Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ZY5pV_oZe-5yJgS8VBKyg-CXTqI.roa
File:                     ZY5pV_oZe-5yJgS8VBKyg-CXTqI.roa (raw, json)
Hash identifier:          V7kH6W4YdGRIUnDyu/tT8YlargfhbicAqI1j6NCnLyk=
Subject key identifier:   65:8E:69:57:FA:19:7B:EE:72:26:04:BC:54:12:B2:83:E0:97:4E:A2
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       0192CDD1E172DD53E786E85E14688CF8265E
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ZY5pV_oZe-5yJgS8VBKyg-CXTqI.roa
Signing time:             Sun 27 Oct 2024 11:52:16 +0000
ROA not before:           Sun 27 Oct 2024 11:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50810
IP address blocks:        37.98.64.0/18 maxlen: 22
                          37.98.114.0/24 maxlen: 24
                          93.117.176.0/20 maxlen: 24
                          93.119.208.0/20 maxlen: 24
                          178.131.0.0/18 maxlen: 24
                          178.131.4.0/24 maxlen: 24
                          178.131.64.0/18 maxlen: 24
                          178.131.128.0/18 maxlen: 24
                          188.211.0.0/20 maxlen: 24
                          188.211.15.0/24 maxlen: 24
                          188.212.240.0/21 maxlen: 24
                          188.213.192.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 03:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cd:d1:e1:72:dd:53:e7:86:e8:5e:14:68:8c:f8:26:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Oct 27 11:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=658e6957fa197bee722604bc5412b283e0974ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1b:99:d2:b1:ac:2c:cf:a3:e1:00:60:fc:76:
                    30:a3:66:7f:17:61:e4:b1:d2:42:58:5e:b0:4b:4d:
                    51:cf:60:8b:42:21:ae:b1:a5:61:bf:ba:79:7a:18:
                    92:d4:b6:5b:bc:b2:68:08:b6:12:6f:a7:1c:7c:90:
                    cb:8a:1f:4e:8e:96:ca:df:86:8e:86:ec:71:e7:59:
                    a3:4a:55:ed:70:7d:f4:a5:90:cf:a1:ed:bd:52:6f:
                    5a:3e:88:77:82:58:b4:f4:ca:74:8c:44:d2:5a:02:
                    15:42:fa:2f:5f:5e:43:84:74:4f:3a:f8:cb:74:2b:
                    a6:3a:bf:73:ad:5f:43:e2:f9:3f:e7:47:73:d5:d3:
                    da:51:12:83:71:25:64:21:81:f6:27:4c:5b:ca:68:
                    d0:f7:fa:ac:25:e1:de:4a:a4:49:25:78:a8:b1:ac:
                    ac:29:36:74:09:4b:a9:bc:d4:7c:8f:86:3f:09:e3:
                    fd:ee:c9:03:db:48:b3:0e:e9:b8:41:60:1d:3a:c5:
                    4d:cb:fa:a8:18:30:96:35:fe:65:69:86:86:2d:9a:
                    25:e4:1c:6a:fa:8c:1d:e7:d9:f2:f8:a8:e8:20:2d:
                    4e:b0:8b:c0:dd:d8:d3:6a:31:44:1d:7b:80:d3:9b:
                    d8:0c:5a:79:20:72:d4:78:67:64:27:c9:49:05:8a:
