Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/XxLakRnoztrmsLv7bCS29oiQPqk.roa
File:                     XxLakRnoztrmsLv7bCS29oiQPqk.roa (raw, json)
Hash identifier:          dACdQKyB9c7rcgicemN10YDLFI+nUOexhlhAdCDynlM=
Subject key identifier:   5F:12:DA:91:19:E8:CE:DA:E6:B0:BB:FB:6C:24:B6:F6:88:90:3E:A9
Certificate issuer:       /CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
Certificate serial:       0196200C7E898C82F80DF8FD7BC2349FAF76
Authority key identifier: C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/XxLakRnoztrmsLv7bCS29oiQPqk.roa
Signing time:             Thu 10 Apr 2025 14:13:31 +0000
ROA not before:           Thu 10 Apr 2025 14:13:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32338
IP address blocks:        45.84.28.0/23 maxlen: 23
                          45.84.30.0/24 maxlen: 24
                          45.84.31.0/24 maxlen: 24
                          185.73.220.0/22 maxlen: 24
                          185.149.132.0/23 maxlen: 23
                          185.149.134.0/23 maxlen: 24
                          185.213.88.0/22 maxlen: 24
                          2a05:44c0::/29 maxlen: 32
                          2a07:68c0::/29 maxlen: 48
                          2a0b:85c0::/29 maxlen: 32
                          2a0e:9480::/29 maxlen: 36
Validation:               Failed, certificate revoked on Thu 10 Apr 2025 14:14:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:20:0c:7e:89:8c:82:f8:0d:f8:fd:7b:c2:34:9f:af:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
        Validity
            Not Before: Apr 10 14:13:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f12da9119e8cedae6b0bbfb6c24b6f688903ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:d7:5b:ec:4e:ad:09:a1:62:7f:ff:65:a0:
                    ce:3d:31:84:02:16:a5:86:56:1d:52:b3:1f:46:47:
                    66:c4:54:6b:23:81:c7:23:76:d8:90:2e:01:f7:cc:
                    32:2e:57:29:9b:ad:e3:5c:79:14:13:95:3e:43:fb:
                    15:0f:f2:2e:48:c3:3a:e1:ca:f2:a9:c3:f5:e5:13:
                    40:29:94:b1:f3:c9:ae:76:64:16:89:eb:a7:04:8d:
                    05:ed:81:18:fa:d6:44:ee:49:43:7a:59:5e:b6:fa:
                    be:2a:d4:a4:54:91:35:18:ca:65:36:8b:76:ed:fc:
                    ff:13:3b:79:ed:f5:f8:85:b1:14:4d:ef:58:34:fc:
                    bc:ae:c4:53:65:3a:06:55:4e:51:ce:41:d4:77:a6:
                    89:c2:94:78:22:8a:9e:18:68:e8:9f:99:94:15:11:
                    84:de:13:68:8a:31:f6:94:52:b6:92:39:67:c1:88:
                    38:c3:59:05:9b:49:45:69:17:d1:3a:37:1f:92:fa:
                    15:28:ff:3e:91:4d:a3:50:a1:82:c9:7c:76:b8:4b:
                    08:d5:a9:f5:f9:18:6d:a8:21:61:22:2a:eb:d1:ad:
                    ad:4b:99:15:03:91:1e:13:b5:d1:1d:8e:1e:b4:bd:
                    d5:5e:8c:91:38:6b:aa:83:df:93:41:27:4d:9a:bd:
                    88:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:12:DA:91:19:E8:CE:DA:E6:B0:BB:FB:6C:24:B6:F6:88:90:3E:A9
