Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/m85kUsOU9V1tMZDQf1R7mwuGjjE.roa
File:                     m85kUsOU9V1tMZDQf1R7mwuGjjE.roa (raw, json)
Hash identifier:          lMJurNW7kTq5N6YY2HJnIZNkpdkoHW6cQi8R2/v/TU8=
Subject key identifier:   9B:CE:64:52:C3:94:F5:5D:6D:31:90:D0:7F:54:7B:9B:0B:86:8E:31
Certificate issuer:       /CN=69042c1f27a7d7862475087023dc97c3330f73c6
Certificate serial:       019087782D8F9A5775ECD516458FAFFFBE58
Authority key identifier: 69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/m85kUsOU9V1tMZDQf1R7mwuGjjE.roa
Signing time:             Sat 06 Jul 2024 09:55:18 +0000
ROA not before:           Sat 06 Jul 2024 09:55:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48847
IP address blocks:        185.104.68.0/22 maxlen: 22
                          185.104.68.0/24 maxlen: 24
                          185.104.68.0/26 maxlen: 26
                          185.104.68.64/26 maxlen: 26
                          185.104.68.144/28 maxlen: 28
                          185.104.68.240/29 maxlen: 29
                          185.104.70.0/24 maxlen: 24
                          185.104.70.0/28 maxlen: 28
                          185.104.70.220/30 maxlen: 30
                          185.104.71.0/24 maxlen: 24
                          185.104.71.0/28 maxlen: 28
                          185.104.71.16/30 maxlen: 30
                          185.104.71.20/30 maxlen: 30
                          185.104.71.28/30 maxlen: 30
                          185.104.71.32/28 maxlen: 28
                          185.104.71.176/29 maxlen: 29
                          2a06:3480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 16 Oct 2024 18:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:87:78:2d:8f:9a:57:75:ec:d5:16:45:8f:af:ff:be:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69042c1f27a7d7862475087023dc97c3330f73c6
        Validity
            Not Before: Jul  6 09:55:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bce6452c394f55d6d3190d07f547b9b0b868e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e2:59:bc:42:d8:d1:44:f7:0b:df:52:06:17:
                    71:fd:d3:89:f6:f0:e8:64:a6:c3:20:2c:bc:b2:1e:
                    91:d1:28:27:28:66:ab:12:f6:5d:d9:47:9f:3a:ff:
                    f6:9e:45:e9:c9:d4:6c:3f:1a:eb:de:67:e0:38:58:
                    62:d4:85:94:f6:f4:02:2e:0c:74:29:18:26:fc:9b:
                    88:d5:76:f5:60:71:17:c3:f2:4b:77:27:07:88:72:
                    7e:e4:bb:bf:2b:e4:c3:e0:16:46:ee:eb:be:13:be:
                    42:33:0a:5b:95:94:9b:dd:6b:82:e3:d6:16:46:e1:
                    3d:fc:ac:c6:4c:8e:e2:26:65:e8:52:9f:41:6c:a0:
                    9f:2c:2d:5d:33:7e:5d:04:76:b3:d5:61:22:f0:36:
                    e7:9f:4a:82:22:98:c2:b1:ba:b0:f9:0d:9b:d6:f6:
                    c6:5b:0e:4c:12:91:42:68:b2:5a:3f:11:44:ac:84:
                    2a:85:dc:ab:8a:c5:d0:22:ab:88:70:1e:ad:68:89:
                    8f:f7:4d:7c:91:9c:b2:1d:44:c6:86:fb:37:ba:b0:
                    25:4d:36:da:e3:19:a4:15:9e:1c:be:ce:a8:c7:13:
                    9d:43:6e:e4:d7:3c:eb:ba:d5:ee:b5:ff:e7:a5:32:
                    7d:5c:e2:78:15:dc:8a:e0:17:40:32:eb:84:82:e7:
