Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/PZaZZD1T46zhptiTt7E7WM9E5bI.roa
File:                     PZaZZD1T46zhptiTt7E7WM9E5bI.roa (raw, json)
Hash identifier:          JiRV1n6HN9+PkA+XDCsIkvm9QOb7mlBbGM6HsaQMXnM=
Subject key identifier:   3D:96:99:64:3D:53:E3:AC:E1:A6:D8:93:B7:B1:3B:58:CF:44:E5:B2
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       01941C67E7689ADAA9926BE067667EE418E6
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/PZaZZD1T46zhptiTt7E7WM9E5bI.roa
Signing time:             Tue 31 Dec 2024 11:09:19 +0000
ROA not before:           Tue 31 Dec 2024 11:09:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        2a12:5940::/32 maxlen: 32
                          2a12:5940:1::/48 maxlen: 48
                          2a12:5940:1000::/36 maxlen: 36
                          2a12:5940:2000::/36 maxlen: 36
                          2a12:5940:3000::/36 maxlen: 36
                          2a12:5940:4000::/36 maxlen: 36
                          2a12:5940:5000::/36 maxlen: 36
                          2a12:5940:6000::/36 maxlen: 36
                          2a12:5940:7000::/36 maxlen: 36
                          2a12:5940:8000::/36 maxlen: 36
                          2a12:5940:9000::/36 maxlen: 36
                          2a12:5940:a000::/36 maxlen: 36
                          2a12:5940:b000::/36 maxlen: 36
                          2a12:5940:c000::/36 maxlen: 36
                          2a12:5940:d000::/36 maxlen: 36
                          2a12:5940:d000::/48 maxlen: 48
                          2a12:5940:e000::/36 maxlen: 36
                          2a12:5940:f000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 07:47:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:67:e7:68:9a:da:a9:92:6b:e0:67:66:7e:e4:18:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Dec 31 11:09:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d9699643d53e3ace1a6d893b7b13b58cf44e5b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:32:67:28:b6:bb:0a:e7:2b:33:2c:15:b4:
                    8e:e3:de:41:50:bc:e2:5e:36:02:11:71:dc:ba:d7:
                    71:95:6a:b0:c3:a4:5e:a3:81:c3:c3:f8:f9:2a:f3:
                    3d:47:30:d1:50:73:d5:2a:2f:6c:92:83:24:08:ab:
                    dc:96:f3:77:ed:e3:fc:b4:f8:91:e2:cd:0a:1c:f9:
                    4e:35:00:92:60:80:79:dc:72:5f:76:de:0c:6d:b6:
                    b5:fc:71:c8:a6:8a:85:b4:89:3a:f7:07:47:5d:3c:
                    cc:e5:74:80:88:97:a3:94:88:99:a0:92:76:a3:02:
                    65:a4:f9:8b:11:27:e8:d6:16:cd:80:bb:70:a6:bc:
                    7e:e5:ab:74:01:43:45:8a:58:f3:ad:64:26:8a:51:
                    8a:5f:b7:0b:3d:bf:36:26:be:4d:43:9f:56:8f:af:
                    5a:b1:24:5f:fe:ba:50:6d:8d:d9:9b:ae:fb:d9:f5:
