Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/SR0uLFKaBMfM5DJaYponEFVSwf0.roa
File:                     SR0uLFKaBMfM5DJaYponEFVSwf0.roa (raw, json)
Hash identifier:          I2tGaaRm9Dta4Y3hluVu3NaKkq1oPG6OYs2ab5c1E/g=
Subject key identifier:   49:1D:2E:2C:52:9A:04:C7:CC:E4:32:5A:62:9A:27:10:55:52:C1:FD
Certificate issuer:       /CN=c1e2464dd6d042309515f7e5b64ea65c089b4616
Certificate serial:       018CC9BC77200B3A93E8F905517BB72A46B0
Authority key identifier: C1:E2:46:4D:D6:D0:42:30:95:15:F7:E5:B6:4E:A6:5C:08:9B:46:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/weJGTdbQQjCVFffltk6mXAibRhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/SR0uLFKaBMfM5DJaYponEFVSwf0.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198736
IP address blocks:        131.117.184.0/21 maxlen: 21
                          77.232.168.0/21 maxlen: 21
                          149.255.120.0/21 maxlen: 21
                          77.111.238.0/23 maxlen: 23
                          77.111.237.0/24 maxlen: 24
                          77.111.236.0/24 maxlen: 24
                          185.7.244.0/22 maxlen: 22
                          82.163.232.0/22 maxlen: 22
                          82.163.128.0/22 maxlen: 22
                          95.141.160.0/20 maxlen: 20
                          2a00:c5c0:a000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:47:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:77:20:0b:3a:93:e8:f9:05:51:7b:b7:2a:46:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1e2464dd6d042309515f7e5b64ea65c089b4616
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=491d2e2c529a04c7cce4325a629a27105552c1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cf:70:8d:a7:3a:69:d2:b4:58:d7:e3:bb:64:
                    c5:ae:63:a4:f2:31:0b:9d:b3:5f:79:12:71:74:7d:
                    87:57:38:20:09:6d:93:87:5b:80:e3:b9:05:49:23:
                    08:65:59:94:f2:8f:c9:d9:84:00:74:ef:14:9e:a4:
                    fe:49:a7:6a:0d:7b:1f:96:58:8a:5c:e0:d7:09:70:
                    f7:6e:37:63:88:ef:33:47:5e:33:21:78:81:05:68:
                    63:c3:c5:fb:81:b5:b4:81:e2:fe:1b:ae:dc:76:24:
                    dd:3a:a7:e9:80:8b:2f:3e:f3:cb:c8:34:c0:e8:50:
                    c9:05:36:53:0a:6e:26:ac:66:43:e6:cf:08:b4:1c:
                    c2:58:ae:0e:de:b8:07:7b:4d:50:16:73:2e:40:bc:
                    36:9e:d4:0d:09:30:01:b1:bc:cd:da:0e:5e:f4:9e:
                    28:45:24:9b:6a:4a:b3:54:9c:02:7b:4b:81:ba:87:
                    91:a0:0c:82:27:cc:59:e8:12:e1:64:df:9f:4b:63:
                    99:03:db:79:e7:1a:70:eb:0c:bf:22:3a:b8:7f:aa:
                    ae:bb:55:c0:63:44:fa:91:65:ad:4a:5e:af:e0:19:
                    03:26:09:17:60:6a:3e:ba:1c:b7:32:d4:68:64:da:
                    2d:79:b7:3d:a9:e5:43:56:27:b7:a6:17:5d:7f:4d:
                    48:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:1D:2E:2C:52:9A:04:C7:CC:E4:32:5A:62:9A:27:10:55:52:C1:FD
            X509v3 Authority Key Identifier:
