Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/n-PEzC-IJngujrFKo34hypW9tos.roa
File:                     n-PEzC-IJngujrFKo34hypW9tos.roa (raw, json)
Hash identifier:          By+h0cfXuO+LrXTZYEZxgIBUiIcErx2tTAUak77nq/4=
Subject key identifier:   9F:E3:C4:CC:2F:88:26:78:2E:8E:B1:4A:A3:7E:21:CA:95:BD:B6:8B
Certificate issuer:       /CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
Certificate serial:       018CC424539D730ED33E1998B6982B1FD05B
Authority key identifier: CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/n-PEzC-IJngujrFKo34hypW9tos.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200924
IP address blocks:        185.75.164.0/22 maxlen: 22
                          185.44.132.0/22 maxlen: 22
                          5.83.176.0/20 maxlen: 20
                          46.167.24.0/21 maxlen: 21
                          185.27.212.0/22 maxlen: 22
                          185.37.248.0/22 maxlen: 22
                          185.6.120.0/22 maxlen: 22
                          31.22.24.0/21 maxlen: 21
                          2a01:7420::/32 maxlen: 32
                          2a05:5800::/29 maxlen: 48
Validation:               Failed, certificate revoked on Thu 23 May 2024 06:38:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:53:9d:73:0e:d3:3e:19:98:b6:98:2b:1f:d0:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fe3c4cc2f8826782e8eb14aa37e21ca95bdb68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:92:39:2c:dd:ba:75:7d:ee:ab:ea:9c:63:ca:
                    d6:e7:b9:9a:37:27:f4:8f:9c:9b:16:87:20:c9:30:
                    66:12:15:7f:27:19:01:9c:89:7e:08:19:fa:4a:06:
                    89:dd:47:f4:43:ad:4f:07:a9:26:ec:8f:8c:c9:ae:
                    90:a2:48:bd:26:e5:82:c5:5c:12:cf:c9:93:01:21:
                    6a:09:79:87:a0:17:70:c2:a0:78:1a:62:64:f0:18:
                    1e:68:21:88:03:98:8f:af:f2:97:27:10:b3:6d:cf:
                    14:66:41:01:c1:46:70:01:df:33:be:e8:b7:a8:c5:
                    5f:9e:74:d4:9d:18:2f:28:ef:4e:d7:1c:9e:f0:4c:
                    5f:fe:2b:e1:08:7b:2d:86:88:ff:9d:24:ea:83:35:
                    52:4a:bf:30:00:1a:67:92:64:ff:44:d7:d6:ad:14:
                    c5:54:c6:14:65:b0:67:02:81:1a:a0:12:47:ef:96:
                    bc:4e:1a:2f:2d:e6:66:e2:2b:fb:77:8a:ce:dc:7b:
                    c7:47:3b:de:cd:fd:70:13:ef:ab:32:91:a2:65:19:
                    12:78:b8:a8:83:1f:dc:00:73:c6:6a:25:1d:7f:2b:
                    90:3c:a9:95:cf:45:6e:fd:ab:df:cd:12:47:b5:89:
                    26:62:a8:28:65:a3:fb:8c:d0:c1:82:df:83:d3:f3:
                    61:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E3:C4:CC:2F:88:26:78:2E:8E:B1:4A:A3:7E:21:CA:95:BD:B6:8B
            X509v3 Authority Key Identifier:
                keyid:CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/n-PEzC-IJngujrFKo34hypW9tos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.176.0/20
