Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7SceWxoeFhtwbwzjLEM3N48F0XM.roa
File:                     7SceWxoeFhtwbwzjLEM3N48F0XM.roa (raw, json)
Hash identifier:          ISk5Dveii89pVTin73Yxmw4DqILyCKqVscaB4FXNdi0=
Subject key identifier:   ED:27:1E:5B:1A:1E:16:1B:70:6F:0C:E3:2C:43:37:37:8F:05:D1:73
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019615A3670141A213B315A1020D68A56660
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7SceWxoeFhtwbwzjLEM3N48F0XM.roa
Signing time:             Tue 08 Apr 2025 13:42:32 +0000
ROA not before:           Tue 08 Apr 2025 13:42:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8820
IP address blocks:        46.236.240.0/20 maxlen: 20
                          78.41.48.0/22 maxlen: 24
                          81.92.0.0/20 maxlen: 24
                          82.139.192.0/18 maxlen: 24
                          195.8.224.0/19 maxlen: 24
                          195.8.253.0/24 maxlen: 24
                          195.8.254.2/31 maxlen: 32
                          212.17.224.0/19 maxlen: 24
                          212.60.128.0/19 maxlen: 24
                          213.240.128.0/18 maxlen: 24
                          2a01:170::/32 maxlen: 64
                          2a01:170:1000::/36 maxlen: 48
Validation:               Failed, certificate revoked on Wed 09 Apr 2025 09:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:15:a3:67:01:41:a2:13:b3:15:a1:02:0d:68:a5:66:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Apr  8 13:42:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed271e5b1a1e161b706f0ce32c4337378f05d173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6c:c0:79:ce:9b:06:cd:fb:03:71:13:24:62:
                    a8:a3:9f:ef:26:c2:48:f5:17:45:47:87:72:59:84:
                    d4:83:2b:86:f5:46:7f:59:37:f8:2d:08:6c:73:df:
                    9e:e1:c7:17:61:57:ee:fa:10:6b:4a:4f:ca:9e:dd:
                    dd:6a:f3:ee:f8:7d:12:18:1d:3f:67:38:26:d4:fb:
                    00:00:1c:c9:89:ce:e9:44:fc:2b:68:37:67:26:de:
                    ac:c8:aa:72:a5:64:85:66:72:14:c4:87:b2:ba:d5:
                    45:7a:75:09:c5:e7:47:7c:a4:4a:50:e8:bd:fa:1e:
                    3e:5a:85:dc:e6:43:eb:c3:9b:8a:74:67:96:e6:7f:
                    37:14:fd:78:71:fa:6a:ae:6f:df:3f:73:73:5a:31:
                    4d:f1:17:4e:7b:78:1c:d0:0e:b1:44:ab:bb:ef:76:
                    96:ef:e9:06:b1:06:32:c4:26:92:1b:7a:00:fd:50:
                    99:4f:6a:e7:05:c1:a2:24:e9:12:c5:b7:66:e0:fc:
                    2a:53:50:1e:01:24:66:85:10:17:17:b2:0a:14:38:
                    43:bc:1b:7e:27:e8:e1:00:27:d5:5b:c3:f9:fb:a2:
                    aa:78:ef:a5:e1:d7:fa:a2:bf:a5:ff:f9:03:e2:aa:
                    12:b4:f7:f6:8f:3a:3d:51:23:25:0f:7a:c0:22:20:
