Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/wLYL4iSDHl7E-FQNODfPuWhqNh8.roa
File:                     wLYL4iSDHl7E-FQNODfPuWhqNh8.roa (raw, json)
Hash identifier:          r5nGbWiEEqD2KildRa1NlVWeOtbM9usPjXkYQ3otz5Y=
Subject key identifier:   C0:B6:0B:E2:24:83:1E:5E:C4:F8:54:0D:38:37:CF:B9:68:6A:36:1F
Certificate issuer:       /CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
Certificate serial:       018DEED0F6105F829C256E32FF3FE9E8972A
Authority key identifier: BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/wLYL4iSDHl7E-FQNODfPuWhqNh8.roa
Signing time:             Wed 28 Feb 2024 08:24:48 +0000
ROA not before:           Wed 28 Feb 2024 08:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9000
IP address blocks:        212.50.32.0/24 maxlen: 24
                          212.50.33.0/24 maxlen: 24
                          212.50.36.0/24 maxlen: 24
                          212.50.37.0/24 maxlen: 24
                          212.50.38.0/24 maxlen: 24
                          212.50.39.0/24 maxlen: 24
                          212.50.41.0/24 maxlen: 24
                          212.50.44.0/24 maxlen: 24
                          212.50.54.0/24 maxlen: 24
                          212.50.55.0/24 maxlen: 24
                          212.50.61.0/24 maxlen: 24
                          2001:1b68::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 29 Feb 2024 07:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:d0:f6:10:5f:82:9c:25:6e:32:ff:3f:e9:e8:97:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
        Validity
            Not Before: Feb 28 08:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0b60be224831e5ec4f8540d3837cfb9686a361f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f7:87:8e:bf:df:b5:0a:2f:66:31:89:77:20:
                    84:be:ae:73:f3:91:22:c8:e8:bb:4b:53:63:b5:c3:
                    6f:c0:10:98:17:6a:ff:8c:73:72:a9:db:cd:4a:48:
                    63:8e:7f:3f:35:28:2b:08:41:41:70:17:b6:f1:c4:
                    3d:18:6d:22:66:c4:a9:bd:0e:b0:95:de:45:71:79:
                    5c:95:dc:eb:80:c9:82:52:99:2b:fb:f4:b5:26:28:
                    d2:0f:2b:60:82:2a:ac:c4:e0:7c:f3:ae:12:05:52:
                    0c:9f:d4:0c:0d:43:7a:91:a1:5d:81:59:99:c7:9f:
                    b4:17:d5:6b:10:53:e8:5d:fa:40:e2:09:64:3a:dc:
                    cd:13:c8:e9:5d:b6:c1:87:4d:6f:db:9d:af:d9:1c:
                    3f:f5:47:82:fa:4a:8b:ec:35:7d:a8:ba:dd:02:b4:
                    a9:eb:23:05:58:26:4c:fc:b2:e1:88:4d:94:6b:3a:
                    4e:6c:62:13:ca:94:d0:cf:1c:cb:5c:91:af:61:34:
                    a7:f1:82:db:c8:4b:f5:be:c5:2b:e9:06:8f:a2:9a:
                    27:9d:d9:ac:f5:aa:55:a4:a1:08:cf:2a:7c:a0:c7:
                    fb:ac:51:87:cb:4c:05:08:17:d0:cd:62:ca:e3:a4:
                    3b:a1:0b:9b:d5:31:1c:46:55:9d:63:16:56:ec:47:
                    78:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B6:0B:E2:24:83:1E:5E:C4:F8:54:0D:38:37:CF:B9:68:6A:36:1F
