Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aWZN5MzQzXYBdgKHdzB4k74uW2c.roa
File:                     aWZN5MzQzXYBdgKHdzB4k74uW2c.roa (raw, json)
Hash identifier:          g2K9mmQDsxGdh3JAuLXa+b8k7WPqa1rv+EUOzL3AZqE=
Subject key identifier:   69:66:4D:E4:CC:D0:CD:76:01:76:02:87:77:30:78:93:BE:2E:5B:67
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018D13D7F30B89AB1FCD77A8F63A5C07957A
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aWZN5MzQzXYBdgKHdzB4k74uW2c.roa
Signing time:             Tue 16 Jan 2024 19:55:36 +0000
ROA not before:           Tue 16 Jan 2024 19:55:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        45.93.82.0/24 maxlen: 24
                          45.131.51.0/24 maxlen: 24
                          80.64.24.0/24 maxlen: 24
                          80.64.25.0/24 maxlen: 24
                          80.64.27.0/24 maxlen: 24
                          80.64.29.0/24 maxlen: 24
                          80.64.30.0/24 maxlen: 24
                          91.217.125.0/24 maxlen: 24
                          185.210.136.0/24 maxlen: 24
                          188.64.162.0/24 maxlen: 24
                          213.139.202.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 21 Feb 2024 17:45:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:f3:0b:89:ab:1f:cd:77:a8:f6:3a:5c:07:95:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 16 19:55:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69664de4ccd0cd760176028777307893be2e5b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:98:3f:51:db:bd:ca:ae:81:33:54:7d:d7:cc:
                    d8:d8:80:6a:03:a6:f2:e3:3f:c4:76:be:04:ba:8b:
                    61:32:08:07:f8:f4:36:7d:9f:fc:d1:33:8d:92:d4:
                    cf:9b:ca:fc:50:79:6a:e9:94:38:20:4f:9a:de:35:
                    fc:a5:9a:89:c2:19:b9:4c:bc:13:74:8f:91:49:bc:
                    63:39:7b:70:85:d3:e5:5f:91:cd:c5:7c:15:a1:ad:
                    b9:37:97:b0:10:c7:a9:a3:24:23:33:5e:31:63:49:
                    ac:e5:18:5f:c4:ae:c4:20:8b:2c:aa:a3:41:dc:e4:
                    05:75:bd:b7:e2:57:d5:05:7f:a4:41:dd:4a:e3:5a:
                    d4:7f:ac:0d:ac:45:4b:2e:b8:e8:33:35:0e:46:f5:
                    e2:e6:f0:77:ec:b9:9f:cb:c1:01:e4:11:88:ac:34:
                    70:dc:2f:77:11:3a:72:fd:07:58:65:22:38:3b:16:
                    11:c3:cd:ef:c6:b5:df:58:31:4e:b4:af:f9:17:a0:
                    56:0c:8e:3f:d0:61:91:8b:b4:ce:0c:23:31:4d:75:
                    71:80:3f:ce:91:11:53:fe:4a:41:84:ac:86:54:d1:
                    f9:1b:ca:0b:fc:a1:9c:92:cf:6a:27:7f:5e:67:49:
                    cb:8b:9c:46:75:be:57:73:54:e0:3e:de:61:0b:a1:
                    f0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:66:4D:E4:CC:D0:CD:76:01:76:02:87:77:30:78:93:BE:2E:5B:67
