Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/OUdw0gOa5bFPdIja9fTWWS8SLrw.roa
File:                     OUdw0gOa5bFPdIja9fTWWS8SLrw.roa (raw, json)
Hash identifier:          DoIBtGdcvlySHoWHn5X2zkZGn/RKDogMgBeAyFh40ks=
Subject key identifier:   39:47:70:D2:03:9A:E5:B1:4F:74:88:DA:F5:F4:D6:59:2F:12:2E:BC
Certificate issuer:       /CN=54791dde2c9bdea366ce7ec6c5a800c5da633454
Certificate serial:       018CC4253E98545F3D11E7AE6B49CB0F8120
Authority key identifier: 54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/OUdw0gOa5bFPdIja9fTWWS8SLrw.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212772
IP address blocks:        185.113.28.0/22 maxlen: 24
                          94.140.14.0/23 maxlen: 24
                          45.156.136.0/22 maxlen: 24
                          92.255.56.0/24 maxlen: 24
                          217.72.12.0/22 maxlen: 24
                          46.243.228.0/22 maxlen: 24
                          92.255.68.0/22 maxlen: 24
                          92.255.84.0/24 maxlen: 24
                          2a10:50c0::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 09:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3e:98:54:5f:3d:11:e7:ae:6b:49:cb:0f:81:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54791dde2c9bdea366ce7ec6c5a800c5da633454
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=394770d2039ae5b14f7488daf5f4d6592f122ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ff:88:f1:00:d5:c4:00:53:99:de:11:7c:4a:
                    b2:68:41:b7:2a:c9:6b:62:b0:f0:d9:db:4e:dd:fc:
                    7c:1c:83:5d:da:8a:fb:b2:71:8d:b8:6d:8c:62:37:
                    2a:74:91:f5:39:21:01:ca:d0:83:77:32:3a:4a:66:
                    cc:53:a5:d8:86:1b:90:78:7a:68:77:ab:7f:07:af:
                    91:76:af:e5:f8:b5:13:53:fc:aa:fb:a6:9e:ee:66:
                    3f:ad:6b:e1:32:8e:44:30:dd:ac:0b:50:91:7d:a4:
                    ee:70:8e:90:13:c4:2a:b2:55:87:47:19:54:9f:6e:
                    64:43:77:78:e5:b2:e2:52:50:f8:35:bb:f8:f0:2c:
                    1a:7e:1c:f1:5b:9b:c7:b7:77:fe:66:98:c7:03:2b:
                    b0:78:57:da:53:b8:d7:32:3e:67:73:79:a8:7a:b3:
                    6f:5b:88:41:bb:21:0b:6c:b1:3c:95:fa:c0:b9:f8:
                    99:0c:08:0d:6a:68:25:51:fd:a6:eb:7c:63:81:15:
                    84:4d:30:c9:f0:16:c5:f4:5d:5c:ae:78:2d:9f:c4:
                    57:d9:48:9d:d4:44:4f:4f:b7:f0:73:9b:08:4f:86:
                    cb:9f:4c:7c:70:0a:7d:26:ba:d3:f1:9e:ce:e9:22:
                    1b:5d:77:b9:6a:77:3c:41:74:67:22:72:3a:ff:88:
                    31:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:47:70:D2:03:9A:E5:B1:4F:74:88:DA:F5:F4:D6:59:2F:12:2E:BC
            X509v3 Authority Key Identifier:
                keyid:54:79:1D:DE:2C:9B:DE:A3:66:CE:7E:C6:C5:A8:00:C5:DA:63:34:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHkd3iyb3qNmzn7GxagAxdpjNFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/OUdw0gOa5bFPdIja9fTWWS8SLrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/17e567-9e44-444a-ac64-18b34bea9b06/1/VHkd3iyb3qNmzn7GxagAxdpjNFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.136.0/22
