Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/4KjH17p9EWrR58cnK8VxqJy96ps.roa
File:                     4KjH17p9EWrR58cnK8VxqJy96ps.roa (raw, json)
Hash identifier:          DVZggvlXvJhrOY30WA/u6vANc7MMvXRfao8XUPkX4vY=
Subject key identifier:   E0:A8:C7:D7:BA:7D:11:6A:D1:E7:C7:27:2B:C5:71:A8:9C:BD:EA:9B
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       0197B0463CB6144A5422A8EA21048D7FD6F3
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/4KjH17p9EWrR58cnK8VxqJy96ps.roa
Signing time:             Fri 27 Jun 2025 07:24:42 +0000
ROA not before:           Fri 27 Jun 2025 07:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60490
IP address blocks:        62.113.66.0/24 maxlen: 24
                          62.113.67.0/24 maxlen: 24
                          91.185.95.0/24 maxlen: 24
                          176.109.64.0/23 maxlen: 23
                          176.109.64.0/24 maxlen: 24
                          176.109.65.0/24 maxlen: 24
                          176.109.67.0/24 maxlen: 24
                          176.109.70.0/24 maxlen: 24
                          178.236.25.0/24 maxlen: 24
                          194.150.88.0/24 maxlen: 24
                          194.150.89.0/24 maxlen: 24
                          194.150.90.0/24 maxlen: 24
                          194.150.91.0/24 maxlen: 24
                          2a02:28:7::/48 maxlen: 48
                          2a02:2a:1000::/41 maxlen: 41
Validation:               Failed, certificate revoked on Fri 27 Jun 2025 17:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b0:46:3c:b6:14:4a:54:22:a8:ea:21:04:8d:7f:d6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jun 27 07:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0a8c7d7ba7d116ad1e7c7272bc571a89cbdea9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ad:cb:13:96:b7:6c:90:92:ab:13:1d:41:f8:
                    67:ad:ad:f6:f7:fd:8a:f0:ce:a2:ca:75:67:6d:a4:
                    ee:fc:84:bd:22:e8:e9:69:11:f8:16:70:00:f5:3d:
                    08:0a:a9:4e:62:8b:bd:32:5e:e6:b4:a6:27:40:be:
                    7e:87:c9:19:15:0c:aa:9b:46:36:33:62:05:8a:e6:
                    38:e7:c7:a5:bc:5e:92:30:a6:12:13:b7:9a:fe:a2:
                    f0:8a:12:97:22:f4:6f:13:a8:ec:e9:f0:45:38:39:
                    50:16:1e:59:b9:63:e9:14:c2:63:be:ae:fa:1a:2c:
                    a9:3e:fb:e8:d2:73:97:fc:39:a0:cb:eb:50:b5:b1:
                    54:d3:95:a0:63:d9:d6:6a:f4:7b:f2:e5:b9:48:23:
                    b6:2d:8c:d3:c0:b7:5b:62:48:ab:93:3d:4f:34:3a:
                    fd:be:c1:a6:42:e4:4a:39:58:2b:ca:73:87:89:47:
                    23:5b:e5:db:59:54:b3:fc:46:6a:ef:26:70:d1:f6:
                    6e:fb:b8:17:0d:20:fa:f4:c9:f0:b5:16:dd:65:96:
                    31:80:49:4c:be:6a:af:92:8f:f1:0b:34:bc:31:4f:
                    86:d6:61:bb:72:64:7b:55:1d:1d:6d:cf:bc:34:41:
                    5b:45:1e:86:68:45:4f:6f:c8:08:ef:10:e3:d7:62:
