Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/pAVBimPZSrjc00jiK0VSb-3SFmc.roa
File:                     pAVBimPZSrjc00jiK0VSb-3SFmc.roa (raw, json)
Hash identifier:          FEOnKxF773QipSQUr2NXJkDHZjssjFlUlw/BN/awDeA=
Subject key identifier:   A4:05:41:8A:63:D9:4A:B8:DC:D3:48:E2:2B:45:52:6F:ED:D2:16:67
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       01941F8C94C46BFCF8754B338DB52EDB958E
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/pAVBimPZSrjc00jiK0VSb-3SFmc.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        194.143.209.0/24 maxlen: 24
                          195.114.192.0/24 maxlen: 24
                          195.114.198.0/24 maxlen: 24
                          195.114.205.0/24 maxlen: 24
                          213.220.20.0/24 maxlen: 24
                          213.220.58.0/24 maxlen: 24
                          213.220.59.0/24 maxlen: 24
                          213.220.60.0/24 maxlen: 24
                          213.220.62.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 10 Jan 2025 07:53:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:94:c4:6b:fc:f8:75:4b:33:8d:b5:2e:db:95:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a405418a63d94ab8dcd348e22b45526fedd21667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:76:5b:7b:31:b1:af:e0:8d:f6:bc:21:a3:76:
                    e6:90:5e:10:6c:cb:92:be:27:bc:30:92:45:cb:ec:
                    e7:c7:3f:c3:fb:47:d1:dd:03:10:de:5e:ae:f3:cc:
                    bb:7b:ea:43:e1:31:aa:c1:53:14:2a:3f:bf:54:52:
                    18:2a:20:d6:00:4a:76:71:1e:86:db:e4:a0:dc:0f:
                    67:a6:c0:57:61:ff:1c:9e:a0:9b:0d:e6:de:cd:24:
                    16:60:ca:7b:00:dd:72:78:a2:8a:5d:08:29:59:6c:
                    ba:66:7e:ad:d5:24:0d:2b:66:cd:65:b4:e2:3f:63:
                    ab:14:87:52:f3:99:e8:c8:3b:3d:e3:d6:17:82:21:
                    bb:84:b1:68:7d:cd:b8:37:f5:d4:bf:62:c2:94:93:
                    64:d5:56:fb:e3:18:54:c2:3c:ae:41:b9:5e:44:f5:
                    03:5b:b8:b6:c6:9e:49:c4:64:57:c6:69:0c:52:2d:
                    51:66:42:7c:6b:a8:ca:6c:ba:28:fa:c7:d3:c8:6e:
                    d0:6c:48:69:16:7a:1f:f2:f3:db:d8:c8:9d:44:a0:
                    8f:63:bd:0b:00:93:94:3d:ae:06:78:e0:22:25:25:
                    67:78:12:48:7d:f4:a4:63:5a:63:33:62:2d:f6:f6:
                    e1:3a:d5:af:70:eb:30:68:cb:3c:de:22:1c:59:54:
                    82:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:05:41:8A:63:D9:4A:B8:DC:D3:48:E2:2B:45:52:6F:ED:D2:16:67
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/pAVBimPZSrjc00jiK0VSb-3SFmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.209.0/24
                  195.114.192.0/24
                  195.114.198.0/24
                  195.114.205.0/24
                  213.220.20.0/24
                  213.220.58.0-213.220.60.255
                  213.220.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:49:15:6c:2a:c4:a6:ed:f0:c8:45:fe:db:a1:3f:e3:48:b2:
         89:63:63:29:64:f7:4b:19:72:90:22:46:3e:f0:8c:83:39:c9:
         a2:61:da:8e:3d:b9:bf:18:e5:02:53:51:ff:d5:a4:99:f6:74:
         45:5d:53:f4:29:21:34:22:13:83:46:e0:db:03:f9:98:7e:b7:
         1d:f2:42:e9:bd:f2:d0:97:f8:af:c4:ea:77:e3:06:22:b0:36:
         d3:04:3c:7c:6a:50:c0:0d:ea:b8:0b:2e:b6:a2:2a:21:c1:92:
         eb:04:25:2a:a5:24:c5:1a:e0:3c:2c:1f:84:72:44:ad:ed:45:
         8e:92:6a:bb:7a:6d:42:05:ca:bc:55:f8:7e:ba:f5:95:f1:af:
         ee:0c:62:13:67:fc:a4:a7:16:a1:05:cf:3d:6f:af:5a:a0:c5:
         c7:30:f5:da:72:9d:2f:68:d6:cc:ac:35:b0:1f:84:9c:fa:1e:
         b1:5f:c2:af:eb:47:18:80:68:73:17:d5:98:64:50:8c:cf:65:
         63:c0:c0:9f:c4:e4:55:2a:a7:7b:f4:b4:ed:7a:e1:66:3f:3d:
         af:f2:c2:da:95:fa:2a:6d:e5:c9:4f:27:c5:74:59:2c:31:6f:
         f3:fb:ef:60:bf:a3:e5:b2:cf:2c:ee:f7:74:ef:3a:60:58:61:
         75:4c:58:4b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQfjJTEa/z4dUszjbUu25WOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDA1NDE4YTYzZDk0YWI4ZGNkMzQ4ZTIyYjQ1NTI2ZmVkZDIxNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHZbezGxr+CN9rwho3bmkF4QbMuS
vie8MJJFy+znxz/D+0fR3QMQ3l6u88y7e+pD4TGqwVMUKj+/VFIYKiDWAEp2cR6G
2+Sg3A9npsBXYf8cnqCbDebezSQWYMp7AN1yeKKKXQgpWWy6Zn6t1SQNK2bNZbTi
P2OrFIdS85noyDs949YXgiG7hLFofc24N/XUv2LClJNk1Vb74xhUwjyuQbleRPUD
W7i2xp5JxGRXxmkMUi1RZkJ8a6jKbLoo+sfTyG7QbEhpFnof8vPb2MidRKCPY70L
AJOUPa4GeOAiJSVneBJIffSkY1pjM2It9vbhOtWvcOswaMs83iIcWVSCSwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKQFQYpj2Uq43NNI4itFUm/t0hZnMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvcEFWQmltUFpTcmpjMDBqaUswVlNiLTNTRm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAwo/RAwQA
w3LAAwQAw3LGAwQAw3LNAwQA1dwUMAwDBAHV3DoDBADV3DwDBADV3D4wDQYJKoZI
hvcNAQELBQADggEBAFxJFWwqxKbt8MhF/tuhP+NIsoljYylk90sZcpAiRj7wjIM5
yaJh2o49ub8Y5QJTUf/VpJn2dEVdU/QpITQiE4NG4NsD+Zh+tx3yQum98tCX+K/E
6nfjBiKwNtMEPHxqUMAN6rgLLraiKiHBkusEJSqlJMUa4DwsH4RyRK3tRY6Sart6
bUIFyrxV+H669ZXxr+4MYhNn/KSnFqEFzz1vr1qgxccw9dpynS9o1sysNbAfhJz6
HrFfwq/rRxiAaHMX1ZhkUIzPZWPAwJ/E5FUqp3v0tO164WY/Pa/ywtqV+ipt5clP
J8V0WSwxb/P772C/o+Wyzyzu93TvOmBYYXVMWEs=
-----END CERTIFICATE-----