Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pZyEypPuy8o8ZfvejTOo-CXKZ14.roa
File:                     pZyEypPuy8o8ZfvejTOo-CXKZ14.roa (raw, json)
Hash identifier:          z5MIePUBHrPqHbuulRaa7iqZJSAi746Bjqx/a9v8JGM=
Subject key identifier:   A5:9C:84:CA:93:EE:CB:CA:3C:65:FB:DE:8D:33:A8:F8:25:CA:67:5E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01935E7F70190AD7B84852DF34F5E1949B9B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pZyEypPuy8o8ZfvejTOo-CXKZ14.roa
Signing time:             Sun 24 Nov 2024 14:07:10 +0000
ROA not before:           Sun 24 Nov 2024 14:07:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.194.177.0/24 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.209.73.0/24 maxlen: 24
                          185.210.235.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.222.29.0/24 maxlen: 24
                          185.222.30.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
                          193.58.146.0/24 maxlen: 24
                          194.76.172.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 03 Dec 2024 10:03:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5e:7f:70:19:0a:d7:b8:48:52:df:34:f5:e1:94:9b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 24 14:07:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a59c84ca93eecbca3c65fbde8d33a8f825ca675e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:61:df:62:66:e7:d7:82:05:c5:80:64:40:
                    67:32:47:58:4a:f9:ec:4f:11:8f:a1:4b:46:d3:d6:
                    47:9d:e8:6b:98:3d:74:0b:5e:7e:2f:cf:81:12:cb:
                    35:09:90:f2:b5:3f:e2:47:49:33:33:66:74:42:a6:
                    6a:e9:ae:94:c6:61:e9:bc:51:9a:b0:09:8d:1b:6d:
                    5e:7a:03:fc:c6:55:38:35:cf:76:bd:6a:bb:18:5c:
                    de:c5:e6:58:6b:b7:81:6a:03:a9:cd:04:11:10:c8:
                    94:6e:a2:ac:59:19:bd:20:d7:88:fc:d9:6e:81:0e:
                    0f:3e:84:8e:33:14:93:f6:01:fc:8a:f5:d0:76:26:
                    ce:42:a0:6b:7c:04:63:47:82:5c:c3:db:46:10:74:
                    66:13:a4:92:fe:ad:11:0a:71:b0:fe:11:bc:cd:ed:
                    2d:e6:fa:b2:3a:e4:21:54:41:45:73:17:13:4c:e6:
                    f5:d0:9d:b7:1f:c0:1a:88:f5:6e:d3:12:3b:2f:52:
                    b7:80:f4:60:9b:1c:3f:c1:da:84:39:bf:88:38:be:
                    d6:18:b7:a0:3b:c4:ca:4c:cd:14:fc:6a:98:b6:71:
                    46:89:59:99:7e:69:72:a2:c5:b3:d7:8f:1a:e2:e9:
                    07:e4:bf:b4:39:d0:89:2b:b2:8b:e2:3d:b8:e1:8b:
                    5d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:9C:84:CA:93:EE:CB:CA:3C:65:FB:DE:8D:33:A8:F8:25:CA:67:5E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pZyEypPuy8o8ZfvejTOo-CXKZ14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.177.0/24
                  185.209.38.0/24
                  185.209.73.0/24
                  185.210.235.0/24
                  185.218.20.0/24
                  185.222.29.0-185.222.30.255
                  185.246.112.0/24
                  193.58.146.0/24
                  194.76.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:da:a9:4d:48:af:42:43:92:4d:ac:5d:4c:55:c8:32:ec:90:
         e5:88:59:63:34:67:0b:32:52:e3:a5:59:20:4c:04:ca:ad:dd:
         1d:61:6a:8f:69:ff:54:04:3c:c8:3d:4c:f0:a9:3a:64:a1:3d:
         1e:a8:06:f9:71:07:85:e7:69:25:37:62:f3:ea:12:38:6d:84:
         7d:d6:d7:a2:c6:ab:d1:a5:50:1e:d4:9d:12:2f:3c:e3:5b:7f:
         f0:a3:94:8f:71:b8:22:39:e0:64:8b:e4:6a:cb:2a:4e:5e:35:
         0c:2d:13:20:19:0c:22:32:79:69:44:2f:08:76:df:e5:8e:c0:
         c5:d7:1f:e5:b3:58:a9:af:e6:a8:e0:9b:ed:b2:fc:b8:ea:49:
         06:e3:3c:60:17:50:70:e7:8e:4a:ef:3d:80:80:b5:d5:8b:e0:
         1d:ec:bd:db:ac:f3:4d:cb:d4:b5:0c:27:05:36:07:3d:c4:6a:
         00:b1:d6:9a:85:28:1e:81:65:9c:6d:6a:d1:c9:04:68:5e:14:
         e3:ac:6b:00:f4:a6:ac:ae:03:e8:c6:6b:34:ab:a5:c1:9b:a2:
         b3:90:2f:69:29:18:6b:c2:d5:ae:0d:b9:d3:ec:60:56:ef:c6:
         7b:23:56:f8:85:6d:df:77:f9:9b:12:b7:20:68:c8:f7:9a:dd:
         6a:5c:24:19
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZNef3AZCte4SFLfNPXhlJubMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTI0MTQwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTljODRjYTkzZWVjYmNhM2M2NWZiZGU4ZDMzYThmODI1Y2E2NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonth32Jm59eCBcWAZEBnMkdYSvns
TxGPoUtG09ZHnehrmD10C15+L8+BEss1CZDytT/iR0kzM2Z0QqZq6a6UxmHpvFGa
sAmNG21eegP8xlU4Nc92vWq7GFzexeZYa7eBagOpzQQREMiUbqKsWRm9INeI/Nlu
gQ4PPoSOMxST9gH8ivXQdibOQqBrfARjR4Jcw9tGEHRmE6SS/q0RCnGw/hG8ze0t
5vqyOuQhVEFFcxcTTOb10J23H8AaiPVu0xI7L1K3gPRgmxw/wdqEOb+IOL7WGLeg
O8TKTM0U/GqYtnFGiVmZfmlyosWz148a4ukH5L+0OdCJK7KL4j244YtdHQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKWchMqT7svKPGX73o0zqPglymdeMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcFp5RXlwUHV5OG84WmZ2ZWpUT28tQ1hLWjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAucKxAwQA
udEmAwQAudFJAwQAudLrAwQAudoUMAwDBAC53h0DBAC53h4DBAC59nADBADBOpID
BADCTKwwDQYJKoZIhvcNAQELBQADggEBAHzaqU1Ir0JDkk2sXUxVyDLskOWIWWM0
ZwsyUuOlWSBMBMqt3R1hao9p/1QEPMg9TPCpOmShPR6oBvlxB4XnaSU3YvPqEjht
hH3W16LGq9GlUB7UnRIvPONbf/CjlI9xuCI54GSL5GrLKk5eNQwtEyAZDCIyeWlE
Lwh23+WOwMXXH+WzWKmv5qjgm+2y/LjqSQbjPGAXUHDnjkrvPYCAtdWL4B3svdus
803L1LUMJwU2Bz3EagCx1pqFKB6BZZxtatHJBGheFOOsawD0pqyuA+jGazSrpcGb
orOQL2kpGGvC1a4NudPsYFbvxnsjVviFbd93+ZsStyBoyPea3WpcJBk=
-----END CERTIFICATE-----