Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/B8r3m4-WHB0Sg7didOfL29WOg50.roa
File:                     B8r3m4-WHB0Sg7didOfL29WOg50.roa (raw, json)
Hash identifier:          kB+KB64xXG36vqrH7Rf5IWdfpubyy7rgtmIAyrfkAnU=
Subject key identifier:   07:CA:F7:9B:8F:96:1C:1D:12:83:B7:62:74:E7:CB:DB:D5:8E:83:9D
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       018CC7263D682F862D78AD76683531C93B7C
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/B8r3m4-WHB0Sg7didOfL29WOg50.roa
Signing time:             Mon 01 Jan 2024 22:30:21 +0000
ROA not before:           Mon 01 Jan 2024 22:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8860
IP address blocks:        195.189.80.0/22 maxlen: 24
                          79.98.104.0/21 maxlen: 24
                          185.228.24.0/22 maxlen: 24
                          185.239.124.0/24 maxlen: 24
                          185.55.228.0/22 maxlen: 24
                          185.239.126.0/24 maxlen: 24
                          194.145.63.0/24 maxlen: 24
                          185.199.37.0/24 maxlen: 24
                          185.199.38.0/24 maxlen: 24
                          185.52.204.0/22 maxlen: 24
                          2a02:80e0::/30 maxlen: 30
Validation:               Failed, certificate revoked on Tue 02 Jan 2024 15:44:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:3d:68:2f:86:2d:78:ad:76:68:35:31:c9:3b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  1 22:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07caf79b8f961c1d1283b76274e7cbdbd58e839d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:83:55:a4:15:35:dc:a5:86:f6:8d:eb:d9:a4:
                    b3:cd:74:c1:36:25:70:68:7f:70:57:8e:d6:2d:18:
                    38:e9:d9:5f:af:b2:86:ae:12:f9:19:c9:e0:5d:93:
                    bb:f1:f3:a4:cd:cb:df:84:a2:5d:c6:7b:42:83:ad:
                    ae:33:1f:97:cc:c6:ca:a6:0e:16:ba:11:de:93:c0:
                    4c:1f:a5:bb:ef:3a:b4:72:79:a6:47:25:e9:e0:d4:
                    52:2c:52:bf:12:72:86:67:8c:5e:ac:43:46:a8:a1:
                    ca:30:0e:e2:ba:b4:07:15:19:c6:e7:97:17:ea:b3:
                    4e:9f:44:e3:53:37:3c:d5:b9:02:ce:38:ff:fa:14:
                    50:4c:1c:5d:a0:9b:80:c7:35:6a:d4:e0:b9:eb:cd:
                    2e:2e:c4:91:df:8a:5c:eb:fe:49:cc:f8:7e:a4:c2:
                    e0:0c:c7:48:dd:5a:35:55:75:1b:56:2a:2c:53:02:
                    d2:ac:5c:c6:85:ba:72:31:f9:f2:f9:8b:8c:61:45:
                    aa:c5:55:e6:0f:7e:39:e5:c4:0e:41:96:5c:09:2e:
                    c3:1a:dd:41:e9:2e:5e:b7:6e:db:11:28:db:7f:ac:
                    fd:9a:11:e2:75:be:41:24:d2:6c:09:66:1f:b9:f4:
                    21:34:41:69:74:8a:4f:69:c5:92:fa:95:e8:7a:2e:
                    16:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CA:F7:9B:8F:96:1C:1D:12:83:B7:62:74:E7:CB:DB:D5:8E:83:9D
