Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/N5g44QOoebNREjKnwSHpqhvhxoM.roa
File:                     N5g44QOoebNREjKnwSHpqhvhxoM.roa (raw, json)
Hash identifier:          CB/KJ7fZrazS4ND5uLCnquGpcRc2GWM4snco/CMqDKo=
Subject key identifier:   37:98:38:E1:03:A8:79:B3:51:12:32:A7:C1:21:E9:AA:1B:E1:C6:83
Certificate issuer:       /CN=937f12abaf613973feb3073d8ce637f1b00cbfa9
Certificate serial:       018E8B26465F19C673E4DE8826B442DB64C7
Authority key identifier: 93:7F:12:AB:AF:61:39:73:FE:B3:07:3D:8C:E6:37:F1:B0:0C:BF:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k38Sq69hOXP-swc9jOY38bAMv6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/N5g44QOoebNREjKnwSHpqhvhxoM.roa
Signing time:             Fri 29 Mar 2024 16:58:45 +0000
ROA not before:           Fri 29 Mar 2024 16:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29650
IP address blocks:        45.139.240.0/22 maxlen: 24
                          79.140.128.0/20 maxlen: 24
                          82.195.128.0/19 maxlen: 24
                          84.51.224.0/21 maxlen: 21
                          84.51.236.0/22 maxlen: 22
                          84.51.240.0/20 maxlen: 20
                          212.78.224.0/20 maxlen: 20
                          212.78.240.0/22 maxlen: 22
                          212.78.252.0/22 maxlen: 22
                          212.84.40.0/21 maxlen: 24
                          2001:1bd8::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 11 Jul 2024 09:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:26:46:5f:19:c6:73:e4:de:88:26:b4:42:db:64:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=937f12abaf613973feb3073d8ce637f1b00cbfa9
        Validity
            Not Before: Mar 29 16:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=379838e103a879b3511232a7c121e9aa1be1c683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3b:9b:37:95:f1:fb:45:e4:5c:3c:66:93:75:
                    37:58:4b:64:4e:5a:c1:6e:18:99:89:e4:c2:9c:a7:
                    dc:f0:ab:a2:49:8a:57:e2:98:ac:ed:59:f2:47:8d:
                    ce:da:19:3c:70:f2:51:c1:63:a6:64:4a:6d:d6:0b:
                    34:98:97:63:af:a2:ae:1e:bf:e9:33:33:c0:14:14:
                    8c:15:75:ef:7c:0f:8b:91:47:6c:2e:f7:62:5c:25:
                    c6:82:35:4e:e4:bb:53:99:82:89:38:b4:17:2d:65:
                    57:39:8c:98:66:36:19:d0:6e:f7:43:cb:b8:49:9e:
                    a9:bc:cc:95:f4:33:ef:76:0f:e8:00:2d:0b:13:89:
                    d3:d9:33:e1:2e:08:f7:62:7c:c7:93:98:5f:c6:85:
                    29:b8:70:70:d8:e9:8c:d1:20:9f:e3:7d:b1:62:54:
                    44:15:04:1c:4e:86:92:a3:10:d1:8e:5d:06:74:28:
                    42:f4:5b:0e:98:13:6c:45:a4:89:b2:15:42:f8:90:
                    68:69:72:a8:f1:4f:65:50:1c:dc:9a:9b:04:f4:e2:
                    10:7d:12:84:ee:07:1a:04:27:d9:7f:4e:e8:88:40:
                    f4:36:7c:7b:dc:25:1e:bf:06:00:a7:39:36:da:28:
                    fd:12:46:ad:37:e8:02:1d:1e:24:0c:e3:5d:55:0b:
                    e5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:98:38:E1:03:A8:79:B3:51:12:32:A7:C1:21:E9:AA:1B:E1:C6:83
            X509v3 Authority Key Identifier:
                keyid:93:7F:12:AB:AF:61:39:73:FE:B3:07:3D:8C:E6:37:F1:B0:0C:BF:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k38Sq69hOXP-swc9jOY38bAMv6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/N5g44QOoebNREjKnwSHpqhvhxoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/95e949-bf34-4122-8fa8-a1ae5892d421/1/k38Sq69hOXP-swc9jOY38bAMv6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.240.0/22
                  79.140.128.0/20
                  82.195.128.0/19
                  84.51.224.0/21
                  84.51.236.0-84.51.255.255
                  212.78.224.0-212.78.243.255
                  212.78.252.0/22
                  212.84.40.0/21
                IPv6:
                  2001:1bd8::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:37:b8:ae:d0:67:6b:61:ee:79:75:4d:b5:d1:5f:97:29:d2:
         23:f6:1f:15:04:88:14:65:f7:e5:bf:5e:57:e5:11:5e:b2:01:
         0c:cd:22:d1:19:5e:92:34:d6:6d:d3:a4:c7:e6:89:b9:bc:ba:
         0a:34:f8:9f:84:28:3b:25:22:2a:a7:71:c9:ac:bb:64:73:b8:
         55:cd:d0:3f:eb:f0:36:f1:27:5d:3b:f8:75:75:e5:30:6c:7e:
         86:af:21:73:2d:63:71:05:3d:a3:aa:1b:12:44:86:4c:3a:be:
         36:b4:c6:ce:0b:f9:79:c7:a0:60:75:12:c0:76:a3:40:91:48:
         e3:8d:80:e0:d7:a1:48:1d:fb:b1:f7:f4:51:f8:4d:93:ca:58:
         78:16:6b:f8:4a:a0:3b:3a:a1:e6:07:5a:40:49:7b:17:52:49:
         67:5f:c0:e9:b5:5b:d4:09:af:86:9a:b8:1b:e8:de:98:06:ce:
         50:e1:37:d0:02:37:7f:1b:e0:75:4f:e7:0f:0e:4f:96:b7:d1:
         81:34:96:26:56:2d:8a:e6:07:d0:57:f3:e7:b8:b4:08:18:21:
         3b:56:01:9d:4f:f7:6c:21:a5:fb:3e:fc:ef:a8:87:18:01:00:
         27:9e:41:7b:9b:75:74:b5:f3:ed:36:d5:13:d8:9e:b1:4b:d5:
         d2:31:3d:1d
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY6LJkZfGcZz5N6IJrRC22THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzN2YxMmFiYWY2MTM5NzNmZWIzMDczZDhjZTYzN2YxYjAw
Y2JmYTkwHhcNMjQwMzI5MTY1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk4MzhlMTAzYTg3OWIzNTExMjMyYTdjMTIxZTlhYTFiZTFjNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzubN5Xx+0XkXDxmk3U3WEtkTlrB
bhiZieTCnKfc8KuiSYpX4pis7VnyR43O2hk8cPJRwWOmZEpt1gs0mJdjr6KuHr/p
MzPAFBSMFXXvfA+LkUdsLvdiXCXGgjVO5LtTmYKJOLQXLWVXOYyYZjYZ0G73Q8u4
SZ6pvMyV9DPvdg/oAC0LE4nT2TPhLgj3YnzHk5hfxoUpuHBw2OmM0SCf432xYlRE
FQQcToaSoxDRjl0GdChC9FsOmBNsRaSJshVC+JBoaXKo8U9lUBzcmpsE9OIQfRKE
7gcaBCfZf07oiED0Nnx73CUevwYApzk22ij9EkatN+gCHR4kDONdVQvlZQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFDeYOOEDqHmzURIyp8Eh6aob4caDMB8GA1UdIwQY
MBaAFJN/EquvYTlz/rMHPYzmN/GwDL+pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazM4U3E2OWhPWFAtc3djOWpPWTM4YkFNdjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC85NWU5NDktYmYzNC00MTIyLThmYTgt
YTFhZTU4OTJkNDIxLzEvTjVnNDRRT29lYk5SRWpLbndTSHBxaHZoeG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC85NWU5NDktYmYzNC00MTIyLThmYTgtYTFhZTU4OTJkNDIx
LzEvazM4U3E2OWhPWFAtc3djOWpPWTM4YkFNdjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQCLYvwAwQE
T4yAAwQFUsOAAwQDVDPgMAsDBAJUM+wDAwJUMDAMAwQF1E7gAwQC1E7wAwQC1E78
AwQD1FQoMA0EAgACMAcDBQAgARvYMA0GCSqGSIb3DQEBCwUAA4IBAQBHN7iu0Gdr
Ye55dU210V+XKdIj9h8VBIgUZfflv15X5RFesgEMzSLRGV6SNNZt06TH5om5vLoK
NPifhCg7JSIqp3HJrLtkc7hVzdA/6/A28SddO/h1deUwbH6GryFzLWNxBT2jqhsS
RIZMOr42tMbOC/l5x6BgdRLAdqNAkUjjjYDg16FIHfux9/RR+E2Tylh4Fmv4SqA7
OqHmB1pASXsXUklnX8DptVvUCa+Gmrgb6N6YBs5Q4TfQAjd/G+B1T+cPDk+Wt9GB
NJYmVi2K5gfQV/PnuLQIGCE7VgGdT/dsIaX7PvzvqIcYAQAnnkF7m3V0tfPtNtUT
2J6xS9XSMT0d
-----END CERTIFICATE-----