                    bb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8E:69:57:FA:19:7B:EE:72:26:04:BC:54:12:B2:83:E0:97:4E:A2
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/ZY5pV_oZe-5yJgS8VBKyg-CXTqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.64.0/18
                  93.117.176.0/20
                  93.119.208.0/20
                  178.131.0.0-178.131.191.255
                  188.211.0.0/20
                  188.212.240.0/21
                  188.213.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:4a:1f:17:97:a3:f8:ca:66:76:9a:dc:34:89:26:33:21:6b:
         5f:45:d2:6f:f2:93:5f:a2:bc:77:b9:4c:60:b0:cc:d3:50:92:
         d7:f3:b3:1b:79:53:97:c5:99:83:0a:bd:9a:30:c3:d9:f9:d5:
         3c:5f:ef:66:87:52:8e:4c:ae:f4:86:62:11:d7:cf:63:78:6a:
         1b:a6:06:87:50:61:be:e0:be:2c:00:16:43:48:ae:29:73:ac:
         be:d7:11:a4:d6:68:29:4d:aa:78:20:58:6f:a8:85:ca:4a:ab:
         9b:69:17:17:09:22:f7:c8:3f:74:93:7e:76:b2:56:e0:43:2b:
         f0:ff:c3:7e:9e:94:12:c3:29:06:74:9d:ae:ea:0a:1a:72:71:
         20:2b:16:bb:9e:9e:7f:99:c8:52:58:f8:4a:70:ed:f3:40:88:
         2d:5d:75:6f:34:93:33:e4:7b:4d:c6:83:f5:7e:58:54:66:69:
         6a:69:66:98:e5:bf:ad:a9:e8:c2:81:68:37:23:2d:cd:7e:bb:
         70:24:b5:65:3d:2d:e2:9f:85:f4:79:eb:93:58:30:b6:34:44:
         ea:0a:77:56:68:dd:4e:88:38:c3:34:78:53:b9:c9:5e:6e:a0:
         ca:2e:e8:da:74:1a:27:4d:76:b4:e5:5b:1a:19:bb:8c:fd:c2:
         bc:99:54:ca
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZLN0eFy3VPnhuheFGiM+CZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjQxMDI3MTE1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThlNjk1N2ZhMTk3YmVlNzIyNjA0YmM1NDEyYjI4M2UwOTc0ZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBuZ0rGsLM+j4QBg/HYwo2Z/F2Hk
sdJCWF6wS01Rz2CLQiGusaVhv7p5ehiS1LZbvLJoCLYSb6ccfJDLih9OjpbK34aO
huxx51mjSlXtcH30pZDPoe29Um9aPoh3gli09Mp0jETSWgIVQvovX15DhHRPOvjL
dCumOr9zrV9D4vk/50dz1dPaURKDcSVkIYH2J0xbymjQ9/qsJeHeSqRJJXiosays
KTZ0CUupvNR8j4Y/CeP97skD20izDum4QWAdOsVNy/qoGDCWNf5laYaGLZol5Bxq
+owd59ny+KjoIC1OsIvA3djTajFEHXuA05vYDFp5IHLUeGdkJ8lJBYq7sQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFGWOaVf6GXvuciYEvFQSsoPgl06iMB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvWlk1cFZfb1plLTV5SmdTOFZCS3lnLUNYVHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAATAxAwQGJWJAAwQE
XXWwAwQEXXfQMAsDAwCygwMEBrKDgAMEBLzTAAMEA7zU8AMEArzVwDANBgkqhkiG
9w0BAQsFAAOCAQEAUkofF5ej+MpmdprcNIkmMyFrX0XSb/KTX6K8d7lMYLDM01CS
1/OzG3lTl8WZgwq9mjDD2fnVPF/vZodSjkyu9IZiEdfPY3hqG6YGh1BhvuC+LAAW
Q0iuKXOsvtcRpNZoKU2qeCBYb6iFykqrm2kXFwki98g/dJN+drJW4EMr8P/Dfp6U
EsMpBnSdruoKGnJxICsWu56ef5nIUlj4SnDt80CILV11bzSTM+R7TcaD9X5YVGZp
amlmmOW/ranowoFoNyMtzX67cCS1ZT0t4p+F9Hnrk1gwtjRE6gp3VmjdTog4wzR4
U7nJXm6gyi7o2nQaJ012tOVbGhm7jP3CvJlUyg==
-----END CERTIFICATE-----