Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/P5Z1qRjC2I4Ik2FpffIPHdvxs2E.roa
File:                     P5Z1qRjC2I4Ik2FpffIPHdvxs2E.roa (raw, json)
Hash identifier:          H9DokDplgDiMZJi0RWl9DClhwa+GsyM8zs0hEWy5dLw=
Subject key identifier:   3F:96:75:A9:18:C2:D8:8E:08:93:61:69:7D:F2:0F:1D:DB:F1:B3:61
Certificate issuer:       /CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Certificate serial:       0193DDCC7409AAE3B99DE69F44F92F750C0C
Authority key identifier: C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/P5Z1qRjC2I4Ik2FpffIPHdvxs2E.roa
Signing time:             Thu 19 Dec 2024 07:23:03 +0000
ROA not before:           Thu 19 Dec 2024 07:23:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        46.34.160.0/22 maxlen: 24
                          89.42.197.0/24 maxlen: 24
                          89.42.198.0/24 maxlen: 24
                          89.42.199.0/24 maxlen: 24
                          89.47.196.0/24 maxlen: 24
                          89.47.199.0/24 maxlen: 24
                          89.47.203.0/24 maxlen: 24
                          92.114.48.0/23 maxlen: 24
                          92.114.48.0/24 maxlen: 24
                          92.114.49.0/24 maxlen: 24
                          2a01:5500::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 25 Dec 2024 14:24:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:dd:cc:74:09:aa:e3:b9:9d:e6:9f:44:f9:2f:75:0c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
        Validity
            Not Before: Dec 19 07:23:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9675a918c2d88e089361697df20f1ddbf1b361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f3:75:c1:13:8d:66:76:8b:9a:ba:b1:14:6e:
                    6f:19:17:d7:bf:04:9a:2e:dc:9f:3a:3f:33:2c:ca:
                    cd:b5:93:20:f4:d7:f0:95:d5:40:b6:44:22:57:ea:
                    b2:03:a2:c9:26:18:39:2d:ca:e9:4a:b6:13:26:cb:
                    f3:f6:17:6f:a0:c8:54:fa:01:db:64:34:24:44:55:
                    f5:cd:47:83:84:d5:88:b6:b0:5c:06:79:ab:b0:e3:
                    ec:04:d7:1a:d8:d0:c2:76:25:ff:c7:71:34:17:6e:
                    c0:67:49:e0:9c:82:33:99:63:7a:40:5b:a6:c3:cf:
                    a7:30:47:45:66:e8:63:af:64:72:35:d1:bb:0d:d5:
                    95:59:16:41:d4:61:fb:a1:a8:b6:b3:54:f3:45:57:
                    f9:19:b1:81:b9:49:4c:bf:5e:fb:f8:28:78:f5:d2:
                    4c:3d:05:ca:b2:45:c3:64:e9:26:6d:a3:3c:fb:4f:
                    b4:34:02:a1:0e:39:78:cc:57:e9:69:44:67:12:9a:
                    d2:61:4a:ac:38:8b:76:37:a8:95:05:db:1b:d9:a5:
                    f8:a9:0f:70:f0:98:e5:b2:6f:de:6d:15:9b:24:68:
                    51:a6:ec:85:31:ba:41:96:76:47:19:63:fe:37:dc:
                    f8:11:c8:f2:14:f8:e4:63:40:96:43:0a:6c:da:d2:
                    7b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:96:75:A9:18:C2:D8:8E:08:93:61:69:7D:F2:0F:1D:DB:F1:B3:61
