Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/gOO7M1P8saqrDeJYQH7hDlt5rXQ.roa
File:                     gOO7M1P8saqrDeJYQH7hDlt5rXQ.roa (raw, json)
Hash identifier:          qERGHVe/HBhhZ76/2oAIcFfEKYQAvWmR7VFdSGzQ0Qw=
Subject key identifier:   80:E3:BB:33:53:FC:B1:AA:AB:0D:E2:58:40:7E:E1:0E:5B:79:AD:74
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0192FDAD3C401A1C696DBB7C0D4E01BF6FE0
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/gOO7M1P8saqrDeJYQH7hDlt5rXQ.roa
Signing time:             Tue 05 Nov 2024 18:54:01 +0000
ROA not before:           Tue 05 Nov 2024 18:54:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.197.135.0/24 maxlen: 24
                          2a06:e881:650f::/48 maxlen: 48
                          2a06:e881:7340::/42 maxlen: 48
                          2a06:e881:73ef::/48 maxlen: 48
                          2a06:e881:73ff::/48 maxlen: 48
                          2a06:e881:9200::/45 maxlen: 48
                          2a06:e881:9208::/45 maxlen: 48
                          2a06:e881:9600::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:49:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fd:ad:3c:40:1a:1c:69:6d:bb:7c:0d:4e:01:bf:6f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Nov  5 18:54:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80e3bb3353fcb1aaab0de258407ee10e5b79ad74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:1d:6f:d8:8a:37:78:9c:7f:73:27:17:33:
                    68:fd:d8:31:3e:f9:9d:c1:70:bc:85:82:fb:7f:14:
                    76:b5:f7:ef:6e:25:a4:c3:14:65:d7:34:b0:d5:3e:
                    fd:ea:90:5d:90:5e:44:98:da:0d:3a:84:19:b7:03:
                    5c:7f:cf:e4:98:8c:92:8a:ad:f5:a9:a9:ef:c9:c5:
                    f7:5b:6c:7b:22:7c:0b:d8:78:d0:b7:dc:12:46:97:
                    2a:1e:55:f7:46:72:83:68:36:7c:4d:4c:86:c7:8a:
                    c2:29:53:f2:fd:97:78:4b:c6:54:22:2a:7d:f2:66:
                    4b:cc:60:a8:4d:bb:5d:5c:e0:19:ed:86:e3:b7:fc:
                    0e:0d:ea:1b:10:ee:69:25:52:68:78:90:07:82:81:
                    86:bd:54:e5:37:b0:84:ed:05:9a:16:52:51:88:0f:
                    a2:2f:15:11:49:84:47:a2:bc:6f:4f:19:d4:d2:2b:
                    7c:35:fe:00:41:48:2f:3b:8d:65:24:df:36:4e:6a:
                    93:04:3a:1e:30:32:b0:c8:b4:3e:e7:49:c9:9b:55:
                    75:d0:2a:5b:00:27:fe:27:67:b3:fe:ec:d6:8d:76:
                    0e:fc:58:06:bf:59:b9:2d:b9:fc:0d:66:8c:b9:4e:
                    3a:89:8d:7a:41:69:08:bc:4c:21:e9:a9:64:2e:7f:
                    37:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E3:BB:33:53:FC:B1:AA:AB:0D:E2:58:40:7E:E1:0E:5B:79:AD:74
