Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/sJG1A5c0tKo-rk0LO4Cj0PWvopE.roa
File:                     sJG1A5c0tKo-rk0LO4Cj0PWvopE.roa (raw, json)
Hash identifier:          TmNHT3j10Of8gtgJZe3p5nqsyDDO3MjiJvhjKRX2bjM=
Subject key identifier:   B0:91:B5:03:97:34:B4:AA:3E:AE:4D:0B:3B:80:A3:D0:F5:AF:A2:91
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018CC4249B43759C0C6A412E13FCAFD4B0DA
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/sJG1A5c0tKo-rk0LO4Cj0PWvopE.roa
Signing time:             Mon 01 Jan 2024 08:29:42 +0000
ROA not before:           Mon 01 Jan 2024 08:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25521
IP address blocks:        185.223.112.0/22 maxlen: 24
                          46.30.160.0/21 maxlen: 24
                          93.188.32.0/21 maxlen: 24
                          193.106.136.0/22 maxlen: 24
                          193.0.216.0/22 maxlen: 24
                          176.115.96.0/21 maxlen: 24
                          91.224.24.0/23 maxlen: 24
                          82.193.96.0/19 maxlen: 24
                          195.64.148.0/23 maxlen: 24
                          2a02:2610::/32 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 15:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:9b:43:75:9c:0c:6a:41:2e:13:fc:af:d4:b0:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Jan  1 08:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b091b5039734b4aa3eae4d0b3b80a3d0f5afa291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:90:3d:b2:78:80:01:f4:3f:21:90:7f:af:be:
                    b9:61:59:af:0d:ad:e4:3e:15:65:82:71:c0:1e:c6:
                    70:e6:7b:60:37:72:28:0a:11:09:f5:52:58:ee:de:
                    50:63:55:9d:d1:94:5e:7b:af:64:5f:82:f8:0a:fc:
                    c3:16:0f:d9:ad:bb:83:bb:82:1b:db:2a:0a:fd:17:
                    ef:d8:55:31:ca:39:75:52:da:73:83:e0:1d:db:5b:
                    f3:54:ec:1a:6a:2a:f9:dc:c7:12:69:67:3e:de:26:
                    85:e1:5d:81:37:92:f5:cb:f7:bc:66:4e:1d:64:63:
                    9d:d7:56:49:62:0a:1e:55:49:bb:fa:3d:02:bd:e8:
                    11:73:be:3f:c1:05:62:15:fe:3e:8d:55:e1:fd:c1:
                    71:0b:db:36:17:c6:d9:f9:e4:19:d3:c4:22:1a:1f:
                    e8:02:91:35:92:78:6c:79:c7:60:ea:1f:c4:1a:96:
                    3c:e8:6c:9b:d2:14:1c:9f:d7:37:8c:dc:2e:31:b0:
                    23:50:6c:ed:ad:d6:32:b5:cc:4a:76:0b:38:03:f8:
                    47:d4:96:01:fe:c6:47:29:1f:3e:d3:70:dd:6e:92:
                    b5:c0:1d:d1:58:95:c4:17:0a:f2:25:1c:7f:df:b8:
                    10:fc:8a:1c:42:4b:31:7b:ff:69:2d:ed:81:01:d6:
                    15:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:91:B5:03:97:34:B4:AA:3E:AE:4D:0B:3B:80:A3:D0:F5:AF:A2:91