                  31.22.24.0/21
                  46.167.24.0/21
                  185.6.120.0/22
                  185.27.212.0/22
                  185.37.248.0/22
                  185.44.132.0/22
                  185.75.164.0/22
                IPv6:
                  2a01:7420::/32
                  2a05:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:da:35:e5:15:7d:9d:1a:0d:e3:52:aa:e4:9c:ff:1f:04:8a:
         ce:3d:c0:99:5d:0e:a1:ea:d6:7b:e0:8e:22:28:d2:df:69:5c:
         2f:a2:74:3e:97:aa:ce:3c:d2:a8:86:34:10:e3:33:7a:2c:4a:
         ca:fa:9e:bf:a1:8a:6f:32:fc:94:71:14:d3:43:50:01:f2:fb:
         fd:56:02:ba:f9:61:05:4d:c6:ff:cf:f7:62:8f:bc:c8:24:9b:
         0a:76:f6:de:35:a2:3d:63:3e:c9:f3:81:80:8e:fe:1c:ff:9c:
         2f:aa:18:58:80:f0:af:5d:d1:98:bb:98:00:fa:32:66:4b:4c:
         4f:d0:e3:ad:f7:04:99:b1:7e:42:2e:3b:43:3d:ad:c9:ad:62:
         6d:df:4c:92:6c:ab:df:02:ec:c1:db:0d:5f:c0:e2:94:69:98:
         d8:9d:3e:a5:a1:60:14:9c:c9:cc:6a:c8:8e:73:10:e2:0e:3b:
         ba:b2:7f:3b:39:83:17:27:dd:e8:33:8c:79:50:93:e6:b1:94:
         8c:18:9c:4e:7a:45:dc:f5:37:4f:c3:cb:d9:03:ce:f0:6d:a3:
         84:9f:96:c2:f3:4e:c5:f2:bb:5f:58:ae:04:0f:7b:04:6e:1a:
         c4:e3:e0:76:1d:99:24:ce:b1:33:95:97:08:fb:46:fe:aa:ec:
         a9:3a:d3:83
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzEJFOdcw7TPhmYtpgrH9BbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNThjYmM0YWFlM2Y4MGM0OWIzNzI5MTFhOGQ0NDg2MWNk
ZmVlY2IwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmUzYzRjYzJmODgyNjc4MmU4ZWIxNGFhMzdlMjFjYTk1YmRiNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5I5LN26dX3uq+qcY8rW57maNyf0
j5ybFocgyTBmEhV/JxkBnIl+CBn6SgaJ3Uf0Q61PB6km7I+Mya6Qoki9JuWCxVwS
z8mTASFqCXmHoBdwwqB4GmJk8BgeaCGIA5iPr/KXJxCzbc8UZkEBwUZwAd8zvui3
qMVfnnTUnRgvKO9O1xye8Exf/ivhCHsthoj/nSTqgzVSSr8wABpnkmT/RNfWrRTF
VMYUZbBnAoEaoBJH75a8ThovLeZm4iv7d4rO3HvHRzvezf1wE++rMpGiZRkSeLio
gx/cAHPGaiUdfyuQPKmVz0Vu/avfzRJHtYkmYqgoZaP7jNDBgt+D0/NhGQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJ/jxMwviCZ4Lo6xSqN+IcqVvbaLMB8GA1UdIwQY
MBaAFM9Yy8Sq4/gMSbNykRqNRIYc3+7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEt
NTBkN2Q5NGUyYjlmLzEvbi1QRXpDLUlKbmd1anJGS28zNGh5cFc5dG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEtNTBkN2Q5NGUyYjlm
LzEvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEBVOwAwQD
HxYYAwQDLqcYAwQCuQZ4AwQCuRvUAwQCuSX4AwQCuSyEAwQCuUukMBQEAgACMA4D
BQAqAXQgAwUDKgVYADANBgkqhkiG9w0BAQsFAAOCAQEAMNo15RV9nRoN41Kq5Jz/
HwSKzj3AmV0OoerWe+COIijS32lcL6J0PpeqzjzSqIY0EOMzeixKyvqev6GKbzL8
lHEU00NQAfL7/VYCuvlhBU3G/8/3Yo+8yCSbCnb23jWiPWM+yfOBgI7+HP+cL6oY
WIDwr13RmLuYAPoyZktMT9DjrfcEmbF+Qi47Qz2tya1ibd9Mkmyr3wLswdsNX8Di
lGmY2J0+paFgFJzJzGrIjnMQ4g47urJ/OzmDFyfd6DOMeVCT5rGUjBicTnpF3PU3
T8PL2QPO8G2jhJ+WwvNOxfK7X1iuBA97BG4axOPgdh2ZJM6xM5WXCPtG/qrsqTrT
gw==
-----END CERTIFICATE-----