Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/G3_uVNuZDVk0fx3zeRYqkyRXi2M.roa
File:                     G3_uVNuZDVk0fx3zeRYqkyRXi2M.roa (raw, json)
Hash identifier:          UImhOS9PKJnkwHp8VGArZzlSKS/WSqRAIRB+HFKTE/8=
Subject key identifier:   1B:7F:EE:54:DB:99:0D:59:34:7F:1D:F3:79:16:2A:93:24:57:8B:63
Certificate issuer:       /CN=695bbd542912a66fee6a34128a3a8cf7097dc69b
Certificate serial:       018CC6B829C0E0245441299D42052DE77FA3
Authority key identifier: 69:5B:BD:54:29:12:A6:6F:EE:6A:34:12:8A:3A:8C:F7:09:7D:C6:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVu9VCkSpm_uajQSijqM9wl9xps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/G3_uVNuZDVk0fx3zeRYqkyRXi2M.roa
Signing time:             Mon 01 Jan 2024 20:30:07 +0000
ROA not before:           Mon 01 Jan 2024 20:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50187
IP address blocks:        91.240.102.0/23 maxlen: 23
                          91.240.102.0/24 maxlen: 24
                          91.240.103.0/24 maxlen: 24
                          195.93.149.0/24 maxlen: 24
                          195.93.148.0/24 maxlen: 24
                          195.93.148.0/23 maxlen: 23
                          185.234.230.0/24 maxlen: 24
                          185.234.231.0/24 maxlen: 24
                          185.234.228.0/22 maxlen: 22
                          185.234.228.0/24 maxlen: 24
                          185.234.229.0/24 maxlen: 24
                          212.67.28.0/24 maxlen: 24
                          212.67.28.0/22 maxlen: 22
                          212.67.29.0/24 maxlen: 24
                          212.67.31.0/24 maxlen: 24
                          212.67.30.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 04 Mar 2024 06:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:29:c0:e0:24:54:41:29:9d:42:05:2d:e7:7f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=695bbd542912a66fee6a34128a3a8cf7097dc69b
        Validity
            Not Before: Jan  1 20:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b7fee54db990d59347f1df379162a9324578b63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:60:28:aa:c5:d3:ed:3e:66:e5:0b:91:c5:76:
                    c8:c1:a4:05:34:8e:8e:a9:4a:0a:26:10:3f:aa:b9:
                    19:5c:2e:56:61:5f:1d:d8:25:00:78:27:38:f6:42:
                    38:59:c0:4a:f7:18:8e:48:20:57:db:16:7b:d2:c7:
                    c4:85:c7:f6:b6:03:6b:80:26:c6:4f:9a:90:9b:60:
                    3a:b3:0d:ea:95:43:16:5f:7a:82:24:4f:63:f5:21:
                    2c:4b:04:65:00:71:2c:4b:4c:a5:d2:e3:b6:9c:07:
                    76:99:1b:a3:30:d5:80:f0:dc:26:4b:10:89:d3:c2:
                    60:8b:7e:35:7f:07:99:9c:3c:e3:7f:2a:79:26:e0:
                    b1:33:46:3b:79:a9:19:ca:cf:60:63:75:84:49:e9:
                    b4:0f:41:23:21:34:a9:9e:4d:8f:99:68:70:ca:3f:
                    8e:f7:70:18:ec:28:3a:b2:6d:da:4b:6e:f7:05:c1:
                    2c:67:fb:e6:72:6f:e9:29:11:3e:63:60:40:ff:f2:
                    34:59:10:9a:36:02:d5:d3:33:ae:5f:00:e3:07:f6:
                    f1:39:5a:d0:d5:02:3b:db:89:c1:98:18:25:e5:df:
                    fa:94:e5:51:32:b9:96:8e:c8:f1:8b:46:87:e5:6f:
                    a5:a6:2d:0c:22:af:5c:51:e0:78:66:7e:ff:b2:65:
                    37:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:7F:EE:54:DB:99:0D:59:34:7F:1D:F3:79:16:2A:93:24:57:8B:63
            X509v3 Authority Key Identifier:
                keyid:69:5B:BD:54:29:12:A6:6F:EE:6A:34:12:8A:3A:8C:F7:09:7D:C6:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVu9VCkSpm_uajQSijqM9wl9xps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/G3_uVNuZDVk0fx3zeRYqkyRXi2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/cd9fd4-ccc5-43d6-9d58-9816c67a9262/1/aVu9VCkSpm_uajQSijqM9wl9xps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.102.0/23
                  185.234.228.0/22
                  195.93.148.0/23
                  212.67.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:ee:a8:bb:42:71:b7:88:69:bd:38:c6:8f:7c:de:a5:74:6a:
         be:47:95:c2:b9:cc:48:91:11:d9:53:4b:7b:fe:f7:54:23:14:
         28:c1:34:74:b4:d6:3d:9e:13:c1:fe:0d:7a:1a:2c:ec:00:57:
         cf:69:74:0d:97:d5:66:c0:9a:de:7c:df:4d:81:ff:33:cc:32:
         75:55:8c:2e:df:d5:30:7c:3f:02:ed:2b:b1:9c:b6:a5:23:32:
         5d:42:58:51:f4:30:60:ac:e5:a8:99:04:83:2d:95:c2:3c:4a:
         20:88:1a:67:d3:4d:ec:6a:a3:1f:ed:58:7d:ae:1a:3f:41:b2:
         0a:a1:04:74:fa:69:00:ab:72:a0:73:5d:70:7d:5a:a7:7f:94:
         e3:79:2f:94:13:08:b0:80:75:ef:36:24:39:73:bc:45:dc:44:
         92:31:9e:f3:1d:e7:ab:dd:3b:9c:99:78:71:21:81:87:47:7e:
         73:82:4f:82:82:53:5c:a3:0b:63:47:a2:4f:f1:72:76:2b:cc:
         da:a8:2f:cd:56:42:8a:5a:fd:22:a0:86:92:1b:af:70:94:e2:
         b9:d1:9c:e2:89:76:eb:e2:0c:5c:ad:4f:6b:a3:2e:01:fd:0b:
         39:a2:ec:ed:c2:50:88:c4:4e:66:f6:ac:36:99:fe:df:7d:a9:
         44:b8:d5:4d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGuCnA4CRUQSmdQgUt53+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NWJiZDU0MjkxMmE2NmZlZTZhMzQxMjhhM2E4Y2Y3MDk3
ZGM2OWIwHhcNMjQwMTAxMjAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjdmZWU1NGRiOTkwZDU5MzQ3ZjFkZjM3OTE2MmE5MzI0NTc4YjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWAoqsXT7T5m5QuRxXbIwaQFNI6O
qUoKJhA/qrkZXC5WYV8d2CUAeCc49kI4WcBK9xiOSCBX2xZ70sfEhcf2tgNrgCbG
T5qQm2A6sw3qlUMWX3qCJE9j9SEsSwRlAHEsS0yl0uO2nAd2mRujMNWA8NwmSxCJ
08Jgi341fweZnDzjfyp5JuCxM0Y7eakZys9gY3WESem0D0EjITSpnk2PmWhwyj+O
93AY7Cg6sm3aS273BcEsZ/vmcm/pKRE+Y2BA//I0WRCaNgLV0zOuXwDjB/bxOVrQ
1QI724nBmBgl5d/6lOVRMrmWjsjxi0aH5W+lpi0MIq9cUeB4Zn7/smU3NwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBt/7lTbmQ1ZNH8d83kWKpMkV4tjMB8GA1UdIwQY
MBaAFGlbvVQpEqZv7mo0Eoo6jPcJfcabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZ1OVZDa1NwbV91YWpRU2lqcU05d2w5eHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9jZDlmZDQtY2NjNS00M2Q2LTlkNTgt
OTgxNmM2N2E5MjYyLzEvRzNfdVZOdVpEVmswZngzemVSWXFreVJYaTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9jZDlmZDQtY2NjNS00M2Q2LTlkNTgtOTgxNmM2N2E5MjYy
LzEvYVZ1OVZDa1NwbV91YWpRU2lqcU05d2w5eHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW/BmAwQC
uerkAwQBw12UAwQC1EMcMA0GCSqGSIb3DQEBCwUAA4IBAQAJ7qi7QnG3iGm9OMaP
fN6ldGq+R5XCucxIkRHZU0t7/vdUIxQowTR0tNY9nhPB/g16GizsAFfPaXQNl9Vm
wJrefN9Ngf8zzDJ1VYwu39UwfD8C7SuxnLalIzJdQlhR9DBgrOWomQSDLZXCPEog
iBpn003saqMf7Vh9rho/QbIKoQR0+mkAq3Kgc11wfVqnf5TjeS+UEwiwgHXvNiQ5
c7xF3ESSMZ7zHeer3TucmXhxIYGHR35zgk+CglNcowtjR6JP8XJ2K8zaqC/NVkKK
Wv0ioIaSG69wlOK50ZziiXbr4gxcrU9roy4B/Qs5ouztwlCIxE5m9qw2mf7ffalE
uNVN
-----END CERTIFICATE-----