Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/zcGl8icsteX2hs2mEwk9D9_s-PA.roa
File:                     zcGl8icsteX2hs2mEwk9D9_s-PA.roa (raw, json)
Hash identifier:          aN3lbhSfimVoF7LHAVGsTZaQC/xlkumR3vP/gg/n/BA=
Subject key identifier:   CD:C1:A5:F2:27:2C:B5:E5:F6:86:CD:A6:13:09:3D:0F:DF:EC:F8:F0
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0197F936F980158FC9B9450F9A9A5F7855B1
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/zcGl8icsteX2hs2mEwk9D9_s-PA.roa
Signing time:             Fri 11 Jul 2025 11:20:19 +0000
ROA not before:           Fri 11 Jul 2025 11:20:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34879
IP address blocks:        212.193.144.0/24 maxlen: 24
                          212.193.145.0/24 maxlen: 24
                          212.193.146.0/23 maxlen: 23
                          212.193.148.0/23 maxlen: 24
                          212.193.148.0/24 maxlen: 24
                          212.193.149.0/24 maxlen: 24
                          212.193.150.0/23 maxlen: 24
                          212.193.150.0/24 maxlen: 24
                          212.193.151.0/24 maxlen: 24
                          212.193.155.0/24 maxlen: 24
                          212.193.156.0/23 maxlen: 24
                          212.193.156.0/24 maxlen: 24
                          212.193.157.0/24 maxlen: 24
                          212.193.158.0/24 maxlen: 24
                          212.193.159.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 16 Jul 2025 13:49:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:36:f9:80:15:8f:c9:b9:45:0f:9a:9a:5f:78:55:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Jul 11 11:20:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdc1a5f2272cb5e5f686cda613093d0fdfecf8f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a2:2b:d9:57:a0:da:3d:12:5d:f0:cd:9e:b1:
                    40:d0:21:7f:89:a9:04:5f:f6:1e:52:5b:e6:5f:94:
                    39:86:1f:93:27:4f:da:a8:fd:69:43:9f:c8:02:0a:
                    18:2d:8c:f5:6e:36:28:1f:bf:fd:13:d4:1b:9a:e1:
                    fd:25:d3:73:45:1f:17:f6:4f:86:7d:23:93:c5:b8:
                    f1:2c:c7:f4:3f:79:e1:75:ed:5b:47:58:04:32:f4:
                    22:da:cd:3e:71:81:3d:9d:40:d3:cc:f6:58:19:3d:
                    7c:b2:84:0e:61:d8:11:ed:9b:c5:17:0b:66:0a:64:
                    82:f6:15:1a:e6:a3:fc:90:58:f5:d7:da:d1:59:85:
                    79:06:4c:ad:52:83:40:7d:b5:4d:5d:fc:c2:91:b6:
                    50:94:81:cc:7d:48:86:fd:f6:10:0c:18:23:1b:dd:
                    4c:9b:40:67:14:7f:8c:c6:bf:df:9c:c7:23:b5:99:
                    76:39:69:18:52:52:8a:30:fe:a6:03:51:cd:63:fa:
                    42:16:e0:9c:a5:ed:ef:f4:f9:00:73:be:54:c0:6b:
                    22:0b:c6:1d:36:31:68:4a:89:90:ef:c3:22:37:b6:
                    dd:bc:17:8c:3e:8f:be:48:05:fe:d6:d8:d7:c9:80:
                    0c:c0:b5:ef:b1:c4:a1:34:8e:6e:fd:14:3a:af:d2:
                    9c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:C1:A5:F2:27:2C:B5:E5:F6:86:CD:A6:13:09:3D:0F:DF:EC:F8:F0
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/zcGl8icsteX2hs2mEwk9D9_s-PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.144.0/21
                  212.193.155.0-212.193.159.255

    Signature Algorithm: sha256WithRSAEncryption
         b2:03:75:8f:1e:0d:40:1a:69:d8:42:ae:33:dd:d1:ce:45:42:
         82:07:40:91:e4:f8:19:85:bf:eb:04:1e:99:b3:e6:bd:34:ef:
         a8:65:19:7a:6e:f0:b5:23:5d:a2:26:07:4a:62:aa:6b:56:5e:
         fb:42:86:5b:bd:d8:77:2c:ab:d3:3e:63:f0:a6:6c:fb:e5:55:
         e1:65:d5:54:2d:f2:3d:0d:ad:f6:8d:61:e7:07:09:71:45:64:
         e5:21:a5:fa:ab:5f:82:25:00:90:d1:a0:43:c9:4c:08:ba:1c:
         f0:08:b3:2c:b5:9e:99:1c:bc:86:e6:39:33:cc:e8:3c:fb:8c:
         73:0d:a7:11:bc:25:6c:3e:fe:52:11:7e:ee:67:ac:50:b7:e6:
         bd:fe:72:3f:dd:80:6f:da:f9:13:eb:d9:33:5a:bd:0f:65:bd:
         72:46:91:12:dd:a7:3d:ee:cb:5e:6c:6e:27:28:09:df:92:10:
         6f:b8:90:c2:f3:ad:52:0f:83:25:30:22:47:37:51:53:fd:d5:
         ab:dd:50:7d:e0:7a:f6:0f:09:e7:bf:fb:88:3c:73:8b:2a:08:
         b1:b6:cd:62:85:45:3c:7b:56:0b:47:fd:d1:e7:39:3f:19:b0:
         f9:75:eb:92:2b:76:dc:ba:2b:23:51:2b:87:92:b2:b5:7a:a8:
         9e:05:f6:83
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZf5NvmAFY/JuUUPmppfeFWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjUwNzExMTEyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGMxYTVmMjI3MmNiNWU1ZjY4NmNkYTYxMzA5M2QwZmRmZWNmOGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKIr2Veg2j0SXfDNnrFA0CF/iakE
X/YeUlvmX5Q5hh+TJ0/aqP1pQ5/IAgoYLYz1bjYoH7/9E9QbmuH9JdNzRR8X9k+G
fSOTxbjxLMf0P3nhde1bR1gEMvQi2s0+cYE9nUDTzPZYGT18soQOYdgR7ZvFFwtm
CmSC9hUa5qP8kFj119rRWYV5BkytUoNAfbVNXfzCkbZQlIHMfUiG/fYQDBgjG91M
m0BnFH+Mxr/fnMcjtZl2OWkYUlKKMP6mA1HNY/pCFuCcpe3v9PkAc75UwGsiC8Yd
NjFoSomQ78MiN7bdvBeMPo++SAX+1tjXyYAMwLXvscShNI5u/RQ6r9Kc5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFM3BpfInLLXl9obNphMJPQ/f7PjwMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvemNHbDhpY3N0ZVgyaHMybUV3azlEOV9zLVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQD1MGQMAwD
BADUwZsDBAXUwYAwDQYJKoZIhvcNAQELBQADggEBALIDdY8eDUAaadhCrjPd0c5F
QoIHQJHk+BmFv+sEHpmz5r0076hlGXpu8LUjXaImB0piqmtWXvtChlu92Hcsq9M+
Y/CmbPvlVeFl1VQt8j0NrfaNYecHCXFFZOUhpfqrX4IlAJDRoEPJTAi6HPAIsyy1
npkcvIbmOTPM6Dz7jHMNpxG8JWw+/lIRfu5nrFC35r3+cj/dgG/a+RPr2TNavQ9l
vXJGkRLdpz3uy15sbicoCd+SEG+4kMLzrVIPgyUwIkc3UVP91avdUH3gevYPCee/
+4g8c4sqCLG2zWKFRTx7VgtH/dHnOT8ZsPl165Irdty6KyNRK4eSsrV6qJ4F9oM=
-----END CERTIFICATE-----