Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c5f714-472c-4856-aa4b-9b21b6f6679a/1/BpDDvXn0LWI9hPouZnic-daNvQs.roa
File:                     BpDDvXn0LWI9hPouZnic-daNvQs.roa (raw, json)
Hash identifier:          h9dKWpG2NzjWF5SrjZnpTBK6/HBuJlq2YW1wdSGSEs4=
Subject key identifier:   06:90:C3:BD:79:F4:2D:62:3D:84:FA:2E:66:78:9C:F9:D6:8D:BD:0B
Certificate issuer:       /CN=f4c6b7dd5175be8db7a0522f7d4e41c5c42c6b29
Certificate serial:       0195288951050C31023EFCF10C69BDD3D239
Authority key identifier: F4:C6:B7:DD:51:75:BE:8D:B7:A0:52:2F:7D:4E:41:C5:C4:2C:6B:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Ma33VF1vo23oFIvfU5BxcQsayk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c5f714-472c-4856-aa4b-9b21b6f6679a/1/BpDDvXn0LWI9hPouZnic-daNvQs.roa
Signing time:             Fri 21 Feb 2025 12:44:02 +0000
ROA not before:           Fri 21 Feb 2025 12:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212136
IP address blocks:        5.172.178.0/24 maxlen: 24
                          81.22.46.0/24 maxlen: 24
                          81.22.47.0/24 maxlen: 24
                          176.56.32.0/24 maxlen: 24
                          185.228.248.0/24 maxlen: 24
                          185.247.187.0/24 maxlen: 24
                          194.31.9.0/24 maxlen: 24
                          213.232.254.0/24 maxlen: 24
                          2a10:aa80::/30 maxlen: 30
                          2a10:aa84::/30 maxlen: 30
Validation:               Failed, certificate revoked on Fri 21 Feb 2025 20:16:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:28:89:51:05:0c:31:02:3e:fc:f1:0c:69:bd:d3:d2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4c6b7dd5175be8db7a0522f7d4e41c5c42c6b29
        Validity
            Not Before: Feb 21 12:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0690c3bd79f42d623d84fa2e66789cf9d68dbd0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:37:e7:60:34:31:5e:61:cc:f4:8d:d9:2b:50:
                    12:f1:f5:2e:07:22:c5:22:5c:c8:cc:8d:5a:13:32:
                    3b:62:16:14:4b:53:39:c2:ba:56:69:7e:b3:f9:82:
                    87:8a:4c:de:fc:87:ca:92:2b:fc:19:9f:44:da:df:
                    96:98:96:dc:b4:da:17:5e:35:df:f1:02:43:78:c1:
                    bf:39:99:85:a4:da:0e:51:a0:05:d0:5d:52:cf:bf:
                    f0:c7:9a:16:38:05:4c:69:7a:93:b2:5e:88:21:85:
                    f3:1a:f3:73:9b:d0:bf:d0:52:ed:c7:ae:53:4d:59:
                    f6:c6:cf:33:82:dc:73:23:e8:32:6b:32:65:bf:23:
                    1a:00:4b:e3:03:23:64:d7:7a:b3:41:16:b8:3e:79:
                    99:4b:59:a1:7e:14:17:58:13:c8:3f:61:8d:ee:4b:
                    d5:0e:91:b4:6c:e0:69:94:af:cf:26:0a:df:b6:25:
                    e3:c1:18:4f:68:07:a7:f2:ac:f0:74:c4:3b:b2:23:
                    f8:4c:55:70:06:36:5e:66:18:69:3a:c8:13:d1:3d:
                    f8:5d:62:05:f6:29:d7:c3:93:3b:ce:45:c6:21:36:
                    fe:e2:d1:ee:47:18:c0:f1:da:90:b3:a9:56:f7:a6:
                    52:4a:78:ee:fa:43:bd:53:07:12:93:e5:4b:35:9f:
                    fe:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:90:C3:BD:79:F4:2D:62:3D:84:FA:2E:66:78:9C:F9:D6:8D:BD:0B
            X509v3 Authority Key Identifier:
                keyid:F4:C6:B7:DD:51:75:BE:8D:B7:A0:52:2F:7D:4E:41:C5:C4:2C:6B:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Ma33VF1vo23oFIvfU5BxcQsayk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c5f714-472c-4856-aa4b-9b21b6f6679a/1/BpDDvXn0LWI9hPouZnic-daNvQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c5f714-472c-4856-aa4b-9b21b6f6679a/1/9Ma33VF1vo23oFIvfU5BxcQsayk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.178.0/24
                  81.22.46.0/23
                  176.56.32.0/24
                  185.228.248.0/24
                  185.247.187.0/24
                  194.31.9.0/24
                  213.232.254.0/24
                IPv6:
                  2a10:aa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:5a:72:92:2d:57:16:a4:34:c6:81:78:c9:fe:b1:2a:55:b1:
         3b:3d:9b:c0:17:a1:27:ed:72:e3:5c:7a:0f:ee:47:c9:fb:55:
         e8:2c:e4:4c:ea:06:bd:a8:3a:80:95:af:d3:21:21:a3:08:3f:
         08:e6:9e:66:e0:8e:ae:1a:6a:b1:a0:c8:79:8d:cc:de:e8:dd:
         c7:4a:79:c4:cf:f5:28:b0:4a:6f:13:e5:ba:6d:4a:99:2d:5f:
         df:15:cd:69:72:73:d5:46:f9:06:b9:8e:24:e1:32:31:9a:13:
         6e:c3:c6:88:23:f7:75:a0:30:09:89:99:71:77:c9:f6:55:1d:
         8c:20:ba:54:c8:ca:c0:1f:3e:83:9a:a3:4f:f3:b1:dd:9b:18:
         62:46:b9:bb:55:5e:b5:7a:77:2d:77:48:77:37:45:3c:4c:3e:
         9a:23:f9:66:33:e2:b1:c1:ed:06:f6:9f:37:b1:22:cb:48:f8:
         49:a2:e0:83:a0:e3:15:42:0d:12:66:c5:fe:28:65:60:d8:25:
         cc:e4:6a:a7:2a:a6:11:51:ac:8f:82:77:ca:7b:44:16:38:8f:
         85:87:6c:1c:4b:02:ab:a7:9b:a1:68:68:7e:60:ee:f3:a7:2e:
         45:b8:50:26:f4:2b:d9:80:0f:5e:d1:55:30:c6:6f:8b:01:0f:
         86:f4:43:61
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZUoiVEFDDECPvzxDGm909I5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzZiN2RkNTE3NWJlOGRiN2EwNTIyZjdkNGU0MWM1YzQy
YzZiMjkwHhcNMjUwMjIxMTI0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjkwYzNiZDc5ZjQyZDYyM2Q4NGZhMmU2Njc4OWNmOWQ2OGRiZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DfnYDQxXmHM9I3ZK1AS8fUuByLF
IlzIzI1aEzI7YhYUS1M5wrpWaX6z+YKHikze/IfKkiv8GZ9E2t+WmJbctNoXXjXf
8QJDeMG/OZmFpNoOUaAF0F1Sz7/wx5oWOAVMaXqTsl6IIYXzGvNzm9C/0FLtx65T
TVn2xs8zgtxzI+gyazJlvyMaAEvjAyNk13qzQRa4PnmZS1mhfhQXWBPIP2GN7kvV
DpG0bOBplK/PJgrftiXjwRhPaAen8qzwdMQ7siP4TFVwBjZeZhhpOsgT0T34XWIF
9inXw5M7zkXGITb+4tHuRxjA8dqQs6lW96ZSSnju+kO9UwcSk+VLNZ/+wwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAaQw7159C1iPYT6LmZ4nPnWjb0LMB8GA1UdIwQY
MBaAFPTGt91Rdb6Nt6BSL31OQcXELGspMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1hMzNWRjF2bzIzb0ZJdmZVNUJ4Y1FzYXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNWY3MTQtNDcyYy00ODU2LWFhNGIt
OWIyMWI2ZjY2NzlhLzEvQnBERHZYbjBMV0k5aFBvdVpuaWMtZGFOdlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNWY3MTQtNDcyYy00ODU2LWFhNGItOWIyMWI2ZjY2Nzlh
LzEvOU1hMzNWRjF2bzIzb0ZJdmZVNUJ4Y1FzYXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQABayyAwQB
URYuAwQAsDggAwQAueT4AwQAufe7AwQAwh8JAwQA1ej+MA0EAgACMAcDBQMqEKqA
MA0GCSqGSIb3DQEBCwUAA4IBAQCmWnKSLVcWpDTGgXjJ/rEqVbE7PZvAF6En7XLj
XHoP7kfJ+1XoLORM6ga9qDqAla/TISGjCD8I5p5m4I6uGmqxoMh5jcze6N3HSnnE
z/UosEpvE+W6bUqZLV/fFc1pcnPVRvkGuY4k4TIxmhNuw8aII/d1oDAJiZlxd8n2
VR2MILpUyMrAHz6DmqNP87HdmxhiRrm7VV61enctd0h3N0U8TD6aI/lmM+Kxwe0G
9p83sSLLSPhJouCDoOMVQg0SZsX+KGVg2CXM5GqnKqYRUayPgnfKe0QWOI+Fh2wc
SwKrp5uhaGh+YO7zpy5FuFAm9CvZgA9e0VUwxm+LAQ+G9ENh
-----END CERTIFICATE-----