Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/DXRZvy3EMwPxSgHVg0oSVIynRtc.roa
File:                     DXRZvy3EMwPxSgHVg0oSVIynRtc.roa (raw, json)
Hash identifier:          DG0NWWatarEy1tx+JXw9dWhK9ea2ACIk/kdRRkcNMnY=
Subject key identifier:   0D:74:59:BF:2D:C4:33:03:F1:4A:01:D5:83:4A:12:54:8C:A7:46:D7
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       01978E5E70D42A74DD49FCCBF63BCE5D0E27
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/DXRZvy3EMwPxSgHVg0oSVIynRtc.roa
Signing time:             Fri 20 Jun 2025 17:24:03 +0000
ROA not before:           Fri 20 Jun 2025 17:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0c:ac6::/32 maxlen: 32
                          2a0d:adc0::/32 maxlen: 32
                          2a11:21c4::/32 maxlen: 32
                          2a11:35c2::/32 maxlen: 32
                          2a11:3d02::/32 maxlen: 32
                          2a11:7080::/32 maxlen: 32
                          2a11:d385::/32 maxlen: 32
                          2a11:d701::/32 maxlen: 32
                          2a12:24c6::/32 maxlen: 32
                          2a12:35c7::/32 maxlen: 32
                          2a12:41c3::/32 maxlen: 32
                          2a14:9702::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 20 Jun 2025 18:45:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:5e:70:d4:2a:74:dd:49:fc:cb:f6:3b:ce:5d:0e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 20 17:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d7459bf2dc43303f14a01d5834a12548ca746d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:70:1b:f5:a8:d3:2b:02:01:a5:5a:a6:4a:15:
                    6b:fa:2a:40:86:af:a5:71:d0:74:bc:76:aa:ee:86:
                    31:50:37:2d:3f:a6:a3:4d:a4:64:c4:21:ec:28:61:
                    43:53:6f:0b:33:43:8d:41:1d:d8:59:d7:7c:c4:26:
                    8d:45:70:22:92:e7:48:78:3d:ca:e8:2d:a4:b2:62:
                    c1:ae:5c:48:39:64:ea:f7:1e:60:45:ee:b5:0b:9b:
                    33:e4:bb:52:e5:4f:c9:e9:65:1f:33:2d:43:0f:ea:
                    dd:21:a6:9a:4c:b8:74:0b:8c:34:82:9b:55:d8:3d:
                    f8:e0:95:37:55:48:d9:ac:72:24:a3:b6:a9:1e:99:
                    c2:aa:f8:00:02:a4:7a:9e:ed:2b:d9:a5:37:83:41:
                    2c:4f:7d:65:dc:be:83:ce:d1:ad:35:4c:c2:d7:db:
                    aa:cf:0f:01:ac:01:ab:d9:70:50:aa:bf:ea:18:e3:
                    9c:55:fd:2c:d6:e5:ad:6e:3a:8c:b3:24:ff:d2:df:
                    21:31:4f:39:93:f8:a1:de:36:55:c5:c4:62:7f:6f:
                    98:b6:8d:90:a6:98:4f:eb:29:01:98:53:19:2e:e0:
                    e5:2e:0a:65:22:4f:e8:8a:0a:86:be:b4:7b:b5:f9:
                    bf:be:77:67:52:e7:a4:96:70:23:35:f4:6a:27:9f:
                    19:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:74:59:BF:2D:C4:33:03:F1:4A:01:D5:83:4A:12:54:8C:A7:46:D7
