Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/Y0KJXZXjH-247am5-JAZQ6EOlmA.roa
File:                     Y0KJXZXjH-247am5-JAZQ6EOlmA.roa (raw, json)
Hash identifier:          ZsE5twNBaB+ROy20VoZkYcP7hlWoNn+3JPyW7nFHlXI=
Subject key identifier:   63:42:89:5D:95:E3:1F:ED:B8:ED:A9:B9:F8:90:19:43:A1:0E:96:60
Certificate issuer:       /CN=abbad3de831da94222c1add104caf4c3247689ac
Certificate serial:       01956FEB8155E010B0364B54394C1C495362
Authority key identifier: AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/Y0KJXZXjH-247am5-JAZQ6EOlmA.roa
Signing time:             Fri 07 Mar 2025 09:24:19 +0000
ROA not before:           Fri 07 Mar 2025 09:24:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        212.68.172.0/22 maxlen: 22
                          212.68.172.0/24 maxlen: 24
                          212.68.173.0/24 maxlen: 24
                          212.68.174.0/24 maxlen: 24
                          212.68.175.0/24 maxlen: 24
                          212.68.176.0/22 maxlen: 22
                          212.68.176.0/24 maxlen: 24
                          212.68.177.0/24 maxlen: 24
                          212.68.178.0/24 maxlen: 24
                          212.68.179.0/24 maxlen: 24
                          212.68.180.0/22 maxlen: 22
                          212.68.180.0/24 maxlen: 24
                          212.68.181.0/24 maxlen: 24
                          212.68.182.0/24 maxlen: 24
                          212.68.183.0/24 maxlen: 24
                          212.68.184.0/22 maxlen: 22
                          212.68.184.0/24 maxlen: 24
                          212.68.185.0/24 maxlen: 24
                          212.68.186.0/24 maxlen: 24
                          212.68.187.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 10 Mar 2025 15:22:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:eb:81:55:e0:10:b0:36:4b:54:39:4c:1c:49:53:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abbad3de831da94222c1add104caf4c3247689ac
        Validity
            Not Before: Mar  7 09:24:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6342895d95e31fedb8eda9b9f8901943a10e9660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:82:b6:c9:63:d3:f2:c7:2c:c7:c0:b2:a6:71:
                    13:ee:d6:00:68:80:10:1d:78:a5:73:02:c9:32:50:
                    d0:32:b7:3a:f1:e0:66:58:e5:e4:97:e2:81:69:f9:
                    fd:98:19:0d:71:19:5d:9f:5a:bb:ac:e7:50:f3:e1:
                    c3:c3:66:ca:7d:6b:5b:ef:7a:4a:60:8a:fe:5c:72:
                    d7:d8:5a:7b:b7:24:6d:30:82:c2:1d:66:1d:02:32:
                    fc:59:af:f7:61:81:52:00:5f:a2:cd:a9:da:8a:72:
                    d9:55:9c:99:ff:88:25:b1:fc:21:2d:a2:d4:fd:f8:
                    51:04:37:0d:24:59:5c:b8:2d:c2:79:c6:60:d7:1a:
                    f8:a9:9f:32:bb:de:51:82:72:5e:17:ba:15:ff:78:
                    a2:d5:11:51:87:d5:b5:2e:c2:2b:73:b2:74:6b:62:
                    b2:a8:17:62:0a:52:8f:4d:f9:d5:37:dd:c9:cd:7c:
                    a0:3e:9d:56:67:75:7b:d0:38:27:7a:df:d1:f0:e2:
                    b1:14:6a:28:92:58:38:17:14:b7:eb:c5:09:00:52:
                    bd:6e:c8:1f:1c:e0:49:0c:bd:c2:1a:ed:1d:9e:1f:
                    ef:a6:0f:c4:d5:95:2f:fd:cf:b8:8f:f2:f9:0c:94:
                    3f:f6:ce:68:e4:70:3e:c0:98:7a:4e:ce:e4:c2:6c:
                    58:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:42:89:5D:95:E3:1F:ED:B8:ED:A9:B9:F8:90:19:43:A1:0E:96:60
            X509v3 Authority Key Identifier:
                keyid:AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/Y0KJXZXjH-247am5-JAZQ6EOlmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.172.0-212.68.187.255

    Signature Algorithm: sha256WithRSAEncryption
         a9:f7:3a:1b:2b:de:dd:46:29:8d:19:73:57:43:74:68:bc:86:
         19:1a:29:b3:b0:2e:c2:3a:7c:fc:0d:9e:1c:a9:eb:4e:dc:8b:
         8a:89:f0:07:55:cc:7a:be:0d:53:67:09:48:b6:90:cf:6f:6d:
         e7:0f:18:d4:3e:75:d7:ad:6c:e0:90:34:e2:a5:5b:89:4b:50:
         1c:7e:21:6d:9d:1c:9f:d0:67:5b:9b:f5:1b:22:5b:28:04:96:
         c3:30:5a:1d:88:14:18:d3:ec:99:47:01:1a:26:ba:0c:33:17:
         6d:0f:c6:92:93:90:84:56:f5:c1:94:a6:a4:3e:91:bc:95:8e:
         28:2e:45:04:84:fd:1a:51:09:ab:a0:df:dd:5f:e3:85:b8:36:
         fc:0c:66:a6:bb:05:cb:da:e6:e2:a4:8e:e6:4a:38:67:d0:27:
         9f:23:c2:54:04:24:46:e4:cf:3e:f3:29:27:7c:43:6a:43:76:
         87:71:0f:41:87:f5:88:7d:f8:2f:43:fd:8c:af:bf:25:aa:fc:
         13:0b:e4:9e:21:c3:ee:13:6e:42:77:17:bb:87:7c:98:ed:f8:
         1a:9d:82:65:81:49:56:31:f6:53:fa:6b:8c:72:d9:e9:89:c9:
         a8:3e:ec:18:04:a9:df:7b:20:1f:ff:8e:65:c4:ab:14:35:64:
         19:54:23:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZVv64FV4BCwNktUOUwcSVNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYmFkM2RlODMxZGE5NDIyMmMxYWRkMTA0Y2FmNGMzMjQ3
Njg5YWMwHhcNMjUwMzA3MDkyNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQyODk1ZDk1ZTMxZmVkYjhlZGE5YjlmODkwMTk0M2ExMGU5NjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+YK2yWPT8scsx8CypnET7tYAaIAQ
HXilcwLJMlDQMrc68eBmWOXkl+KBafn9mBkNcRldn1q7rOdQ8+HDw2bKfWtb73pK
YIr+XHLX2Fp7tyRtMILCHWYdAjL8Wa/3YYFSAF+izanainLZVZyZ/4glsfwhLaLU
/fhRBDcNJFlcuC3CecZg1xr4qZ8yu95RgnJeF7oV/3ii1RFRh9W1LsIrc7J0a2Ky
qBdiClKPTfnVN93JzXygPp1WZ3V70Dgnet/R8OKxFGooklg4FxS368UJAFK9bsgf
HOBJDL3CGu0dnh/vpg/E1ZUv/c+4j/L5DJQ/9s5o5HA+wJh6Ts7kwmxYdwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGNCiV2V4x/tuO2pufiQGUOhDpZgMB8GA1UdIwQY
MBaAFKu6096DHalCIsGt0QTK9MMkdomsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDct
NTVjNDM0ZWVjOTZjLzEvWTBLSlhaWGpILTI0N2FtNS1KQVpRNkVPbG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDctNTVjNDM0ZWVjOTZj
LzEvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALURKwD
BALURLgwDQYJKoZIhvcNAQELBQADggEBAKn3Ohsr3t1GKY0Zc1dDdGi8hhkaKbOw
LsI6fPwNnhyp607ci4qJ8AdVzHq+DVNnCUi2kM9vbecPGNQ+ddetbOCQNOKlW4lL
UBx+IW2dHJ/QZ1ub9RsiWygElsMwWh2IFBjT7JlHARomugwzF20PxpKTkIRW9cGU
pqQ+kbyVjiguRQSE/RpRCaug391f44W4NvwMZqa7Bcva5uKkjuZKOGfQJ58jwlQE
JEbkzz7zKSd8Q2pDdodxD0GH9Yh9+C9D/YyvvyWq/BML5J4hw+4TbkJ3F7uHfJjt
+BqdgmWBSVYx9lP6a4xy2emJyag+7BgEqd97IB//jmXEqxQ1ZBlUI4s=
-----END CERTIFICATE-----