Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Xx8PSKc4Dy-ViII6LU4ymJfVRBQ.roa
File:                     Xx8PSKc4Dy-ViII6LU4ymJfVRBQ.roa (raw, json)
Hash identifier:          uQeOAIrO1a2aAHP83fJOV8C1RwVQan6+9vk04VCg/AI=
Subject key identifier:   5F:1F:0F:48:A7:38:0F:2F:95:88:82:3A:2D:4E:32:98:97:D5:44:14
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       01965C2943DEACACCEECEBDFAB5B57C81FC5
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Xx8PSKc4Dy-ViII6LU4ymJfVRBQ.roa
Signing time:             Tue 22 Apr 2025 06:22:10 +0000
ROA not before:           Tue 22 Apr 2025 06:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        85.115.208.0/23 maxlen: 24
                          85.115.210.0/23 maxlen: 24
                          85.115.210.0/24 maxlen: 24
                          213.145.66.0/24 maxlen: 24
                          213.145.68.0/23 maxlen: 23
                          213.145.68.0/24 maxlen: 24
                          213.145.70.0/23 maxlen: 24
                          213.145.71.0/24 maxlen: 24
                          213.145.72.0/21 maxlen: 24
                          213.145.82.0/23 maxlen: 24
                          213.145.82.0/24 maxlen: 24
                          213.145.83.0/24 maxlen: 24
                          213.145.84.0/23 maxlen: 23
                          213.145.86.0/23 maxlen: 23
                          213.145.88.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 05:45:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:29:43:de:ac:ac:ce:ec:eb:df:ab:5b:57:c8:1f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Apr 22 06:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f1f0f48a7380f2f9588823a2d4e329897d54414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b6:81:ab:ef:c1:57:81:ca:01:dd:9d:7c:b5:
                    9c:0f:16:7e:7d:41:fb:34:5d:de:62:be:4b:11:11:
                    7c:3f:cd:66:7f:38:c8:85:83:b7:c2:a2:7b:62:4e:
                    2a:2e:ab:6c:57:25:2c:20:2c:ec:4a:f5:cf:9b:d9:
                    91:51:3c:21:a1:77:c5:c9:fb:5b:09:c5:37:84:b7:
                    76:15:70:e4:6b:cc:7e:d9:3a:ce:c8:27:54:5c:19:
                    95:be:4b:cc:9a:2d:c7:09:4a:62:00:cc:7c:99:24:
                    ad:d9:17:c8:ac:5b:09:46:9c:e8:60:b0:cd:58:80:
                    c8:8c:50:9a:6a:51:81:f3:f9:20:cb:09:04:2c:89:
                    2a:35:17:e2:d3:43:c3:18:ee:c7:93:c6:39:79:be:
                    15:a1:19:42:58:82:1d:64:57:84:15:af:02:cb:7d:
                    67:09:5d:c6:9c:bc:7e:91:36:37:1c:6a:63:84:8f:
                    dd:69:2d:4c:00:f1:01:a8:97:97:85:f6:cc:37:1e:
                    61:f8:7b:61:77:62:fd:6e:7d:fb:ba:d0:3e:5e:a4:
                    f0:33:de:39:55:32:b1:c4:c3:07:51:59:0c:14:7c:
                    50:76:d7:ae:e7:7c:f9:98:c9:79:51:c4:0f:b0:f9:
                    e0:d2:06:c2:e2:a8:04:1b:32:8e:3f:81:9e:95:1f:
                    74:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1F:0F:48:A7:38:0F:2F:95:88:82:3A:2D:4E:32:98:97:D5:44:14
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Xx8PSKc4Dy-ViII6LU4ymJfVRBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.208.0/22
                  213.145.66.0/24
                  213.145.68.0-213.145.79.255
                  213.145.82.0-213.145.89.255

    Signature Algorithm: sha256WithRSAEncryption
         5f:7a:37:9c:4b:48:9a:c8:18:57:93:5d:c3:c4:4d:da:e8:fe:
         fd:8c:97:fd:e0:b3:24:46:b4:c7:21:a4:bd:a8:88:ce:da:48:
         0a:04:b9:31:a4:a2:81:62:df:9f:86:db:0e:59:42:9a:cb:bb:
         2d:c8:e4:df:5f:72:a6:59:57:dc:63:7e:85:85:0d:b8:ec:0a:
         04:a7:0b:db:ea:33:57:20:31:66:c6:fd:50:c1:a4:db:6d:71:
         18:d3:74:e5:68:b3:97:05:d9:3c:24:65:8c:de:63:34:b5:8f:
         a3:96:b2:1a:9e:27:f5:7a:23:70:9c:d3:f5:7d:e7:74:c7:4a:
         a1:29:3b:be:57:e4:96:5c:c4:d4:75:b7:d1:04:f2:25:b7:af:
         b5:aa:d9:e4:5e:d2:2b:eb:06:e2:2a:0b:21:2b:fb:26:de:da:
         4e:56:59:98:5e:fc:8c:0b:ef:d8:94:49:8f:2d:52:85:ac:b9:
         38:07:e3:86:56:bb:63:2d:43:38:8e:24:b0:c2:02:7d:ef:ce:
         f0:86:e8:5c:e0:13:0c:4f:a4:25:48:fd:dc:48:ae:18:a8:2a:
         55:b8:00:eb:62:02:0d:2d:a0:3f:2a:7b:ec:e7:90:3c:90:8b:
         55:db:5e:2d:ca:2c:5e:7e:9a:1d:5e:ab:8a:91:8c:0a:8e:fa:
         e4:29:cc:2a
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZZcKUPerKzO7Ovfq1tXyB/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwNDIyMDYyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFmMGY0OGE3MzgwZjJmOTU4ODgyM2EyZDRlMzI5ODk3ZDU0NDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLaBq+/BV4HKAd2dfLWcDxZ+fUH7
NF3eYr5LERF8P81mfzjIhYO3wqJ7Yk4qLqtsVyUsICzsSvXPm9mRUTwhoXfFyftb
CcU3hLd2FXDka8x+2TrOyCdUXBmVvkvMmi3HCUpiAMx8mSSt2RfIrFsJRpzoYLDN
WIDIjFCaalGB8/kgywkELIkqNRfi00PDGO7Hk8Y5eb4VoRlCWIIdZFeEFa8Cy31n
CV3GnLx+kTY3HGpjhI/daS1MAPEBqJeXhfbMNx5h+Hthd2L9bn37utA+XqTwM945
VTKxxMMHUVkMFHxQdteu53z5mMl5UcQPsPng0gbC4qgEGzKOP4GelR902QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFF8fD0inOA8vlYiCOi1OMpiX1UQUMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvWHg4UFNLYzREeS1WaUlJNkxVNHltSmZWUkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXPQAwQA
1ZFCMAwDBALVkUQDBATVkUAwDAMEAdWRUgMEAdWRWDANBgkqhkiG9w0BAQsFAAOC
AQEAX3o3nEtImsgYV5Ndw8RN2uj+/YyX/eCzJEa0xyGkvaiIztpICgS5MaSigWLf
n4bbDllCmsu7Lcjk319ypllX3GN+hYUNuOwKBKcL2+ozVyAxZsb9UMGk221xGNN0
5WizlwXZPCRljN5jNLWPo5ayGp4n9XojcJzT9X3ndMdKoSk7vlfkllzE1HW30QTy
JbevtarZ5F7SK+sG4ioLISv7Jt7aTlZZmF78jAvv2JRJjy1Shay5OAfjhla7Yy1D
OI4ksMICfe/O8IboXOATDE+kJUj93EiuGKgqVbgA62ICDS2gPyp77OeQPJCLVdte
LcosXn6aHV6ripGMCo765CnMKg==
-----END CERTIFICATE-----