Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/d0IzWkCq1bz9Rbwysm6W9ZjvsOs.roa
File:                     d0IzWkCq1bz9Rbwysm6W9ZjvsOs.roa (raw, json)
Hash identifier:          NcglTmX4R3FMHP1wb08M943pjo9k1iKS1rRfpzMvnxM=
Subject key identifier:   77:42:33:5A:40:AA:D5:BC:FD:45:BC:32:B2:6E:96:F5:98:EF:B0:EB
Certificate issuer:       /CN=20aa60cb0024332a2db68993f3357158af60c8de
Certificate serial:       01982C100AEE77CAE450A32DAEA9791E8BD8
Authority key identifier: 20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/d0IzWkCq1bz9Rbwysm6W9ZjvsOs.roa
Signing time:             Mon 21 Jul 2025 08:18:25 +0000
ROA not before:           Mon 21 Jul 2025 08:18:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a02:3040:43:ff00::/56 maxlen: 56
                          2a02:3040:4c::/48 maxlen: 48
                          2a02:3040:4d::/48 maxlen: 48
                          2a02:3040:4e::/48 maxlen: 48
                          2a02:3040:4f::/50 maxlen: 50
                          2a02:3040:4f:8000::/50 maxlen: 50
                          2a02:3040:4f:c000::/50 maxlen: 50
                          2a02:3040:50::/48 maxlen: 48
                          2a02:3040:51::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 21 Jul 2025 10:42:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:10:0a:ee:77:ca:e4:50:a3:2d:ae:a9:79:1e:8b:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20aa60cb0024332a2db68993f3357158af60c8de
        Validity
            Not Before: Jul 21 08:18:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7742335a40aad5bcfd45bc32b26e96f598efb0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:78:b6:6f:c2:99:1f:ef:08:89:b8:58:59:e1:
                    dc:bd:e4:81:4a:5c:91:4b:ee:b1:6a:b9:22:72:c4:
                    7c:b7:ff:f7:23:28:5d:2c:80:c6:c5:9e:da:45:9c:
                    72:6b:d8:f5:59:07:68:3f:7a:50:31:6b:cd:d2:ca:
                    e9:a8:45:be:2a:db:bd:f7:df:89:77:13:97:b7:b5:
                    79:c1:d9:d2:de:ed:98:76:55:e5:e0:80:37:0b:1f:
                    d4:83:6b:32:19:b9:a6:52:28:0a:a5:55:46:62:af:
                    3e:fc:92:83:69:31:24:c0:b1:84:3e:11:35:26:0d:
                    0e:cc:e5:43:6b:6b:cb:d5:35:dd:02:f5:c9:0c:25:
                    f6:e0:a2:8f:43:4e:ea:6b:a7:cb:d5:b6:28:7d:dd:
                    a7:79:5c:36:21:1e:a0:66:27:36:40:c4:0d:c5:74:
                    e6:11:bf:ac:42:be:dc:72:96:58:a6:64:6b:82:bd:
                    7d:d0:f7:cd:40:20:89:5b:34:80:83:eb:86:f5:7e:
                    6d:cf:fb:b5:b6:f7:e4:dc:21:e1:46:9a:26:ef:cc:
                    77:5a:b6:ae:29:b5:bc:70:91:2d:85:1e:63:b2:84:
                    31:f4:b1:15:56:c0:9e:15:f7:6c:fc:46:fd:c0:e7:
                    4d:84:7e:75:5e:00:c1:77:fd:c0:73:85:a2:5f:26:
                    f2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:42:33:5A:40:AA:D5:BC:FD:45:BC:32:B2:6E:96:F5:98:EF:B0:EB
