Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/R88XmeLQKwVBXZ2UehzhkipXfhA.roa
File:                     R88XmeLQKwVBXZ2UehzhkipXfhA.roa (raw, json)
Hash identifier:          Ae5kaSHU+gJPxy29zvWwzYAa9NGKLjSITXMw0ro6tZY=
Subject key identifier:   47:CF:17:99:E2:D0:2B:05:41:5D:9D:94:7A:1C:E1:92:2A:57:7E:10
Certificate issuer:       /CN=3d8a553e05f0319bf452fa206c14ccda87304654
Certificate serial:       01937274149C979B453CFD31374075FCA210
Authority key identifier: 3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/R88XmeLQKwVBXZ2UehzhkipXfhA.roa
Signing time:             Thu 28 Nov 2024 11:07:10 +0000
ROA not before:           Thu 28 Nov 2024 11:07:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8368
IP address blocks:        46.243.24.0/21 maxlen: 24
                          78.41.64.0/21 maxlen: 24
                          82.146.96.0/19 maxlen: 24
                          85.158.208.0/21 maxlen: 24
                          88.82.32.0/19 maxlen: 24
                          89.250.176.0/20 maxlen: 24
                          94.158.248.0/24 maxlen: 24
                          178.132.8.0/21 maxlen: 24
                          188.64.72.0/21 maxlen: 24
                          188.118.0.0/18 maxlen: 24
                          2001:4c40::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 28 Nov 2024 20:11:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:72:74:14:9c:97:9b:45:3c:fd:31:37:40:75:fc:a2:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8a553e05f0319bf452fa206c14ccda87304654
        Validity
            Not Before: Nov 28 11:07:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47cf1799e2d02b05415d9d947a1ce1922a577e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:17:93:6f:3b:70:32:3f:47:c3:db:41:c1:cf:
                    c4:6d:fe:36:ea:87:82:19:0a:c0:1a:77:80:d7:36:
                    3c:62:aa:ea:7b:91:75:c6:3a:4d:cc:64:fe:57:f0:
                    c0:ac:03:95:ed:9f:94:e4:90:1d:07:db:b8:c3:9e:
                    eb:eb:57:b6:2d:84:e1:03:34:a9:07:fd:56:99:14:
                    7b:d7:76:a7:e9:16:cf:32:3c:a5:d1:f7:2c:cc:47:
                    4d:88:80:3a:03:2e:71:9f:f1:f9:4a:a1:fe:b9:c7:
                    93:97:94:6f:97:88:7a:bd:dc:cb:8d:47:49:73:87:
                    de:19:d0:c3:65:7c:c0:7f:32:de:29:3e:22:6a:e2:
                    b1:d9:34:e1:5e:75:61:3b:89:c3:f5:f2:d9:79:37:
                    71:90:f9:17:a9:a4:82:26:c8:24:9e:e8:58:c4:a1:
                    9b:ee:4e:f9:55:6d:ae:f4:ef:a7:8a:fa:0b:68:5d:
                    1d:c2:14:04:33:40:e6:a1:0f:1d:1b:c4:5e:78:8d:
                    39:f6:05:88:f6:54:6f:0e:83:bf:c3:97:96:af:e3:
                    08:42:a0:42:2b:15:42:51:72:b2:7f:6a:71:f1:50:
                    ea:c3:23:a6:30:75:9c:3e:73:66:f3:61:22:40:ba:
                    39:1d:6a:45:6b:3c:05:80:10:fd:11:ba:48:b3:88:
                    e5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CF:17:99:E2:D0:2B:05:41:5D:9D:94:7A:1C:E1:92:2A:57:7E:10
            X509v3 Authority Key Identifier:
