Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/RhiTRSQigBv8mRzAVH2UgA7E9nU.roa
File:                     RhiTRSQigBv8mRzAVH2UgA7E9nU.roa (raw, json)
Hash identifier:          Od3CBfLHh4xczpP/DptQbCGWB7C6UqlILw49UTb009I=
Subject key identifier:   46:18:93:45:24:22:80:1B:FC:99:1C:C0:54:7D:94:80:0E:C4:F6:75
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       0191B2F0AB649768CBF0E0E6E7BF0F64F8B5
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/RhiTRSQigBv8mRzAVH2UgA7E9nU.roa
Signing time:             Mon 02 Sep 2024 13:33:22 +0000
ROA not before:           Mon 02 Sep 2024 13:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39216
IP address blocks:        185.72.252.0/24 maxlen: 24
                          185.72.253.0/24 maxlen: 24
                          188.72.1.0/24 maxlen: 24
                          188.72.2.0/24 maxlen: 24
                          188.72.4.0/24 maxlen: 24
                          188.72.5.0/24 maxlen: 24
                          188.72.6.0/24 maxlen: 24
                          188.72.7.0/24 maxlen: 24
                          188.72.34.0/24 maxlen: 24
                          188.72.35.0/24 maxlen: 24
                          188.72.59.0/24 maxlen: 24
                          188.72.60.0/24 maxlen: 24
                          188.72.61.0/24 maxlen: 24
                          188.72.62.0/24 maxlen: 24
                          188.72.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 05 Sep 2024 08:47:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:f0:ab:64:97:68:cb:f0:e0:e6:e7:bf:0f:64:f8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Sep  2 13:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=461893452422801bfc991cc0547d94800ec4f675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:a2:93:5a:df:f9:91:79:c9:4b:5f:41:f1:
                    89:c5:b4:f3:6d:9a:92:9a:13:50:1f:1a:95:86:a6:
                    39:e2:e5:05:25:70:e8:44:f7:82:8a:2e:0e:2f:c3:
                    f0:2c:4a:c6:54:72:63:67:90:45:4b:c6:fa:60:9a:
                    9c:15:fe:78:3b:76:60:17:65:dd:b7:d9:6b:3d:38:
                    a8:ab:9c:ef:a5:ef:59:51:6a:be:e8:23:03:e3:a9:
                    5e:d0:cc:33:69:0a:f9:7d:ff:7b:65:e8:ab:9b:31:
                    1f:31:95:99:ab:fa:12:c6:04:e5:57:af:67:6f:1e:
                    2c:23:5b:61:2a:38:3e:f9:62:38:88:f3:93:02:59:
                    71:7b:ed:e4:ce:92:ba:a6:8b:88:28:72:88:00:b3:
                    a6:66:39:9c:72:5d:18:b9:7a:4e:71:31:7d:c7:20:
                    7f:de:39:e6:6d:b3:f8:ec:85:99:3e:a0:0c:6b:d4:
                    db:c6:28:af:eb:15:c8:51:d6:c3:ec:39:5a:4c:28:
                    bb:93:45:11:80:30:25:d6:9a:f1:b9:32:c7:5f:8c:
                    55:ca:34:1c:96:e5:0e:f8:a3:9e:e7:a1:8e:1e:b5:
                    c0:d0:cc:4c:bb:d4:ad:ed:a3:36:b4:76:03:c6:5b:
                    2b:4b:1c:82:db:a8:0f:1d:8c:6c:7a:b8:8c:67:9a:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:18:93:45:24:22:80:1B:FC:99:1C:C0:54:7D:94:80:0E:C4:F6:75
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/RhiTRSQigBv8mRzAVH2UgA7E9nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.252.0/23
                  188.72.1.0-188.72.2.255
                  188.72.4.0/22
                  188.72.34.0/23
                  188.72.59.0-188.72.63.255

    Signature Algorithm: sha256WithRSAEncryption
         cc:58:7c:1d:28:fa:f1:20:86:d6:81:7b:3f:e6:e3:97:0b:21:
         05:f8:37:12:5c:c2:95:44:ee:d4:76:ca:35:c8:8b:67:5c:e2:
         5a:3e:96:4a:cb:31:35:42:3f:c1:c7:97:65:66:70:88:1c:cc:
         cd:76:4e:48:c8:c9:19:9b:87:fb:ca:42:bb:4d:f3:69:ff:7e:
         31:b7:96:a5:80:94:03:99:79:0e:37:f4:dd:b1:5c:f1:5f:f0:
         dc:b4:da:3b:fc:6c:8a:85:48:d8:08:c7:85:f2:fb:15:d9:8c:
         1e:c7:a9:a0:2a:08:78:c5:bb:e5:2a:5f:71:ad:d5:e2:c2:e8:
         fd:fe:5e:e0:47:7d:6b:9e:49:a3:4f:a0:e6:be:d0:8a:35:3e:
         56:e6:0a:5e:b7:a8:fc:59:32:0f:c2:17:ba:b1:3d:65:ea:d4:
         df:3c:05:4a:27:6c:30:31:ef:06:e8:6a:2c:6c:8e:2a:91:f0:
         f8:fd:a2:09:a9:65:0a:00:71:52:1f:29:7e:62:72:ed:ea:7f:
         dd:1e:8b:1b:8c:b6:f3:e5:15:39:da:d2:53:6e:67:87:06:24:
         a2:bf:05:da:4a:7e:be:41:c2:da:18:1f:8d:0f:a5:0b:5a:9e:
         0e:8b:ee:6c:73:6f:52:0b:54:f9:7d:c6:ca:4f:1e:f3:c4:48:
         bf:85:6c:1d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZGy8Ktkl2jL8ODm578PZPi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwOTAyMTMzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE4OTM0NTI0MjI4MDFiZmM5OTFjYzA1NDdkOTQ4MDBlYzRmNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Sik1rf+ZF5yUtfQfGJxbTzbZqS
mhNQHxqVhqY54uUFJXDoRPeCii4OL8PwLErGVHJjZ5BFS8b6YJqcFf54O3ZgF2Xd
t9lrPTioq5zvpe9ZUWq+6CMD46le0MwzaQr5ff97ZeirmzEfMZWZq/oSxgTlV69n
bx4sI1thKjg++WI4iPOTAllxe+3kzpK6pouIKHKIALOmZjmccl0YuXpOcTF9xyB/
3jnmbbP47IWZPqAMa9Tbxiiv6xXIUdbD7DlaTCi7k0URgDAl1prxuTLHX4xVyjQc
luUO+KOe56GOHrXA0MxMu9St7aM2tHYDxlsrSxyC26gPHYxseriMZ5rG/QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFEYYk0UkIoAb/JkcwFR9lIAOxPZ1MB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvUmhpVFJTUWlnQnY4bVJ6QVZIMlVnQTdFOW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBuUj8MAwD
BAC8SAEDBAC8SAIDBAK8SAQDBAG8SCIwDAMEALxIOwMEBrxIADANBgkqhkiG9w0B
AQsFAAOCAQEAzFh8HSj68SCG1oF7P+bjlwshBfg3ElzClUTu1HbKNciLZ1ziWj6W
SssxNUI/wceXZWZwiBzMzXZOSMjJGZuH+8pCu03zaf9+MbeWpYCUA5l5Djf03bFc
8V/w3LTaO/xsioVI2AjHhfL7FdmMHsepoCoIeMW75Spfca3V4sLo/f5e4Ed9a55J
o0+g5r7QijU+VuYKXreo/FkyD8IXurE9ZerU3zwFSidsMDHvBuhqLGyOKpHw+P2i
CallCgBxUh8pfmJy7ep/3R6LG4y28+UVOdrSU25nhwYkor8F2kp+vkHC2hgfjQ+l
C1qeDovubHNvUgtU+X3Gyk8e88RIv4VsHQ==
-----END CERTIFICATE-----