Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/XMpLxXWN48kX8ReZlMjTQq0YgG0.roa
File:                     XMpLxXWN48kX8ReZlMjTQq0YgG0.roa (raw, json)
Hash identifier:          Sy31+cD4A7xSQei7nSIPOvXZJGdyWsWD63LXax9n/70=
Subject key identifier:   5C:CA:4B:C5:75:8D:E3:C9:17:F1:17:99:94:C8:D3:42:AD:18:80:6D
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       0197E5FEC74C935F40F5FF5B154A49299073
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/XMpLxXWN48kX8ReZlMjTQq0YgG0.roa
Signing time:             Mon 07 Jul 2025 17:46:08 +0000
ROA not before:           Mon 07 Jul 2025 17:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0a:c383::/32 maxlen: 32
                          2a0a:c387::/32 maxlen: 32
                          2a11:5881::/32 maxlen: 32
                          2a11:5882::/32 maxlen: 32
                          2a11:8440::/32 maxlen: 32
                          2a11:8446::/32 maxlen: 32
                          2a11:b784::/32 maxlen: 32
                          2a11:b785::/32 maxlen: 32
                          2a11:be81::/32 maxlen: 32
                          2a11:be86::/32 maxlen: 32
                          2a11:c103::/32 maxlen: 32
                          2a11:c706::/32 maxlen: 32
                          2a11:c707::/32 maxlen: 32
                          2a11:d086::/32 maxlen: 32
                          2a11:fb40::/32 maxlen: 32
                          2a11:fec4::/32 maxlen: 32
                          2a12:1800::/32 maxlen: 32
                          2a12:1806::/32 maxlen: 32
                          2a12:1940::/32 maxlen: 32
                          2a12:1941::/32 maxlen: 32
                          2a12:1cc2::/32 maxlen: 32
                          2a12:2c40::/32 maxlen: 32
                          2a12:2c41::/32 maxlen: 32
                          2a12:4c00::/32 maxlen: 32
                          2a12:4c06::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 15:57:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:fe:c7:4c:93:5f:40:f5:ff:5b:15:4a:49:29:90:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul  7 17:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cca4bc5758de3c917f1179994c8d342ad18806d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1f:e7:66:4b:2c:a6:ad:0d:35:c0:f9:c1:01:
                    92:b6:fc:ce:3b:6c:aa:fa:d1:e7:83:93:34:43:bc:
                    a0:f1:f2:f2:3d:86:3a:7c:07:3d:a6:ad:a2:82:2c:
                    71:ef:7a:88:dd:4d:d1:11:08:ed:20:59:1a:51:e6:
                    1b:af:b3:56:0d:04:f9:6b:d3:f2:d1:64:32:0c:0d:
                    7d:78:a0:12:dd:71:d5:a0:c8:5e:ce:25:01:f7:10:
                    8f:62:fc:10:56:e6:72:e4:71:82:5e:e2:d0:38:d5:
                    3b:26:c4:7e:1c:03:47:20:76:6d:32:f5:3f:fb:ba:
                    65:ad:79:1b:73:16:fb:d1:ac:08:cb:e7:ef:01:b8:
                    d1:7a:5c:54:ed:f0:01:9a:45:53:b0:77:54:46:44:
                    af:bf:cd:e0:b4:e1:98:fc:ed:6a:bf:5e:d0:b4:40:
                    2f:d5:ad:49:f8:5e:78:60:63:c9:55:8f:f0:1f:f8:
                    c3:f9:f6:a4:92:c7:45:4c:74:f2:35:3e:72:46:8c:
                    74:3b:cd:88:a9:f8:68:5d:f8:15:86:b5:4b:3b:65:
                    9b:45:f1:76:32:c7:27:0d:7c:95:46:67:5f:22:0a:
                    ba:86:f6:0d:3b:0d:b0:d0:77:46:74:96:f7:2c:8c:
                    29:2c:b3:34:b0:5f:53:0d:7b:ca:e6:17:ce:c7:79:
                    d2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CA:4B:C5:75:8D:E3:C9:17:F1:17:99:94:C8:D3:42:AD:18:80:6D
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/XMpLxXWN48kX8ReZlMjTQq0YgG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c383::/32
                  2a0a:c387::/32
                  2a11:5881::-2a11:5882:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:8440::/32
                  2a11:8446::/32
                  2a11:b784::/31
                  2a11:be81::/32
                  2a11:be86::/32
                  2a11:c103::/32
                  2a11:c706::/31
                  2a11:d086::/32
                  2a11:fb40::/32
                  2a11:fec4::/32
                  2a12:1800::/32
                  2a12:1806::/32
                  2a12:1940::/31
                  2a12:1cc2::/32
                  2a12:2c40::/31
                  2a12:4c00::/32
                  2a12:4c06::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:31:5c:bf:78:61:65:96:76:3e:e7:57:5e:ab:79:3e:ed:39:
         b1:0e:7f:e7:2a:e3:ff:54:ca:42:b8:95:1a:b6:32:47:3e:e7:
         3e:d1:9e:fa:d5:be:de:ce:c1:76:ce:99:24:e2:55:5a:be:61:
         c7:cb:ef:ab:b8:e8:76:27:7b:9c:ee:a4:a7:b5:a9:89:73:4b:
         8b:cc:0e:cb:a7:c5:17:2d:e2:fa:01:53:52:6c:0d:c4:13:65:
         86:de:a8:59:26:f3:cb:f5:ac:42:2b:da:fe:b7:3c:da:36:4c:
         0a:e7:33:59:b8:7d:32:8a:5a:df:0e:d1:d5:4e:49:af:b0:28:
         16:48:b0:d7:29:95:00:fa:b4:14:96:15:6c:63:f4:63:7a:e1:
         a2:03:43:ad:eb:f4:fa:18:12:c9:95:c4:6f:11:67:76:70:a2:
         c7:e4:d8:90:3b:c7:38:6a:3f:c8:6c:f3:3b:37:ca:25:44:f5:
         e7:c5:42:01:aa:01:f4:c0:77:94:27:23:20:e5:6e:f7:bf:9a:
         e8:b5:1f:10:88:e3:1d:49:eb:d3:86:54:e7:5f:e5:0e:11:23:
         ae:fb:8d:d2:e1:20:26:ed:bb:e9:aa:28:a9:3a:48:e4:49:d0:
         03:15:df:dc:de:08:30:e7:bc:2b:b6:57:cc:35:c5:d0:a1:05:
         9b:9f:72:8b
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAZfl/sdMk19A9f9bFUpJKZBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzA3MTc0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NhNGJjNTc1OGRlM2M5MTdmMTE3OTk5NGM4ZDM0MmFkMTg4MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB/nZksspq0NNcD5wQGStvzOO2yq
+tHng5M0Q7yg8fLyPYY6fAc9pq2igixx73qI3U3REQjtIFkaUeYbr7NWDQT5a9Py
0WQyDA19eKAS3XHVoMheziUB9xCPYvwQVuZy5HGCXuLQONU7JsR+HANHIHZtMvU/
+7plrXkbcxb70awIy+fvAbjRelxU7fABmkVTsHdURkSvv83gtOGY/O1qv17QtEAv
1a1J+F54YGPJVY/wH/jD+fakksdFTHTyNT5yRox0O82IqfhoXfgVhrVLO2WbRfF2
MscnDXyVRmdfIgq6hvYNOw2w0HdGdJb3LIwpLLM0sF9TDXvK5hfOx3nSNQIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFFzKS8V1jePJF/EXmZTI00KtGIBtMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvWE1wTHhYV040OGtYOFJlWmxNalRRcTBZZ0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGyBggrBgEFBQcBBwEB/wSBojCBnzCBnAQCAAIwgZUDBQAq
CsODAwUAKgrDhzAOAwUAKhFYgQMFACoRWIIDBQAqEYRAAwUAKhGERgMFASoRt4QD
BQAqEb6BAwUAKhG+hgMFACoRwQMDBQEqEccGAwUAKhHQhgMFACoR+0ADBQAqEf7E
AwUAKhIYAAMFACoSGAYDBQEqEhlAAwUAKhIcwgMFASoSLEADBQAqEkwAAwUAKhJM
BjANBgkqhkiG9w0BAQsFAAOCAQEAKTFcv3hhZZZ2PudXXqt5Pu05sQ5/5yrj/1TK
QriVGrYyRz7nPtGe+tW+3s7Bds6ZJOJVWr5hx8vvq7jodid7nO6kp7WpiXNLi8wO
y6fFFy3i+gFTUmwNxBNlht6oWSbzy/WsQiva/rc82jZMCuczWbh9Mopa3w7R1U5J
r7AoFkiw1ymVAPq0FJYVbGP0Y3rhogNDrev0+hgSyZXEbxFndnCix+TYkDvHOGo/
yGzzOzfKJUT158VCAaoB9MB3lCcjIOVu97+a6LUfEIjjHUnr04ZU51/lDhEjrvuN
0uEgJu276aooqTpI5EnQAxXf3N4IMOe8K7ZXzDXF0KEFm59yiw==
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:50:18 2025 by rpki-client