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/sJG1A5c0tKo-rk0LO4Cj0PWvopE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.160.0/21
                  82.193.96.0/19
                  91.224.24.0/23
                  93.188.32.0/21
                  176.115.96.0/21
                  185.223.112.0/22
                  193.0.216.0/22
                  193.106.136.0/22
                  195.64.148.0/23
                IPv6:
                  2a02:2610::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:d3:ac:db:35:87:8c:a2:d0:a1:dc:a2:fb:ab:df:d7:47:27:
         3f:cb:5c:dd:c1:9c:e3:71:55:a4:86:ad:65:99:fb:57:2b:9c:
         c4:fd:48:de:e8:bb:52:6c:f8:9b:49:e4:3d:0f:de:60:a2:16:
         b0:6a:20:3f:cb:42:0e:ea:55:9f:8d:ca:c9:e4:89:55:d7:f6:
         b3:be:57:11:05:15:af:a1:92:6d:31:dc:fd:2e:09:36:83:07:
         b2:b2:41:75:b7:41:05:40:21:d5:fd:b2:b1:5b:4f:eb:74:38:
         e9:42:f4:42:15:ac:fa:2b:92:43:fe:f7:87:fe:fe:6c:d3:c7:
         42:d0:bd:12:43:25:f8:58:51:38:5e:bb:74:7a:84:17:2e:ff:
         da:a0:b0:36:44:af:c0:99:d5:83:31:72:05:f5:a1:4d:07:f3:
         83:dc:58:d2:fe:9b:79:03:b2:d3:4d:82:a2:13:93:e1:29:d4:
         13:03:a9:1b:db:f7:f3:c0:dd:a4:d0:c7:e9:f6:e4:1c:0a:6f:
         e4:4f:75:01:0e:2f:42:f9:48:4d:b5:6c:e6:5e:ac:95:04:de:
         b4:04:a9:48:17:62:02:02:9e:ad:d3:a9:df:c9:66:fd:3c:91:
         e0:87:5a:fc:df:1b:4e:0a:36:1a:06:60:ce:cd:5c:ea:df:31:
         99:c2:63:48
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzEJJtDdZwMakEuE/yv1LDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjQwMTAxMDgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDkxYjUwMzk3MzRiNGFhM2VhZTRkMGIzYjgwYTNkMGY1YWZhMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpA9sniAAfQ/IZB/r765YVmvDa3k
PhVlgnHAHsZw5ntgN3IoChEJ9VJY7t5QY1Wd0ZRee69kX4L4CvzDFg/ZrbuDu4Ib
2yoK/Rfv2FUxyjl1Utpzg+Ad21vzVOwaair53McSaWc+3iaF4V2BN5L1y/e8Zk4d
ZGOd11ZJYgoeVUm7+j0CvegRc74/wQViFf4+jVXh/cFxC9s2F8bZ+eQZ08QiGh/o
ApE1knhsecdg6h/EGpY86Gyb0hQcn9c3jNwuMbAjUGztrdYytcxKdgs4A/hH1JYB
/sZHKR8+03DdbpK1wB3RWJXEFwryJRx/37gQ/IocQksxe/9pLe2BAdYV/wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFLCRtQOXNLSqPq5NCzuAo9D1r6KRMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvc0pHMUE1YzB0S28tcmswTE80Q2owUFd2b3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wAwQCwQDYAwQCwWqIAwQBw0CUMA0E
AgACMAcDBQAqAiYQMA0GCSqGSIb3DQEBCwUAA4IBAQBo06zbNYeMotCh3KL7q9/X
Ryc/y1zdwZzjcVWkhq1lmftXK5zE/Uje6LtSbPibSeQ9D95gohawaiA/y0IO6lWf
jcrJ5IlV1/azvlcRBRWvoZJtMdz9Lgk2gweyskF1t0EFQCHV/bKxW0/rdDjpQvRC
Faz6K5JD/veH/v5s08dC0L0SQyX4WFE4Xrt0eoQXLv/aoLA2RK/AmdWDMXIF9aFN
B/OD3FjS/pt5A7LTTYKiE5PhKdQTA6kb2/fzwN2k0Mfp9uQcCm/kT3UBDi9C+UhN
tWzmXqyVBN60BKlIF2ICAp6t06nfyWb9PJHgh1r83xtOCjYaBmDOzVzq3zGZwmNI
-----END CERTIFICATE-----