Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/xqP4tlQxPDmeaN7sEouu0vNTKkk.roa
File:                     xqP4tlQxPDmeaN7sEouu0vNTKkk.roa (raw, json)
Hash identifier:          abFxyXcdbxNiYhz6giW7TJwSrTbcdAj2t+FJSQb4+AQ=
Subject key identifier:   C6:A3:F8:B6:54:31:3C:39:9E:68:DE:EC:12:8B:AE:D2:F3:53:2A:49
Certificate issuer:       /CN=fef918c5a9330dbbe6eee17cb9a1d62fbc855bde
Certificate serial:       01944693CDC38048820940A47DB23C62BDFA
Authority key identifier: FE:F9:18:C5:A9:33:0D:BB:E6:EE:E1:7C:B9:A1:D6:2F:BC:85:5B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vkYxakzDbvm7uF8uaHWL7yFW94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/xqP4tlQxPDmeaN7sEouu0vNTKkk.roa
Signing time:             Wed 08 Jan 2025 15:41:19 +0000
ROA not before:           Wed 08 Jan 2025 15:41:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59395
IP address blocks:        5.133.16.0/21 maxlen: 21
                          46.31.80.0/21 maxlen: 21
                          46.231.64.0/21 maxlen: 21
                          185.45.24.0/22 maxlen: 22
                          185.63.80.0/22 maxlen: 22
                          185.74.232.0/21 maxlen: 21
                          185.74.232.0/22 maxlen: 22
                          185.74.236.0/22 maxlen: 22
                          185.159.216.0/22 maxlen: 22
                          185.175.112.0/22 maxlen: 22
                          217.119.128.0/24 maxlen: 24
                          217.119.137.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 09 Jan 2025 11:54:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:93:cd:c3:80:48:82:09:40:a4:7d:b2:3c:62:bd:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef918c5a9330dbbe6eee17cb9a1d62fbc855bde
        Validity
            Not Before: Jan  8 15:41:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6a3f8b654313c399e68deec128baed2f3532a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ed:3b:86:b6:0f:d1:db:4b:32:7d:d4:50:31:
                    7a:4c:f9:d5:c2:b9:d5:2f:3f:f2:72:35:84:75:b3:
                    71:74:67:30:ca:32:63:c5:f8:69:61:4c:ff:40:35:
                    fa:d6:f6:cb:b0:d1:40:c2:33:16:25:e2:70:44:5e:
                    a4:05:f5:1d:b2:33:6c:40:5f:22:e2:8a:59:93:58:
                    a0:88:42:75:91:ab:eb:22:5a:f7:db:11:e1:97:25:
                    8e:36:a0:a6:b1:e9:68:1f:69:31:da:55:03:8a:69:
                    ce:de:15:fb:ce:e1:b9:dd:9a:37:b8:de:e8:cd:5e:
                    6b:1d:0e:87:98:b9:2f:4b:1c:5a:fd:77:e3:5e:78:
                    f4:f2:7a:02:46:bb:21:9f:e9:18:a6:0e:6f:20:a4:
                    bb:0e:fb:0f:37:af:1d:e3:6b:99:f4:21:c1:4c:80:
                    71:25:b9:5d:83:ea:37:c2:3e:73:0c:88:2f:ec:ce:
                    30:0e:fd:07:b0:e1:f9:96:fa:78:79:35:01:ce:6f:
                    9e:3b:98:8e:4f:57:71:c7:3f:fb:e3:93:31:2b:ba:
                    ad:64:4b:55:c5:02:0b:b2:2a:f9:28:57:cc:66:39:
                    b6:de:2b:de:d7:5b:21:dd:75:46:6a:75:36:95:90:
                    67:6c:a8:4d:87:61:16:0d:b1:9e:1c:d2:5f:30:09:
                    0c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:A3:F8:B6:54:31:3C:39:9E:68:DE:EC:12:8B:AE:D2:F3:53:2A:49
            X509v3 Authority Key Identifier:
                keyid:FE:F9:18:C5:A9:33:0D:BB:E6:EE:E1:7C:B9:A1:D6:2F:BC:85:5B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vkYxakzDbvm7uF8uaHWL7yFW94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/xqP4tlQxPDmeaN7sEouu0vNTKkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ed655d-5102-4932-b1db-ba2889afaadd/1/_vkYxakzDbvm7uF8uaHWL7yFW94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.16.0/21
                  46.31.80.0/21
                  46.231.64.0/21
                  185.45.24.0/22
                  185.63.80.0/22
                  185.74.232.0/21
                  185.159.216.0/22
                  185.175.112.0/22
                  217.119.128.0/24
                  217.119.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:dc:89:ac:d1:a6:01:a0:24:be:8e:d7:04:8d:62:74:ce:f4:
         81:bf:66:89:ab:e7:01:02:22:45:2f:a0:9b:e9:76:f4:b2:cb:
         38:76:05:0e:5b:49:af:b4:6d:b9:04:7b:9b:af:86:28:fd:4b:
         7d:88:65:ad:cd:7b:91:69:d0:f9:f8:18:0e:11:bb:38:30:09:
         b6:6d:ee:13:c0:67:dc:2b:99:88:03:50:78:5b:56:44:c6:4a:
         2a:26:61:21:8a:01:60:67:44:66:87:77:40:64:cb:ce:3a:2d:
         b9:3e:71:72:a6:b8:ca:5c:cd:66:25:83:c9:23:28:60:2c:d3:
         49:2b:f8:3d:44:e7:6e:10:2a:fa:b8:bf:1c:87:07:6b:eb:f3:
         bd:cf:95:b0:21:25:6a:a8:bc:47:c4:88:eb:f9:d3:3a:d2:2a:
         38:0b:3d:50:7a:73:bd:f0:12:92:81:29:1b:fc:89:f3:98:de:
         a1:a8:a1:ec:85:8f:69:09:e2:39:86:06:7f:e6:7e:1c:5b:69:
         3f:85:ba:04:fa:a0:f0:57:d3:05:ed:74:2f:31:98:27:b1:d0:
         78:e6:ea:7d:7c:09:1e:3a:5e:01:c7:f1:98:8a:c7:7b:f7:15:
         7d:fe:02:e7:89:6d:58:f6:90:e4:99:42:5d:3d:a7:a6:e9:bc:
         b3:ec:d4:17
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZRGk83DgEiCCUCkfbI8Yr36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjkxOGM1YTkzMzBkYmJlNmVlZTE3Y2I5YTFkNjJmYmM4
NTViZGUwHhcNMjUwMTA4MTU0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmEzZjhiNjU0MzEzYzM5OWU2OGRlZWMxMjhiYWVkMmYzNTMyYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO07hrYP0dtLMn3UUDF6TPnVwrnV
Lz/ycjWEdbNxdGcwyjJjxfhpYUz/QDX61vbLsNFAwjMWJeJwRF6kBfUdsjNsQF8i
4opZk1igiEJ1kavrIlr32xHhlyWONqCmseloH2kx2lUDimnO3hX7zuG53Zo3uN7o
zV5rHQ6HmLkvSxxa/XfjXnj08noCRrshn+kYpg5vIKS7DvsPN68d42uZ9CHBTIBx
Jbldg+o3wj5zDIgv7M4wDv0HsOH5lvp4eTUBzm+eO5iOT1dxxz/745MxK7qtZEtV
xQILsir5KFfMZjm23ive11sh3XVGanU2lZBnbKhNh2EWDbGeHNJfMAkM2wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMaj+LZUMTw5nmje7BKLrtLzUypJMB8GA1UdIwQY
MBaAFP75GMWpMw275u7hfLmh1i+8hVveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZrWXhha3pEYnZtN3VGOHVhSFdMN3lGVzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lZDY1NWQtNTEwMi00OTMyLWIxZGIt
YmEyODg5YWZhYWRkLzEveHFQNHRsUXhQRG1lYU43c0VvdXUwdk5US2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lZDY1NWQtNTEwMi00OTMyLWIxZGItYmEyODg5YWZhYWRk
LzEvX3ZrWXhha3pEYnZtN3VGOHVhSFdMN3lGVzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDBYUQAwQD
Lh9QAwQDLudAAwQCuS0YAwQCuT9QAwQDuUroAwQCuZ/YAwQCua9wAwQA2XeAAwQA
2XeJMA0GCSqGSIb3DQEBCwUAA4IBAQCP3Ims0aYBoCS+jtcEjWJ0zvSBv2aJq+cB
AiJFL6Cb6Xb0sss4dgUOW0mvtG25BHubr4Yo/Ut9iGWtzXuRadD5+BgOEbs4MAm2
be4TwGfcK5mIA1B4W1ZExkoqJmEhigFgZ0Rmh3dAZMvOOi25PnFyprjKXM1mJYPJ
IyhgLNNJK/g9ROduECr6uL8chwdr6/O9z5WwISVqqLxHxIjr+dM60io4Cz1QenO9
8BKSgSkb/InzmN6hqKHshY9pCeI5hgZ/5n4cW2k/hboE+qDwV9MF7XQvMZgnsdB4
5up9fAkeOl4Bx/GYisd79xV9/gLniW1Y9pDkmUJdPaem6byz7NQX
-----END CERTIFICATE-----