Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tBTlWHK_UBQBSxUhqx0ZH1NlO6A.roa
File:                     tBTlWHK_UBQBSxUhqx0ZH1NlO6A.roa (raw, json)
Hash identifier:          1dUxSPcMKXaVDN6kqr9weIH1Wuo/i/JwdKAiMzJ7IX4=
Subject key identifier:   B4:14:E5:58:72:BF:50:14:01:4B:15:21:AB:1D:19:1F:53:65:3B:A0
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       0192FC707578C4D8BC1A300CC13308411321
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tBTlWHK_UBQBSxUhqx0ZH1NlO6A.roa
Signing time:             Tue 05 Nov 2024 13:08:01 +0000
ROA not before:           Tue 05 Nov 2024 13:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61046
IP address blocks:        5.149.250.0/23 maxlen: 23
                          79.141.170.0/23 maxlen: 23
                          91.193.16.0/23 maxlen: 23
                          185.81.112.0/23 maxlen: 23
                          188.119.148.0/23 maxlen: 23
                          193.42.37.0/24 maxlen: 24
                          2a01:8640:1::/48 maxlen: 48
                          2a01:8640:7::/48 maxlen: 48
                          2a01:8640:16::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 21:48:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:70:75:78:c4:d8:bc:1a:30:0c:c1:33:08:41:13:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Nov  5 13:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b414e55872bf5014014b1521ab1d191f53653ba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8e:4e:c8:4b:f8:02:6f:19:f6:2f:b1:ff:af:
                    4a:4b:10:20:b4:cb:79:55:74:6c:8f:d8:d0:9a:78:
                    71:da:7f:51:cb:04:28:3c:4c:c8:80:d5:29:fe:e8:
                    61:41:51:1d:ba:e3:b7:d3:de:b9:ae:f4:e8:41:56:
                    f7:58:31:43:84:b8:ff:49:b1:03:e0:7b:1e:3d:38:
                    55:52:97:d6:73:5d:37:01:8d:a2:6d:74:80:63:96:
                    7c:3c:db:c4:19:42:ed:2b:87:07:41:1c:0a:72:34:
                    e7:f3:99:ac:c8:34:0d:67:b6:16:9e:a3:33:7b:fa:
                    2f:82:28:03:88:45:37:0c:ae:7f:59:54:31:eb:7f:
                    05:37:3b:5a:ed:71:7f:73:20:b9:f8:60:90:06:8f:
                    38:d3:c7:a7:6c:55:1b:06:19:5e:6f:60:33:2d:9f:
                    24:cd:bc:1f:8c:83:9f:92:cd:a0:4f:6e:f7:7d:65:
                    3c:f4:1d:ad:d5:94:82:cd:2b:76:26:c9:4e:3a:c3:
                    bf:e2:03:67:af:7a:9d:2d:72:eb:47:7d:2c:19:50:
                    35:d1:48:95:b3:63:9d:33:ac:e1:eb:77:00:8b:bd:
                    98:4e:7e:66:24:41:40:02:48:37:0f:b4:7b:b7:d5:
                    30:6c:2f:ba:71:f7:cc:f7:11:8e:90:b0:c7:76:13:
                    e9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:14:E5:58:72:BF:50:14:01:4B:15:21:AB:1D:19:1F:53:65:3B:A0
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/tBTlWHK_UBQBSxUhqx0ZH1NlO6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.250.0/23
