Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/hAXOC_4HJ58KNGb9n1HwemaVjnE.roa
File:                     hAXOC_4HJ58KNGb9n1HwemaVjnE.roa (raw, json)
Hash identifier:          7klqH1GFm4HfSJL7Pi9TFmAvcnQLiXeu/1xHbi8dp6s=
Subject key identifier:   84:05:CE:0B:FE:07:27:9F:0A:34:66:FD:9F:51:F0:7A:66:95:8E:71
Certificate issuer:       /CN=50d4ac320965ab4991108501a0602a6893e63fec
Certificate serial:       01942220242DCE98DD5747B629F140C0F6E1
Authority key identifier: 50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/hAXOC_4HJ58KNGb9n1HwemaVjnE.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24953
IP address blocks:        80.64.140.0/22 maxlen: 22
                          83.216.192.0/20 maxlen: 20
                          89.185.96.0/19 maxlen: 19
                          185.34.196.0/22 maxlen: 22
                          185.167.240.0/22 maxlen: 24
                          185.213.124.0/22 maxlen: 22
                          185.224.120.0/22 maxlen: 22
                          195.95.163.0/24 maxlen: 24
                          2001:1ad0::/32 maxlen: 32
                          2001:1ad0:c4fc::/46 maxlen: 48
                          2a0b:c200::/29 maxlen: 32
                          2a0b:c200:cafe::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 23:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:24:2d:ce:98:dd:57:47:b6:29:f1:40:c0:f6:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50d4ac320965ab4991108501a0602a6893e63fec
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8405ce0bfe07279f0a3466fd9f51f07a66958e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0e:55:75:a4:21:21:0d:98:e2:b2:ed:81:27:
                    24:a8:52:10:81:e2:eb:11:fb:91:52:60:22:a9:89:
                    f0:e5:1a:42:bd:30:99:69:ee:16:4c:f4:40:9f:51:
                    b4:1f:93:49:63:37:55:3c:14:0e:5e:3b:18:60:07:
                    77:61:f3:df:ee:78:24:68:36:5e:6a:0e:71:8b:ad:
                    cd:73:6c:f9:54:f0:67:d0:ab:d4:a9:b8:ba:f3:f9:
                    fe:53:86:d8:fc:50:5b:ed:d9:8b:62:54:71:47:d4:
                    1a:9b:25:56:78:ec:97:cf:ff:d2:53:fa:c4:33:4f:
                    65:c7:44:25:1a:d0:22:bc:34:3d:24:6d:0f:f9:88:
                    4d:f7:05:19:49:a6:bf:85:df:57:17:1a:bd:0a:2b:
                    39:69:c8:9d:64:53:8c:c3:11:4c:67:6d:ea:a1:b1:
                    7c:75:62:86:a3:df:63:62:94:27:1e:38:ae:38:4c:
                    14:bc:46:97:3d:e5:65:97:35:04:69:88:00:11:ce:
                    72:ba:b9:45:cb:91:fd:06:4e:9b:83:3f:50:79:e6:
                    fc:0e:97:35:c4:96:7d:41:4c:eb:1a:7f:9e:7a:43:
                    d0:cc:26:3a:7b:5c:37:6c:36:3a:11:cc:8d:85:60:
                    0f:93:b6:89:b4:86:b8:dd:a8:45:fe:2a:24:3e:e0:
                    81:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:05:CE:0B:FE:07:27:9F:0A:34:66:FD:9F:51:F0:7A:66:95:8E:71
            X509v3 Authority Key Identifier:
                keyid:50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/hAXOC_4HJ58KNGb9n1HwemaVjnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/UNSsMgllq0mREIUBoGAqaJPmP-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.140.0/22
                  83.216.192.0/20
                  89.185.96.0/19
                  185.34.196.0/22
                  185.167.240.0/22
                  185.213.124.0/22
                  185.224.120.0/22
                  195.95.163.0/24
                IPv6:
                  2001:1ad0::/32
                  2a0b:c200::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:80:a2:c5:a6:c8:e7:84:bc:9e:5b:3d:e9:08:16:fe:ae:01:
         77:85:77:c8:16:ac:71:5d:e6:12:d8:ac:ed:01:f3:8e:9f:b2:
         53:a4:ec:68:b4:ad:17:8c:f2:f0:87:e1:26:4b:d4:b1:81:d9:
         30:99:31:1b:8d:a5:f1:58:ae:98:c4:a4:f1:51:89:e1:ab:a3:
         dc:36:e5:96:76:ee:43:a5:10:84:65:3d:ea:8d:3e:bc:17:96:
         5e:fa:2a:89:85:6a:f2:cc:50:d9:f9:44:be:6c:b8:23:f5:20:
         6b:62:c3:3a:29:97:24:e4:d1:3e:ee:0f:31:ec:fb:77:3a:15:
         cd:49:f1:96:6a:ac:aa:0c:a1:15:a2:d2:92:2e:ae:ff:9c:13:
         a6:79:2b:1b:4d:45:fb:39:f9:3f:a4:4f:21:db:1d:02:87:5e:
         cb:05:5e:e0:d8:d6:61:0c:5d:6c:7d:ea:8d:36:b1:52:eb:3a:
         1d:ac:bd:42:d5:d3:e8:79:b5:61:d1:ed:e4:a7:c7:ec:6e:d8:
         9f:57:82:19:16:33:55:f8:82:bf:4d:25:5f:37:58:c3:8a:83:
         56:27:3a:1e:54:a4:03:ac:73:6b:32:55:73:3d:d9:c2:45:e3:
         4a:06:39:57:d4:bd:21:10:31:1f:8b:fd:95:40:0a:19:22:ee:
         a5:34:f3:55
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQiICQtzpjdV0e2KfFAwPbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZDRhYzMyMDk2NWFiNDk5MTEwODUwMWEwNjAyYTY4OTNl
NjNmZWMwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDA1Y2UwYmZlMDcyNzlmMGEzNDY2ZmQ5ZjUxZjA3YTY2OTU4ZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7A5VdaQhIQ2Y4rLtgSckqFIQgeLr
EfuRUmAiqYnw5RpCvTCZae4WTPRAn1G0H5NJYzdVPBQOXjsYYAd3YfPf7ngkaDZe
ag5xi63Nc2z5VPBn0KvUqbi68/n+U4bY/FBb7dmLYlRxR9QamyVWeOyXz//SU/rE
M09lx0QlGtAivDQ9JG0P+YhN9wUZSaa/hd9XFxq9Cis5acidZFOMwxFMZ23qobF8
dWKGo99jYpQnHjiuOEwUvEaXPeVllzUEaYgAEc5yurlFy5H9Bk6bgz9Qeeb8Dpc1
xJZ9QUzrGn+eekPQzCY6e1w3bDY6EcyNhWAPk7aJtIa43ahF/iokPuCBkwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIQFzgv+ByefCjRm/Z9R8HpmlY5xMB8GA1UdIwQY
MBaAFFDUrDIJZatJkRCFAaBgKmiT5j/sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTkt
YmEwMzIzMjM3NDRjLzEvaEFYT0NfNEhKNThLTkdiOW4xSHdlbWFWam5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTktYmEwMzIzMjM3NDRj
LzEvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCUECMAwQE
U9jAAwQFWblgAwQCuSLEAwQCuafwAwQCudV8AwQCueB4AwQAw1+jMBQEAgACMA4D
BQAgARrQAwUDKgvCADANBgkqhkiG9w0BAQsFAAOCAQEAkYCixabI54S8nls96QgW
/q4Bd4V3yBascV3mEtis7QHzjp+yU6TsaLStF4zy8IfhJkvUsYHZMJkxG42l8Viu
mMSk8VGJ4auj3DbllnbuQ6UQhGU96o0+vBeWXvoqiYVq8sxQ2flEvmy4I/Uga2LD
OimXJOTRPu4PMez7dzoVzUnxlmqsqgyhFaLSki6u/5wTpnkrG01F+zn5P6RPIdsd
AodeywVe4NjWYQxdbH3qjTaxUus6Hay9QtXT6Hm1YdHt5KfH7G7Yn1eCGRYzVfiC
v00lXzdYw4qDVic6HlSkA6xzazJVcz3ZwkXjSgY5V9S9IRAxH4v9lUAKGSLupTTz
VQ==
-----END CERTIFICATE-----