Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/OQFzl5PMp5w0MgBM-sHU8Dc_G7c.roa
File:                     OQFzl5PMp5w0MgBM-sHU8Dc_G7c.roa (raw, json)
Hash identifier:          SZJk1mAZ7qW4G4LFWZHiVh4OJmVUdyTv+ASA5gehOfc=
Subject key identifier:   39:01:73:97:93:CC:A7:9C:34:32:00:4C:FA:C1:D4:F0:37:3F:1B:B7
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       01978EAA6DB68E66CC676C8D43226F1FD49E
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/OQFzl5PMp5w0MgBM-sHU8Dc_G7c.roa
Signing time:             Fri 20 Jun 2025 18:47:03 +0000
ROA not before:           Fri 20 Jun 2025 18:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a11:3083::/32 maxlen: 32
                          2a11:35c5::/32 maxlen: 32
                          2a11:35c7::/32 maxlen: 32
                          2a11:3d06::/32 maxlen: 32
                          2a11:d383::/32 maxlen: 32
                          2a11:d386::/32 maxlen: 32
                          2a11:d705::/32 maxlen: 32
                          2a12:24c4::/32 maxlen: 32
                          2a12:35c6::/32 maxlen: 32
                          2a12:41c6::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 26 Jun 2025 20:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:aa:6d:b6:8e:66:cc:67:6c:8d:43:22:6f:1f:d4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 20 18:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3901739793cca79c3432004cfac1d4f0373f1bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:3a:c6:95:76:e8:b3:40:7e:78:08:38:fe:02:
                    54:a3:cb:17:08:84:21:34:1b:59:3a:16:0a:fc:94:
                    0b:64:d8:f7:59:1c:1a:b2:cc:9a:b4:98:b5:50:fb:
                    95:8d:13:5e:5c:36:11:f9:68:7c:10:a4:bf:90:85:
                    a3:15:e0:0a:4d:9e:ec:e6:e4:0b:62:63:23:c3:31:
                    63:68:25:25:9a:b3:30:9b:f7:28:d2:94:74:ab:70:
                    ab:8a:98:53:82:e1:58:ef:ec:cc:ec:fa:33:99:97:
                    b2:b7:17:9f:f7:a7:97:72:26:cb:a3:ea:7a:23:59:
                    68:9b:62:a4:ad:76:3b:fe:d1:8a:cb:56:f3:85:08:
                    71:b6:2c:9f:9f:e2:80:7e:07:99:d6:0d:ad:8c:e1:
                    ab:5a:75:71:86:67:01:ea:1e:95:3f:0b:96:c3:66:
                    c9:01:33:f4:c7:87:ec:e1:5e:13:5e:d9:24:58:74:
                    28:9f:cc:74:57:de:0b:22:44:ee:36:eb:40:d3:87:
                    83:c8:52:4f:e9:c3:ca:cb:71:e7:c9:6e:ec:dd:74:
                    db:38:b9:75:82:05:c4:d9:d4:b5:ba:fa:cb:41:97:
                    d6:d9:38:82:16:95:29:c6:6a:b0:96:49:10:08:f1:
                    7d:97:20:e7:ea:f4:d7:1d:7c:4d:8a:9e:aa:68:21:
                    e6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:01:73:97:93:CC:A7:9C:34:32:00:4C:FA:C1:D4:F0:37:3F:1B:B7
