Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/_ZXoI7qAYmqGHK4fOxuuBRIhqyg.roa
File:                     _ZXoI7qAYmqGHK4fOxuuBRIhqyg.roa (raw, json)
Hash identifier:          W+cJBdr2Fu2jPcYBBi5VAdlYcRjaGY9E3U4SGmcfank=
Subject key identifier:   FD:95:E8:23:BA:80:62:6A:86:1C:AE:1F:3B:1B:AE:05:12:21:AB:28
Certificate issuer:       /CN=1acbdd00d27b8a8befc866caf378f19027684769
Certificate serial:       01956AEBD19C3CD5AC7C2E4B15A085C7BD8E
Authority key identifier: 1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/_ZXoI7qAYmqGHK4fOxuuBRIhqyg.roa
Signing time:             Thu 06 Mar 2025 10:06:34 +0000
ROA not before:           Thu 06 Mar 2025 10:06:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35717
IP address blocks:        185.12.48.0/22 maxlen: 24
                          185.114.4.0/22 maxlen: 24
                          185.128.236.0/23 maxlen: 23
                          185.129.44.0/22 maxlen: 24
                          185.199.40.0/22 maxlen: 24
                          193.36.45.0/24 maxlen: 24
                          195.137.184.0/24 maxlen: 24
                          195.200.195.0/24 maxlen: 24
                          2a03:7fc0::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 06 Mar 2025 10:07:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:eb:d1:9c:3c:d5:ac:7c:2e:4b:15:a0:85:c7:bd:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acbdd00d27b8a8befc866caf378f19027684769
        Validity
            Not Before: Mar  6 10:06:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd95e823ba80626a861cae1f3b1bae051221ab28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:31:f4:0e:ce:d2:cd:99:0d:89:ab:1d:d0:41:
                    74:e7:74:6e:ab:73:08:50:9f:fd:5e:de:75:74:03:
                    28:b0:c1:fe:a2:96:a2:5d:5e:54:a0:f7:1a:23:f1:
                    0d:29:ac:21:6e:65:47:bc:d0:52:4b:f6:9c:f0:c0:
                    cd:d1:98:97:e6:b2:b9:d0:d7:67:59:37:7f:a2:ac:
                    02:bd:13:de:46:1c:e1:ba:76:3f:c3:c6:c9:a5:df:
                    d1:ac:3f:13:10:6c:ad:20:cc:3f:f5:75:49:da:db:
                    57:19:e7:e5:42:ba:b9:70:5c:da:2f:3a:9c:d8:4a:
                    a9:7f:7f:5a:bc:a1:83:f9:a1:4e:63:c6:7f:80:0b:
                    03:c3:04:0a:92:69:fc:21:91:dc:d0:89:cd:0b:52:
                    b5:5a:ca:19:15:9c:6c:ce:14:59:e8:a6:fb:c9:d4:
                    8c:99:e7:cf:7c:37:02:5b:8a:d3:92:72:02:b0:0f:
                    e0:f8:18:ae:ea:67:cf:3c:a7:94:11:dc:9c:4c:68:
                    1d:75:10:9f:2e:a3:0d:9a:6c:92:88:67:ef:3b:b3:
                    53:0a:60:ec:e4:af:f4:18:d8:3f:2a:a0:57:61:61:
                    68:3d:07:75:a1:03:42:95:4f:f8:2a:3d:b7:8a:b2:
                    9d:59:bb:6e:17:cc:e9:18:6e:ed:61:47:b9:ae:95:
                    0c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:95:E8:23:BA:80:62:6A:86:1C:AE:1F:3B:1B:AE:05:12:21:AB:28
            X509v3 Authority Key Identifier:
                keyid:1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/_ZXoI7qAYmqGHK4fOxuuBRIhqyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.48.0/22
                  185.114.4.0/22
                  185.128.236.0/23
                  185.129.44.0/22
                  185.199.40.0/22
                  193.36.45.0/24
                  195.137.184.0/24
                  195.200.195.0/24
                IPv6:
                  2a03:7fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:67:dc:97:b9:b1:66:18:a6:82:d2:06:32:1a:ab:4b:ec:39:
         c9:2b:eb:a9:0b:ae:9e:76:0b:8a:26:44:38:6a:6e:7f:bd:de:
         11:b2:77:cb:af:ac:48:a3:72:af:c0:6f:a3:1e:8f:53:cc:c4:
         79:82:bf:30:45:12:8b:61:ae:fb:f7:41:36:b9:3e:37:a0:97:
         e9:3f:c6:e2:0a:d9:76:c1:02:86:cb:a3:f6:8c:c5:60:bc:02:
         f9:f4:22:a8:1e:a6:48:77:bc:18:a8:3a:b5:47:21:66:11:0e:
         54:a2:7f:64:5b:e1:6d:ba:6e:75:8f:a7:02:14:d8:fa:7a:e8:
         6f:d0:d8:9f:68:d6:8d:49:47:a7:ae:3e:17:5f:47:b2:2a:51:
         ab:4c:2c:46:a3:76:4b:ec:83:2b:3d:dd:65:90:bb:e5:04:e0:
         75:f6:71:cc:5a:8f:bc:d6:6c:be:b9:9a:32:86:8b:2b:ab:ba:
         61:51:26:98:75:bd:fc:92:da:6f:a7:5b:00:2f:ad:e0:68:01:
         0b:97:f8:75:cb:7f:18:e6:ab:ea:eb:3b:3b:c4:6d:76:65:cb:
         09:56:ca:bb:02:d9:29:f5:59:82:6a:7b:5b:04:08:6d:94:9c:
         9a:f2:15:df:b2:fc:a7:5c:1e:e2:47:82:2f:be:ea:23:7d:77:
         8c:1f:a7:ab
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZVq69GcPNWsfC5LFaCFx72OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2JkZDAwZDI3YjhhOGJlZmM4NjZjYWYzNzhmMTkwMjc2
ODQ3NjkwHhcNMjUwMzA2MTAwNjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDk1ZTgyM2JhODA2MjZhODYxY2FlMWYzYjFiYWUwNTEyMjFhYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DH0Ds7SzZkNiasd0EF053Ruq3MI
UJ/9Xt51dAMosMH+opaiXV5UoPcaI/ENKawhbmVHvNBSS/ac8MDN0ZiX5rK50Ndn
WTd/oqwCvRPeRhzhunY/w8bJpd/RrD8TEGytIMw/9XVJ2ttXGeflQrq5cFzaLzqc
2Eqpf39avKGD+aFOY8Z/gAsDwwQKkmn8IZHc0InNC1K1WsoZFZxszhRZ6Kb7ydSM
mefPfDcCW4rTknICsA/g+Biu6mfPPKeUEdycTGgddRCfLqMNmmySiGfvO7NTCmDs
5K/0GNg/KqBXYWFoPQd1oQNClU/4Kj23irKdWbtuF8zpGG7tYUe5rpUMAwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFP2V6CO6gGJqhhyuHzsbrgUSIasoMB8GA1UdIwQY
MBaAFBrL3QDSe4qL78hmyvN48ZAnaEdpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQt
OWY5NTM2YmIyYzM3LzEvX1pYb0k3cUFZbXFHSEs0Zk94dXVCUklocXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQtOWY5NTM2YmIyYzM3
LzEvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCuQwwAwQC
uXIEAwQBuYDsAwQCuYEsAwQCuccoAwQAwSQtAwQAw4m4AwQAw8jDMA0EAgACMAcD
BQAqA3/AMA0GCSqGSIb3DQEBCwUAA4IBAQABZ9yXubFmGKaC0gYyGqtL7DnJK+up
C66edguKJkQ4am5/vd4RsnfLr6xIo3KvwG+jHo9TzMR5gr8wRRKLYa7790E2uT43
oJfpP8biCtl2wQKGy6P2jMVgvAL59CKoHqZId7wYqDq1RyFmEQ5Uon9kW+Ftum51
j6cCFNj6euhv0NifaNaNSUenrj4XX0eyKlGrTCxGo3ZL7IMrPd1lkLvlBOB19nHM
Wo+81my+uZoyhosrq7phUSaYdb38ktpvp1sAL63gaAELl/h1y38Y5qvq6zs7xG12
ZcsJVsq7Atkp9VmCantbBAhtlJya8hXfsvynXB7iR4IvvuojfXeMH6er
-----END CERTIFICATE-----