Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/NPEHzj43EGc-6Ch5u7iU2Tm3d40.roa
File:                     NPEHzj43EGc-6Ch5u7iU2Tm3d40.roa (raw, json)
Hash identifier:          q7WnrEERHEE2KVBFkPsPkNR8W7E7xh+Ka8THLkMIwCk=
Subject key identifier:   34:F1:07:CE:3E:37:10:67:3E:E8:28:79:BB:B8:94:D9:39:B7:77:8D
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       01978EAD2CBC3D5C5A1EEF9FF13F85D97332
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/NPEHzj43EGc-6Ch5u7iU2Tm3d40.roa
Signing time:             Fri 20 Jun 2025 18:50:03 +0000
ROA not before:           Fri 20 Jun 2025 18:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a0d:adc5::/32 maxlen: 32
                          2a11:21c3::/32 maxlen: 32
                          2a11:21c5::/32 maxlen: 32
                          2a11:d384::/32 maxlen: 32
                          2a12:24c2::/32 maxlen: 32
                          2a12:24c5::/32 maxlen: 32
                          2a12:35c4::/32 maxlen: 32
                          2a12:41c0::/32 maxlen: 32
                          2a12:41c4::/32 maxlen: 32
                          2a14:9704::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 26 Jun 2025 20:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:ad:2c:bc:3d:5c:5a:1e:ef:9f:f1:3f:85:d9:73:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 20 18:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34f107ce3e3710673ee82879bbb894d939b7778d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:68:18:20:5e:a4:6c:2c:06:43:c2:68:02:5e:
                    c9:77:59:27:9e:aa:85:24:ff:99:7a:1d:cd:14:b4:
                    66:bd:15:c2:9e:13:0b:6f:e1:ce:95:c3:8d:2d:84:
                    3d:c3:1e:d9:84:68:44:39:17:ad:05:1e:59:b6:36:
                    31:90:b1:be:97:d2:53:b0:5f:8f:d3:7b:01:03:ac:
                    a8:d6:0e:78:67:72:a5:1a:5e:8a:cf:f9:33:36:66:
                    41:79:ca:52:cb:4f:17:3d:0b:85:2e:8e:e0:f8:d4:
                    e5:bd:04:0b:1d:1e:bd:99:f5:3b:86:5c:52:fd:54:
                    96:90:24:bc:b2:88:52:83:04:75:fa:75:11:a0:24:
                    ab:d7:c8:ea:ff:2e:dd:ee:bb:31:3a:f6:56:d0:55:
                    31:0c:6f:28:ea:37:05:a3:0c:e7:9e:68:ca:bb:53:
                    02:df:27:f1:93:e3:d1:8d:aa:85:8d:71:4a:fd:55:
                    f9:9b:2c:7b:a9:31:1b:d9:6e:9f:25:c5:92:54:9c:
                    d2:61:5f:03:18:1e:62:bc:22:9a:b8:85:ba:67:7c:
                    08:5b:dc:ea:bc:44:5a:cb:fd:9a:9f:72:40:d5:6f:
                    3e:67:eb:44:fc:7e:15:eb:66:dc:ac:34:40:6e:7d:
                    c7:40:4f:d1:21:61:15:3a:c6:59:42:57:40:00:b1:
                    41:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F1:07:CE:3E:37:10:67:3E:E8:28:79:BB:B8:94:D9:39:B7:77:8D
