Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/lobd-fiT94eoVM1irVyNoV4FNdo.roa
File:                     lobd-fiT94eoVM1irVyNoV4FNdo.roa (raw, json)
Hash identifier:          2O6zlktdhREmzOANYcI1GCtk0STULUlbvgWnqZXayoY=
Subject key identifier:   96:86:DD:F9:F8:93:F7:87:A8:54:CD:62:AD:5C:8D:A1:5E:05:35:DA
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018E9843835529B4CB005E01CE577220590D
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/lobd-fiT94eoVM1irVyNoV4FNdo.roa
Signing time:             Mon 01 Apr 2024 06:05:45 +0000
ROA not before:           Mon 01 Apr 2024 06:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43733
IP address blocks:        46.130.0.0/16 maxlen: 16
                          46.130.0.0/17 maxlen: 17
                          46.130.128.0/17 maxlen: 17
                          46.130.255.0/24 maxlen: 24
                          83.139.24.0/21 maxlen: 21
                          83.139.24.0/22 maxlen: 22
                          83.139.28.0/22 maxlen: 22
                          83.139.32.0/22 maxlen: 22
                          185.36.36.0/22 maxlen: 22
                          185.36.36.0/24 maxlen: 24
                          217.76.0.0/20 maxlen: 20
                          217.76.0.0/21 maxlen: 21
                          217.76.0.0/24 maxlen: 24
                          217.76.1.0/24 maxlen: 24
                          217.76.2.0/24 maxlen: 24
                          217.76.8.0/21 maxlen: 21
                          2a00:1f28::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:47:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:98:43:83:55:29:b4:cb:00:5e:01:ce:57:72:20:59:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Apr  1 06:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9686ddf9f893f787a854cd62ad5c8da15e0535da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:96:c6:45:78:6d:2e:91:60:c4:86:5b:73:df:
                    23:27:b6:b5:77:ac:ca:39:2e:41:de:d5:0a:62:e0:
                    74:35:41:c2:fc:97:29:03:e0:68:bb:d1:5d:86:37:
                    ee:9a:d1:43:44:7f:af:c7:b1:ae:db:8e:4e:e3:af:
                    a7:40:e1:98:5e:7e:49:db:62:f4:94:68:3a:e8:be:
                    0d:e0:27:79:8e:be:db:49:3a:b0:eb:b7:13:88:93:
                    10:e7:78:5a:e1:15:9f:6b:97:69:b0:1c:96:b0:44:
                    ef:15:0c:7c:ff:17:4e:58:53:e8:b7:30:f1:76:32:
                    cc:87:e3:b6:24:1b:5a:b9:0c:4f:08:aa:02:01:a0:
                    72:29:26:20:0d:a6:38:ee:d4:53:0a:c3:a8:f3:af:
                    fb:7f:92:c4:73:73:b1:c1:01:15:bb:5c:62:ad:ea:
                    77:ec:28:b2:e1:6c:8d:20:5b:27:f9:f5:ae:22:d3:
                    e5:6d:94:99:7f:01:05:e0:a3:c0:45:b0:49:fe:59:
                    72:94:2d:7f:eb:5b:ce:61:62:74:6e:4b:b0:97:f0:
                    4f:1d:75:33:e7:79:4d:77:27:ba:d6:50:d5:78:09:
                    ef:c6:79:ee:35:15:6e:b6:59:99:77:87:ea:ea:9c:
                    ce:4f:e8:37:90:c5:20:18:f1:8b:15:a2:34:b8:37:
                    45:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:86:DD:F9:F8:93:F7:87:A8:54:CD:62:AD:5C:8D:A1:5E:05:35:DA
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/lobd-fiT94eoVM1irVyNoV4FNdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.130.0.0/16
                  83.139.24.0-83.139.35.255
                  185.36.36.0/22
                  217.76.0.0/20
                IPv6:
                  2a00:1f28::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:ed:78:b2:7c:79:b3:21:82:06:af:00:d2:69:51:26:51:ab:
         50:af:63:47:e4:da:08:5f:52:6e:e1:62:16:88:fd:43:46:dd:
         d1:8d:f0:b8:0a:76:ae:73:09:9e:13:c5:4c:0e:6b:30:eb:34:
         13:a7:16:61:a5:9a:5b:d9:56:7a:c9:61:5e:10:85:f9:be:bf:
         9e:f6:66:fe:e7:cc:61:23:c7:8c:b0:d5:62:bd:28:21:2e:ac:
         66:ec:89:45:04:d2:3c:49:5b:4f:49:5b:21:fc:be:8c:e8:26:
         15:36:8c:d3:7d:a2:75:ba:ed:4f:bb:df:bd:10:27:cd:00:f7:
         d0:16:08:e5:5b:29:06:61:f7:2e:3c:75:be:ca:33:b6:5a:31:
         2a:d0:46:6e:f6:9b:83:6f:55:76:30:28:99:7b:da:2e:84:56:
         66:78:de:a8:9d:18:59:cf:1d:27:a1:d2:03:04:ca:cb:4d:a2:
         84:17:59:b7:e2:7d:62:44:86:50:0e:30:ea:69:2c:a3:90:c9:
         da:60:dc:f4:7e:2a:c7:8e:49:02:d8:91:19:81:4c:b6:b2:9c:
         45:b0:91:bb:ee:92:21:dc:c1:e6:f0:f9:69:c5:d2:28:ea:ed:
         1a:80:7c:80:e9:95:95:50:ed:b7:3d:1f:98:d8:0c:8d:80:7c:
         d2:81:bf:82
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY6YQ4NVKbTLAF4BzldyIFkNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwNDAxMDYwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njg2ZGRmOWY4OTNmNzg3YTg1NGNkNjJhZDVjOGRhMTVlMDUzNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppbGRXhtLpFgxIZbc98jJ7a1d6zK
OS5B3tUKYuB0NUHC/JcpA+Bou9FdhjfumtFDRH+vx7Gu245O46+nQOGYXn5J22L0
lGg66L4N4Cd5jr7bSTqw67cTiJMQ53ha4RWfa5dpsByWsETvFQx8/xdOWFPotzDx
djLMh+O2JBtauQxPCKoCAaByKSYgDaY47tRTCsOo86/7f5LEc3OxwQEVu1xirep3
7Ciy4WyNIFsn+fWuItPlbZSZfwEF4KPARbBJ/llylC1/61vOYWJ0bkuwl/BPHXUz
53lNdye61lDVeAnvxnnuNRVutlmZd4fq6pzOT+g3kMUgGPGLFaI0uDdFKQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJaG3fn4k/eHqFTNYq1cjaFeBTXaMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvbG9iZC1maVQ5NGVvVk0xaXJWeU5vVjRGTmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAlBAIAATAfAwMALoIwDAME
A1OLGAMEAlOLIAMEArkkJAMEBNlMADANBAIAAjAHAwUAKgAfKDANBgkqhkiG9w0B
AQsFAAOCAQEAhO14snx5syGCBq8A0mlRJlGrUK9jR+TaCF9SbuFiFoj9Q0bd0Y3w
uAp2rnMJnhPFTA5rMOs0E6cWYaWaW9lWeslhXhCF+b6/nvZm/ufMYSPHjLDVYr0o
IS6sZuyJRQTSPElbT0lbIfy+jOgmFTaM032idbrtT7vfvRAnzQD30BYI5VspBmH3
Ljx1vsoztloxKtBGbvabg29VdjAomXvaLoRWZnjeqJ0YWc8dJ6HSAwTKy02ihBdZ
t+J9YkSGUA4w6mkso5DJ2mDc9H4qx45JAtiRGYFMtrKcRbCRu+6SIdzB5vD5acXS
KOrtGoB8gOmVlVDttz0fmNgMjYB80oG/gg==
-----END CERTIFICATE-----