                  79.141.170.0/23
                  91.193.16.0/23
                  185.81.112.0/23
                  188.119.148.0/23
                  193.42.37.0/24
                IPv6:
                  2a01:8640:1::/48
                  2a01:8640:7::/48
                  2a01:8640:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:45:9b:69:fe:ea:c2:a4:65:5a:63:13:09:88:1b:31:2d:38:
         49:5e:9d:c8:e8:31:d6:a0:03:6f:60:ab:da:f3:d8:66:a7:96:
         9d:8f:fa:c3:78:12:5d:e1:ff:ca:94:4e:e9:3b:cf:0a:6b:75:
         2a:30:40:4a:29:df:1f:8a:fd:75:74:2e:26:aa:2d:a3:04:8e:
         c5:15:0f:5f:f3:ea:c5:8e:40:5f:83:e1:b3:b8:53:5b:e8:3b:
         cc:db:80:fa:7a:9f:37:50:1a:23:40:ac:b3:ce:96:a4:0b:6b:
         40:38:8a:f5:90:d9:f3:d1:c6:b0:21:97:dd:33:32:60:c1:66:
         f9:0a:5d:6f:10:b5:74:3e:58:44:dc:91:00:5b:85:3d:b7:f0:
         83:7e:e5:5c:24:3b:40:14:76:ca:b9:67:90:62:82:02:35:94:
         43:98:af:96:65:4f:fe:b0:7d:c0:11:e0:82:0d:d5:f7:5c:73:
         d0:e2:c1:3e:63:89:0d:14:88:0b:1e:f2:58:bb:d9:e1:a2:32:
         47:f6:fe:5e:8e:70:2f:45:21:4c:16:84:f9:8a:05:1c:f5:ab:
         10:61:e5:bf:cf:38:ba:c2:07:62:39:1e:3d:39:eb:5d:0a:21:
         91:4b:36:85:01:80:fa:4b:85:42:2e:3d:e1:fb:8c:d1:2f:6b:
         e3:1b:be:0b
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZL8cHV4xNi8GjAMwTMIQRMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTI0MmMzM2JjMmUyZTllNDU4NTBhMGZjNjRhYjJjNzUw
NmE0YjgwHhcNMjQxMTA1MTMwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDE0ZTU1ODcyYmY1MDE0MDE0YjE1MjFhYjFkMTkxZjUzNjUzYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt45OyEv4Am8Z9i+x/69KSxAgtMt5
VXRsj9jQmnhx2n9RywQoPEzIgNUp/uhhQVEduuO30965rvToQVb3WDFDhLj/SbED
4HsePThVUpfWc103AY2ibXSAY5Z8PNvEGULtK4cHQRwKcjTn85msyDQNZ7YWnqMz
e/ovgigDiEU3DK5/WVQx638FNzta7XF/cyC5+GCQBo8408enbFUbBhleb2AzLZ8k
zbwfjIOfks2gT273fWU89B2t1ZSCzSt2JslOOsO/4gNnr3qdLXLrR30sGVA10UiV
s2OdM6zh63cAi72YTn5mJEFAAkg3D7R7t9UwbC+6cffM9xGOkLDHdhPp2QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLQU5Vhyv1AUAUsVIasdGR9TZTugMB8GA1UdIwQY
MBaAFGkSQsM7wuLp5FhQoPxkqyx1BqS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjkt
MzYyZmZlOGVlMjcwLzEvdEJUbFdIS19VQlFCU3hVaHF4MFpIMU5sTzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjktMzYyZmZlOGVlMjcw
LzEvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAqBAIAATAkAwQBBZX6AwQB
T42qAwQBW8EQAwQBuVFwAwQBvHeUAwQAwSolMCEEAgACMBsDBwAqAYZAAAEDBwAq
AYZAAAcDBwAqAYZAABYwDQYJKoZIhvcNAQELBQADggEBAEFFm2n+6sKkZVpjEwmI
GzEtOElencjoMdagA29gq9rz2Ganlp2P+sN4El3h/8qUTuk7zwprdSowQEop3x+K
/XV0LiaqLaMEjsUVD1/z6sWOQF+D4bO4U1voO8zbgPp6nzdQGiNArLPOlqQLa0A4
ivWQ2fPRxrAhl90zMmDBZvkKXW8QtXQ+WETckQBbhT238IN+5VwkO0AUdsq5Z5Bi
ggI1lEOYr5ZlT/6wfcAR4IIN1fdcc9DiwT5jiQ0UiAse8li72eGiMkf2/l6OcC9F
IUwWhPmKBRz1qxBh5b/POLrCB2I5Hj05610KIZFLNoUBgPpLhUIuPeH7jNEva+Mb
vgs=
-----END CERTIFICATE-----