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/NPEHzj43EGc-6Ch5u7iU2Tm3d40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:adc5::/32
                  2a11:21c3::/32
                  2a11:21c5::/32
                  2a11:d384::/32
                  2a12:24c2::/32
                  2a12:24c5::/32
                  2a12:35c4::/32
                  2a12:41c0::/32
                  2a12:41c4::/32
                  2a14:9704::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:41:01:a7:f7:d5:4a:23:ac:85:c9:92:22:ae:d3:db:4d:b3:
         15:88:f1:1b:12:ff:fb:84:cd:8d:1b:45:87:b9:3d:a7:24:2c:
         06:02:92:c3:42:77:85:62:02:9d:22:1e:98:f3:f1:59:8f:84:
         89:a6:83:a4:35:f9:60:70:c0:6e:7a:c3:23:38:f8:17:9b:08:
         a6:8d:7b:cf:f5:9f:9f:3b:a1:80:f0:bd:bc:a0:a2:bc:e6:08:
         46:d0:4d:f0:0f:90:31:f1:19:95:c1:69:2c:1b:64:0a:b4:f8:
         de:b5:2d:ff:91:74:88:57:76:45:f7:0f:da:22:44:db:8f:07:
         30:4b:44:69:05:61:61:c1:7d:34:a1:54:e6:ff:d7:ad:ef:02:
         25:20:49:48:5d:3f:72:5c:a6:ef:d5:6c:0b:93:c5:5a:aa:b3:
         96:8a:9b:ab:fd:46:f2:9c:01:4e:cb:67:e6:71:2e:43:61:29:
         2b:c3:6e:2f:12:f6:68:af:ff:c6:a3:23:5b:30:68:e7:84:f1:
         41:eb:ae:e8:f7:6e:66:07:0d:b4:5d:de:14:18:0b:89:14:80:
         26:f9:1d:53:e2:f3:97:41:75:99:dd:6d:c0:e9:28:4e:69:93:
         3f:6f:2f:7c:65:17:b7:b2:f2:f2:3a:4d:58:29:15:44:86:8c:
         94:13:d0:29
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZeOrSy8PVxaHu+f8T+F2XMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjIwMTg1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYxMDdjZTNlMzcxMDY3M2VlODI4NzliYmI4OTRkOTM5Yjc3NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGgYIF6kbCwGQ8JoAl7Jd1knnqqF
JP+Zeh3NFLRmvRXCnhMLb+HOlcONLYQ9wx7ZhGhEORetBR5ZtjYxkLG+l9JTsF+P
03sBA6yo1g54Z3KlGl6Kz/kzNmZBecpSy08XPQuFLo7g+NTlvQQLHR69mfU7hlxS
/VSWkCS8sohSgwR1+nURoCSr18jq/y7d7rsxOvZW0FUxDG8o6jcFowznnmjKu1MC
3yfxk+PRjaqFjXFK/VX5myx7qTEb2W6fJcWSVJzSYV8DGB5ivCKauIW6Z3wIW9zq
vERay/2an3JA1W8+Z+tE/H4V62bcrDRAbn3HQE/RIWEVOsZZQldAALFBtwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDTxB84+NxBnPugoebu4lNk5t3eNMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvTlBFSHpqNDNFR2MtNkNoNXU3aVUyVG0zZDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKg2txQMF
ACoRIcMDBQAqESHFAwUAKhHThAMFACoSJMIDBQAqEiTFAwUAKhI1xAMFACoSQcAD
BQAqEkHEAwUAKhSXBDANBgkqhkiG9w0BAQsFAAOCAQEAvUEBp/fVSiOshcmSIq7T
202zFYjxGxL/+4TNjRtFh7k9pyQsBgKSw0J3hWICnSIemPPxWY+EiaaDpDX5YHDA
bnrDIzj4F5sIpo17z/WfnzuhgPC9vKCivOYIRtBN8A+QMfEZlcFpLBtkCrT43rUt
/5F0iFd2RfcP2iJE248HMEtEaQVhYcF9NKFU5v/Xre8CJSBJSF0/clym79VsC5PF
Wqqzloqbq/1G8pwBTstn5nEuQ2EpK8NuLxL2aK//xqMjWzBo54TxQeuu6PduZgcN
tF3eFBgLiRSAJvkdU+Lzl0F1md1twOkoTmmTP28vfGUXt7Ly8jpNWCkVRIaMlBPQ
KQ==
-----END CERTIFICATE-----