Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlKCuNH-AAKMx7D6dHu8JzT0ztw.roa
File:                     IlKCuNH-AAKMx7D6dHu8JzT0ztw.roa (raw, json)
Hash identifier:          Q3dwxx9tvKITBXfjCiCMMlN/KGHfFD9Oe0SPWTLaJX4=
Subject key identifier:   22:52:82:B8:D1:FE:00:02:8C:C7:B0:FA:74:7B:BC:27:34:F4:CE:DC
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018CC4249BAA9B2BCECCB882252FA10C7B1A
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlKCuNH-AAKMx7D6dHu8JzT0ztw.roa
Signing time:             Mon 01 Jan 2024 08:29:42 +0000
ROA not before:           Mon 01 Jan 2024 08:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59613
IP address blocks:        195.234.112.0/24 maxlen: 24
                          195.234.115.0/24 maxlen: 24
                          195.234.114.0/24 maxlen: 24
                          195.234.113.0/24 maxlen: 24
                          185.158.208.0/24 maxlen: 24
                          185.158.211.0/24 maxlen: 24
                          185.158.210.0/24 maxlen: 24
                          185.158.209.0/24 maxlen: 24
                          2a02:2278:ff00::/40 maxlen: 40
                          2a02:2278:fffb::/48 maxlen: 48
                          2a02:2278:fffe::/48 maxlen: 48
                          2a02:2278:ffff::/48 maxlen: 48
                          2a02:2278:fffd::/48 maxlen: 48
                          2a02:2278:fffc::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 15 May 2024 09:22:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:9b:aa:9b:2b:ce:cc:b8:82:25:2f:a1:0c:7b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Jan  1 08:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225282b8d1fe00028cc7b0fa747bbc2734f4cedc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:be:0f:4d:6f:b7:92:42:80:a6:a4:c4:6c:d6:
                    2c:d1:ed:27:43:b3:2e:7a:2d:36:b6:bf:76:b1:c1:
                    d8:c5:58:d7:91:4d:9a:31:64:fa:18:31:97:da:67:
                    43:ff:af:49:f1:b6:06:e8:46:7b:27:75:db:ae:54:
                    bd:6c:07:39:c2:cd:7d:09:b1:a8:47:bf:0c:91:10:
                    f3:29:94:c4:a5:f0:2b:31:2b:ad:d1:f4:e5:25:ba:
                    8e:02:bb:d6:46:a6:87:2d:94:fe:aa:42:82:14:95:
                    02:f4:1e:0c:19:ee:0e:11:61:e8:eb:37:ee:89:3d:
                    5a:4e:6c:44:d0:95:8e:d0:ad:7f:43:01:86:79:e6:
                    86:b7:6b:47:cd:b2:ed:85:dd:c5:d3:f1:51:cc:9c:
                    9f:4d:ff:96:3f:5c:ad:45:2c:5d:0a:03:8e:8f:9b:
                    14:6a:7e:46:ce:a1:4d:16:b8:88:84:12:27:9b:23:
                    29:10:91:ea:14:60:96:8f:2e:26:b7:28:c7:04:4f:
                    78:21:90:30:3b:bb:bd:71:24:54:24:32:a5:d3:bc:
                    6e:18:26:f3:15:00:39:e9:df:a6:53:b3:f1:f8:1d:
