Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/VGllRnL30FYQPaeYLwF083hbNQY.roa
File:                     VGllRnL30FYQPaeYLwF083hbNQY.roa (raw, json)
Hash identifier:          Nh09nKlWCnUWvv4kzMUtDnj9NgORdhW6pK7JvaGPku0=
Subject key identifier:   54:69:65:46:72:F7:D0:56:10:3D:A7:98:2F:01:74:F3:78:5B:35:06
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       0194E37720B4267777B32DC25D40332AE6D8
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/VGllRnL30FYQPaeYLwF083hbNQY.roa
Signing time:             Sat 08 Feb 2025 02:50:22 +0000
ROA not before:           Sat 08 Feb 2025 02:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     932
IP address blocks:        45.128.146.0/23 maxlen: 24
                          45.131.179.0/24 maxlen: 24
                          45.132.238.0/23 maxlen: 24
                          45.133.238.0/23 maxlen: 24
                          45.134.82.0/23 maxlen: 24
                          45.135.118.0/23 maxlen: 24
                          45.137.10.0/23 maxlen: 24
                          45.140.90.0/23 maxlen: 24
                          91.217.162.0/24 maxlen: 24
                          185.106.176.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Sat 08 Feb 2025 04:20:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e3:77:20:b4:26:77:77:b3:2d:c2:5d:40:33:2a:e6:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Feb  8 02:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5469654672f7d056103da7982f0174f3785b3506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b1:90:d5:dc:50:77:01:0a:f1:7b:05:39:35:
                    01:6b:85:21:1a:cd:00:6a:3f:90:0a:8c:7c:0c:33:
                    01:1e:51:a6:3d:08:eb:45:0f:e6:0e:1f:92:c6:79:
                    fa:e9:2e:51:29:b8:22:7d:f6:15:b6:4a:ee:a6:3d:
                    25:58:5c:94:bc:4a:cb:71:21:1a:87:a4:82:fd:9d:
                    57:de:72:11:26:fe:78:11:3f:a9:60:ee:f5:27:8d:
                    9c:14:46:21:e7:54:50:ce:92:fc:a0:4a:bb:6b:bb:
                    41:01:c1:97:f2:0a:73:0e:81:ed:83:a1:5d:74:41:
                    d7:12:b9:25:4d:02:12:c4:33:66:e5:4d:49:41:5c:
                    22:4a:05:31:fc:77:fe:6e:c9:2b:52:6d:ab:5f:40:
                    8a:bc:47:81:96:8a:10:ce:81:f1:79:68:d5:d9:65:
                    d3:35:1f:00:f6:a6:eb:1f:cf:54:af:96:35:82:53:
                    18:2c:9d:cc:ee:ae:c3:a5:0f:ea:92:b7:98:3d:e1:
                    26:c0:b4:3e:12:91:7e:5f:74:f6:3f:da:06:8a:e0:
                    83:53:4f:fe:2b:ae:60:b1:df:36:02:ec:05:53:90:
                    27:5b:2f:09:1e:bf:d3:f7:30:ec:06:73:0c:07:00:
                    09:02:88:92:4a:6a:af:ab:85:37:cc:c7:42:50:77:
                    6e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:69:65:46:72:F7:D0:56:10:3D:A7:98:2F:01:74:F3:78:5B:35:06
