Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/bCFrd4uRlvSv4Ku10Wa-9yf0agc.roa
File:                     bCFrd4uRlvSv4Ku10Wa-9yf0agc.roa (raw, json)
Hash identifier:          hqeTUq5r96fOJmX1SNdcrHazoDVJyGXStVhqwV+X3ZA=
Subject key identifier:   6C:21:6B:77:8B:91:96:F4:AF:E0:AB:B5:D1:66:BE:F7:27:F4:6A:07
Certificate issuer:       /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial:       0197E59B7F498BA14E4DCF874A541E7A27F9
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/bCFrd4uRlvSv4Ku10Wa-9yf0agc.roa
Signing time:             Mon 07 Jul 2025 15:57:42 +0000
ROA not before:           Mon 07 Jul 2025 15:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59437
IP address blocks:        85.234.64.0/24 maxlen: 24
                          85.234.66.0/24 maxlen: 24
                          85.234.67.0/24 maxlen: 24
                          85.234.84.0/24 maxlen: 24
                          85.234.86.0/24 maxlen: 24
                          85.234.94.0/23 maxlen: 23
                          92.38.143.0/24 maxlen: 24
                          93.113.170.0/24 maxlen: 24
                          93.119.168.0/24 maxlen: 24
                          93.119.169.0/24 maxlen: 24
                          109.61.121.0/24 maxlen: 24
                          2a03:90c0:680::/44 maxlen: 44
                          2a03:90c0:7a0::/44 maxlen: 44
                          2a03:90c0:7b0::/44 maxlen: 44
Validation:               Failed, certificate revoked on Wed 23 Jul 2025 15:32:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:9b:7f:49:8b:a1:4e:4d:cf:87:4a:54:1e:7a:27:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
        Validity
            Not Before: Jul  7 15:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c216b778b9196f4afe0abb5d166bef727f46a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:15:ef:81:5a:7c:b3:e0:d9:12:e1:3f:13:cc:
                    22:b3:9e:4e:53:cd:de:b3:7f:e1:89:48:9e:b0:46:
                    be:74:fb:fe:2e:e4:d1:0c:c7:bb:ba:38:2d:5d:56:
                    57:e8:ed:03:76:05:11:b1:3f:c8:be:ef:d6:b9:0a:
                    74:29:ab:be:bf:9e:e2:40:9a:06:f5:99:4c:15:12:
                    79:92:07:27:64:94:bb:89:c6:4b:c8:7e:14:0f:4f:
                    de:ee:78:c4:c9:2e:6d:cb:45:89:13:b8:e8:42:62:
                    66:10:69:11:f3:80:8f:d2:ef:0d:53:5e:95:89:5f:
                    af:f4:8f:df:23:1d:32:e1:a3:27:0e:14:b3:75:93:
                    dd:11:ea:3a:0a:bd:48:f2:39:a5:75:bb:40:a6:80:
                    5c:e4:1c:fc:2b:42:53:8c:63:ec:73:5d:a1:0a:50:
                    f5:00:7e:74:3e:a3:ff:49:4a:25:d5:be:cb:84:cb:
                    1d:8d:8e:6f:7a:90:3a:08:14:85:a0:36:7d:68:79:
                    fc:89:d0:4f:0d:8f:fa:4d:4c:27:14:09:61:97:fa:
                    d4:df:14:b0:a6:39:e2:07:cd:92:26:5e:ba:21:60:
                    ba:e6:79:e2:9f:f1:43:c4:95:6b:32:af:ff:7e:bb:
                    e5:77:19:af:98:16:98:c0:0a:21:76:07:52:95:ed:
                    8a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:21:6B:77:8B:91:96:F4:AF:E0:AB:B5:D1:66:BE:F7:27:F4:6A:07
            X509v3 Authority Key Identifier:
                keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/bCFrd4uRlvSv4Ku10Wa-9yf0agc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.234.64.0/24
                  85.234.66.0/23
                  85.234.84.0/24
                  85.234.86.0/24
                  85.234.94.0/23
                  92.38.143.0/24
                  93.113.170.0/24
                  93.119.168.0/23
                  109.61.121.0/24
                IPv6:
                  2a03:90c0:680::/44
                  2a03:90c0:7a0::/43

    Signature Algorithm: sha256WithRSAEncryption
         c3:a1:fb:3f:9f:a9:43:b2:49:df:9f:bc:da:f3:c9:11:d9:9c:
         df:4d:7d:60:01:93:71:b9:49:3f:ee:97:10:d9:34:c0:a8:46:
         2a:81:24:8b:8b:b3:6c:2d:7b:9e:6b:46:68:84:e8:08:ef:cd:
         88:2c:71:a9:46:54:c9:b8:c4:e2:8a:8a:36:ab:25:59:d3:0b:
         bf:f1:21:89:31:e5:93:88:9a:72:69:80:a0:6b:c0:3b:18:15:
         67:5e:ef:2c:be:49:6f:5c:77:cf:99:1a:b5:28:e1:8d:8c:e2:
         14:d7:41:70:28:0a:a1:7f:8e:10:e9:34:94:ff:2c:9f:83:3b:
         c4:76:67:60:35:d1:e2:70:b4:8a:67:04:65:20:51:22:a1:20:
         92:d6:d1:b7:b4:52:c3:dd:cd:55:ea:e6:bb:13:7d:00:99:0c:
         37:3b:dd:b8:c7:42:83:dd:0e:46:c5:02:2e:c9:4d:d8:53:5a:
         2a:56:61:88:f8:04:93:55:f3:b4:54:c2:dd:f1:bb:be:2f:7e:
         35:97:e2:8d:de:fc:6c:de:8d:35:b0:bd:c2:2b:92:b1:e5:a3:
         e3:22:91:2b:8d:68:81:5a:9f:3f:65:30:b2:69:67:af:c7:05:
         52:2d:b2:cd:47:f9:8b:b8:e9:76:80:4d:73:d2:7e:5e:d3:a8:
         ed:43:c9:e9
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZflm39Ji6FOTc+HSlQeeif5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjUwNzA3MTU1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzIxNmI3NzhiOTE5NmY0YWZlMGFiYjVkMTY2YmVmNzI3ZjQ2YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxXvgVp8s+DZEuE/E8wis55OU83e
s3/hiUiesEa+dPv+LuTRDMe7ujgtXVZX6O0DdgURsT/Ivu/WuQp0Kau+v57iQJoG
9ZlMFRJ5kgcnZJS7icZLyH4UD0/e7njEyS5ty0WJE7joQmJmEGkR84CP0u8NU16V
iV+v9I/fIx0y4aMnDhSzdZPdEeo6Cr1I8jmldbtApoBc5Bz8K0JTjGPsc12hClD1
AH50PqP/SUol1b7LhMsdjY5vepA6CBSFoDZ9aHn8idBPDY/6TUwnFAlhl/rU3xSw
pjniB82SJl66IWC65nnin/FDxJVrMq//frvldxmvmBaYwAohdgdSle2KVQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFGwha3eLkZb0r+CrtdFmvvcn9GoHMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvYkNGcmQ0dVJsdlN2NEt1MTBXYS05eWYwYWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA8BAIAATA2AwQAVepAAwQB
VepCAwQAVepUAwQAVepWAwQBVepeAwQAXCaPAwQAXXGqAwQBXXeoAwQAbT15MBgE
AgACMBIDBwQqA5DABoADBwUqA5DAB6AwDQYJKoZIhvcNAQELBQADggEBAMOh+z+f
qUOySd+fvNrzyRHZnN9NfWABk3G5ST/ulxDZNMCoRiqBJIuLs2wte55rRmiE6Ajv
zYgscalGVMm4xOKKijarJVnTC7/xIYkx5ZOImnJpgKBrwDsYFWde7yy+SW9cd8+Z
GrUo4Y2M4hTXQXAoCqF/jhDpNJT/LJ+DO8R2Z2A10eJwtIpnBGUgUSKhIJLW0be0
UsPdzVXq5rsTfQCZDDc73bjHQoPdDkbFAi7JTdhTWipWYYj4BJNV87RUwt3xu74v
fjWX4o3e/GzejTWwvcIrkrHlo+MikSuNaIFanz9lMLJpZ6/HBVItss1H+Yu46XaA
TXPSfl7TqO1Dyek=
-----END CERTIFICATE-----