46613AE9
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XsJcJBizBbet3tzA1_x2pu_fr68.roa
Signing time:             Wed 01 Jan 2025 19:47:46 +0000
ROA not before:           Wed 01 Jan 2025 19:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21472
IP address blocks:        5.2.16.0/21 maxlen: 21
                          5.2.16.0/23 maxlen: 23
                          5.2.18.0/23 maxlen: 23
                          5.2.20.0/23 maxlen: 23
                          5.2.23.0/24 maxlen: 24
                          91.224.190.0/23 maxlen: 23
                          162.33.228.0/23 maxlen: 23
                          185.79.56.0/22 maxlen: 22
                          185.79.56.0/24 maxlen: 24
                          185.149.176.0/22 maxlen: 22
                          185.229.40.0/22 maxlen: 22
                          195.49.144.0/22 maxlen: 22
                          2a00:e740::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 08 Jan 2025 08:36:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ee:53:35:ad:57:2c:8e:d5:ba:df:46:61:3a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
        Validity
            Not Before: Jan  1 19:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ec25c2418b305b7addedcc0d7fc76a6efdfafaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:61:4c:6f:7f:63:b4:f5:b4:a3:41:af:5d:3f:
                    b8:13:cb:af:c9:6b:eb:f6:c4:fb:41:de:06:72:0a:
                    3a:61:9d:5b:f9:a6:c2:63:2e:dd:95:50:07:5b:25:
                    46:7d:36:1e:16:43:f8:aa:4b:38:e1:5b:d0:38:ee:
                    af:d8:50:01:d3:5d:f6:87:cf:7d:ac:25:d7:3e:6c:
                    71:68:90:fe:47:bf:b1:83:85:f9:c7:51:3d:ce:87:
                    61:8e:ae:81:b2:fe:7f:b2:cc:4e:e9:69:fa:f0:17:
                    17:d2:8c:58:ce:ae:a7:7f:df:9b:c1:4c:8e:9d:8a:
                    9c:9a:d1:e2:8f:72:63:81:85:fe:dd:35:83:83:d5:
                    c9:47:2f:0b:fa:a9:54:b0:e2:5b:fe:e3:68:f6:b8:
                    a3:c2:bf:e2:63:a1:f8:04:63:49:ea:cb:a2:b2:d1:
                    28:2e:ca:f9:40:41:cb:22:ac:35:10:5f:26:e5:46:
                    f3:9c:4b:95:7e:6b:07:6a:94:1a:bd:94:1e:03:b4:
                    05:25:65:78:3f:ed:32:60:5e:06:9f:a2:99:29:bd:
                    4d:8e:7e:c6:08:64:29:89:c6:e6:46:a9:eb:86:2b:
                    80:44:49:5f:a7:03:8f:e7:24:43:dc:98:f1:b1:37:
                    2d:4c:36:02:44:d2:19:49:53:73:6a:1a:dc:6f:da:
                    cb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C2:5C:24:18:B3:05:B7:AD:DE:DC:C0:D7:FC:76:A6:EF:DF:AF:AF
            X509v3 Authority Key Identifier:
                keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XsJcJBizBbet3tzA1_x2pu_fr68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.16.0/21
                  91.224.190.0/23
                  162.33.228.0/23
                  185.79.56.0/22
                  185.149.176.0/22
                  185.229.40.0/22
                  195.49.144.0/22
                IPv6:
                  2a00:e740::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:91:41:e5:7d:85:56:7f:f8:e3:73:86:55:67:ce:c1:07:54:
         f9:b3:53:4d:66:c4:bf:7a:8d:e8:12:c7:0c:ac:76:d9:d1:19:
         e2:ef:e6:96:a6:e5:7a:8c:81:ac:68:52:c5:f5:30:c3:cf:65:
         68:45:98:e9:7e:17:27:af:ea:b3:de:a7:9e:d3:7d:f2:53:a6:
         6a:88:1f:1c:e4:e2:a2:2d:04:14:53:36:e4:36:ef:c2:08:99:
         86:6c:b4:94:0f:cb:0c:f9:bb:af:ad:69:df:33:c0:3a:a3:4b:
         2d:e7:2f:45:8c:19:7e:47:45:34:0b:51:f2:0a:0d:86:70:47:
         e8:3c:75:01:7d:66:28:19:6f:84:b9:67:dd:ea:4b:84:96:cb:
         53:45:9a:2e:13:69:58:17:6f:f6:bd:a4:90:c9:1c:f3:2a:f6:
         ec:1d:a5:7d:5a:eb:e2:ca:f5:f3:5a:4c:50:50:d1:3a:35:68:
         c4:89:43:d2:32:f0:3e:d9:ef:7c:51:08:6b:63:d5:4a:34:ad:
         5f:21:46:e4:91:d1:33:8d:39:5a:f4:c5:a7:0e:ff:60:59:3e:
         ff:af:4d:56:f0:d9:71:77:06:cc:ba:29:9c:14:da:1e:cf:c4:
         71:3a:e3:04:65:04:0c:c7:37:37:81:54:a3:42:eb:95:24:41:
         ea:99:1d:f5
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQjaO5TNa1XLI7Vut9GYTrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjUwMTAxMTk0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMyNWMyNDE4YjMwNWI3YWRkZWRjYzBkN2ZjNzZhNmVmZGZhZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWFMb39jtPW0o0GvXT+4E8uvyWvr
9sT7Qd4Gcgo6YZ1b+abCYy7dlVAHWyVGfTYeFkP4qks44VvQOO6v2FAB0132h899
rCXXPmxxaJD+R7+xg4X5x1E9zodhjq6Bsv5/ssxO6Wn68BcX0oxYzq6nf9+bwUyO
nYqcmtHij3JjgYX+3TWDg9XJRy8L+qlUsOJb/uNo9rijwr/iY6H4BGNJ6suistEo
Lsr5QEHLIqw1EF8m5UbznEuVfmsHapQavZQeA7QFJWV4P+0yYF4Gn6KZKb1Njn7G
CGQpicbmRqnrhiuARElfpwOP5yRD3JjxsTctTDYCRNIZSVNzahrcb9rLsQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF7CXCQYswW3rd7cwNf8dqbv36+vMB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvWHNKY0pCaXpCYmV0M3R6QTFfeDJwdV9mcjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBQIQAwQB
W+C+AwQBoiHkAwQCuU84AwQCuZWwAwQCueUoAwQCwzGQMA0EAgACMAcDBQAqAOdA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2kUHlfYVWf/jjc4ZVZ87BB1T5s1NNZsS/eo3o
EscMrHbZ0Rni7+aWpuV6jIGsaFLF9TDDz2VoRZjpfhcnr+qz3qee033yU6ZqiB8c
5OKiLQQUUzbkNu/CCJmGbLSUD8sM+buvrWnfM8A6o0st5y9FjBl+R0U0C1HyCg2G
cEfoPHUBfWYoGW+EuWfd6kuElstTRZouE2lYF2/2vaSQyRzzKvbsHaV9WuviyvXz
WkxQUNE6NWjEiUPSMvA+2e98UQhrY9VKNK1fIUbkkdEzjTla9MWnDv9gWT7/r01W
8NlxdwbMuimcFNoez8RxOuMEZQQMxzc3gVSjQuuVJEHqmR31
-----END CERTIFICATE-----