                    8f:06:e4:22:ca:4b:ac:0d:13:33:63:b4:31:72:43:
                    26:a6:59:f1:5d:30:d0:ec:02:6f:94:59:ea:ba:93:
                    11:9a:04:df:2e:d8:71:dd:34:e2:bc:6d:ca:70:de:
                    c9:b6:cc:7a:5e:86:65:37:ab:f0:d9:9f:2c:9e:c5:
                    0b:2e:63:e9:fe:a2:54:11:0c:a5:69:dd:3f:5c:eb:
                    9d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:96:99:64:3D:53:E3:AC:E1:A6:D8:93:B7:B1:3B:58:CF:44:E5:B2
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/PZaZZD1T46zhptiTt7E7WM9E5bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5940::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:ef:c9:10:42:0a:e9:67:f3:81:23:eb:a2:61:2d:b1:34:ba:
         c7:2d:eb:bb:74:bd:aa:72:3d:f2:46:85:29:3b:9a:b6:9f:50:
         6e:6f:ca:df:a1:81:20:c1:11:ff:d4:6b:93:e9:2c:49:4d:70:
         36:3c:3c:40:3f:1d:f6:4d:9c:b2:1c:17:a1:cd:b9:98:e5:ba:
         5a:62:f9:f8:c2:73:ed:fc:a9:12:ad:20:d7:ec:a8:8c:c6:c3:
         b3:38:82:e6:37:65:3a:d8:6f:45:2d:65:9f:0e:e9:e6:d7:85:
         84:2e:56:41:12:4c:ec:1d:cf:7a:f5:e2:8a:35:7f:cc:1a:c4:
         f6:03:fe:3d:33:69:2d:f4:45:81:3e:38:3d:b4:2b:aa:5d:73:
         1e:12:a6:c4:25:f3:c7:9f:2a:c0:70:ee:19:3d:7f:3c:3d:1b:
         10:91:98:f8:cc:5d:cc:97:3d:72:05:01:95:44:31:12:50:0d:
         33:c9:6d:82:90:b5:8d:08:64:23:b2:80:ca:b6:8d:dc:00:76:
         ed:83:6c:25:53:bf:37:0d:d3:10:0b:d9:f3:65:6e:72:8e:88:
         61:77:37:6c:49:2e:2a:7a:dd:c5:9f:6a:21:33:fc:43:c7:4a:
         0d:bb:b0:02:22:03:ae:b8:79:ee:10:b3:39:78:77:51:07:c3:
         d0:9f:3b:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQcZ+domtqpkmvgZ2Z+5BjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjQxMjMxMTEwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDk2OTk2NDNkNTNlM2FjZTFhNmQ4OTNiN2IxM2I1OGNmNDRlNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNMyZyi2uwrnKzMsFbSO495BULzi
XjYCEXHcutdxlWqww6Reo4HDw/j5KvM9RzDRUHPVKi9skoMkCKvclvN37eP8tPiR
4s0KHPlONQCSYIB53HJfdt4Mbba1/HHIpoqFtIk69wdHXTzM5XSAiJejlIiZoJJ2
owJlpPmLESfo1hbNgLtwprx+5at0AUNFiljzrWQmilGKX7cLPb82Jr5NQ59Wj69a
sSRf/rpQbY3Zm6772fWPBuQiykusDRMzY7QxckMmplnxXTDQ7AJvlFnqupMRmgTf
Lthx3TTivG3KcN7Jtsx6XoZlN6vw2Z8snsULLmPp/qJUEQylad0/XOud3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD2WmWQ9U+Os4abYk7exO1jPROWyMB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvUFphWlpEMVQ0NnpocHRpVHQ3RTdXTTlFNWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJZQDAN
BgkqhkiG9w0BAQsFAAOCAQEAjO/JEEIK6WfzgSPromEtsTS6xy3ru3S9qnI98kaF
KTuatp9Qbm/K36GBIMER/9Rrk+ksSU1wNjw8QD8d9k2cshwXoc25mOW6WmL5+MJz
7fypEq0g1+yojMbDsziC5jdlOthvRS1lnw7p5teFhC5WQRJM7B3PevXiijV/zBrE
9gP+PTNpLfRFgT44PbQrql1zHhKmxCXzx58qwHDuGT1/PD0bEJGY+MxdzJc9cgUB
lUQxElANM8ltgpC1jQhkI7KAyraN3AB27YNsJVO/Nw3TEAvZ82Vuco6IYXc3bEku
KnrdxZ9qITP8Q8dKDbuwAiIDrrh57hCzOXh3UQfD0J870g==
-----END CERTIFICATE-----