            X509v3 Authority Key Identifier:
                keyid:C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/XxLakRnoztrmsLv7bCS29oiQPqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.28.0/22
                  185.73.220.0/22
                  185.149.132.0/22
                  185.213.88.0/22
                IPv6:
                  2a05:44c0::/29
                  2a07:68c0::/29
                  2a0b:85c0::/29
                  2a0e:9480::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:41:85:95:e2:67:88:51:73:84:de:11:7a:95:ae:80:ea:4b:
         39:bd:42:d5:33:18:2f:a4:fc:55:b8:73:66:5f:ea:32:c6:98:
         4b:f2:ac:2b:7f:71:c7:9f:91:9e:48:8d:a4:d0:6e:a4:60:b1:
         a4:fc:b2:bb:4d:d4:0b:01:75:f2:c2:ee:d3:3c:d2:6f:dd:3a:
         e1:5e:41:fe:44:df:46:cc:96:8e:ae:c3:34:89:71:05:50:49:
         e0:11:60:9c:f0:a1:27:3b:2f:54:cb:58:f3:2c:c5:2a:65:c6:
         71:eb:3b:d6:d9:3e:20:7f:d3:b6:3e:ad:e2:7f:45:78:f1:8d:
         25:ad:7d:a1:f3:fe:a7:ba:07:a1:3c:bc:b6:19:7c:9c:a6:bf:
         61:de:75:10:1e:c4:6e:80:ce:d9:e5:95:7f:42:dc:97:6d:61:
         b3:77:ad:5b:29:d6:21:11:97:b6:0c:a9:15:c6:7d:d9:76:35:
         7c:44:ac:3e:d0:a0:bd:3d:26:ae:52:4e:15:85:0c:0d:51:e6:
         e4:cd:7b:09:cc:96:89:fb:3c:7a:49:ce:97:a5:f9:05:72:c8:
         ad:db:34:62:0e:25:9e:ba:3f:ff:82:45:e0:26:a0:02:8e:6e:
         fd:de:bc:35:b4:dd:08:8d:d7:fd:89:2f:54:fa:a5:ac:86:72:
         f4:4d:44:b2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZYgDH6JjIL4Dfj9e8I0n692MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZTljN2FhNTM0YjEzMDBiZjcyNGZmZjBmMGMxYjA1MTlk
NTA1YmIwHhcNMjUwNDEwMTQxMzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjEyZGE5MTE5ZThjZWRhZTZiMGJiZmI2YzI0YjZmNjg4OTAzZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXjXW+xOrQmhYn//ZaDOPTGEAhal
hlYdUrMfRkdmxFRrI4HHI3bYkC4B98wyLlcpm63jXHkUE5U+Q/sVD/IuSMM64cry
qcP15RNAKZSx88mudmQWieunBI0F7YEY+tZE7klDelletvq+KtSkVJE1GMplNot2
7fz/Ezt57fX4hbEUTe9YNPy8rsRTZToGVU5RzkHUd6aJwpR4IoqeGGjon5mUFRGE
3hNoijH2lFK2kjlnwYg4w1kFm0lFaRfROjcfkvoVKP8+kU2jUKGCyXx2uEsI1an1
+RhtqCFhIirr0a2tS5kVA5EeE7XRHY4etL3VXoyROGuqg9+TQSdNmr2IKwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFF8S2pEZ6M7a5rC7+2wktvaIkD6pMB8GA1UdIwQY
MBaAFMfpx6pTSxMAv3JP/w8MGwUZ1QW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQt
Y2U1MDA4MjdmZjdmLzEvWHhMYWtSbm96dHJtc0x2N2JDUzI5b2lRUHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQtY2U1MDA4MjdmZjdm
LzEveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAeBAIAATAYAwQCLVQcAwQC
uUncAwQCuZWEAwQCudVYMCIEAgACMBwDBQMqBUTAAwUDKgdowAMFAyoLhcADBQMq
DpSAMA0GCSqGSIb3DQEBCwUAA4IBAQCyQYWV4meIUXOE3hF6la6A6ks5vULVMxgv
pPxVuHNmX+oyxphL8qwrf3HHn5GeSI2k0G6kYLGk/LK7TdQLAXXywu7TPNJv3Trh
XkH+RN9GzJaOrsM0iXEFUEngEWCc8KEnOy9Uy1jzLMUqZcZx6zvW2T4gf9O2Pq3i
f0V48Y0lrX2h8/6nugehPLy2GXycpr9h3nUQHsRugM7Z5ZV/QtyXbWGzd61bKdYh
EZe2DKkVxn3ZdjV8RKw+0KC9PSauUk4VhQwNUebkzXsJzJaJ+zx6Sc6XpfkFcsit
2zRiDiWeuj//gkXgJqACjm793rw1tN0Ijdf9iS9U+qWshnL0TUSy
-----END CERTIFICATE-----