            X509v3 Authority Key Identifier:
                keyid:20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/d0IzWkCq1bz9Rbwysm6W9ZjvsOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:3040:43:ff00::/56
                  2a02:3040:4c::-2a02:3040:4f:3fff:ffff:ffff:ffff:ffff
                  2a02:3040:4f:8000::-2a02:3040:51:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         93:71:14:66:ac:e9:ad:e0:95:a3:b0:d0:ae:db:a3:83:46:b8:
         62:3b:77:59:aa:44:84:47:89:12:d6:b5:a7:33:56:95:cf:d1:
         42:f3:9f:79:8c:70:a8:82:52:99:16:18:6b:f3:5c:cb:15:f7:
         71:91:ae:28:97:76:1c:b9:47:96:f6:a8:ca:f4:e4:21:36:19:
         6f:c7:68:81:91:6f:9e:6e:0d:4a:1a:68:7f:82:b4:ad:d7:7d:
         bf:6c:ee:72:08:69:8e:7b:c1:1c:95:54:d6:d2:19:27:67:8b:
         b7:49:59:6e:b7:88:9d:d0:50:06:4c:ae:7f:ea:3e:44:87:f1:
         b2:26:d1:51:5e:2c:0f:34:3e:a8:f6:e7:91:99:ac:24:9c:b1:
         c2:fe:5d:2f:9e:28:fa:61:a9:b4:fc:8a:10:1b:42:37:c6:89:
         71:84:0f:8b:ff:22:79:c3:de:7d:a2:05:10:09:23:0d:dd:c3:
         36:07:e7:9e:48:c2:13:25:5b:1b:b4:6a:4b:dc:7d:00:69:e1:
         f0:ba:98:67:f8:cf:fa:84:72:cb:0e:38:d8:c2:e4:17:26:dd:
         9e:ed:c3:4d:86:ab:2b:44:40:18:f3:e5:7d:41:27:5a:38:4c:
         2a:40:dc:86:be:09:66:98:2c:7d:a8:2f:a6:ed:a5:1c:78:f5:
         9d:4b:b0:48
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZgsEArud8rkUKMtrql5HovYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYWE2MGNiMDAyNDMzMmEyZGI2ODk5M2YzMzU3MTU4YWY2
MGM4ZGUwHhcNMjUwNzIxMDgxODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQyMzM1YTQwYWFkNWJjZmQ0NWJjMzJiMjZlOTZmNTk4ZWZiMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHi2b8KZH+8IibhYWeHcveSBSlyR
S+6xarkicsR8t//3IyhdLIDGxZ7aRZxya9j1WQdoP3pQMWvN0srpqEW+Ktu999+J
dxOXt7V5wdnS3u2YdlXl4IA3Cx/Ug2syGbmmUigKpVVGYq8+/JKDaTEkwLGEPhE1
Jg0OzOVDa2vL1TXdAvXJDCX24KKPQ07qa6fL1bYofd2neVw2IR6gZic2QMQNxXTm
Eb+sQr7ccpZYpmRrgr190PfNQCCJWzSAg+uG9X5tz/u1tvfk3CHhRpom78x3Wrau
KbW8cJEthR5jsoQx9LEVVsCeFfds/Eb9wOdNhH51XgDBd/3Ac4WiXybyMQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFHdCM1pAqtW8/UW8MrJulvWY77DrMB8GA1UdIwQY
MBaAFCCqYMsAJDMqLbaJk/M1cVivYMjeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYt
NzNmN2QxMTBiODJhLzEvZDBJeldrQ3ExYno5UmJ3eXNtNlc5Wmp2c09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYtNzNmN2QxMTBiODJh
LzEvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAAjA0AwgAKgIwQABD
/zATAwcCKgIwQABMAwgGKgIwQABPADATAwgHKgIwQABPgAMHASoCMEAAUDANBgkq
hkiG9w0BAQsFAAOCAQEAk3EUZqzpreCVo7DQrtujg0a4Yjt3WapEhEeJEta1pzNW
lc/RQvOfeYxwqIJSmRYYa/NcyxX3cZGuKJd2HLlHlvaoyvTkITYZb8dogZFvnm4N
Shpof4K0rdd9v2zucghpjnvBHJVU1tIZJ2eLt0lZbreIndBQBkyuf+o+RIfxsibR
UV4sDzQ+qPbnkZmsJJyxwv5dL54o+mGptPyKEBtCN8aJcYQPi/8iecPefaIFEAkj
Dd3DNgfnnkjCEyVbG7RqS9x9AGnh8LqYZ/jP+oRyyw442MLkFybdnu3DTYarK0RA
GPPlfUEnWjhMKkDchr4JZpgsfagvpu2lHHj1nUuwSA==
-----END CERTIFICATE-----