            X509v3 Authority Key Identifier:
                keyid:C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/P5Z1qRjC2I4Ik2FpffIPHdvxs2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.160.0/22
                  89.42.197.0-89.42.199.255
                  89.47.196.0/24
                  89.47.199.0/24
                  89.47.203.0/24
                  92.114.48.0/23
                IPv6:
                  2a01:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:dd:74:fe:fc:c3:fb:00:cf:10:49:17:8d:27:45:ed:0b:ba:
         6b:1f:47:65:04:17:fd:58:93:45:ab:87:5f:1c:7b:73:18:8f:
         c9:c9:94:8d:61:75:14:7d:b3:bf:7b:92:ec:9f:dd:69:e6:00:
         70:91:a7:1d:03:37:92:9b:59:fe:2e:40:dc:4c:1f:1e:2e:e5:
         84:e5:e8:8e:31:1b:80:84:4e:6d:00:f7:0b:b8:97:3f:cc:db:
         7d:a4:d6:59:3b:cd:7d:6b:ad:17:1a:00:e2:8c:ad:a8:ce:ed:
         3d:08:5f:4a:88:ee:15:31:67:14:2f:4d:b3:30:37:80:d1:56:
         eb:e1:a1:d8:5a:05:1e:fd:08:79:8b:66:be:9e:44:af:73:17:
         1a:b8:5b:d7:29:92:35:e1:60:7a:b8:0c:81:21:0b:0c:da:8a:
         64:3f:96:b5:0b:d1:42:aa:b4:0c:fc:c0:71:bc:62:2b:3c:11:
         ed:a6:24:53:41:12:3a:89:12:27:ff:f1:b5:77:51:2e:92:ac:
         9e:ef:c4:be:e7:82:62:a2:63:db:af:11:ea:58:69:d3:19:14:
         ee:de:8a:dd:9e:8a:0a:ee:9d:ee:9d:12:c1:66:f8:2a:27:36:
         21:15:7f:0e:b3:6b:56:b6:4d:5d:6e:e2:b7:d1:fc:37:aa:e0:
         64:27:d6:0d
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZPdzHQJquO5neafRPkvdQwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZTFjOGM2NWM4NmU4ZDI2ZGRiZWI2ODY1OGEzOWE3YThl
Mjc4NjYwHhcNMjQxMjE5MDcyMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjk2NzVhOTE4YzJkODhlMDg5MzYxNjk3ZGYyMGYxZGRiZjFiMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfN1wRONZnaLmrqxFG5vGRfXvwSa
LtyfOj8zLMrNtZMg9NfwldVAtkQiV+qyA6LJJhg5LcrpSrYTJsvz9hdvoMhU+gHb
ZDQkRFX1zUeDhNWItrBcBnmrsOPsBNca2NDCdiX/x3E0F27AZ0ngnIIzmWN6QFum
w8+nMEdFZuhjr2RyNdG7DdWVWRZB1GH7oai2s1TzRVf5GbGBuUlMv177+Ch49dJM
PQXKskXDZOkmbaM8+0+0NAKhDjl4zFfpaURnEprSYUqsOIt2N6iVBdsb2aX4qQ9w
8Jjlsm/ebRWbJGhRpuyFMbpBlnZHGWP+N9z4EcjyFPjkY0CWQwps2tJ7dwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFD+WdakYwtiOCJNhaX3yDx3b8bNhMB8GA1UdIwQY
MBaAFMbhyMZchujSbdvraGWKOaeo4nhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEt
Y2U1ZTAxZTcxYzkxLzEvUDVaMXFSakMySTRJazJGcGZmSVBIZHZ4czJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEtY2U1ZTAxZTcxYzkx
LzEveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQCLiKgMAwD
BABZKsUDBANZKsADBABZL8QDBABZL8cDBABZL8sDBAFccjAwDQQCAAIwBwMFAyoB
VQAwDQYJKoZIhvcNAQELBQADggEBAHPddP78w/sAzxBJF40nRe0LumsfR2UEF/1Y
k0Wrh18ce3MYj8nJlI1hdRR9s797kuyf3WnmAHCRpx0DN5KbWf4uQNxMHx4u5YTl
6I4xG4CETm0A9wu4lz/M232k1lk7zX1rrRcaAOKMrajO7T0IX0qI7hUxZxQvTbMw
N4DRVuvhodhaBR79CHmLZr6eRK9zFxq4W9cpkjXhYHq4DIEhCwzaimQ/lrUL0UKq
tAz8wHG8Yis8Ee2mJFNBEjqJEif/8bV3US6SrJ7vxL7ngmKiY9uvEepYadMZFO7e
it2eigrune6dEsFm+ConNiEVfw6za1a2TV1u4rfR/Deq4GQn1g0=
-----END CERTIFICATE-----