                keyid:3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/R88XmeLQKwVBXZ2UehzhkipXfhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.24.0/21
                  78.41.64.0/21
                  82.146.96.0/19
                  85.158.208.0/21
                  88.82.32.0/19
                  89.250.176.0/20
                  94.158.248.0/24
                  178.132.8.0/21
                  188.64.72.0/21
                  188.118.0.0/18
                IPv6:
                  2001:4c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:e8:87:49:f3:c5:8d:c4:b4:a9:2f:e8:a9:c8:66:00:b6:f2:
         72:1f:15:5c:e4:e2:c4:ad:9d:dc:65:27:2a:b2:de:39:0d:78:
         43:3a:37:42:1b:25:91:53:5d:88:f3:a7:6b:c2:a8:5e:2b:64:
         07:af:0b:71:41:77:8f:74:82:27:e8:ea:3e:b2:4a:a7:84:5a:
         d5:5d:0c:8c:30:13:0f:37:31:df:4f:06:89:ec:00:cc:5b:46:
         b8:46:1d:ec:2d:24:08:75:c3:ab:46:91:41:44:e7:05:32:37:
         51:2d:4b:46:d0:57:09:b8:7a:e2:69:32:98:37:98:85:ae:e4:
         5b:6e:ec:9b:99:3d:10:d5:73:4e:fd:cc:7a:98:1c:15:b9:b2:
         84:d2:73:10:3b:5b:0b:6c:f0:fc:88:db:aa:f3:24:d1:f7:74:
         40:3d:8c:2c:f9:4e:4d:ac:be:d2:16:82:ab:51:78:65:8a:50:
         f9:b2:66:63:0e:a4:d4:99:4e:94:b2:d3:f6:89:b4:f7:80:10:
         94:5c:5d:29:76:d9:b9:14:b7:7c:72:28:06:d2:d8:1c:e9:e8:
         fc:0c:d7:03:94:42:2e:08:81:08:fc:bf:d7:43:57:24:d2:67:
         d1:3b:05:19:53:ac:34:11:b7:76:75:64:05:a7:1a:68:15:11:
         82:9d:55:65
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZNydBScl5tFPP0xN0B1/KIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGE1NTNlMDVmMDMxOWJmNDUyZmEyMDZjMTRjY2RhODcz
MDQ2NTQwHhcNMjQxMTI4MTEwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2NmMTc5OWUyZDAyYjA1NDE1ZDlkOTQ3YTFjZTE5MjJhNTc3ZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArheTbztwMj9Hw9tBwc/Ebf426oeC
GQrAGneA1zY8Yqrqe5F1xjpNzGT+V/DArAOV7Z+U5JAdB9u4w57r61e2LYThAzSp
B/1WmRR713an6RbPMjyl0fcszEdNiIA6Ay5xn/H5SqH+uceTl5Rvl4h6vdzLjUdJ
c4feGdDDZXzAfzLeKT4iauKx2TThXnVhO4nD9fLZeTdxkPkXqaSCJsgknuhYxKGb
7k75VW2u9O+nivoLaF0dwhQEM0DmoQ8dG8ReeI059gWI9lRvDoO/w5eWr+MIQqBC
KxVCUXKyf2px8VDqwyOmMHWcPnNm82EiQLo5HWpFazwFgBD9EbpIs4jlNQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFEfPF5ni0CsFQV2dlHoc4ZIqV34QMB8GA1UdIwQY
MBaAFD2KVT4F8DGb9FL6IGwUzNqHMEZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1Mjct
MGZiNDgyM2Y1Yjg3LzEvUjg4WG1lTFFLd1ZCWFoyVWVoemhraXBYZmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1MjctMGZiNDgyM2Y1Yjg3
LzEvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDLvMYAwQD
TilAAwQFUpJgAwQDVZ7QAwQFWFIgAwQEWfqwAwQAXp74AwQDsoQIAwQDvEBIAwQG
vHYAMA0EAgACMAcDBQAgAUxAMA0GCSqGSIb3DQEBCwUAA4IBAQBr6IdJ88WNxLSp
L+ipyGYAtvJyHxVc5OLErZ3cZScqst45DXhDOjdCGyWRU12I86drwqheK2QHrwtx
QXePdIIn6Oo+skqnhFrVXQyMMBMPNzHfTwaJ7ADMW0a4Rh3sLSQIdcOrRpFBROcF
MjdRLUtG0FcJuHriaTKYN5iFruRbbuybmT0Q1XNO/cx6mBwVubKE0nMQO1sLbPD8
iNuq8yTR93RAPYws+U5NrL7SFoKrUXhlilD5smZjDqTUmU6UstP2ibT3gBCUXF0p
dtm5FLd8cigG0tgc6ej8DNcDlEIuCIEI/L/XQ1ck0mfROwUZU6w0Ebd2dWQFpxpo
FRGCnVVl
-----END CERTIFICATE-----