Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/ioQf8zUJguN2_cACL5U_ztipfeE.roa
File:                     ioQf8zUJguN2_cACL5U_ztipfeE.roa (raw, json)
Hash identifier:          i8B4JmvB+aAiEnl4SsIw57fB9je5IooyA34OKdq2Uno=
Subject key identifier:   8A:84:1F:F3:35:09:82:E3:76:FD:C0:02:2F:95:3F:CE:D8:A9:7D:E1
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       0196906DB2EE1CCAB1D732D0E458FBA78566
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/ioQf8zUJguN2_cACL5U_ztipfeE.roa
Signing time:             Fri 02 May 2025 09:57:10 +0000
ROA not before:           Fri 02 May 2025 09:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.117.52.0/24 maxlen: 24
                          45.117.54.0/24 maxlen: 24
                          45.123.144.0/24 maxlen: 24
                          103.4.248.0/24 maxlen: 24
                          103.4.249.0/24 maxlen: 24
                          103.4.250.0/24 maxlen: 24
                          103.4.251.0/24 maxlen: 24
                          103.49.155.0/24 maxlen: 24
                          103.196.8.0/24 maxlen: 24
                          103.196.9.0/24 maxlen: 24
                          103.216.1.0/24 maxlen: 24
                          103.216.3.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 02 May 2025 12:39:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:6d:b2:ee:1c:ca:b1:d7:32:d0:e4:58:fb:a7:85:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: May  2 09:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a841ff3350982e376fdc0022f953fced8a97de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:56:4c:7d:02:cd:6b:05:5f:af:56:1a:a0:cb:
                    82:a6:4f:81:41:b8:54:07:70:38:fa:43:c4:8e:75:
                    e6:02:23:17:9b:22:08:19:5b:c3:fb:c2:ab:a0:ab:
                    50:2b:bf:e8:93:f9:9f:42:c8:fa:5d:eb:6e:44:2e:
                    db:15:21:8d:99:af:41:dc:aa:e5:aa:83:94:ee:cb:
                    27:b9:5f:2e:33:78:07:1b:8f:d3:28:63:57:b8:e9:
                    88:c2:67:2b:79:50:96:5b:88:6e:5d:5c:d4:11:78:
                    a0:11:f2:00:da:6c:a1:2b:ee:1a:9b:5f:ed:db:36:
                    f8:d3:6a:a9:c5:07:1a:cb:41:24:06:01:c5:6c:e7:
                    59:d8:54:aa:70:f5:6e:1a:18:55:30:f8:ed:98:11:
                    a0:ed:2f:16:37:94:10:f4:92:a9:32:b1:41:90:86:
                    e4:0b:e8:c5:46:5d:a2:22:d7:7e:a3:97:2b:27:4c:
                    a5:ec:05:21:12:5e:30:3e:10:ec:1b:d1:93:f6:f3:
                    e5:74:be:08:0a:e2:3c:40:4b:dc:3f:87:6f:c6:89:
                    b6:e0:9a:7a:b6:6b:f0:2e:ed:38:d8:80:6b:7d:4e:
                    c3:13:0a:11:8b:ac:8c:6e:55:cc:af:9a:43:4c:64:
                    71:91:1e:7f:d8:ed:12:52:70:95:6e:8f:90:1b:e0:
                    14:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:84:1F:F3:35:09:82:E3:76:FD:C0:02:2F:95:3F:CE:D8:A9:7D:E1
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/ioQf8zUJguN2_cACL5U_ztipfeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.52.0/24
                  45.117.54.0/24
                  45.123.144.0/24
                  103.4.248.0/22
                  103.49.155.0/24
                  103.196.8.0/23
                  103.216.1.0/24
                  103.216.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e2:23:bc:76:28:3b:7a:1f:fe:17:4a:a5:6a:fb:d1:61:2f:
         bf:31:2f:8c:13:01:82:49:f9:03:a1:2f:76:e7:34:ef:c5:fb:
         28:1b:b7:b2:ef:ad:93:be:0a:72:53:13:b3:10:56:83:d8:f1:
         7d:5e:74:e2:8f:3f:98:91:ed:6f:bc:76:fb:57:aa:ed:56:cb:
         78:55:b8:f9:24:79:6b:58:df:c3:6d:1d:c2:da:4b:a4:ec:c5:
         6c:a5:b6:b9:20:b8:d9:98:b0:a8:58:5a:fe:51:67:44:8a:8c:
         2b:45:a1:1f:88:6e:fc:fa:2d:8c:71:9f:b2:7f:c6:63:b6:30:
         94:1d:ad:e0:ae:3e:ce:79:c8:bc:f2:cc:e6:9c:ed:66:a3:99:
         44:3d:90:9c:65:af:69:57:cf:d1:5f:48:9a:1a:e2:e7:0a:86:
         d6:2e:93:8c:90:2a:31:4b:86:a1:a3:d7:37:49:b4:ee:ef:e4:
         a0:17:9a:60:fc:4c:89:44:ef:94:e8:5c:79:7e:5c:95:94:bb:
         59:0d:6f:01:47:75:a2:12:ec:ee:87:a1:5e:ac:de:fc:cc:97:
         0d:74:49:d0:d7:49:b6:d6:38:f3:8d:9f:f2:8e:7c:b1:7d:51:
         0c:bd:e8:94:56:81:98:84:68:a4:06:cc:cf:04:8e:ea:d2:54:
         f5:1e:5d:37
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZaQbbLuHMqx1zLQ5Fj7p4VmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNTAyMDk1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTg0MWZmMzM1MDk4MmUzNzZmZGMwMDIyZjk1M2ZjZWQ4YTk3ZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVZMfQLNawVfr1YaoMuCpk+BQbhU
B3A4+kPEjnXmAiMXmyIIGVvD+8KroKtQK7/ok/mfQsj6XetuRC7bFSGNma9B3Krl
qoOU7ssnuV8uM3gHG4/TKGNXuOmIwmcreVCWW4huXVzUEXigEfIA2myhK+4am1/t
2zb402qpxQcay0EkBgHFbOdZ2FSqcPVuGhhVMPjtmBGg7S8WN5QQ9JKpMrFBkIbk
C+jFRl2iItd+o5crJ0yl7AUhEl4wPhDsG9GT9vPldL4ICuI8QEvcP4dvxom24Jp6
tmvwLu042IBrfU7DEwoRi6yMblXMr5pDTGRxkR5/2O0SUnCVbo+QG+AUZQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIqEH/M1CYLjdv3AAi+VP87YqX3hMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvaW9RZjh6VUpndU4yX2NBQ0w1VV96dGlwZmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALXU0AwQA
LXU2AwQALXuQAwQCZwT4AwQAZzGbAwQBZ8QIAwQAZ9gBAwQAZ9gDMA0GCSqGSIb3
DQEBCwUAA4IBAQBZ4iO8dig7eh/+F0qlavvRYS+/MS+MEwGCSfkDoS925zTvxfso
G7ey762TvgpyUxOzEFaD2PF9XnTijz+Yke1vvHb7V6rtVst4Vbj5JHlrWN/DbR3C
2kuk7MVspba5ILjZmLCoWFr+UWdEiowrRaEfiG78+i2McZ+yf8ZjtjCUHa3grj7O
eci88szmnO1mo5lEPZCcZa9pV8/RX0iaGuLnCobWLpOMkCoxS4aho9c3SbTu7+Sg
F5pg/EyJRO+U6Fx5flyVlLtZDW8BR3WiEuzuh6FerN78zJcNdEnQ10m21jjzjZ/y
jnyxfVEMveiUVoGYhGikBszPBI7q0lT1Hl03
-----END CERTIFICATE-----