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aWZN5MzQzXYBdgKHdzB4k74uW2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.82.0/24
                  45.131.51.0/24
                  80.64.24.0/23
                  80.64.27.0/24
                  80.64.29.0-80.64.30.255
                  91.217.125.0/24
                  185.210.136.0/24
                  188.64.162.0/24
                  213.139.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:f2:12:86:fc:23:86:14:b2:40:4e:54:b6:a4:c2:bc:1f:2d:
         44:05:ae:d4:04:55:ce:5b:f9:87:cc:cc:87:cd:89:34:63:56:
         eb:cf:96:0f:6b:bd:07:4d:3d:47:04:b8:f7:0c:7e:52:97:d5:
         61:fe:c1:42:c2:2e:03:3a:ee:c7:a2:f0:c3:2f:14:fc:7e:20:
         2d:24:64:f6:3f:8c:52:9c:66:84:08:21:08:d5:35:3a:36:af:
         b4:64:dc:4b:81:0d:d8:40:be:56:d1:29:87:c5:7e:81:b1:7a:
         cb:4d:61:e4:81:49:52:17:7d:a6:39:93:82:2f:82:6a:ad:9e:
         76:d5:0f:f3:19:1d:6e:ad:b9:99:27:9f:ab:8b:76:6a:0f:67:
         96:55:74:02:76:ac:af:db:8a:89:c6:c2:4b:ce:1e:b8:9a:f9:
         c5:6e:65:65:4b:12:cb:b3:2c:7f:d7:0f:d0:ec:f3:ba:03:1c:
         64:1d:d9:79:b1:7a:73:d5:13:b8:b9:18:20:88:e9:fe:f3:a0:
         f5:4c:00:e5:81:93:74:f7:4e:c5:6f:87:b3:7c:9b:ba:cb:b5:
         3d:2c:88:df:c7:12:18:11:76:c4:f6:a1:a6:11:20:67:6d:35:
         0e:aa:9e:3c:5f:64:6e:ee:90:e3:1e:b7:13:38:30:9f:ed:32:
         ef:2e:f6:a6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY0T1/MLiasfzXeo9jpcB5V6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTE2MTk1NTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTY2NGRlNGNjZDBjZDc2MDE3NjAyODc3NzMwNzg5M2JlMmU1YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05g/Udu9yq6BM1R918zY2IBqA6by
4z/Edr4EuothMggH+PQ2fZ/80TONktTPm8r8UHlq6ZQ4IE+a3jX8pZqJwhm5TLwT
dI+RSbxjOXtwhdPlX5HNxXwVoa25N5ewEMepoyQjM14xY0ms5RhfxK7EIIssqqNB
3OQFdb234lfVBX+kQd1K41rUf6wNrEVLLrjoMzUORvXi5vB37Lmfy8EB5BGIrDRw
3C93ETpy/QdYZSI4OxYRw83vxrXfWDFOtK/5F6BWDI4/0GGRi7TODCMxTXVxgD/O
kRFT/kpBhKyGVNH5G8oL/KGcks9qJ39eZ0nLi5xGdb5Xc1TgPt5hC6HwEQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGlmTeTM0M12AXYCh3cweJO+LltnMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvYVdaTjVNelF6WFlCZGdLSGR6QjRrNzR1VzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALV1SAwQA
LYMzAwQBUEAYAwQAUEAbMAwDBABQQB0DBABQQB4DBABb2X0DBAC50ogDBAC8QKID
BADVi8owDQYJKoZIhvcNAQELBQADggEBAAbyEob8I4YUskBOVLakwrwfLUQFrtQE
Vc5b+YfMzIfNiTRjVuvPlg9rvQdNPUcEuPcMflKX1WH+wULCLgM67sei8MMvFPx+
IC0kZPY/jFKcZoQIIQjVNTo2r7Rk3EuBDdhAvlbRKYfFfoGxestNYeSBSVIXfaY5
k4IvgmqtnnbVD/MZHW6tuZknn6uLdmoPZ5ZVdAJ2rK/bionGwkvOHria+cVuZWVL
EsuzLH/XD9Ds87oDHGQd2XmxenPVE7i5GCCI6f7zoPVMAOWBk3T3TsVvh7N8m7rL
tT0siN/HEhgRdsT2oaYRIGdtNQ6qnjxfZG7ukOMetxM4MJ/tMu8u9qY=
-----END CERTIFICATE-----