Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8KEV0FL-H5UukgL1mB7QR1mZwdM.roa
File:                     8KEV0FL-H5UukgL1mB7QR1mZwdM.roa (raw, json)
Hash identifier:          LvIao03a6R6bL53VK8cEIujbwVJdhDMX61tdBmJIEQQ=
Subject key identifier:   F0:A1:15:D0:52:FE:1F:95:2E:92:02:F5:98:1E:D0:47:59:99:C1:D3
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0194A7561E6B09E2858E45747ECB3DE79937
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8KEV0FL-H5UukgL1mB7QR1mZwdM.roa
Signing time:             Mon 27 Jan 2025 10:37:06 +0000
ROA not before:           Mon 27 Jan 2025 10:37:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        124.155.240.0/24 maxlen: 24
                          124.155.241.0/24 maxlen: 24
                          124.155.242.0/24 maxlen: 24
                          124.155.243.0/24 maxlen: 24
                          124.155.244.0/24 maxlen: 24
                          124.155.245.0/24 maxlen: 24
                          124.155.246.0/24 maxlen: 24
                          124.155.247.0/24 maxlen: 24
                          124.155.249.0/24 maxlen: 24
                          124.155.250.0/24 maxlen: 24
                          124.155.252.0/24 maxlen: 24
                          124.155.253.0/24 maxlen: 24
                          124.155.254.0/24 maxlen: 24
                          124.155.255.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 28 Jan 2025 02:41:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:56:1e:6b:09:e2:85:8e:45:74:7e:cb:3d:e7:99:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan 27 10:37:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0a115d052fe1f952e9202f5981ed0475999c1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:38:ba:9d:12:ca:48:38:b9:8b:e0:bf:3d:
                    c6:81:4f:a1:03:e8:a0:a0:8e:8f:1d:9c:ee:a8:6a:
                    3f:de:2a:7c:5a:ac:02:ae:b5:a6:c4:cf:e9:01:2d:
                    de:75:ad:5a:4c:fb:41:4f:18:c5:8f:88:b2:ff:20:
                    ba:9a:ed:c0:ec:b3:b9:8a:b9:d9:5e:29:dc:45:49:
                    d2:66:f6:54:c1:a9:4f:a2:dc:8a:f9:1c:6b:d1:98:
                    d0:f7:61:0f:d6:d9:17:4b:19:7d:fa:a6:12:d4:5d:
                    cf:3d:8b:5a:90:90:3f:c2:fe:4b:66:0a:bc:12:b9:
                    50:4b:20:e0:49:45:97:b4:40:97:4e:c9:48:88:49:
                    bd:11:b3:db:21:7b:17:65:96:64:31:69:99:04:36:
                    c1:47:a4:82:70:00:68:dc:4f:e4:db:36:33:03:7c:
                    1c:b8:f7:07:9f:ed:e3:ee:b9:d4:6d:93:27:64:0b:
                    71:f1:86:79:7d:48:90:85:f3:23:c3:14:9f:a8:39:
                    26:2e:d1:36:28:95:8f:81:08:42:53:3d:8c:ae:30:
                    5d:c5:6b:05:9f:1b:f3:99:2e:42:5a:65:92:a0:e3:
                    45:8c:e6:89:28:b2:d6:8d:55:7e:4d:80:e4:bb:22:
                    2e:77:fd:ac:06:1d:06:fb:ca:b3:c9:bd:0f:3f:ec:
                    50:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A1:15:D0:52:FE:1F:95:2E:92:02:F5:98:1E:D0:47:59:99:C1:D3
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/8KEV0FL-H5UukgL1mB7QR1mZwdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.155.240.0/21
                  124.155.249.0-124.155.250.255
                  124.155.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:52:ff:c3:4c:74:d2:32:f1:78:da:60:e7:d4:91:a6:5f:77:
         94:a4:47:89:c6:a9:5f:c2:d1:62:b4:9c:22:79:8e:c7:b3:05:
         c8:a7:f8:21:13:f6:85:a7:c3:e4:ce:fd:1b:62:b9:7c:8b:e6:
         a2:df:80:7f:0f:0f:08:ac:b2:77:c6:30:62:ac:2e:ce:c0:93:
         ee:db:46:4a:95:48:39:29:6b:97:cb:08:f2:87:e9:c0:fe:95:
         db:03:f6:fc:34:f5:bf:a9:b6:70:8b:b9:cd:3f:2a:67:6e:2f:
         ca:40:bb:89:c3:d7:c9:d1:13:80:35:ef:ec:ff:a8:fb:96:65:
         64:3e:0b:ab:e3:9f:0b:7a:60:99:66:bf:b7:9a:be:88:fc:b8:
         b9:62:fb:8b:c3:04:cf:e5:bf:93:ff:46:2e:2e:3f:d9:e7:10:
         ad:33:fe:a7:ea:ca:3b:76:fc:11:fd:51:7f:00:28:d3:74:60:
         ea:9d:8a:af:fd:a7:55:4d:f3:61:ef:e1:da:ab:c8:a9:9f:e3:
         59:ac:61:83:e8:39:44:96:2b:10:a4:67:7b:27:de:e3:07:b2:
         14:1d:d6:53:df:86:bc:32:7a:72:2b:e8:ee:a3:36:2f:c5:10:
         3a:c0:3f:f2:0f:0d:56:96:fc:83:48:89:8d:55:d1:0e:91:58:
         0e:d8:96:7f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZSnVh5rCeKFjkV0fss955k3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMTI3MTAzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGExMTVkMDUyZmUxZjk1MmU5MjAyZjU5ODFlZDA0NzU5OTljMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdc4up0Sykg4uYvgvz3GgU+hA+ig
oI6PHZzuqGo/3ip8WqwCrrWmxM/pAS3eda1aTPtBTxjFj4iy/yC6mu3A7LO5irnZ
XincRUnSZvZUwalPotyK+Rxr0ZjQ92EP1tkXSxl9+qYS1F3PPYtakJA/wv5LZgq8
ErlQSyDgSUWXtECXTslIiEm9EbPbIXsXZZZkMWmZBDbBR6SCcABo3E/k2zYzA3wc
uPcHn+3j7rnUbZMnZAtx8YZ5fUiQhfMjwxSfqDkmLtE2KJWPgQhCUz2MrjBdxWsF
nxvzmS5CWmWSoONFjOaJKLLWjVV+TYDkuyIud/2sBh0G+8qzyb0PP+xQswIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPChFdBS/h+VLpIC9Zge0EdZmcHTMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvOEtFVjBGTC1INVV1a2dMMW1CN1FSMW1ad2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDfJvwMAwD
BAB8m/kDBAB8m/oDBAJ8m/wwDQYJKoZIhvcNAQELBQADggEBADhS/8NMdNIy8Xja
YOfUkaZfd5SkR4nGqV/C0WK0nCJ5jsezBcin+CET9oWnw+TO/RtiuXyL5qLfgH8P
DwissnfGMGKsLs7Ak+7bRkqVSDkpa5fLCPKH6cD+ldsD9vw09b+ptnCLuc0/Kmdu
L8pAu4nD18nRE4A17+z/qPuWZWQ+C6vjnwt6YJlmv7eavoj8uLli+4vDBM/lv5P/
Ri4uP9nnEK0z/qfqyjt2/BH9UX8AKNN0YOqdiq/9p1VN82Hv4dqryKmf41msYYPo
OUSWKxCkZ3sn3uMHshQd1lPfhrwyenIr6O6jNi/FEDrAP/IPDVaW/INIiY1V0Q6R
WA7Yln8=
-----END CERTIFICATE-----