                keyid:C1:E2:46:4D:D6:D0:42:30:95:15:F7:E5:B6:4E:A6:5C:08:9B:46:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/weJGTdbQQjCVFffltk6mXAibRhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/SR0uLFKaBMfM5DJaYponEFVSwf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/weJGTdbQQjCVFffltk6mXAibRhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.236.0/22
                  77.232.168.0/21
                  82.163.128.0/22
                  82.163.232.0/22
                  95.141.160.0/20
                  131.117.184.0/21
                  149.255.120.0/21
                  185.7.244.0/22
                IPv6:
                  2a00:c5c0:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         41:34:ea:ad:8c:15:f2:1c:2a:28:f3:11:88:6e:24:22:9d:03:
         55:ea:ad:83:4c:ae:1e:b8:de:a1:20:ea:84:23:6e:10:00:f0:
         3f:8a:a4:1b:26:1d:92:31:41:2c:39:6c:60:5a:0a:17:51:29:
         bc:dc:0e:d8:13:4e:ab:c2:0d:21:0d:65:74:dd:a5:04:8c:2d:
         22:4c:df:ba:d3:8d:ff:1f:f7:cc:b0:35:56:2b:27:7a:ed:c0:
         bf:0b:ae:ac:8a:d3:54:c9:53:1d:1e:e1:c2:03:bf:d3:eb:67:
         26:b4:a6:f9:f9:24:8d:7d:2a:84:23:4d:73:6b:a6:cb:86:72:
         4a:b0:08:c5:d0:46:ec:e4:6c:16:49:6a:89:00:0b:17:67:c6:
         43:ab:82:33:26:fe:d7:70:61:b4:76:d3:63:e9:aa:15:3a:8f:
         23:8a:93:ca:82:68:f8:1d:34:f1:20:51:2c:67:49:21:39:ce:
         24:b1:f2:08:b0:e3:c4:df:8c:05:90:47:81:e4:e1:24:78:a2:
         b0:73:68:af:20:59:55:1d:69:53:a2:23:b0:7f:94:13:78:1f:
         28:15:94:44:03:f1:34:b6:f4:88:f7:d6:9c:3c:6f:f4:e9:bd:
         af:ca:4d:a2:33:8f:6a:36:44:d9:fa:49:15:77:ee:8d:bb:f4:
         fe:31:c1:da
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzJvHcgCzqT6PkFUXu3KkawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZTI0NjRkZDZkMDQyMzA5NTE1ZjdlNWI2NGVhNjVjMDg5
YjQ2MTYwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTFkMmUyYzUyOWEwNGM3Y2NlNDMyNWE2MjlhMjcxMDU1NTJjMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwM9wjac6adK0WNfju2TFrmOk8jEL
nbNfeRJxdH2HVzggCW2Th1uA47kFSSMIZVmU8o/J2YQAdO8UnqT+SadqDXsflliK
XODXCXD3bjdjiO8zR14zIXiBBWhjw8X7gbW0geL+G67cdiTdOqfpgIsvPvPLyDTA
6FDJBTZTCm4mrGZD5s8ItBzCWK4O3rgHe01QFnMuQLw2ntQNCTABsbzN2g5e9J4o
RSSbakqzVJwCe0uBuoeRoAyCJ8xZ6BLhZN+fS2OZA9t55xpw6wy/Ijq4f6quu1XA
Y0T6kWWtSl6v4BkDJgkXYGo+uhy3MtRoZNotebc9qeVDVie3phddf01IuwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFEkdLixSmgTHzOQyWmKaJxBVUsH9MB8GA1UdIwQY
MBaAFMHiRk3W0EIwlRX35bZOplwIm0YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VKR1RkYlFRakNWRmZmbHRrNm1YQWliUmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNTZmYWItZGU5Ny00Njc5LWE0NjUt
Yjk2ZDY3MTRhMTc0LzEvU1IwdUxGS2FCTWZNNURKYVlwb25FRlZTd2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNTZmYWItZGU5Ny00Njc5LWE0NjUtYjk2ZDY3MTRhMTc0
LzEvd2VKR1RkYlFRakNWRmZmbHRrNm1YQWliUmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQCTW/sAwQD
TeioAwQCUqOAAwQCUqPoAwQEX42gAwQDg3W4AwQDlf94AwQCuQf0MA4EAgACMAgD
BgQqAMXAoDANBgkqhkiG9w0BAQsFAAOCAQEAQTTqrYwV8hwqKPMRiG4kIp0DVeqt
g0yuHrjeoSDqhCNuEADwP4qkGyYdkjFBLDlsYFoKF1EpvNwO2BNOq8INIQ1ldN2l
BIwtIkzfutON/x/3zLA1Visneu3AvwuurIrTVMlTHR7hwgO/0+tnJrSm+fkkjX0q
hCNNc2umy4ZySrAIxdBG7ORsFklqiQALF2fGQ6uCMyb+13BhtHbTY+mqFTqPI4qT
yoJo+B008SBRLGdJITnOJLHyCLDjxN+MBZBHgeThJHiisHNoryBZVR1pU6IjsH+U
E3gfKBWURAPxNLb0iPfWnDxv9Om9r8pNojOPajZE2fpJFXfujbv0/jHB2g==
-----END CERTIFICATE-----