                    3f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A8:C7:D7:BA:7D:11:6A:D1:E7:C7:27:2B:C5:71:A8:9C:BD:EA:9B
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/4KjH17p9EWrR58cnK8VxqJy96ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.66.0/23
                  91.185.95.0/24
                  176.109.64.0/23
                  176.109.67.0/24
                  176.109.70.0/24
                  178.236.25.0/24
                  194.150.88.0/22
                IPv6:
                  2a02:28:7::/48
                  2a02:2a:1000::/41

    Signature Algorithm: sha256WithRSAEncryption
         16:d9:55:aa:9a:4c:45:dd:2f:71:44:8a:87:2d:88:8d:d4:4a:
         90:a3:e2:db:b9:e8:ee:b6:f4:1f:6c:9e:21:84:d2:1f:1f:79:
         9b:7e:56:f2:30:43:f0:16:5d:1a:10:44:1f:cd:64:d6:b9:55:
         9a:31:e6:6b:99:79:b5:34:3b:19:c4:48:fc:00:ad:cc:c0:8f:
         10:42:aa:d0:35:9c:84:69:77:eb:5d:4a:19:ba:a0:cd:e5:44:
         ae:74:40:22:05:90:6e:1d:79:45:39:7a:a1:95:80:6b:e0:23:
         a3:f7:99:03:60:81:f5:7f:f7:2f:2e:16:a4:ae:76:ff:b2:88:
         31:61:9e:20:60:2b:22:6c:cf:af:8e:5a:b6:6a:be:26:02:d4:
         e3:ee:2a:3c:89:a0:6c:de:85:41:dd:cd:62:d1:cf:bc:7e:ad:
         97:f3:8a:1a:25:16:ec:48:4b:d1:05:93:3e:8b:94:14:0a:29:
         ba:71:cc:c8:02:61:b7:5a:87:79:bb:64:06:a6:3a:bf:36:27:
         bb:dc:d8:7a:8b:00:56:9e:bb:9f:02:af:52:78:2b:c9:a4:9a:
         10:bf:47:1c:41:e8:d2:88:2a:07:d4:88:e3:21:9a:73:b4:e9:
         26:ef:eb:41:1b:2d:01:eb:17:ac:76:58:23:e8:b4:01:67:2c:
         dd:04:88:f5
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZewRjy2FEpUIqjqIQSNf9bzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNjI3MDcyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGE4YzdkN2JhN2QxMTZhZDFlN2M3MjcyYmM1NzFhODljYmRlYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3a3LE5a3bJCSqxMdQfhnra329/2K
8M6iynVnbaTu/IS9IujpaRH4FnAA9T0ICqlOYou9Ml7mtKYnQL5+h8kZFQyqm0Y2
M2IFiuY458elvF6SMKYSE7ea/qLwihKXIvRvE6js6fBFODlQFh5ZuWPpFMJjvq76
GiypPvvo0nOX/Dmgy+tQtbFU05WgY9nWavR78uW5SCO2LYzTwLdbYkirkz1PNDr9
vsGmQuRKOVgrynOHiUcjW+XbWVSz/EZq7yZw0fZu+7gXDSD69MnwtRbdZZYxgElM
vmqvko/xCzS8MU+G1mG7cmR7VR0dbc+8NEFbRR6GaEVPb8gI7xDj12I/gQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFOCox9e6fRFq0efHJyvFcaicveqbMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvNEtqSDE3cDlFV3JSNThjbks4VnhxSnk5NnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAwBAIAATAqAwQBPnFCAwQA
W7lfAwQBsG1AAwQAsG1DAwQAsG1GAwQAsuwZAwQCwpZYMBgEAgACMBIDBwAqAgAo
AAcDBwcqAgAqEAAwDQYJKoZIhvcNAQELBQADggEBABbZVaqaTEXdL3FEioctiI3U
SpCj4tu56O629B9sniGE0h8feZt+VvIwQ/AWXRoQRB/NZNa5VZox5muZebU0OxnE
SPwArczAjxBCqtA1nIRpd+tdShm6oM3lRK50QCIFkG4deUU5eqGVgGvgI6P3mQNg
gfV/9y8uFqSudv+yiDFhniBgKyJsz6+OWrZqviYC1OPuKjyJoGzehUHdzWLRz7x+
rZfziholFuxIS9EFkz6LlBQKKbpxzMgCYbdah3m7ZAamOr82J7vc2HqLAFaeu58C
r1J4K8mkmhC/RxxB6NKIKgfUiOMhmnO06Sbv60EbLQHrF6x2WCPotAFnLN0EiPU=
-----END CERTIFICATE-----