Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/iSFcr7TmZsF8Ih1ZMFSVAtRag4M.roa
File:                     iSFcr7TmZsF8Ih1ZMFSVAtRag4M.roa (raw, json)
Hash identifier:          +6aRKdEKLC7aONjK4VGFYR9WkoBLknu8I68/BvGbjjA=
Subject key identifier:   89:21:5C:AF:B4:E6:66:C1:7C:22:1D:59:30:54:95:02:D4:5A:83:83
Certificate issuer:       /CN=1acbdd00d27b8a8befc866caf378f19027684769
Certificate serial:       01956AEC84DBD117F63699EBC90323818F01
Authority key identifier: 1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/iSFcr7TmZsF8Ih1ZMFSVAtRag4M.roa
Signing time:             Thu 06 Mar 2025 10:07:20 +0000
ROA not before:           Thu 06 Mar 2025 10:07:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35717
IP address blocks:        185.12.48.0/22 maxlen: 24
                          185.114.4.0/22 maxlen: 24
                          185.128.236.0/23 maxlen: 23
                          185.128.238.0/24 maxlen: 24
                          185.129.44.0/22 maxlen: 24
                          185.199.40.0/22 maxlen: 24
                          193.36.45.0/24 maxlen: 24
                          195.137.184.0/24 maxlen: 24
                          195.200.195.0/24 maxlen: 24
                          2a03:7fc0::/32 maxlen: 48
Validation:               Failed, certificate revoked on Fri 21 Mar 2025 10:09:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:ec:84:db:d1:17:f6:36:99:eb:c9:03:23:81:8f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acbdd00d27b8a8befc866caf378f19027684769
        Validity
            Not Before: Mar  6 10:07:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89215cafb4e666c17c221d5930549502d45a8383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ad:c9:28:39:89:c5:28:7e:12:7c:25:33:9e:
                    fc:80:92:ef:41:19:2e:6d:26:4b:69:6f:8f:8e:61:
                    19:c0:59:d2:84:e1:58:d5:4a:8e:d4:0d:51:92:19:
                    50:e8:9e:b5:fa:cb:80:8b:01:32:7a:d9:47:65:51:
                    06:18:da:b0:22:c9:84:8f:7b:86:d4:1d:b0:bf:06:
                    1d:25:e6:b3:7f:3f:c4:bc:77:0d:26:e6:53:3e:1c:
                    d1:e9:cb:af:f1:19:93:d2:95:bf:0c:db:85:47:0c:
                    0a:04:43:80:76:ef:c9:5c:2d:ef:ab:62:d6:42:3e:
                    79:3d:10:39:5a:08:59:79:20:8b:2b:cf:bf:5e:a5:
                    e8:af:d3:c5:82:f3:64:25:49:1b:04:e5:18:24:cf:
                    10:65:65:ea:e3:12:03:47:71:d5:10:d1:0d:01:71:
                    d6:73:aa:49:1a:67:fb:8a:7d:91:b6:27:21:0f:e1:
                    07:a0:59:80:02:4d:b0:0a:4d:4c:24:56:c8:68:6a:
                    43:6d:d4:05:f6:49:6d:0d:62:c9:b5:0b:8a:3c:eb:
                    65:21:98:8a:80:88:ca:2b:c2:02:c3:41:63:72:ba:
                    8b:b7:9e:fb:9d:8d:dc:4c:c8:77:ae:23:fd:d2:dc:
                    c8:6f:4c:00:23:6b:a5:de:92:98:5d:9a:9a:ba:7b:
                    ab:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:21:5C:AF:B4:E6:66:C1:7C:22:1D:59:30:54:95:02:D4:5A:83:83
            X509v3 Authority Key Identifier:
                keyid:1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/iSFcr7TmZsF8Ih1ZMFSVAtRag4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.48.0/22
                  185.114.4.0/22
                  185.128.236.0-185.128.238.255
                  185.129.44.0/22
                  185.199.40.0/22
                  193.36.45.0/24
                  195.137.184.0/24
                  195.200.195.0/24
                IPv6:
                  2a03:7fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:dc:b4:70:7b:54:cb:db:b2:47:25:e1:3d:0c:cb:02:6d:da:
         dc:83:c1:9b:91:13:c0:3b:3c:6e:83:7a:95:f1:60:be:ee:4e:
         b2:84:c0:28:e0:38:07:62:39:ff:98:d5:a0:6d:41:8b:6b:9c:
         6a:34:17:e3:d8:2c:bb:f8:af:a6:04:73:98:e1:37:67:93:cf:
         2b:57:31:58:f5:27:eb:7a:af:5a:2c:6c:b4:d7:2e:ac:db:74:
         23:a8:08:82:cd:f4:b8:12:f2:36:29:5e:c6:dd:6b:94:44:2d:
         da:a0:ab:06:9d:46:ac:2e:b1:e4:b5:9a:62:b2:ab:d7:5c:c5:
         ac:f9:b3:0c:5a:87:80:f8:40:87:94:fb:3c:f7:04:1b:2b:54:
         df:32:36:b2:ee:00:b5:31:27:25:d6:27:54:c5:9b:1b:74:a6:
         4b:18:b6:99:6b:07:b9:3a:00:9f:b1:49:76:59:c4:f6:72:1c:
         fe:09:99:82:90:4c:16:d3:78:ff:b1:4c:50:30:c0:28:8b:4b:
         00:21:82:ce:a9:af:a7:21:83:21:a9:7f:f8:0d:17:78:cb:c6:
         49:ca:fe:be:28:cc:8e:b9:58:e0:59:d2:38:5d:ab:a0:7d:f2:
         a7:4c:62:3e:cb:a9:27:30:67:2f:37:98:82:f5:4f:f1:3b:e0:
         6b:c2:cd:b1
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZVq7ITb0Rf2NpnryQMjgY8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2JkZDAwZDI3YjhhOGJlZmM4NjZjYWYzNzhmMTkwMjc2
ODQ3NjkwHhcNMjUwMzA2MTAwNzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTIxNWNhZmI0ZTY2NmMxN2MyMjFkNTkzMDU0OTUwMmQ0NWE4MzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnq3JKDmJxSh+EnwlM578gJLvQRku
bSZLaW+PjmEZwFnShOFY1UqO1A1RkhlQ6J61+suAiwEyetlHZVEGGNqwIsmEj3uG
1B2wvwYdJeazfz/EvHcNJuZTPhzR6cuv8RmT0pW/DNuFRwwKBEOAdu/JXC3vq2LW
Qj55PRA5WghZeSCLK8+/XqXor9PFgvNkJUkbBOUYJM8QZWXq4xIDR3HVENENAXHW
c6pJGmf7in2RtichD+EHoFmAAk2wCk1MJFbIaGpDbdQF9kltDWLJtQuKPOtlIZiK
gIjKK8ICw0FjcrqLt577nY3cTMh3riP90tzIb0wAI2ul3pKYXZqaunur2wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIkhXK+05mbBfCIdWTBUlQLUWoODMB8GA1UdIwQY
MBaAFBrL3QDSe4qL78hmyvN48ZAnaEdpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQt
OWY5NTM2YmIyYzM3LzEvaVNGY3I3VG1ac0Y4SWgxWk1GU1ZBdFJhZzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQtOWY5NTM2YmIyYzM3
LzEvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQCuQwwAwQC
uXIEMAwDBAK5gOwDBAC5gO4DBAK5gSwDBAK5xygDBADBJC0DBADDibgDBADDyMMw
DQQCAAIwBwMFACoDf8AwDQYJKoZIhvcNAQELBQADggEBAILctHB7VMvbskcl4T0M
ywJt2tyDwZuRE8A7PG6DepXxYL7uTrKEwCjgOAdiOf+Y1aBtQYtrnGo0F+PYLLv4
r6YEc5jhN2eTzytXMVj1J+t6r1osbLTXLqzbdCOoCILN9LgS8jYpXsbda5RELdqg
qwadRqwuseS1mmKyq9dcxaz5swxah4D4QIeU+zz3BBsrVN8yNrLuALUxJyXWJ1TF
mxt0pksYtplrB7k6AJ+xSXZZxPZyHP4JmYKQTBbTeP+xTFAwwCiLSwAhgs6pr6ch
gyGpf/gNF3jLxknK/r4ozI65WOBZ0jhdq6B98qdMYj7LqScwZy83mIL1T/E74GvC
zbE=
-----END CERTIFICATE-----