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/OQFzl5PMp5w0MgBM-sHU8Dc_G7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3083::/32
                  2a11:35c5::/32
                  2a11:35c7::/32
                  2a11:3d06::/32
                  2a11:d383::/32
                  2a11:d386::/32
                  2a11:d705::/32
                  2a12:24c4::/32
                  2a12:35c6::/32
                  2a12:41c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:99:6c:75:59:c2:8c:42:02:47:08:74:ac:ee:4e:6d:3a:1d:
         93:31:5c:59:e8:5c:79:e4:e4:0b:d8:5b:0d:3f:dd:b7:ec:c6:
         af:94:03:c2:47:19:a9:85:48:4b:30:57:24:b5:c1:2a:d9:c7:
         2e:fa:4b:f0:6a:52:43:1d:7d:f0:32:6e:6d:0e:bf:79:27:16:
         83:50:c6:01:7f:dc:42:5a:33:00:1d:8b:b4:83:0b:ac:26:3f:
         f6:93:ac:b2:33:70:c6:4c:13:d1:ee:1b:13:17:38:b2:c1:6c:
         dc:dc:27:4b:6f:32:1a:ce:5c:ca:30:11:00:1c:68:55:37:70:
         fd:3f:32:2d:5e:50:a1:9b:85:f5:9a:8b:5f:22:53:41:4c:5d:
         fd:31:1f:dd:12:be:d8:49:3d:3a:15:80:aa:02:6b:bb:0a:81:
         8c:59:38:f4:57:d3:9f:44:f8:eb:1c:0d:29:6a:97:4c:24:cd:
         f8:86:66:97:eb:71:6e:f8:2c:bc:45:a1:b9:47:4f:59:02:24:
         e5:0f:5d:00:0a:d8:6d:bc:5f:66:e9:ac:63:b7:e1:56:c0:6f:
         16:1b:5a:69:c6:ea:77:a5:24:e4:69:02:1f:83:b8:e7:17:f5:
         cd:da:6f:14:ea:76:82:a0:e6:bb:63:35:83:4d:8b:59:07:8f:
         e2:f3:aa:a0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZeOqm22jmbMZ2yNQyJvH9SeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjIwMTg0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTAxNzM5NzkzY2NhNzljMzQzMjAwNGNmYWMxZDRmMDM3M2YxYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zrGlXbos0B+eAg4/gJUo8sXCIQh
NBtZOhYK/JQLZNj3WRwassyatJi1UPuVjRNeXDYR+Wh8EKS/kIWjFeAKTZ7s5uQL
YmMjwzFjaCUlmrMwm/co0pR0q3CriphTguFY7+zM7PozmZeytxef96eXcibLo+p6
I1lom2KkrXY7/tGKy1bzhQhxtiyfn+KAfgeZ1g2tjOGrWnVxhmcB6h6VPwuWw2bJ
ATP0x4fs4V4TXtkkWHQon8x0V94LIkTuNutA04eDyFJP6cPKy3HnyW7s3XTbOLl1
ggXE2dS1uvrLQZfW2TiCFpUpxmqwlkkQCPF9lyDn6vTXHXxNip6qaCHm0wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDkBc5eTzKecNDIATPrB1PA3Pxu3MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvT1FGemw1UE1wNXcwTWdCTS1zSFU4RGNfRzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKhEwgwMF
ACoRNcUDBQAqETXHAwUAKhE9BgMFACoR04MDBQAqEdOGAwUAKhHXBQMFACoSJMQD
BQAqEjXGAwUAKhJBxjANBgkqhkiG9w0BAQsFAAOCAQEAsZlsdVnCjEICRwh0rO5O
bTodkzFcWehceeTkC9hbDT/dt+zGr5QDwkcZqYVISzBXJLXBKtnHLvpL8GpSQx19
8DJubQ6/eScWg1DGAX/cQlozAB2LtIMLrCY/9pOssjNwxkwT0e4bExc4ssFs3Nwn
S28yGs5cyjARABxoVTdw/T8yLV5QoZuF9ZqLXyJTQUxd/TEf3RK+2Ek9OhWAqgJr
uwqBjFk49FfTn0T46xwNKWqXTCTN+IZml+txbvgsvEWhuUdPWQIk5Q9dAArYbbxf
ZumsY7fhVsBvFhtaacbqd6Uk5GkCH4O45xf1zdpvFOp2gqDmu2M1g02LWQeP4vOq
oA==
-----END CERTIFICATE-----