Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/ERRnJeQi_UuFeSl0_pnvQ5j2D7g.roa
File:                     ERRnJeQi_UuFeSl0_pnvQ5j2D7g.roa (raw, json)
Hash identifier:          CZuBFoDM5g8AMYAKp34hQKFSXM6Xetqxlou0GcyJ9zo=
Subject key identifier:   11:14:67:25:E4:22:FD:4B:85:79:29:74:FE:99:EF:43:98:F6:0F:B8
Certificate issuer:       /CN=82b2e0d00dd771a9e4d60bbf4be52114ea77db03
Certificate serial:       01980F03DF8A3DD93814DBFAF3A6DEF7AACE
Authority key identifier: 82:B2:E0:D0:0D:D7:71:A9:E4:D6:0B:BF:4B:E5:21:14:EA:77:DB:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grLg0A3Xcank1gu_S-UhFOp32wM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/ERRnJeQi_UuFeSl0_pnvQ5j2D7g.roa
Signing time:             Tue 15 Jul 2025 16:56:08 +0000
ROA not before:           Tue 15 Jul 2025 16:56:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207551
IP address blocks:        89.35.53.0/24 maxlen: 24
                          117.55.199.0/24 maxlen: 24
                          194.54.146.0/24 maxlen: 24
                          194.164.87.0/24 maxlen: 24
                          202.181.153.0/24 maxlen: 24
                          203.28.15.0/24 maxlen: 24
                          212.6.53.0/24 maxlen: 24
                          2a10:2080::/29 maxlen: 29
                          2a10:2080::/48 maxlen: 48
                          2a10:2080:1::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 25 Jul 2025 14:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0f:03:df:8a:3d:d9:38:14:db:fa:f3:a6:de:f7:aa:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82b2e0d00dd771a9e4d60bbf4be52114ea77db03
        Validity
            Not Before: Jul 15 16:56:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11146725e422fd4b85792974fe99ef4398f60fb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a9:70:af:f7:bc:3f:6f:98:c9:0d:0f:6f:78:
                    9e:92:52:4a:d2:e9:3c:54:f1:d5:02:b1:a8:ff:c9:
                    a1:df:47:fc:01:28:d3:34:47:c8:2f:8c:82:28:d7:
                    8c:a7:ab:b7:81:13:83:a0:25:f4:2d:95:77:a9:a6:
                    da:42:27:0c:3c:75:72:5a:25:63:4a:55:e8:39:e5:
                    2f:50:1a:9a:0e:06:8c:be:f5:15:0e:5e:d7:0d:a0:
                    eb:af:08:f1:8b:b1:89:1d:a0:7d:bc:0d:69:78:fa:
                    be:98:44:f0:3b:c6:7e:2b:6d:99:34:b1:bb:47:60:
                    2e:6b:46:07:75:ab:27:2b:89:ac:96:48:bd:dc:cd:
                    6c:5a:f2:3f:54:62:27:f4:6b:cc:70:fd:a1:d4:98:
                    de:e9:ea:77:8a:11:c6:28:4e:3a:54:b3:a7:ee:71:
                    32:0d:ad:63:1f:6f:b4:e4:71:e6:fd:a3:c3:b4:38:
                    f2:c0:b2:61:d2:a8:8f:cd:c0:2d:8a:ca:c8:ce:e8:
                    b8:21:e8:a9:e2:d1:f5:00:a6:e0:18:0b:61:bf:2f:
                    07:ee:91:ec:80:f6:af:a9:a4:34:c3:bc:14:b7:0c:
                    61:06:17:ec:69:6c:82:d0:2f:02:ff:39:58:26:c8:
                    2a:82:cc:5b:78:6d:a5:26:43:a4:34:5a:89:86:1a:
                    ba:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:14:67:25:E4:22:FD:4B:85:79:29:74:FE:99:EF:43:98:F6:0F:B8
            X509v3 Authority Key Identifier:
                keyid:82:B2:E0:D0:0D:D7:71:A9:E4:D6:0B:BF:4B:E5:21:14:EA:77:DB:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grLg0A3Xcank1gu_S-UhFOp32wM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/ERRnJeQi_UuFeSl0_pnvQ5j2D7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/3794b1-ca7f-4a57-8b7b-06d3c4e63c20/1/grLg0A3Xcank1gu_S-UhFOp32wM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.53.0/24
                  117.55.199.0/24
                  194.54.146.0/24
                  194.164.87.0/24
                  202.181.153.0/24
                  203.28.15.0/24
                  212.6.53.0/24
                IPv6:
                  2a10:2080::/29

    Signature Algorithm: sha256WithRSAEncryption
         d2:e3:97:43:92:e8:95:5c:f3:fc:9e:b7:dc:69:2d:ae:6d:f2:
         68:9e:d4:91:6f:12:47:1a:12:b9:26:98:e7:dc:a9:8b:66:29:
         4d:e5:49:54:d4:e1:45:c2:e7:2b:2c:f3:c3:93:5c:4b:9b:cd:
         91:66:13:62:78:4f:b1:c8:65:ba:64:68:3f:aa:94:96:34:1e:
         c6:3b:87:89:63:da:ee:0a:7f:d7:97:da:62:e9:91:6b:7e:73:
         07:ee:d1:f8:7f:23:1a:51:3b:03:f5:c3:2c:f8:65:b3:cb:9a:
         44:ce:36:dc:b1:6c:03:7e:51:56:24:ae:04:3d:c9:d5:5b:f8:
         e8:26:69:57:5d:85:79:87:59:5c:02:ad:89:73:85:c2:e1:10:
         6a:74:ca:0a:75:f3:ac:c3:fd:d4:82:33:58:80:d2:a4:36:8b:
         28:0a:ce:ab:de:52:b9:31:18:37:33:0c:e3:01:b5:5a:af:3c:
         c0:05:ca:ef:d6:4e:60:50:98:ba:0f:52:f3:5c:b8:5e:f1:8b:
         e3:e5:b7:0f:cb:e4:56:bf:71:37:ae:c8:0d:da:4f:13:09:b4:
         e5:98:49:2f:c2:74:7e:0e:60:de:1f:a1:ca:ea:2d:25:16:d0:
         25:55:9d:1b:c7:3b:2b:d0:2f:30:11:c0:48:96:38:08:96:25:
         5c:45:a1:8e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZgPA9+KPdk4FNv686be96rOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjJlMGQwMGRkNzcxYTllNGQ2MGJiZjRiZTUyMTE0ZWE3
N2RiMDMwHhcNMjUwNzE1MTY1NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE0NjcyNWU0MjJmZDRiODU3OTI5NzRmZTk5ZWY0Mzk4ZjYwZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAualwr/e8P2+YyQ0Pb3ieklJK0uk8
VPHVArGo/8mh30f8ASjTNEfIL4yCKNeMp6u3gRODoCX0LZV3qabaQicMPHVyWiVj
SlXoOeUvUBqaDgaMvvUVDl7XDaDrrwjxi7GJHaB9vA1pePq+mETwO8Z+K22ZNLG7
R2Aua0YHdasnK4mslki93M1sWvI/VGIn9GvMcP2h1Jje6ep3ihHGKE46VLOn7nEy
Da1jH2+05HHm/aPDtDjywLJh0qiPzcAtisrIzui4Ieip4tH1AKbgGAthvy8H7pHs
gPavqaQ0w7wUtwxhBhfsaWyC0C8C/zlYJsgqgsxbeG2lJkOkNFqJhhq69QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBEUZyXkIv1LhXkpdP6Z70OY9g+4MB8GA1UdIwQY
MBaAFIKy4NAN13Gp5NYLv0vlIRTqd9sDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JMZzBBM1hjYW5rMWd1X1MtVWhGT3AzMndNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8zNzk0YjEtY2E3Zi00YTU3LThiN2It
MDZkM2M0ZTYzYzIwLzEvRVJSbkplUWlfVXVGZVNsMF9wbnZRNWoyRDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8zNzk0YjEtY2E3Zi00YTU3LThiN2ItMDZkM2M0ZTYzYzIw
LzEvZ3JMZzBBM1hjYW5rMWd1X1MtVWhGT3AzMndNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAWSM1AwQA
dTfHAwQAwjaSAwQAwqRXAwQAyrWZAwQAyxwPAwQA1AY1MA0EAgACMAcDBQMqECCA
MA0GCSqGSIb3DQEBCwUAA4IBAQDS45dDkuiVXPP8nrfcaS2ubfJontSRbxJHGhK5
Jpjn3KmLZilN5UlU1OFFwucrLPPDk1xLm82RZhNieE+xyGW6ZGg/qpSWNB7GO4eJ
Y9ruCn/Xl9pi6ZFrfnMH7tH4fyMaUTsD9cMs+GWzy5pEzjbcsWwDflFWJK4EPcnV
W/joJmlXXYV5h1lcAq2Jc4XC4RBqdMoKdfOsw/3UgjNYgNKkNosoCs6r3lK5MRg3
MwzjAbVarzzABcrv1k5gUJi6D1LzXLhe8Yvj5bcPy+RWv3E3rsgN2k8TCbTlmEkv
wnR+DmDeH6HK6i0lFtAlVZ0bxzsr0C8wEcBIljgIliVcRaGO
-----END CERTIFICATE-----