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/B8r3m4-WHB0Sg7didOfL29WOg50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.104.0/21
                  185.52.204.0/22
                  185.55.228.0/22
                  185.199.37.0-185.199.38.255
                  185.228.24.0/22
                  185.239.124.0/24
                  185.239.126.0/24
                  194.145.63.0/24
                  195.189.80.0/22
                IPv6:
                  2a02:80e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         40:6e:ab:96:cd:16:51:0e:9d:8f:90:39:13:a8:99:6f:e0:0f:
         fe:33:ce:47:9f:c9:ec:b2:3f:9f:39:3e:1d:f4:89:1b:43:1b:
         f1:0a:3b:76:b8:1f:8b:14:86:36:3a:90:0b:29:c3:75:ca:48:
         0f:70:8c:37:60:66:76:bc:f2:65:63:d8:1f:48:ba:c7:e9:19:
         9f:f9:50:2f:90:0c:c3:d5:d5:d5:c5:f1:7d:32:61:ec:d9:bd:
         4c:89:7d:20:5e:13:95:95:b6:ce:b6:c1:0b:6d:65:56:11:b3:
         82:1d:cc:35:e4:ad:86:2f:f7:f3:a9:a6:c6:f2:47:0d:49:90:
         a7:b4:73:2b:0e:d5:e7:6e:54:c7:fb:f2:8c:b5:49:40:b0:4c:
         44:ca:ab:09:d7:c0:5a:f3:92:42:ae:59:fa:be:35:94:19:17:
         4e:f7:1a:86:de:cb:b5:c7:23:8e:83:23:15:7f:0f:fb:e4:b8:
         00:83:18:9a:14:2d:a6:27:fa:7e:3a:cb:69:a4:52:35:ac:7e:
         29:59:bd:a2:23:f4:fd:b1:24:96:0e:6a:68:1e:da:eb:8a:0d:
         5c:f1:19:d6:5a:90:05:ab:b1:60:d4:15:0c:5e:30:90:dc:70:
         22:02:6f:f4:11:74:29:9b:49:78:45:64:f5:39:8c:3a:fa:db:
         56:99:c6:88
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYzHJj1oL4YteK12aDUxyTt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjQwMTAxMjIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NhZjc5YjhmOTYxYzFkMTI4M2I3NjI3NGU3Y2JkYmQ1OGU4MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjINVpBU13KWG9o3r2aSzzXTBNiVw
aH9wV47WLRg46dlfr7KGrhL5GcngXZO78fOkzcvfhKJdxntCg62uMx+XzMbKpg4W
uhHek8BMH6W77zq0cnmmRyXp4NRSLFK/EnKGZ4xerENGqKHKMA7iurQHFRnG55cX
6rNOn0TjUzc81bkCzjj/+hRQTBxdoJuAxzVq1OC5680uLsSR34pc6/5JzPh+pMLg
DMdI3Vo1VXUbViosUwLSrFzGhbpyMfny+YuMYUWqxVXmD3455cQOQZZcCS7DGt1B
6S5et27bESjbf6z9mhHidb5BJNJsCWYfufQhNEFpdIpPacWS+pXoei4W2QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFAfK95uPlhwdEoO3YnTny9vVjoOdMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvQjhyM200LVdIQjBTZzdkaWRPZkwyOVdPZzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDT2JoAwQC
uTTMAwQCuTfkMAwDBAC5xyUDBAC5xyYDBAK55BgDBAC573wDBAC5734DBADCkT8D
BALDvVAwDQQCAAIwBwMFAioCgOAwDQYJKoZIhvcNAQELBQADggEBAEBuq5bNFlEO
nY+QOROomW/gD/4zzkefyeyyP585Ph30iRtDG/EKO3a4H4sUhjY6kAspw3XKSA9w
jDdgZna88mVj2B9IusfpGZ/5UC+QDMPV1dXF8X0yYezZvUyJfSBeE5WVts62wQtt
ZVYRs4IdzDXkrYYv9/OppsbyRw1JkKe0cysO1eduVMf78oy1SUCwTETKqwnXwFrz
kkKuWfq+NZQZF073Gobey7XHI46DIxV/D/vkuACDGJoULaYn+n46y2mkUjWsfilZ
vaIj9P2xJJYOamge2uuKDVzxGdZakAWrsWDUFQxeMJDccCICb/QRdCmbSXhFZPU5
jDr621aZxog=
-----END CERTIFICATE-----