Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/liZh-Hpx9H_FQfmV-pZsG825DsU.roa
File:                     liZh-Hpx9H_FQfmV-pZsG825DsU.roa (raw, json)
Hash identifier:          8Mpmaxaz/cWx1RVSzk5dqGCac6HlyVQ/OJep191JlZI=
Subject key identifier:   96:26:61:F8:7A:71:F4:7F:C5:41:F9:95:FA:96:6C:1B:CD:B9:0E:C5
Certificate issuer:       /CN=fc983137042fc8c4921707d4eb6da5f6c4a79a5b
Certificate serial:       0193B0FD556CE191DB50EED5CC49B1DC088B
Authority key identifier: FC:98:31:37:04:2F:C8:C4:92:17:07:D4:EB:6D:A5:F6:C4:A7:9A:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JgxNwQvyMSSFwfU622l9sSnmls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/liZh-Hpx9H_FQfmV-pZsG825DsU.roa
Signing time:             Tue 10 Dec 2024 14:33:32 +0000
ROA not before:           Tue 10 Dec 2024 14:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8245
IP address blocks:        195.26.192.0/19 maxlen: 19
                          195.26.198.0/24 maxlen: 24
                          195.26.216.0/22 maxlen: 24
                          195.26.220.0/22 maxlen: 22
                          212.236.0.0/16 maxlen: 24
                          212.236.0.0/18 maxlen: 18
                          212.236.0.0/24 maxlen: 24
                          212.236.1.0/24 maxlen: 24
                          212.236.2.0/24 maxlen: 24
                          212.236.11.0/24 maxlen: 24
                          212.236.12.0/24 maxlen: 24
                          212.236.160.0/19 maxlen: 19
                          212.236.192.0/18 maxlen: 18
                          2a02:2750::/32 maxlen: 32
                          2a02:2750:cafe::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 09:48:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b0:fd:55:6c:e1:91:db:50:ee:d5:cc:49:b1:dc:08:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc983137042fc8c4921707d4eb6da5f6c4a79a5b
        Validity
            Not Before: Dec 10 14:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=962661f87a71f47fc541f995fa966c1bcdb90ec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7f:01:22:c5:a4:03:81:c5:81:14:8c:e2:24:
                    b4:00:8c:06:bf:84:86:f1:70:96:5c:f1:30:a0:c1:
                    73:f8:ca:6d:4c:c8:4b:6f:01:ea:b8:75:8c:02:44:
                    09:d9:89:b4:cb:e0:30:03:aa:4a:c9:11:45:6d:c2:
                    f9:95:a0:6f:49:ce:8a:3b:b5:97:f5:a9:8d:b2:98:
                    77:40:c3:38:66:1d:40:73:f7:fa:e0:e7:f2:b0:c6:
                    e2:20:68:00:9a:3e:bd:bd:82:af:a2:c8:52:fa:4d:
                    21:1d:1e:58:ff:91:9e:d3:c8:ff:dd:b3:c1:af:c9:
                    8a:5f:1c:21:09:06:e0:00:d9:20:2d:7f:90:5d:96:
                    3b:f1:a7:5d:b5:21:25:1c:90:d1:c5:ef:dc:b5:73:
                    ca:b1:48:35:c4:46:49:e3:67:ff:bb:c3:c9:dc:35:
                    ba:88:7f:cd:93:71:19:66:d5:d3:b6:39:e6:28:49:
                    2d:fb:62:70:db:aa:1a:43:ee:24:99:c1:50:c3:27:
                    9d:14:d5:ca:27:22:25:dc:40:6a:af:ae:70:20:25:
                    5a:e8:61:7d:b8:bb:de:0b:92:67:6a:98:56:de:68:
                    ba:0b:ad:dc:84:1b:88:f8:3f:02:79:4f:89:1a:f2:
                    c4:93:79:39:f2:7f:f6:ca:f6:a8:71:3a:c5:6a:4b:
                    ad:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:26:61:F8:7A:71:F4:7F:C5:41:F9:95:FA:96:6C:1B:CD:B9:0E:C5
            X509v3 Authority Key Identifier:
                keyid:FC:98:31:37:04:2F:C8:C4:92:17:07:D4:EB:6D:A5:F6:C4:A7:9A:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JgxNwQvyMSSFwfU622l9sSnmls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/liZh-Hpx9H_FQfmV-pZsG825DsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/421c80-ed3a-47fd-8d2c-224f10a981fe/1/_JgxNwQvyMSSFwfU622l9sSnmls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.192.0/19
                  212.236.0.0/16
                IPv6:
                  2a02:2750::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:a2:4d:4b:cc:b8:fb:ab:74:73:63:50:e1:ea:06:c2:50:3d:
         c2:e4:15:cf:b7:4f:6c:54:4a:cb:0a:d7:cb:f5:f2:74:80:4f:
         2c:10:ad:a2:76:34:8e:ea:bc:c2:2a:1b:e0:54:bb:22:6b:8e:
         f7:46:56:8a:c9:c4:d9:e6:3a:9b:32:aa:9d:3f:d9:db:25:32:
         4f:e7:e7:88:36:97:a0:02:d7:3b:82:32:7f:e9:68:55:4d:02:
         42:34:a1:4b:40:3d:56:a0:76:78:af:b4:bd:f1:94:69:bb:fa:
         f2:9b:e0:b9:cc:88:a6:f1:34:f6:ae:4c:a7:22:e6:69:8a:cb:
         12:47:12:6e:1a:e6:10:29:29:77:ce:9c:12:16:47:20:ab:e1:
         2e:92:0e:c3:eb:f6:2e:3b:7b:8e:1a:a6:08:bc:36:31:c0:7d:
         d8:5b:d0:62:1d:39:09:95:a0:84:3a:d7:dd:f6:3b:8e:1e:d3:
         0c:5d:e0:25:32:95:a4:0b:d6:bc:6d:25:c3:64:a3:a3:ea:25:
         f3:fc:8c:0d:be:95:50:81:0f:df:4e:f1:d3:86:1a:4a:eb:ff:
         e1:4f:b2:db:0a:89:8b:1c:7e:e1:a4:c7:86:54:38:9c:ec:41:
         69:ef:12:4f:37:a7:9c:da:21:2e:08:47:ee:d2:eb:60:ef:7b:
         67:df:95:57
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZOw/VVs4ZHbUO7VzEmx3AiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTgzMTM3MDQyZmM4YzQ5MjE3MDdkNGViNmRhNWY2YzRh
NzlhNWIwHhcNMjQxMjEwMTQzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjI2NjFmODdhNzFmNDdmYzU0MWY5OTVmYTk2NmMxYmNkYjkwZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs38BIsWkA4HFgRSM4iS0AIwGv4SG
8XCWXPEwoMFz+MptTMhLbwHquHWMAkQJ2Ym0y+AwA6pKyRFFbcL5laBvSc6KO7WX
9amNsph3QMM4Zh1Ac/f64OfysMbiIGgAmj69vYKvoshS+k0hHR5Y/5Ge08j/3bPB
r8mKXxwhCQbgANkgLX+QXZY78addtSElHJDRxe/ctXPKsUg1xEZJ42f/u8PJ3DW6
iH/Nk3EZZtXTtjnmKEkt+2Jw26oaQ+4kmcFQwyedFNXKJyIl3EBqr65wICVa6GF9
uLveC5JnaphW3mi6C63chBuI+D8CeU+JGvLEk3k58n/2yvaocTrFakut4wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJYmYfh6cfR/xUH5lfqWbBvNuQ7FMB8GA1UdIwQY
MBaAFPyYMTcEL8jEkhcH1OttpfbEp5pbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pneE53UXZ5TVNTRndmVTYyMmw5c1NubWxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MjFjODAtZWQzYS00N2ZkLThkMmMt
MjI0ZjEwYTk4MWZlLzEvbGlaaC1IcHg5SF9GUWZtVi1wWnNHODI1RHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MjFjODAtZWQzYS00N2ZkLThkMmMtMjI0ZjEwYTk4MWZl
LzEvX0pneE53UXZ5TVNTRndmVTYyMmw5c1NubWxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQFwxrAAwMA
1OwwDQQCAAIwBwMFACoCJ1AwDQYJKoZIhvcNAQELBQADggEBALuiTUvMuPurdHNj
UOHqBsJQPcLkFc+3T2xUSssK18v18nSATywQraJ2NI7qvMIqG+BUuyJrjvdGVorJ
xNnmOpsyqp0/2dslMk/n54g2l6AC1zuCMn/paFVNAkI0oUtAPVagdnivtL3xlGm7
+vKb4LnMiKbxNPauTKci5mmKyxJHEm4a5hApKXfOnBIWRyCr4S6SDsPr9i47e44a
pgi8NjHAfdhb0GIdOQmVoIQ61932O44e0wxd4CUylaQL1rxtJcNko6PqJfP8jA2+
lVCBD99O8dOGGkrr/+FPstsKiYscfuGkx4ZUOJzsQWnvEk83p5zaIS4IR+7S62Dv
e2fflVc=
-----END CERTIFICATE-----