Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/3ynz3AolTEYHDMfXBTQtoBaZCno.roa
File:                     3ynz3AolTEYHDMfXBTQtoBaZCno.roa (raw, json)
Hash identifier:          kYTWAJYqe4B3nb8qHAbP9EUDdNambh0qfd7+r9EJCGI=
Subject key identifier:   DF:29:F3:DC:0A:25:4C:46:07:0C:C7:D7:05:34:2D:A0:16:99:0A:7A
Certificate issuer:       /CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
Certificate serial:       0195FAD186D3BF9F26C674A12B4A78F43535
Authority key identifier: 9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/3ynz3AolTEYHDMfXBTQtoBaZCno.roa
Signing time:             Thu 03 Apr 2025 08:43:10 +0000
ROA not before:           Thu 03 Apr 2025 08:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29447
IP address blocks:        78.208.0.0/12 maxlen: 12
                          78.208.0.0/13 maxlen: 13
                          78.208.0.0/17 maxlen: 17
                          78.208.128.0/17 maxlen: 17
                          78.209.0.0/17 maxlen: 17
                          78.209.128.0/17 maxlen: 17
                          78.210.0.0/17 maxlen: 17
                          78.210.128.0/17 maxlen: 17
                          78.211.0.0/17 maxlen: 17
                          78.211.128.0/17 maxlen: 17
                          81.56.0.0/15 maxlen: 17
                          2a01:e09::/32 maxlen: 32
                          2a01:e10::/30 maxlen: 30
                          2a01:e11::/32 maxlen: 32
                          2a01:e11::/36 maxlen: 36
                          2a01:e11:1000::/36 maxlen: 36
                          2a01:e11:2000::/36 maxlen: 36
                          2a01:e11:3000::/36 maxlen: 36
                          2a01:e11:4000::/36 maxlen: 36
                          2a01:e11:5000::/36 maxlen: 36
                          2a01:e11:6000::/36 maxlen: 36
                          2a01:e11:7000::/36 maxlen: 36
                          2a01:e11:8000::/36 maxlen: 36
                          2a01:e11:9000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Tue 08 Apr 2025 08:54:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fa:d1:86:d3:bf:9f:26:c6:74:a1:2b:4a:78:f4:35:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
        Validity
            Not Before: Apr  3 08:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df29f3dc0a254c46070cc7d705342da016990a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a5:38:90:c0:13:86:1d:60:bb:b2:c8:16:a4:
                    88:dd:e8:fb:41:52:0f:01:b8:7d:06:ec:6e:8f:cf:
                    55:8e:c7:f9:21:bf:9f:cc:f7:e5:7f:03:c0:f2:a5:
                    18:0f:40:c7:46:80:64:57:81:2d:d4:05:7d:af:46:
                    c8:9f:cc:b5:03:44:9d:cc:26:e9:f1:ef:30:e6:34:
                    f3:0d:0a:cf:70:22:36:37:9b:2e:45:a9:96:02:7c:
                    c7:1a:6b:f4:08:a3:92:18:10:5f:d1:cc:6e:62:6d:
                    2b:a6:37:cd:42:b3:d4:59:a8:52:6c:63:f0:b6:ef:
                    76:19:79:4f:06:99:e8:f2:74:13:09:4a:37:ce:26:
                    f8:04:7d:68:1c:88:b4:22:a6:85:66:14:4e:41:95:
                    e8:69:48:b0:8b:c3:81:44:51:bb:03:48:d0:ab:f1:
                    f2:98:f7:f8:a6:5a:04:34:dd:a1:49:a8:e4:4f:b4:
                    3a:ea:d7:6c:e8:bd:ce:d6:1f:74:1e:39:e3:33:66:
                    b9:9c:5f:eb:c1:13:2f:a5:26:bb:36:b9:a9:1a:d8:
                    f5:82:8a:22:01:14:7b:da:5a:b7:92:3b:19:8e:f8:
                    04:bd:cd:95:73:75:44:40:9e:21:aa:9c:82:62:bb:
                    f2:c6:b5:b8:d0:2c:47:6b:7b:14:ac:f7:77:15:4e:
                    d5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:29:F3:DC:0A:25:4C:46:07:0C:C7:D7:05:34:2D:A0:16:99:0A:7A
            X509v3 Authority Key Identifier:
                keyid:9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/3ynz3AolTEYHDMfXBTQtoBaZCno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.208.0.0/12
                  81.56.0.0/15
                IPv6:
                  2a01:e09::/32
                  2a01:e10::/30

    Signature Algorithm: sha256WithRSAEncryption
         06:96:f6:ce:11:91:88:8f:fb:51:9c:f1:0e:ba:48:95:0d:cd:
         b3:25:3a:94:be:da:2a:e1:82:09:dc:de:6a:4f:c3:07:48:1d:
         73:e4:42:da:8e:68:cb:5d:9a:86:61:d5:8d:16:3c:96:48:4c:
         c2:4f:45:55:30:25:c4:e3:13:d6:6f:35:17:aa:61:18:e1:c5:
         9c:df:33:c7:55:92:09:c9:bc:90:7c:0a:6d:ef:1e:24:ae:90:
         f9:da:65:ab:b3:8f:3d:90:57:cf:7a:1b:74:d2:6d:8c:cd:b1:
         ce:3c:56:ad:ed:91:e3:31:e3:ef:ed:a1:0a:21:17:d3:ac:65:
         ed:f6:c5:bd:cf:83:50:d2:eb:1e:64:94:6b:77:29:f8:8e:04:
         5c:19:d0:db:b6:88:be:df:74:3c:8b:01:a4:f9:67:de:dd:d3:
         1a:95:78:ac:22:d8:c8:49:b4:d1:5d:01:2c:b1:c4:a9:c1:ab:
         b9:5d:55:f6:e1:2d:91:d8:b0:54:dd:08:64:46:87:95:eb:4e:
         07:45:3b:50:27:13:44:a6:ce:76:73:42:2c:5a:19:1a:75:44:
         84:b7:82:46:35:6c:45:6d:a2:41:42:16:c9:f6:3d:a3:a9:e9:
         73:bd:50:8f:29:66:91:55:8e:49:2b:16:9c:8c:da:54:df:bc:
         89:52:4c:a8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZX60YbTv58mxnShK0p49DU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGIzMjgxYjA4ZTZiNWVjMWZkZWIwZDA0NDA1MjhlZDkz
NGRjM2YwHhcNMjUwNDAzMDg0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjI5ZjNkYzBhMjU0YzQ2MDcwY2M3ZDcwNTM0MmRhMDE2OTkwYTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16U4kMAThh1gu7LIFqSI3ej7QVIP
Abh9Buxuj89Vjsf5Ib+fzPflfwPA8qUYD0DHRoBkV4Et1AV9r0bIn8y1A0SdzCbp
8e8w5jTzDQrPcCI2N5suRamWAnzHGmv0CKOSGBBf0cxuYm0rpjfNQrPUWahSbGPw
tu92GXlPBpno8nQTCUo3zib4BH1oHIi0IqaFZhROQZXoaUiwi8OBRFG7A0jQq/Hy
mPf4ploENN2hSajkT7Q66tds6L3O1h90HjnjM2a5nF/rwRMvpSa7NrmpGtj1gooi
ARR72lq3kjsZjvgEvc2Vc3VEQJ4hqpyCYrvyxrW40CxHa3sUrPd3FU7V2wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFN8p89wKJUxGBwzH1wU0LaAWmQp6MB8GA1UdIwQY
MBaAFJ5LMoGwjmtewf3rDQRAUo7ZNNw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGIt
NmIyZDQ2OTI0YzZmLzEvM3luejNBb2xURVlIRE1mWEJUUXRvQmFaQ25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGItNmIyZDQ2OTI0YzZm
LzEvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAQBAIAATAKAwMETtADAwFR
ODAUBAIAAjAOAwUAKgEOCQMFAioBDhAwDQYJKoZIhvcNAQELBQADggEBAAaW9s4R
kYiP+1Gc8Q66SJUNzbMlOpS+2irhggnc3mpPwwdIHXPkQtqOaMtdmoZh1Y0WPJZI
TMJPRVUwJcTjE9ZvNReqYRjhxZzfM8dVkgnJvJB8Cm3vHiSukPnaZauzjz2QV896
G3TSbYzNsc48Vq3tkeMx4+/toQohF9OsZe32xb3Pg1DS6x5klGt3KfiOBFwZ0Nu2
iL7fdDyLAaT5Z97d0xqVeKwi2MhJtNFdASyxxKnBq7ldVfbhLZHYsFTdCGRGh5Xr
TgdFO1AnE0SmznZzQixaGRp1RIS3gkY1bEVtokFCFsn2PaOp6XO9UI8pZpFVjkkr
FpyM2lTfvIlSTKg=
-----END CERTIFICATE-----