            X509v3 Authority Key Identifier:
                keyid:BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/wLYL4iSDHl7E-FQNODfPuWhqNh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/u41koNwhmWscmeaMyVFpTik-3v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.50.32.0/23
                  212.50.36.0/22
                  212.50.41.0/24
                  212.50.44.0/24
                  212.50.54.0/23
                  212.50.61.0/24
                IPv6:
                  2001:1b68::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:d4:fd:21:55:a8:60:12:3f:5a:66:26:e9:1f:fe:bf:b1:c5:
         5e:95:3b:ea:73:ff:a6:11:a1:29:4f:22:26:8f:fc:57:d4:cf:
         2a:15:09:1a:56:65:77:27:38:2f:7d:5b:e8:bf:15:60:6e:6a:
         77:73:b4:e3:21:99:9c:49:e5:79:e1:05:46:5c:9e:15:58:48:
         d3:e5:10:79:bc:6c:df:93:70:0e:fa:2e:b2:42:a1:5f:15:68:
         87:5f:33:d4:9d:79:46:86:5e:64:a2:79:74:1c:80:5a:5a:a2:
         12:0b:c8:5f:52:a4:4a:c8:c7:07:35:19:97:bd:59:2e:aa:7e:
         1a:97:e3:b2:66:6a:d0:3a:84:82:b5:ef:85:f0:4e:6a:11:c5:
         5f:11:47:20:46:36:89:f4:92:cc:3e:8b:2c:eb:30:a5:40:27:
         2c:ea:a1:bd:31:56:57:73:84:7d:db:62:33:0c:bd:fe:09:5f:
         6a:22:a5:de:fd:9b:eb:b2:29:d1:c2:13:a0:1e:36:54:0a:1e:
         fd:20:cf:38:05:54:c7:1e:48:b2:c2:cb:a2:54:82:7a:4e:8b:
         d1:cd:c9:34:c7:c1:6c:b0:3d:58:e6:e9:6b:2a:8b:17:58:38:
         c5:af:c3:4f:76:4b:5c:2c:6f:fc:85:d9:d6:aa:b4:cc:78:fb:
         b2:3f:11:6b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY3u0PYQX4KcJW4y/z/p6JcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGQ2NGEwZGMyMTk5NmIxYzk5ZTY4Y2M5NTE2OTRlMjkz
ZWRlZmUwHhcNMjQwMjI4MDgyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI2MGJlMjI0ODMxZTVlYzRmODU0MGQzODM3Y2ZiOTY4NmEzNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlveHjr/ftQovZjGJdyCEvq5z85Ei
yOi7S1NjtcNvwBCYF2r/jHNyqdvNSkhjjn8/NSgrCEFBcBe28cQ9GG0iZsSpvQ6w
ld5FcXlcldzrgMmCUpkr+/S1JijSDytggiqsxOB8864SBVIMn9QMDUN6kaFdgVmZ
x5+0F9VrEFPoXfpA4glkOtzNE8jpXbbBh01v252v2Rw/9UeC+kqL7DV9qLrdArSp
6yMFWCZM/LLhiE2UazpObGITypTQzxzLXJGvYTSn8YLbyEv1vsUr6QaPoponndms
9apVpKEIzyp8oMf7rFGHy0wFCBfQzWLK46Q7oQub1TEcRlWdYxZW7Ed4RQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMC2C+Ikgx5exPhUDTg3z7loajYfMB8GA1UdIwQY
MBaAFLuNZKDcIZlrHJnmjMlRaU4pPt7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUt
ZGQ0YTIxN2Q2MDZiLzEvd0xZTDRpU0RIbDdFLUZRTk9EZlB1V2hxTmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUtZGQ0YTIxN2Q2MDZi
LzEvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQB1DIgAwQC
1DIkAwQA1DIpAwQA1DIsAwQB1DI2AwQA1DI9MA0EAgACMAcDBQMgARtoMA0GCSqG
SIb3DQEBCwUAA4IBAQB91P0hVahgEj9aZibpH/6/scVelTvqc/+mEaEpTyImj/xX
1M8qFQkaVmV3JzgvfVvovxVgbmp3c7TjIZmcSeV54QVGXJ4VWEjT5RB5vGzfk3AO
+i6yQqFfFWiHXzPUnXlGhl5konl0HIBaWqISC8hfUqRKyMcHNRmXvVkuqn4al+Oy
ZmrQOoSCte+F8E5qEcVfEUcgRjaJ9JLMPoss6zClQCcs6qG9MVZXc4R922IzDL3+
CV9qIqXe/ZvrsinRwhOgHjZUCh79IM84BVTHHkiywsuiVIJ6TovRzck0x8FssD1Y
5ulrKosXWDjFr8NPdktcLG/8hdnWqrTMePuyPxFr
-----END CERTIFICATE-----