Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/ZZohYzcL__3de3TQ4J-hbg-8pP8.roa
File:                     ZZohYzcL__3de3TQ4J-hbg-8pP8.roa (raw, json)
Hash identifier:          Q4c6WoYAv90pNrTX7fwF56V4xJmv7inT2AKGuGL56bc=
Subject key identifier:   65:9A:21:63:37:0B:FF:FD:DD:7B:74:D0:E0:9F:A1:6E:0F:BC:A4:FF
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       0194DA788EE3D95F8D0D31B25C6127D07A40
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/ZZohYzcL__3de3TQ4J-hbg-8pP8.roa
Signing time:             Thu 06 Feb 2025 08:55:21 +0000
ROA not before:           Thu 06 Feb 2025 08:55:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196755
IP address blocks:        80.251.108.0/22 maxlen: 22
                          80.251.108.0/23 maxlen: 23
                          157.143.248.0/21 maxlen: 21
                          178.157.18.0/23 maxlen: 23
                          178.157.20.0/22 maxlen: 22
                          178.157.24.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          178.157.28.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22
                          178.174.106.0/23 maxlen: 23
                          178.174.108.0/23 maxlen: 24
                          217.181.251.0/24 maxlen: 24
                          217.181.252.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Wed 12 Feb 2025 16:59:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:da:78:8e:e3:d9:5f:8d:0d:31:b2:5c:61:27:d0:7a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Feb  6 08:55:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=659a2163370bfffddd7b74d0e09fa16e0fbca4ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8d:93:30:1b:d0:bc:40:fe:89:be:54:e2:b8:
                    4e:df:21:b4:cb:86:6f:07:d8:9c:58:20:17:fb:1d:
                    33:18:1e:d4:9d:a7:e7:ce:98:d4:0e:67:a7:2b:da:
                    1d:1d:2c:14:d6:ba:74:c4:2f:fd:75:0d:c5:04:81:
                    cd:7a:ff:b4:9e:46:a5:79:ce:64:20:f3:68:af:12:
                    cf:ae:0e:78:1a:a3:a0:7e:5b:e0:97:70:65:74:e2:
                    bf:18:f2:20:9e:ff:e6:fa:60:e6:1a:a1:97:c1:ec:
                    99:1a:f3:0f:10:d0:4b:d1:ce:04:a1:3c:70:02:ab:
                    07:1c:bd:74:52:ab:49:bf:54:e0:03:b5:0d:8e:fc:
                    07:77:ae:5c:3b:41:74:05:57:aa:2f:ca:00:7b:f6:
                    53:c3:56:67:2c:b0:02:2c:ac:f6:05:c8:5a:57:b1:
                    4d:d4:e6:c4:41:12:01:7c:44:bd:f0:9d:f3:e2:12:
                    a8:28:18:d4:e6:58:51:1b:a2:99:c5:bf:f5:9c:13:
                    45:56:e0:13:20:9e:9d:08:28:56:c6:58:43:c7:54:
                    34:f3:23:d0:7f:24:d4:93:ff:81:be:d4:61:3d:b6:
                    31:a4:9c:75:3c:c5:a7:e0:ce:90:fe:39:1b:71:17:
                    92:69:36:cf:5a:bf:01:74:00:1e:8c:e5:8c:ca:0d:
                    cc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9A:21:63:37:0B:FF:FD:DD:7B:74:D0:E0:9F:A1:6E:0F:BC:A4:FF
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/ZZohYzcL__3de3TQ4J-hbg-8pP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.18.0-178.157.31.255
                  178.157.44.0/22
                  178.174.106.0-178.174.109.255
                  217.181.251.0-217.181.253.255

    Signature Algorithm: sha256WithRSAEncryption
         78:3f:98:9d:b3:db:ca:47:c2:b3:0a:22:a6:3b:8a:15:7b:31:
         52:9d:d0:db:f5:a0:30:db:51:27:e0:d2:59:a1:64:70:ae:aa:
         8c:88:df:be:3e:d6:00:4f:65:01:8e:9f:dc:24:1a:e8:7c:61:
         0c:51:52:76:53:5b:21:ed:6c:2c:3c:ff:78:35:1d:ed:ed:d3:
         a6:f3:63:99:a0:d0:c3:79:22:ba:64:26:68:42:e5:52:32:e2:
         4a:12:13:d8:bc:21:f6:bb:0c:8c:77:fe:95:5b:10:0e:f0:c2:
         4f:8a:3c:f2:79:94:9a:9b:6f:97:75:34:f0:d4:36:9e:2a:6f:
         95:c2:fd:5a:6c:76:68:52:80:ef:db:71:be:8a:d7:a9:c3:c4:
         97:bb:68:c2:87:2e:42:2d:3c:b9:72:74:12:fe:f9:81:30:f0:
         4c:98:dc:4f:a7:5d:49:56:3d:e5:12:47:fc:49:f6:59:2f:80:
         80:8c:a7:fc:e9:be:9e:05:ae:eb:b7:3c:e5:23:c5:18:7f:22:
         91:59:47:c3:67:10:58:1f:e0:a5:6c:7b:5e:e3:93:b9:65:6f:
         84:a1:33:61:e3:b4:63:15:d9:a8:69:c8:cc:a3:66:e2:88:e2:
         da:f6:41:0f:e7:94:ea:b0:81:63:91:ca:fc:e2:72:94:fa:84:
         d5:d0:a4:48
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZTaeI7j2V+NDTGyXGEn0HpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMjA2MDg1NTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTlhMjE2MzM3MGJmZmZkZGQ3Yjc0ZDBlMDlmYTE2ZTBmYmNhNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA142TMBvQvED+ib5U4rhO3yG0y4Zv
B9icWCAX+x0zGB7UnafnzpjUDmenK9odHSwU1rp0xC/9dQ3FBIHNev+0nkalec5k
IPNorxLPrg54GqOgflvgl3BldOK/GPIgnv/m+mDmGqGXweyZGvMPENBL0c4EoTxw
AqsHHL10UqtJv1TgA7UNjvwHd65cO0F0BVeqL8oAe/ZTw1ZnLLACLKz2BchaV7FN
1ObEQRIBfES98J3z4hKoKBjU5lhRG6KZxb/1nBNFVuATIJ6dCChWxlhDx1Q08yPQ
fyTUk/+BvtRhPbYxpJx1PMWn4M6Q/jkbcReSaTbPWr8BdAAejOWMyg3MKQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGWaIWM3C//93Xt00OCfoW4PvKT/MB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvWlpvaFl6Y0xfXzNkZTNUUTRKLWhiZy04cFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAKynSwwDAMEAbKuagMEAbKubDAMAwQA2bX7AwQB
2bX8MA0GCSqGSIb3DQEBCwUAA4IBAQB4P5ids9vKR8KzCiKmO4oVezFSndDb9aAw
21En4NJZoWRwrqqMiN++PtYAT2UBjp/cJBrofGEMUVJ2U1sh7WwsPP94NR3t7dOm
82OZoNDDeSK6ZCZoQuVSMuJKEhPYvCH2uwyMd/6VWxAO8MJPijzyeZSam2+XdTTw
1DaeKm+Vwv1abHZoUoDv23G+itepw8SXu2jChy5CLTy5cnQS/vmBMPBMmNxPp11J
Vj3lEkf8SfZZL4CAjKf86b6eBa7rtzzlI8UYfyKRWUfDZxBYH+ClbHte45O5ZW+E
oTNh47RjFdmoacjMo2biiOLa9kEP55TqsIFjkcr84nKU+oTV0KRI
-----END CERTIFICATE-----