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/DXRZvy3EMwPxSgHVg0oSVIynRtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:ac6::/32
                  2a0d:adc0::/32
                  2a11:21c4::/32
                  2a11:35c2::/32
                  2a11:3d02::/32
                  2a11:7080::/32
                  2a11:d385::/32
                  2a11:d701::/32
                  2a12:24c6::/32
                  2a12:35c7::/32
                  2a12:41c3::/32
                  2a14:9702::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:f9:e6:5c:52:f2:00:dc:da:5d:df:09:c3:0c:63:19:e2:2f:
         54:5b:a7:f3:22:4d:56:2b:e3:c0:7f:13:c8:61:d4:8f:8a:71:
         77:e7:2b:07:4f:92:45:4f:e4:2f:1b:c4:eb:57:93:63:27:21:
         11:c3:07:2b:ee:b7:3b:6d:d7:06:7e:13:55:08:c9:55:7c:ca:
         7a:4f:d2:77:7b:8f:b0:65:6e:6a:dd:d0:17:d9:af:f7:d1:71:
         bb:a2:89:ef:e7:0b:9e:21:3a:6a:44:c3:fc:58:65:4f:d0:89:
         19:13:f3:db:e7:d3:4a:03:be:3f:28:00:91:52:a0:5e:c1:97:
         48:ea:c8:01:90:50:90:f3:26:7f:18:df:c7:fb:d2:48:27:1d:
         12:8a:07:88:45:5c:00:2f:23:3d:8b:ee:27:83:e7:7b:6f:f8:
         1b:21:aa:81:2b:73:11:8d:fc:48:da:e9:6d:b5:0d:72:1f:74:
         cb:b2:5e:64:bd:23:83:0e:09:90:18:c3:1f:3c:ee:5f:db:1d:
         2e:c5:fa:fa:a1:8c:e9:6d:f2:06:0b:1e:38:c7:da:1f:40:95:
         1f:40:30:cc:4c:85:9f:67:82:88:b7:03:4f:55:2b:c5:e0:9e:
         17:f6:a0:74:4e:b2:bd:8e:ce:3a:20:79:6f:dd:3f:ea:1d:89:
         a0:cd:b7:01
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZeOXnDUKnTdSfzL9jvOXQ4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjIwMTcyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDc0NTliZjJkYzQzMzAzZjE0YTAxZDU4MzRhMTI1NDhjYTc0NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnAb9ajTKwIBpVqmShVr+ipAhq+l
cdB0vHaq7oYxUDctP6ajTaRkxCHsKGFDU28LM0ONQR3YWdd8xCaNRXAikudIeD3K
6C2ksmLBrlxIOWTq9x5gRe61C5sz5LtS5U/J6WUfMy1DD+rdIaaaTLh0C4w0gptV
2D344JU3VUjZrHIko7apHpnCqvgAAqR6nu0r2aU3g0EsT31l3L6DztGtNUzC19uq
zw8BrAGr2XBQqr/qGOOcVf0s1uWtbjqMsyT/0t8hMU85k/ih3jZVxcRif2+Yto2Q
pphP6ykBmFMZLuDlLgplIk/oigqGvrR7tfm/vndnUueklnAjNfRqJ58ZwQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFA10Wb8txDMD8UoB1YNKElSMp0bXMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvRFhSWnZ5M0VNd1B4U2dIVmcwb1NWSXluUnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUAKgwKxgMF
ACoNrcADBQAqESHEAwUAKhE1wgMFACoRPQIDBQAqEXCAAwUAKhHThQMFACoR1wED
BQAqEiTGAwUAKhI1xwMFACoSQcMDBQAqFJcCMA0GCSqGSIb3DQEBCwUAA4IBAQBJ
+eZcUvIA3Npd3wnDDGMZ4i9UW6fzIk1WK+PAfxPIYdSPinF35ysHT5JFT+QvG8Tr
V5NjJyERwwcr7rc7bdcGfhNVCMlVfMp6T9J3e4+wZW5q3dAX2a/30XG7oonv5wue
ITpqRMP8WGVP0IkZE/Pb59NKA74/KACRUqBewZdI6sgBkFCQ8yZ/GN/H+9JIJx0S
igeIRVwALyM9i+4ng+d7b/gbIaqBK3MRjfxI2ulttQ1yH3TLsl5kvSODDgmQGMMf
PO5f2x0uxfr6oYzpbfIGCx44x9ofQJUfQDDMTIWfZ4KItwNPVSvF4J4X9qB0TrK9
js46IHlv3T/qHYmgzbcB
-----END CERTIFICATE-----