                    1d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CE:64:52:C3:94:F5:5D:6D:31:90:D0:7F:54:7B:9B:0B:86:8E:31
            X509v3 Authority Key Identifier:
                keyid:69:04:2C:1F:27:A7:D7:86:24:75:08:70:23:DC:97:C3:33:0F:73:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aQQsHyen14YkdQhwI9yXwzMPc8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/m85kUsOU9V1tMZDQf1R7mwuGjjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4ae64b-f73e-408c-b4a8-cbb3d635d82f/1/aQQsHyen14YkdQhwI9yXwzMPc8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.68.0/22
                IPv6:
                  2a06:3480::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:79:c6:72:06:90:f7:f2:5b:11:ea:5e:26:e4:c8:42:dd:e7:
         eb:1a:06:d3:05:c8:4e:bd:c2:32:4c:6c:b6:a5:02:20:12:f3:
         47:d0:77:e4:fd:a0:22:31:36:a1:85:da:5a:59:df:b1:41:5d:
         e7:ce:dc:c2:7b:a1:d4:de:53:7e:22:b2:34:97:ac:fa:dc:0b:
         23:4d:61:75:2b:4e:8e:77:75:1a:ed:1f:12:31:09:3e:39:31:
         65:bb:eb:4f:af:96:c4:de:29:d8:f3:58:1c:ec:f1:e3:ab:e1:
         41:ac:a0:36:00:4d:1c:45:f5:05:ec:2f:82:e6:03:47:a6:ad:
         ad:69:65:d6:31:ac:57:d6:b4:04:d2:fa:df:e4:00:2b:45:d6:
         32:9d:2a:97:90:60:64:8e:a1:60:64:b8:15:cb:a2:77:0b:df:
         01:4d:cf:7d:09:95:4e:cc:ae:75:d6:b1:0b:7a:3f:7b:7b:bf:
         e5:17:29:2d:90:07:fd:4b:5d:01:03:f3:4b:c9:b2:86:fd:85:
         91:61:99:52:33:34:08:58:69:d8:09:4e:ff:17:00:d9:16:78:
         ad:6e:d2:d0:49:0e:41:a8:ee:3f:06:88:e1:f7:f5:f4:2c:fa:
         e1:d0:2c:48:b7:64:8d:af:dc:cb:dd:52:9f:25:27:cb:6c:b3:
         f0:e0:28:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZCHeC2Pmld17NUWRY+v/75YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MDQyYzFmMjdhN2Q3ODYyNDc1MDg3MDIzZGM5N2MzMzMw
ZjczYzYwHhcNMjQwNzA2MDk1NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNlNjQ1MmMzOTRmNTVkNmQzMTkwZDA3ZjU0N2I5YjBiODY4ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uJZvELY0UT3C99SBhdx/dOJ9vDo
ZKbDICy8sh6R0SgnKGarEvZd2UefOv/2nkXpydRsPxrr3mfgOFhi1IWU9vQCLgx0
KRgm/JuI1Xb1YHEXw/JLdycHiHJ+5Lu/K+TD4BZG7uu+E75CMwpblZSb3WuC49YW
RuE9/KzGTI7iJmXoUp9BbKCfLC1dM35dBHaz1WEi8Dbnn0qCIpjCsbqw+Q2b1vbG
Ww5MEpFCaLJaPxFErIQqhdyrisXQIquIcB6taImP9018kZyyHUTGhvs3urAlTTba
4xmkFZ4cvs6oxxOdQ27k1zzrutXutf/npTJ9XOJ4FdyK4BdAMuuEgucd/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJvOZFLDlPVdbTGQ0H9Ue5sLho4xMB8GA1UdIwQY
MBaAFGkELB8np9eGJHUIcCPcl8MzD3PGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgt
Y2JiM2Q2MzVkODJmLzEvbTg1a1VzT1U5VjF0TVpEUWYxUjdtd3VHampFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80YWU2NGItZjczZS00MDhjLWI0YTgtY2JiM2Q2MzVkODJm
LzEvYVFRc0h5ZW4xNFlrZFFod0k5eVh3ek1QYzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWhEMA0E
AgACMAcDBQMqBjSAMA0GCSqGSIb3DQEBCwUAA4IBAQABecZyBpD38lsR6l4m5MhC
3efrGgbTBchOvcIyTGy2pQIgEvNH0Hfk/aAiMTahhdpaWd+xQV3nztzCe6HU3lN+
IrI0l6z63AsjTWF1K06Od3Ua7R8SMQk+OTFlu+tPr5bE3inY81gc7PHjq+FBrKA2
AE0cRfUF7C+C5gNHpq2taWXWMaxX1rQE0vrf5AArRdYynSqXkGBkjqFgZLgVy6J3
C98BTc99CZVOzK511rELej97e7/lFyktkAf9S10BA/NLybKG/YWRYZlSMzQIWGnY
CU7/FwDZFnitbtLQSQ5BqO4/Bojh9/X0LPrh0CxIt2SNr9zL3VKfJSfLbLPw4CiA
-----END CERTIFICATE-----