                    77:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:27:1E:5B:1A:1E:16:1B:70:6F:0C:E3:2C:43:37:37:8F:05:D1:73
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7SceWxoeFhtwbwzjLEM3N48F0XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.240.0/20
                  78.41.48.0/22
                  81.92.0.0/20
                  82.139.192.0/18
                  195.8.224.0/19
                  212.17.224.0/19
                  212.60.128.0/19
                  213.240.128.0/18
                IPv6:
                  2a01:170::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:06:d5:9f:c3:d5:28:d2:f1:b6:82:6b:f4:7f:e2:8d:04:3d:
         2e:4f:33:96:c5:67:aa:86:d9:22:ac:b4:50:ea:20:bf:9d:5b:
         ac:63:9d:c4:25:39:5c:00:9c:91:a9:64:a2:5b:dc:c8:5e:04:
         52:53:49:3e:01:b4:bd:c0:98:8d:69:76:9e:1b:1b:e8:fd:11:
         ee:af:37:28:bc:45:cb:b5:ef:48:97:7e:d5:92:17:23:2c:b8:
         89:84:8e:b2:7b:5a:66:f5:5a:97:85:09:bb:e3:a5:25:20:03:
         1f:27:21:b4:6b:95:30:fe:7c:6a:b0:3a:86:e4:15:fb:23:31:
         d0:ca:29:a1:d5:3f:0e:b5:3b:14:1b:39:30:cc:38:fa:a3:25:
         b8:32:ec:8b:7f:7d:df:21:49:79:06:70:6c:0f:e5:52:8b:65:
         53:09:2d:4a:b7:13:aa:4c:aa:66:c2:2c:4e:eb:6c:ae:e0:b9:
         ba:3a:d6:c0:07:1c:38:9a:69:a9:65:17:85:ab:0b:b2:11:ea:
         1e:a2:1d:a7:41:eb:64:20:47:4a:a0:a8:d9:e2:5e:c5:d9:23:
         f9:13:6c:ee:8d:1e:f2:45:8d:3c:f7:6b:3f:83:32:c8:83:8a:
         b3:82:e7:f5:a8:11:55:0c:8a:8a:de:84:de:a8:1b:c6:b9:5f:
         20:9a:11:e9
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZYVo2cBQaITsxWhAg1opWZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNDA4MTM0MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDI3MWU1YjFhMWUxNjFiNzA2ZjBjZTMyYzQzMzczNzhmMDVkMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWzAec6bBs37A3ETJGKoo5/vJsJI
9RdFR4dyWYTUgyuG9UZ/WTf4LQhsc9+e4ccXYVfu+hBrSk/Knt3davPu+H0SGB0/
Zzgm1PsAABzJic7pRPwraDdnJt6syKpypWSFZnIUxIeyutVFenUJxedHfKRKUOi9
+h4+WoXc5kPrw5uKdGeW5n83FP14cfpqrm/fP3NzWjFN8RdOe3gc0A6xRKu773aW
7+kGsQYyxCaSG3oA/VCZT2rnBcGiJOkSxbdm4PwqU1AeASRmhRAXF7IKFDhDvBt+
J+jhACfVW8P5+6KqeO+l4df6or+l//kD4qoStPf2jzo9USMlD3rAIiB3cQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFO0nHlsaHhYbcG8M4yxDNzePBdFzMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvN1NjZVd4b2VGaHR3Ynd6akxFTTNONDhGMFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQELuzwAwQC
TikwAwQEUVwAAwQGUovAAwQFwwjgAwQF1BHgAwQF1DyAAwQG1fCAMA0EAgACMAcD
BQAqAQFwMA0GCSqGSIb3DQEBCwUAA4IBAQChBtWfw9Uo0vG2gmv0f+KNBD0uTzOW
xWeqhtkirLRQ6iC/nVusY53EJTlcAJyRqWSiW9zIXgRSU0k+AbS9wJiNaXaeGxvo
/RHurzcovEXLte9Il37VkhcjLLiJhI6ye1pm9VqXhQm746UlIAMfJyG0a5Uw/nxq
sDqG5BX7IzHQyimh1T8OtTsUGzkwzDj6oyW4MuyLf33fIUl5BnBsD+VSi2VTCS1K
txOqTKpmwixO62yu4Lm6OtbABxw4mmmpZReFqwuyEeoeoh2nQetkIEdKoKjZ4l7F
2SP5E2zujR7yRY0892s/gzLIg4qzguf1qBFVDIqK3oTeqBvGuV8gmhHp
-----END CERTIFICATE-----