Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/w2X5W5652agqHw-do4R42ak_Rzk.roa
File:                     w2X5W5652agqHw-do4R42ak_Rzk.roa (raw, json)
Hash identifier:          I5sgBjB6ZVi1gnpWWyxzu23qjTeb/g9almMuA1uPtJ0=
Subject key identifier:   C3:65:F9:5B:9E:B9:D9:A8:2A:1F:0F:9D:A3:84:78:D9:A9:3F:47:39
Certificate issuer:       /CN=bbe6fe14b8755d9ff7466fa97c4a55f735183249
Certificate serial:       019267B6EE5C0843A432B4D9E2A5661C45F4
Authority key identifier: BB:E6:FE:14:B8:75:5D:9F:F7:46:6F:A9:7C:4A:55:F7:35:18:32:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/w2X5W5652agqHw-do4R42ak_Rzk.roa
Signing time:             Mon 07 Oct 2024 16:01:34 +0000
ROA not before:           Mon 07 Oct 2024 16:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210036
IP address blocks:        193.36.104.0/24 maxlen: 24
                          193.36.105.0/24 maxlen: 24
                          193.36.106.0/24 maxlen: 24
                          2a0d:d740::/48 maxlen: 48
                          2a0d:d740:105::/48 maxlen: 48
                          2a0d:d740:c001::/48 maxlen: 48
                          2a0d:d740:c002::/48 maxlen: 48
                          2a0d:d740:c003::/48 maxlen: 48
                          2a0d:d740:c004::/48 maxlen: 48
                          2a0d:d742::/45 maxlen: 45

Validation:               Failed, certificate revoked on Tue 08 Oct 2024 14:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:67:b6:ee:5c:08:43:a4:32:b4:d9:e2:a5:66:1c:45:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe6fe14b8755d9ff7466fa97c4a55f735183249
        Validity
            Not Before: Oct  7 16:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c365f95b9eb9d9a82a1f0f9da38478d9a93f4739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:63:15:33:a2:9f:b3:a2:9e:b4:2c:b5:1f:24:
                    23:e6:86:de:7f:5d:a9:6f:78:fe:d8:4d:14:53:ff:
                    4a:c4:a1:90:e1:e6:d3:ac:7b:ee:a6:45:3e:0f:9d:
                    24:0c:ff:3e:39:71:19:07:bc:b1:31:e5:b0:09:76:
                    5c:8b:fc:83:ac:91:06:13:b6:1d:3f:ae:d9:28:55:
                    17:be:2d:b4:f3:d8:28:37:5c:52:1e:1e:38:03:18:
                    6e:1b:00:10:ae:bb:dc:6d:6c:94:af:c6:b7:a7:11:
                    c1:18:cc:e8:e9:cd:e3:92:f4:e3:b5:9c:03:57:95:
                    8b:b5:ed:94:ab:5c:77:34:d1:da:bd:28:c7:13:08:
                    a4:18:31:0f:97:bb:6f:df:f1:dd:6d:8e:cd:6f:8a:
                    8d:5b:b6:15:37:7b:b7:ce:46:62:0c:fe:30:85:41:
                    cc:f0:de:09:b9:66:43:df:11:2a:b9:51:2e:34:1e:
                    ca:62:f9:bd:b5:4c:b4:7b:25:c8:ca:0e:ef:68:44:
                    8a:ef:d0:d4:14:0c:8c:d9:b1:16:8c:57:46:8a:ea:
                    4c:86:9d:e4:88:03:cf:d3:7f:52:9b:a8:aa:c2:30:
                    57:64:0c:47:26:21:08:61:4f:cc:34:ef:7d:df:1a:
                    20:3b:ad:38:93:94:fe:7c:75:86:4e:3a:34:c1:0e:
                    e7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:65:F9:5B:9E:B9:D9:A8:2A:1F:0F:9D:A3:84:78:D9:A9:3F:47:39
            X509v3 Authority Key Identifier:
