Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/w-YSzuvCUH8E3udY1pEtTu9p8ws.roa
File:                     w-YSzuvCUH8E3udY1pEtTu9p8ws.roa (raw, json)
Hash identifier:          l+TkCbJvx2bV/zsuUBEOhiH5M5vr85BH52BVG+RVNCg=
Subject key identifier:   C3:E6:12:CE:EB:C2:50:7F:04:DE:E7:58:D6:91:2D:4E:EF:69:F3:0B
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01918D40D874BFCFA428CB47BE87DDC456C0
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/w-YSzuvCUH8E3udY1pEtTu9p8ws.roa
Signing time:             Mon 26 Aug 2024 05:55:22 +0000
ROA not before:           Mon 26 Aug 2024 05:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204650
IP address blocks:        37.32.44.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          178.239.156.0/24 maxlen: 24
                          178.239.159.0/24 maxlen: 24
                          185.26.34.0/23 maxlen: 24
                          185.124.172.0/22 maxlen: 24
                          185.124.175.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.243.49.0/24 maxlen: 24
                          185.243.50.0/24 maxlen: 24
                          2a00:7040::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 15 Nov 2024 18:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8d:40:d8:74:bf:cf:a4:28:cb:47:be:87:dd:c4:56:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Aug 26 05:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3e612ceebc2507f04dee758d6912d4eef69f30b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:94:f0:b7:38:d4:bf:ae:47:f1:67:c8:2a:40:
                    b3:99:75:17:00:b2:17:4e:c6:e3:5f:a3:49:0d:27:
                    ff:a4:fc:e9:9a:86:71:70:c4:3c:70:71:a6:c6:4a:
                    f2:26:1e:2e:f0:9f:12:9a:fb:9f:11:31:8b:d4:3c:
                    ca:6d:54:ad:00:a9:45:96:9e:24:61:63:2d:e5:f3:
                    b1:a5:18:b3:ca:d8:80:63:f3:31:f2:1f:59:32:3b:
                    7d:43:10:3f:c2:59:ab:d8:9f:d2:71:9e:d3:26:9b:
                    4c:af:c4:12:de:e8:d2:94:53:7d:4e:6f:84:a7:aa:
                    7e:2d:21:19:41:6e:c4:52:b4:53:a2:70:d0:6a:40:
                    78:68:e5:63:09:6f:a6:91:36:5f:38:23:c2:48:1f:
                    38:05:a9:22:40:cc:d2:59:5a:8e:71:06:a2:d4:89:
                    66:f0:4d:35:9c:c1:a1:1b:75:7c:5b:1d:f8:07:70:
                    55:59:79:90:97:87:32:f8:81:f4:ad:1a:b0:fc:0c:
                    8f:23:c8:e1:7d:07:b8:06:5d:c5:58:1e:64:b2:7e:
                    59:5a:27:33:82:8b:40:f6:03:48:90:34:3e:bf:4c:
                    eb:fd:66:ec:6e:d2:94:e2:c3:87:30:1a:c0:5d:7e:
                    e7:4a:98:f1:ab:45:15:5d:00:24:48:6a:ad:2a:62:
                    e8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E6:12:CE:EB:C2:50:7F:04:DE:E7:58:D6:91:2D:4E:EF:69:F3:0B
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/w-YSzuvCUH8E3udY1pEtTu9p8ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.44.0/23
                  178.239.156.0/24
                  178.239.159.0/24
                  185.26.34.0/23
                  185.124.172.0/22
                  185.212.48.0/24
                  185.243.49.0-185.243.50.255
                IPv6:
                  2a00:7040::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:2c:6e:ae:98:9d:a2:7d:1f:02:39:32:49:77:56:a0:9e:c1:
         f4:ad:69:ab:b3:dd:3a:0b:ae:39:f6:b0:3a:dc:95:ab:3b:b5:
         03:39:d0:33:7d:aa:cc:84:34:33:b5:1f:e9:a5:ce:3b:70:b2:
         6e:49:6b:da:c5:99:6b:1e:dd:7a:8b:ce:b4:79:ee:ca:2a:18:
         00:56:d3:46:4b:d6:aa:fd:d7:b2:52:50:c6:28:51:7f:87:bc:
         98:04:2a:b0:f2:52:3a:ec:41:81:fd:1f:04:9b:91:8b:21:c3:
         37:77:df:24:ad:5e:bd:ca:47:2c:3b:9b:35:99:9a:3e:a5:e7:
         0d:ea:e4:84:eb:39:55:6b:6c:d2:54:4d:7d:4e:43:5e:6f:eb:
         ce:4b:6f:06:61:21:b8:83:de:63:96:8f:35:bd:d5:6c:e9:ec:
         81:9e:d2:b7:2e:58:59:f5:02:b8:dc:b3:d1:40:01:bf:c1:ed:
         4a:31:aa:38:f3:55:bd:f2:17:3e:20:22:37:e8:ce:87:26:b7:
         30:2f:db:eb:a0:12:5b:58:3e:3f:6c:92:41:2e:0c:26:58:2b:
         f3:0d:89:64:e1:26:64:e3:65:07:a2:4d:9e:07:b3:b8:b9:d3:
         a4:9d:48:d6:6f:32:a7:5f:3b:a0:c0:dc:28:9f:f1:c4:ed:91:
         fb:53:56:f9
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZGNQNh0v8+kKMtHvofdxFbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwODI2MDU1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2U2MTJjZWViYzI1MDdmMDRkZWU3NThkNjkxMmQ0ZWVmNjlmMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZTwtzjUv65H8WfIKkCzmXUXALIX
TsbjX6NJDSf/pPzpmoZxcMQ8cHGmxkryJh4u8J8SmvufETGL1DzKbVStAKlFlp4k
YWMt5fOxpRizytiAY/Mx8h9ZMjt9QxA/wlmr2J/ScZ7TJptMr8QS3ujSlFN9Tm+E
p6p+LSEZQW7EUrRTonDQakB4aOVjCW+mkTZfOCPCSB84BakiQMzSWVqOcQai1Ilm
8E01nMGhG3V8Wx34B3BVWXmQl4cy+IH0rRqw/AyPI8jhfQe4Bl3FWB5ksn5ZWicz
gotA9gNIkDQ+v0zr/WbsbtKU4sOHMBrAXX7nSpjxq0UVXQAkSGqtKmLoPwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFMPmEs7rwlB/BN7nWNaRLU7vafMLMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvdy1ZU3p1dkNVSDhFM3VkWTFwRXRUdTlwOHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQBJSAsAwQA
su+cAwQAsu+fAwQBuRoiAwQCuXysAwQAudQwMAwDBAC58zEDBAC58zIwDQQCAAIw
BwMFACoAcEAwDQYJKoZIhvcNAQELBQADggEBAHcsbq6YnaJ9HwI5Mkl3VqCewfSt
aauz3ToLrjn2sDrclas7tQM50DN9qsyENDO1H+mlzjtwsm5Ja9rFmWse3XqLzrR5
7soqGABW00ZL1qr917JSUMYoUX+HvJgEKrDyUjrsQYH9HwSbkYshwzd33yStXr3K
Ryw7mzWZmj6l5w3q5ITrOVVrbNJUTX1OQ15v685LbwZhIbiD3mOWjzW91Wzp7IGe
0rcuWFn1Arjcs9FAAb/B7UoxqjjzVb3yFz4gIjfozocmtzAv2+ugEltYPj9skkEu
DCZYK/MNiWThJmTjZQeiTZ4Hs7i506SdSNZvMqdfO6DA3Cif8cTtkftTVvk=
-----END CERTIFICATE-----