                    2e:4d:ee:0d:94:7e:6c:31:5e:d7:8f:64:1f:45:02:
                    7c:97:ed:c6:a1:43:92:3d:28:f9:d0:16:9f:46:98:
                    99:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:52:82:B8:D1:FE:00:02:8C:C7:B0:FA:74:7B:BC:27:34:F4:CE:DC
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/IlKCuNH-AAKMx7D6dHu8JzT0ztw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.208.0/22
                  195.234.112.0/22
                IPv6:
                  2a02:2278:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c1:52:e3:4a:4a:29:85:d8:ee:4e:9e:10:2d:85:ad:14:45:85:
         c7:a2:f0:a5:04:a0:18:0f:0d:f4:8a:1e:91:63:3e:3e:73:67:
         56:88:81:dc:d9:b6:b4:09:5d:42:52:3f:9f:6b:38:dd:09:24:
         b7:a9:7e:7b:87:ad:92:e8:65:e8:41:dc:ef:33:08:00:48:ac:
         7f:09:a6:a5:25:f8:f2:ea:ee:27:22:3c:c0:53:85:78:54:8e:
         ef:74:6f:0f:09:17:63:0f:ee:44:1c:03:52:00:1d:ce:48:88:
         e2:72:8d:02:13:c0:19:4f:55:4e:6c:cd:77:32:1b:d9:69:40:
         26:ee:4a:72:62:f9:60:44:e2:2c:ba:d9:df:1d:85:6c:96:4d:
         27:07:a9:21:ab:91:c6:6c:b1:08:59:7a:32:bf:ee:d8:bb:77:
         2e:92:22:92:3c:72:74:63:60:04:3e:48:11:ab:f7:34:23:06:
         1c:1c:e5:af:45:46:7f:10:ef:a6:ed:55:8f:bb:0f:a9:5f:15:
         c5:d2:6c:b2:ee:bc:ef:da:8d:0d:35:a2:58:90:37:a3:8b:55:
         b3:98:fb:c9:b6:76:bf:64:a1:c8:9c:2c:d5:69:5e:cc:6d:41:
         6d:19:b8:99:b8:3e:ab:73:6d:9a:b8:fa:72:1d:97:88:bc:8f:
         a2:07:5d:5f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzEJJuqmyvOzLiCJS+hDHsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjQwMTAxMDgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUyODJiOGQxZmUwMDAyOGNjN2IwZmE3NDdiYmMyNzM0ZjRjZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhr4PTW+3kkKApqTEbNYs0e0nQ7Mu
ei02tr92scHYxVjXkU2aMWT6GDGX2mdD/69J8bYG6EZ7J3XbrlS9bAc5ws19CbGo
R78MkRDzKZTEpfArMSut0fTlJbqOArvWRqaHLZT+qkKCFJUC9B4MGe4OEWHo6zfu
iT1aTmxE0JWO0K1/QwGGeeaGt2tHzbLthd3F0/FRzJyfTf+WP1ytRSxdCgOOj5sU
an5GzqFNFriIhBInmyMpEJHqFGCWjy4mtyjHBE94IZAwO7u9cSRUJDKl07xuGCbz
FQA56d+mU7Px+B0uTe4NlH5sMV7Xj2QfRQJ8l+3GoUOSPSj50BafRpiZaQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCJSgrjR/gACjMew+nR7vCc09M7cMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvSWxLQ3VOSC1BQUtNeDdENmRIdThKelQwenR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQCuZ7QAwQC
w+pwMA4EAgACMAgDBgAqAiJ4/zANBgkqhkiG9w0BAQsFAAOCAQEAwVLjSkophdju
Tp4QLYWtFEWFx6LwpQSgGA8N9IoekWM+PnNnVoiB3Nm2tAldQlI/n2s43Qkkt6l+
e4etkuhl6EHc7zMIAEisfwmmpSX48uruJyI8wFOFeFSO73RvDwkXYw/uRBwDUgAd
zkiI4nKNAhPAGU9VTmzNdzIb2WlAJu5KcmL5YETiLLrZ3x2FbJZNJwepIauRxmyx
CFl6Mr/u2Lt3LpIikjxydGNgBD5IEav3NCMGHBzlr0VGfxDvpu1Vj7sPqV8VxdJs
su6879qNDTWiWJA3o4tVs5j7ybZ2v2ShyJws1WlezG1BbRm4mbg+q3Ntmrj6ch2X
iLyPogddXw==
-----END CERTIFICATE-----