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/VGllRnL30FYQPaeYLwF083hbNQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.146.0/23
                  45.131.179.0/24
                  45.132.238.0/23
                  45.133.238.0/23
                  45.134.82.0/23
                  45.135.118.0/23
                  45.137.10.0/23
                  45.140.90.0/23
                  91.217.162.0/24
                  185.106.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:f9:cb:68:e9:76:6e:05:a7:9f:e9:f4:59:51:64:fd:21:7d:
         f8:7f:30:ba:f1:ad:97:9b:63:b4:24:38:c2:20:42:51:04:31:
         bc:93:b7:2e:ee:e1:3f:90:a6:29:04:33:1e:5b:24:ec:84:47:
         e4:6f:72:d3:0a:3c:fd:9e:c4:9d:9f:35:0d:00:4c:b4:66:1c:
         82:4e:3b:2a:f2:9a:79:04:f7:42:f5:0a:0f:b2:bf:69:a1:91:
         26:f6:e3:ae:12:e5:1b:f4:cd:2d:54:13:15:7f:8a:9b:71:9d:
         e5:22:b5:b1:b4:cd:6c:f1:1c:5d:8c:0b:39:47:dd:14:89:22:
         e8:5a:79:84:0a:f1:45:88:42:8f:e0:eb:b2:eb:81:e1:5c:31:
         c2:8b:ea:39:7e:d1:c3:88:41:5c:8d:73:2b:ac:3a:71:cd:f2:
         37:e1:2e:d9:cc:c3:f9:5a:46:db:79:17:e4:51:86:6d:2c:8f:
         1e:26:a5:72:a2:10:d8:70:06:93:bb:22:a6:f0:c3:c3:5f:1c:
         18:5d:d4:a8:f4:8f:63:b1:cc:e4:ef:2e:a4:49:64:74:c5:43:
         98:66:35:1d:25:aa:43:2a:6f:2c:b1:9a:6f:3e:6e:cb:12:86:
         c7:23:2a:ea:c2:28:10:36:af:3d:6c:d7:61:24:61:ff:35:e7:
         88:4b:fd:01
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZTjdyC0Jnd3sy3CXUAzKubYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjUwMjA4MDI1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY5NjU0NjcyZjdkMDU2MTAzZGE3OTgyZjAxNzRmMzc4NWIzNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLGQ1dxQdwEK8XsFOTUBa4UhGs0A
aj+QCox8DDMBHlGmPQjrRQ/mDh+Sxnn66S5RKbgiffYVtkrupj0lWFyUvErLcSEa
h6SC/Z1X3nIRJv54ET+pYO71J42cFEYh51RQzpL8oEq7a7tBAcGX8gpzDoHtg6Fd
dEHXErklTQISxDNm5U1JQVwiSgUx/Hf+bskrUm2rX0CKvEeBlooQzoHxeWjV2WXT
NR8A9qbrH89Ur5Y1glMYLJ3M7q7DpQ/qkreYPeEmwLQ+EpF+X3T2P9oGiuCDU0/+
K65gsd82AuwFU5AnWy8JHr/T9zDsBnMMBwAJAoiSSmqvq4U3zMdCUHduOwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFRpZUZy99BWED2nmC8BdPN4WzUGMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvVkdsbFJuTDMwRllRUGFlWUx3RjA4M2hiTlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBLYCSAwQA
LYOzAwQBLYTuAwQBLYXuAwQBLYZSAwQBLYd2AwQBLYkKAwQBLYxaAwQAW9miAwQC
uWqwMA0GCSqGSIb3DQEBCwUAA4IBAQBy+cto6XZuBaef6fRZUWT9IX34fzC68a2X
m2O0JDjCIEJRBDG8k7cu7uE/kKYpBDMeWyTshEfkb3LTCjz9nsSdnzUNAEy0ZhyC
Tjsq8pp5BPdC9QoPsr9poZEm9uOuEuUb9M0tVBMVf4qbcZ3lIrWxtM1s8RxdjAs5
R90UiSLoWnmECvFFiEKP4Ouy64HhXDHCi+o5ftHDiEFcjXMrrDpxzfI34S7ZzMP5
WkbbeRfkUYZtLI8eJqVyohDYcAaTuyKm8MPDXxwYXdSo9I9jsczk7y6kSWR0xUOY
ZjUdJapDKm8ssZpvPm7LEobHIyrqwigQNq89bNdhJGH/NeeIS/0B
-----END CERTIFICATE-----