Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/bq9uYWiaTTWAnUVzjpmYylQlF9k.roa
File:                     bq9uYWiaTTWAnUVzjpmYylQlF9k.roa (raw, json)
Hash identifier:          j7cOjiz6S90BoV/KrHVJHWQNvUPl67vSv9xiNnU3S08=
Subject key identifier:   6E:AF:6E:61:68:9A:4D:35:80:9D:45:73:8E:99:98:CA:54:25:17:D9
Certificate issuer:       /CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
Certificate serial:       018CC492270D7DF988B51F78CEC787836C9C
Authority key identifier: 2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/bq9uYWiaTTWAnUVzjpmYylQlF9k.roa
Signing time:             Mon 01 Jan 2024 10:29:21 +0000
ROA not before:           Mon 01 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197143
IP address blocks:        185.33.130.0/24 maxlen: 24
                          185.33.129.0/24 maxlen: 24
                          185.33.131.0/24 maxlen: 24
                          185.33.128.0/24 maxlen: 24
                          185.218.218.0/24 maxlen: 24
                          185.218.217.0/24 maxlen: 24
                          185.218.219.0/24 maxlen: 24
                          185.218.216.0/24 maxlen: 24
                          46.245.163.0/24 maxlen: 24
                          46.245.162.0/24 maxlen: 24
                          46.245.165.0/24 maxlen: 24
                          46.245.164.0/24 maxlen: 24
                          46.245.166.0/24 maxlen: 24
                          46.245.161.0/24 maxlen: 24
                          46.245.160.0/24 maxlen: 24
                          46.245.167.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 18 Jan 2024 14:52:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:27:0d:7d:f9:88:b5:1f:78:ce:c7:87:83:6c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
        Validity
            Not Before: Jan  1 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eaf6e61689a4d35809d45738e9998ca542517d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5b:ef:58:79:c4:47:dc:a8:23:e2:46:f2:3b:
                    74:10:94:d6:c9:fe:f4:22:9c:76:87:9b:dc:b3:f8:
                    87:f6:24:0a:09:1e:27:73:94:64:1c:57:04:3d:a9:
                    d7:de:c1:fe:cb:03:64:1b:d8:46:22:6e:4e:32:28:
                    fe:eb:f5:30:42:49:4d:33:b7:9e:ad:c1:9a:56:17:
                    ee:fd:c7:4d:85:59:0a:46:99:3f:39:76:6b:78:0e:
                    be:7b:67:58:cf:d8:fc:d4:06:3a:5e:03:0f:82:e8:
                    26:51:6c:0d:08:70:e2:fc:96:bf:ea:50:5f:b3:89:
                    20:72:95:56:83:04:74:a0:96:18:f9:8f:12:28:a5:
                    c3:6c:75:a3:aa:f8:d2:97:cb:a2:94:41:05:7f:a1:
                    87:c0:6b:c5:3f:74:34:ef:f2:70:48:de:b2:a9:d0:
                    b3:df:c4:d0:e4:6b:5b:e0:d2:9d:e7:d1:f2:38:d8:
                    df:9d:a0:a9:d5:24:d3:a3:66:7c:f3:a1:cf:b5:75:
                    5a:79:61:d3:71:f5:bd:c9:88:73:5d:f2:31:84:10:
                    8d:13:98:55:90:9f:9a:78:02:09:7b:81:9e:47:d4:
                    75:9e:5b:00:1b:2b:fc:22:c7:4c:1b:3b:26:08:d1:
                    d4:3e:c1:00:c5:91:fe:01:3e:15:e7:5d:f5:4c:4a:
                    7d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AF:6E:61:68:9A:4D:35:80:9D:45:73:8E:99:98:CA:54:25:17:D9
            X509v3 Authority Key Identifier:
                keyid:2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/bq9uYWiaTTWAnUVzjpmYylQlF9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.160.0/21
                  185.33.128.0/22
                  185.218.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:7b:9f:5d:95:26:0d:fc:32:e5:62:8d:35:73:77:59:9b:67:
         75:e3:5d:96:0e:ff:ce:e0:89:d8:d9:9f:28:e3:8e:d7:6f:9c:
         4d:cb:ab:51:c1:23:64:1b:05:e7:90:cb:49:bf:af:cc:5f:db:
         d2:dc:1e:c6:04:fd:96:42:ae:83:5d:3d:ea:c7:0c:8d:60:77:
         70:2c:c1:19:32:c4:92:e8:7e:cb:70:fe:00:44:6b:f2:30:94:
         2f:df:6b:f0:f9:f7:a8:54:d2:aa:be:60:e9:aa:72:3c:59:b8:
         de:86:ca:d3:6d:cb:b9:2c:c6:fc:21:f4:1d:d1:21:24:9b:16:
         03:d3:6d:25:6b:a9:6d:a3:9b:79:18:a5:01:b1:2a:7f:8e:23:
         96:49:bf:c5:48:d4:5d:ca:6f:c7:16:b3:d0:d4:05:6a:74:f2:
         7c:a3:01:74:58:b3:c9:94:3e:3e:c3:db:34:be:b7:87:63:2b:
         f6:7e:a5:2b:f1:50:10:2c:5f:35:c6:69:42:48:c6:b8:c0:ef:
         3d:ce:a9:83:4d:c2:65:81:41:04:43:f4:64:46:43:f8:b5:41:
         7f:df:63:f9:4e:97:b8:7c:58:3b:4f:24:35:cd:c5:bc:13:0f:
         0b:90:fe:17:d7:97:7f:f5:08:5d:5a:b4:29:39:4f:8f:ca:d8:
         27:f3:c9:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkicNffmItR94zseHg2ycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTE3MmMxYzczZjk3MWE5ZmIyZTg5Yjc5MTcyMDBjNTAw
ZWU0MDcwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWFmNmU2MTY4OWE0ZDM1ODA5ZDQ1NzM4ZTk5OThjYTU0MjUxN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklvvWHnER9yoI+JG8jt0EJTWyf70
Ipx2h5vcs/iH9iQKCR4nc5RkHFcEPanX3sH+ywNkG9hGIm5OMij+6/UwQklNM7ee
rcGaVhfu/cdNhVkKRpk/OXZreA6+e2dYz9j81AY6XgMPgugmUWwNCHDi/Ja/6lBf
s4kgcpVWgwR0oJYY+Y8SKKXDbHWjqvjSl8uilEEFf6GHwGvFP3Q07/JwSN6yqdCz
38TQ5Gtb4NKd59HyONjfnaCp1STTo2Z886HPtXVaeWHTcfW9yYhzXfIxhBCNE5hV
kJ+aeAIJe4GeR9R1nlsAGyv8IsdMGzsmCNHUPsEAxZH+AT4V5131TEp9FwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG6vbmFomk01gJ1Fc46ZmMpUJRfZMB8GA1UdIwQY
MBaAFC0RcsHHP5can7Lom3kXIAxQDuQHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQt
ZDUzODY2ZTkxODZhLzEvYnE5dVlXaWFUVFdBblVWempwbVl5bFFsRjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQtZDUzODY2ZTkxODZh
LzEvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLvWgAwQC
uSGAAwQCudrYMA0GCSqGSIb3DQEBCwUAA4IBAQAKe59dlSYN/DLlYo01c3dZm2d1
412WDv/O4InY2Z8o447Xb5xNy6tRwSNkGwXnkMtJv6/MX9vS3B7GBP2WQq6DXT3q
xwyNYHdwLMEZMsSS6H7LcP4ARGvyMJQv32vw+feoVNKqvmDpqnI8WbjehsrTbcu5
LMb8IfQd0SEkmxYD020la6lto5t5GKUBsSp/jiOWSb/FSNRdym/HFrPQ1AVqdPJ8
owF0WLPJlD4+w9s0vreHYyv2fqUr8VAQLF81xmlCSMa4wO89zqmDTcJlgUEEQ/Rk
RkP4tUF/32P5Tpe4fFg7TyQ1zcW8Ew8LkP4X15d/9QhdWrQpOU+Pytgn88nB
-----END CERTIFICATE-----