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/gOO7M1P8saqrDeJYQH7hDlt5rXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.135.0/24
                IPv6:
                  2a06:e881:650f::/48
                  2a06:e881:7340::/42
                  2a06:e881:73ef::/48
                  2a06:e881:73ff::/48
                  2a06:e881:9200::/44
                  2a06:e881:9600::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:55:3e:5c:d7:35:13:15:72:c7:a2:3a:bd:a0:cb:5b:45:27:
         45:ec:fc:10:ce:c7:6f:f3:91:b8:66:92:89:61:d7:16:32:7d:
         6a:bd:e2:31:ce:9a:f7:96:06:08:66:04:aa:8e:f0:53:b8:67:
         41:57:df:cf:38:47:d4:96:92:ca:ef:4c:0a:e3:c0:e1:6f:e9:
         e9:80:f3:cb:a7:d0:5e:5d:8a:61:c1:1f:04:a0:1c:4d:9a:c6:
         06:17:4b:0e:a7:5d:6f:60:d9:7d:77:bd:e1:ce:47:c0:28:de:
         3a:46:1a:37:ec:4b:22:1b:6f:0c:fc:ae:cc:1b:67:b7:de:e9:
         45:0f:f4:18:70:1e:bf:76:dc:31:14:42:da:41:33:14:d1:91:
         be:22:f8:84:dd:bc:c2:e2:00:db:53:48:95:82:ce:08:1d:4a:
         9c:57:22:ee:c1:c1:9b:92:a3:6d:ba:a6:d4:e6:6a:e5:79:33:
         ae:81:02:af:cb:71:49:a2:50:ba:06:27:8b:85:22:ff:34:7e:
         5f:13:49:ea:70:df:22:52:82:53:9d:86:9d:d0:6a:c7:66:6a:
         79:7a:8b:99:91:0f:6b:4a:d0:44:fe:2d:bc:56:e9:34:48:02:
         aa:db:f3:6e:97:3c:24:3b:4b:5a:3f:7d:3b:12:e9:00:13:e5:
         d0:a9:d4:06
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZL9rTxAGhxpbbt8DU4Bv2/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQxMTA1MTg1NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGUzYmIzMzUzZmNiMWFhYWIwZGUyNTg0MDdlZTEwZTViNzlhZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHMdb9iKN3icf3MnFzNo/dgxPvmd
wXC8hYL7fxR2tffvbiWkwxRl1zSw1T796pBdkF5EmNoNOoQZtwNcf8/kmIySiq31
qanvycX3W2x7InwL2HjQt9wSRpcqHlX3RnKDaDZ8TUyGx4rCKVPy/Zd4S8ZUIip9
8mZLzGCoTbtdXOAZ7Ybjt/wODeobEO5pJVJoeJAHgoGGvVTlN7CE7QWaFlJRiA+i
LxURSYRHorxvTxnU0it8Nf4AQUgvO41lJN82TmqTBDoeMDKwyLQ+50nJm1V10Cpb
ACf+J2ez/uzWjXYO/FgGv1m5Lbn8DWaMuU46iY16QWkIvEwh6alkLn83FwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIDjuzNT/LGqqw3iWEB+4Q5bea10MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvZ09PN00xUDhzYXFyRGVKWVFIN2hEbHQ1clhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAMBAIAATAGAwQAucWHMDwE
AgACMDYDBwAqBuiBZQ8DBwYqBuiBc0ADBwAqBuiBc+8DBwAqBuiBc/8DBwQqBuiB
kgADBwAqBuiBlgAwDQYJKoZIhvcNAQELBQADggEBACFVPlzXNRMVcseiOr2gy1tF
J0Xs/BDOx2/zkbhmkolh1xYyfWq94jHOmveWBghmBKqO8FO4Z0FX3884R9SWksrv
TArjwOFv6emA88un0F5dimHBHwSgHE2axgYXSw6nXW9g2X13veHOR8Ao3jpGGjfs
SyIbbwz8rswbZ7fe6UUP9BhwHr923DEUQtpBMxTRkb4i+ITdvMLiANtTSJWCzggd
SpxXIu7BwZuSo226ptTmauV5M66BAq/LcUmiULoGJ4uFIv80fl8TSepw3yJSglOd
hp3Qasdmanl6i5mRD2tK0ET+LbxW6TRIAqrb826XPCQ7S1o/fTsS6QAT5dCp1AY=
-----END CERTIFICATE-----