                  46.243.228.0/22
                  92.255.56.0/24
                  92.255.68.0/22
                  92.255.84.0/24
                  94.140.14.0/23
                  185.113.28.0/22
                  217.72.12.0/22
                IPv6:
                  2a10:50c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:51:11:82:00:1f:4a:8e:e6:01:3a:88:82:79:ff:6d:eb:1a:
         83:74:b5:a0:21:dc:20:68:54:ef:b1:1e:31:19:2e:a7:84:94:
         5a:05:cf:dd:c8:ae:cc:98:ab:32:00:86:7d:a1:e5:6c:60:ee:
         c7:1e:3b:24:46:28:27:bb:be:50:b1:00:17:c6:f6:30:cd:96:
         b6:93:13:40:11:21:c2:0d:67:30:c0:68:3f:c1:c9:2b:29:ee:
         a2:0b:5d:43:d8:07:3c:46:00:45:4e:a1:2c:40:71:df:bc:c4:
         34:66:1f:36:de:8b:ce:44:5b:33:b0:da:6f:c5:19:83:d3:4c:
         82:ae:28:77:34:b2:92:13:58:41:7f:cd:f4:b2:47:e1:0c:4a:
         c4:72:33:ac:f4:8b:ac:3f:62:89:ff:f8:d4:45:88:c9:1f:1a:
         77:87:54:62:b5:c8:e0:08:d1:b2:eb:db:3e:fc:be:12:2e:07:
         6a:90:27:99:93:5b:85:91:45:8f:b5:a8:e8:c0:c5:4c:57:e9:
         a7:d4:31:d2:85:5c:db:3c:3e:38:74:5c:ec:a0:c2:65:76:ae:
         fb:89:c4:5c:5b:33:4f:ab:c9:55:a2:ec:9e:4d:0e:e9:5c:c1:
         3a:05:cf:8a:0b:01:ed:90:5b:86:df:09:45:40:7f:b1:9d:22:
         ae:7d:21:0b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzEJT6YVF89Eeeua0nLD4EgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NzkxZGRlMmM5YmRlYTM2NmNlN2VjNmM1YTgwMGM1ZGE2
MzM0NTQwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ3NzBkMjAzOWFlNWIxNGY3NDg4ZGFmNWY0ZDY1OTJmMTIyZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP+I8QDVxABTmd4RfEqyaEG3Kslr
YrDw2dtO3fx8HINd2or7snGNuG2MYjcqdJH1OSEBytCDdzI6SmbMU6XYhhuQeHpo
d6t/B6+Rdq/l+LUTU/yq+6ae7mY/rWvhMo5EMN2sC1CRfaTucI6QE8QqslWHRxlU
n25kQ3d45bLiUlD4Nbv48CwafhzxW5vHt3f+ZpjHAyuweFfaU7jXMj5nc3moerNv
W4hBuyELbLE8lfrAufiZDAgNamglUf2m63xjgRWETTDJ8BbF9F1crngtn8RX2Uid
1ERPT7fwc5sIT4bLn0x8cAp9JrrT8Z7O6SIbXXe5anc8QXRnInI6/4gxtQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFDlHcNIDmuWxT3SI2vX01lkvEi68MB8GA1UdIwQY
MBaAFFR5Hd4sm96jZs5+xsWoAMXaYzRUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhrZDNpeWIzcU5tem43R3hhZ0F4ZHBqTkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xN2U1NjctOWU0NC00NDRhLWFjNjQt
MThiMzRiZWE5YjA2LzEvT1VkdzBnT2E1YkZQZElqYTlmVFdXUzhTTHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xN2U1NjctOWU0NC00NDRhLWFjNjQtMThiMzRiZWE5YjA2
LzEvVkhrZDNpeWIzcU5tem43R3hhZ0F4ZHBqTkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLZyIAwQC
LvPkAwQAXP84AwQCXP9EAwQAXP9UAwQBXowOAwQCuXEcAwQC2UgMMA0EAgACMAcD
BQAqEFDAMA0GCSqGSIb3DQEBCwUAA4IBAQApURGCAB9KjuYBOoiCef9t6xqDdLWg
IdwgaFTvsR4xGS6nhJRaBc/dyK7MmKsyAIZ9oeVsYO7HHjskRignu75QsQAXxvYw
zZa2kxNAESHCDWcwwGg/wckrKe6iC11D2Ac8RgBFTqEsQHHfvMQ0Zh823ovORFsz
sNpvxRmD00yCrih3NLKSE1hBf830skfhDErEcjOs9IusP2KJ//jURYjJHxp3h1Ri
tcjgCNGy69s+/L4SLgdqkCeZk1uFkUWPtajowMVMV+mn1DHShVzbPD44dFzsoMJl
dq77icRcWzNPq8lVouyeTQ7pXME6Bc+KCwHtkFuG3wlFQH+xnSKufSEL
-----END CERTIFICATE-----