                keyid:BB:E6:FE:14:B8:75:5D:9F:F7:46:6F:A9:7C:4A:55:F7:35:18:32:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/w2X5W5652agqHw-do4R42ak_Rzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.104.0-193.36.106.255
                IPv6:
                  2a0d:d740::/48
                  2a0d:d740:105::/48
                  2a0d:d740:c001::-2a0d:d740:c004:ffff:ffff:ffff:ffff:ffff
                  2a0d:d742::/45

    Signature Algorithm: sha256WithRSAEncryption
         7d:e5:59:01:84:ef:71:76:c1:15:dc:4d:87:35:b4:21:61:4e:
         f2:f0:7b:20:59:5c:9b:bc:9d:18:12:ae:8c:13:55:11:e4:4b:
         83:1e:32:b9:36:c3:9f:a2:b8:4d:2c:27:8a:5a:be:11:ff:68:
         59:17:72:cc:be:63:94:3e:70:af:49:3b:ca:f2:95:c7:df:92:
         18:fa:b4:76:38:ce:f2:be:3b:12:91:f0:51:02:1d:05:4c:6a:
         d1:2c:0a:66:fe:96:40:33:25:c7:12:e7:7b:3a:48:a5:d1:bd:
         ce:eb:82:50:f7:1d:49:f2:45:69:1a:dd:27:6f:dc:92:c8:c3:
         b4:36:7f:c8:bf:18:42:78:16:66:a4:5e:6f:ea:ed:db:6b:81:
         2b:2b:f6:30:c0:4c:ca:30:a0:bf:4b:5f:75:6d:d4:aa:58:ea:
         85:2b:5f:eb:8c:6e:f2:e4:f7:79:83:5a:8a:3d:e1:ae:1d:8d:
         46:84:6c:a1:51:36:1a:0d:f1:20:dd:2e:fe:5d:98:d7:0d:13:
         08:7c:80:ff:b4:36:9d:50:82:ce:4c:2a:1d:fc:e6:21:dd:66:
         99:93:2f:ad:b5:87:3d:c4:9e:7c:83:c7:4d:fc:20:46:4e:ea:
         18:09:ec:64:e7:e4:c6:9c:34:7b:4c:48:b4:7d:c4:fa:57:93:
         10:72:fb:1a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZJntu5cCEOkMrTZ4qVmHEX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTZmZTE0Yjg3NTVkOWZmNzQ2NmZhOTdjNGE1NWY3MzUx
ODMyNDkwHhcNMjQxMDA3MTYwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzY1Zjk1YjllYjlkOWE4MmExZjBmOWRhMzg0NzhkOWE5M2Y0NzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmMVM6Kfs6KetCy1HyQj5obef12p
b3j+2E0UU/9KxKGQ4ebTrHvupkU+D50kDP8+OXEZB7yxMeWwCXZci/yDrJEGE7Yd
P67ZKFUXvi2089goN1xSHh44AxhuGwAQrrvcbWyUr8a3pxHBGMzo6c3jkvTjtZwD
V5WLte2Uq1x3NNHavSjHEwikGDEPl7tv3/HdbY7Nb4qNW7YVN3u3zkZiDP4whUHM
8N4JuWZD3xEquVEuNB7KYvm9tUy0eyXIyg7vaESK79DUFAyM2bEWjFdGiupMhp3k
iAPP039Sm6iqwjBXZAxHJiEIYU/MNO993xogO604k5T+fHWGTjo0wQ7nfwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMNl+VueudmoKh8PnaOEeNmpP0c5MB8GA1UdIwQY
MBaAFLvm/hS4dV2f90ZvqXxKVfc1GDJJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1iLUZMaDFYWl8zUm0tcGZFcFY5elVZTWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC83NWQ0ZmQtOTBmNS00YmFhLWEzNWMt
ODdhNjMzM2Q2ZTY0LzEvdzJYNVc1NjUyYWdxSHctZG80UjQyYWtfUnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC83NWQ0ZmQtOTBmNS00YmFhLWEzNWMtODdhNjMzM2Q2ZTY0
LzEvdS1iLUZMaDFYWl8zUm0tcGZFcFY5elVZTWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAUBAIAATAOMAwDBAPBJGgD
BADBJGowNQQCAAIwLwMHACoN10AAAAMHACoN10ABBTASAwcAKg3XQMABAwcAKg3X
QMAEAwcDKg3XQgAAMA0GCSqGSIb3DQEBCwUAA4IBAQB95VkBhO9xdsEV3E2HNbQh
YU7y8HsgWVybvJ0YEq6ME1UR5EuDHjK5NsOforhNLCeKWr4R/2hZF3LMvmOUPnCv
STvK8pXH35IY+rR2OM7yvjsSkfBRAh0FTGrRLApm/pZAMyXHEud7Okil0b3O64JQ
9x1J8kVpGt0nb9ySyMO0Nn/IvxhCeBZmpF5v6u3ba4ErK/YwwEzKMKC/S191bdSq
WOqFK1/rjG7y5Pd5g1qKPeGuHY1GhGyhUTYaDfEg3S7+XZjXDRMIfID/tDadUILO
TCod/OYh3WaZky+ttYc9xJ58g8dN/CBGTuoYCexk5+TGnDR7TEi0fcT6V5MQcvsa
-----END CERTIFICATE-----