Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/P_QcHLCEC23WUFr2vUpyI2rcEzQ.roa
File:                     P_QcHLCEC23WUFr2vUpyI2rcEzQ.roa (raw, json)
Hash identifier:          CTVlYl/7eSGQloKVtkymBkbIgZpWeoPn00Q2OZpAbJU=
Subject key identifier:   3F:F4:1C:1C:B0:84:0B:6D:D6:50:5A:F6:BD:4A:72:23:6A:DC:13:34
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0197ADD431CF69ADDF47FC0215EB1709BBA5
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/P_QcHLCEC23WUFr2vUpyI2rcEzQ.roa
Signing time:             Thu 26 Jun 2025 20:00:54 +0000
ROA not before:           Thu 26 Jun 2025 20:00:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a11:21c2::/32 maxlen: 32
                          2a11:21c6::/32 maxlen: 32
                          2a11:3084::/32 maxlen: 32
                          2a11:35c0::/32 maxlen: 32
                          2a11:3d03::/32 maxlen: 32
                          2a11:7085::/32 maxlen: 32
                          2a11:d380::/32 maxlen: 32
                          2a11:d700::/32 maxlen: 32
                          2a12:24c1::/32 maxlen: 32
                          2a12:35c2::/32 maxlen: 32
                          2a14:9707::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 27 Jun 2025 08:22:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:d4:31:cf:69:ad:df:47:fc:02:15:eb:17:09:bb:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jun 26 20:00:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ff41c1cb0840b6dd6505af6bd4a72236adc1334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c8:b7:0f:8f:32:bd:a0:7e:aa:b7:87:fa:31:
                    53:43:0e:f2:71:74:e5:e0:65:3d:5f:0e:2f:a1:87:
                    90:62:68:49:78:ee:f7:fe:65:d7:fc:f8:9f:7a:27:
                    d5:4f:0e:82:f6:0d:86:5c:1f:5a:59:b3:8d:54:03:
                    79:c4:70:87:49:c3:ee:57:8c:6d:09:04:ff:d9:e3:
                    b7:f0:24:68:d0:72:e7:83:e9:c5:9f:62:33:40:16:
                    62:a4:85:dd:57:04:0d:9f:bd:67:17:9a:b8:f2:87:
                    f3:2a:26:1c:d0:2b:29:ce:bf:ae:3f:a1:cd:6f:c3:
                    96:26:d5:91:2d:8e:32:80:32:09:25:4b:64:0d:d9:
                    42:62:3f:f8:f3:6b:f8:87:07:9c:61:a2:ce:f6:9f:
                    b5:22:43:fd:7c:80:b2:5b:72:5d:c4:be:70:38:45:
                    6c:63:c8:f5:30:08:dd:09:d4:df:05:d0:07:3d:e6:
                    8e:73:70:8e:49:7d:b6:0f:ae:00:c1:ce:10:91:8e:
                    83:d3:f6:c8:db:18:5a:4a:59:18:54:84:5e:c7:96:
                    b1:5b:ef:4e:d4:4e:a6:13:ae:10:38:1a:55:b2:55:
                    21:36:da:a5:6a:37:3c:be:24:00:0d:ea:83:5a:dc:
                    91:50:f1:2a:0e:46:a8:ee:ab:03:7a:bf:63:48:49:
                    7a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F4:1C:1C:B0:84:0B:6D:D6:50:5A:F6:BD:4A:72:23:6A:DC:13:34
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/P_QcHLCEC23WUFr2vUpyI2rcEzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:21c2::/32
                  2a11:21c6::/32
                  2a11:3084::/32
                  2a11:35c0::/32
                  2a11:3d03::/32
                  2a11:7085::/32
                  2a11:d380::/32
                  2a11:d700::/32
                  2a12:24c1::/32
                  2a12:35c2::/32
                  2a14:9707::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:35:e5:d7:93:ee:07:d5:69:87:46:38:e0:68:0f:22:09:57:
         5c:35:67:72:26:65:97:7a:da:7b:66:3b:5b:2b:6f:ab:97:7b:
         1e:dc:d3:7c:d9:49:d0:13:3a:9b:d1:32:2e:13:6d:5d:57:67:
         be:a5:51:96:1f:cf:1f:69:b8:f5:60:fe:c8:36:e6:25:ce:ed:
         e0:3a:2b:5f:bc:f3:64:8b:16:36:b0:b1:ce:ea:53:0c:4f:a5:
         dd:f7:1f:66:8a:27:d1:75:45:4c:26:38:e8:ea:f3:f1:b2:8d:
         51:f1:1a:cf:28:c2:26:b1:32:f9:0d:79:d9:35:f3:78:79:13:
         24:1b:7d:0f:3a:2f:4c:fb:2a:ff:d8:65:4e:18:4f:b3:ae:cb:
         af:23:e0:fe:d5:ca:f7:19:83:69:2a:1c:20:39:c5:b0:53:0e:
         80:a5:ee:99:66:b1:e8:4e:22:00:6b:ab:7e:48:cd:19:0e:50:
         55:6e:54:56:f5:69:78:e7:e9:05:82:6a:e0:a7:e6:04:2f:fa:
         16:97:c5:c6:29:74:21:17:2b:7e:3d:1c:6d:d8:9e:94:aa:e1:
         e9:cf:3a:01:4a:bd:6e:c8:cb:a3:b2:0a:03:c7:da:f9:a6:36:
         c5:49:f1:48:b0:57:08:ed:8e:18:4e:f3:b1:2a:4e:7c:0f:26:
         0d:1b:70:ab
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZet1DHPaa3fR/wCFesXCbulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNjI2MjAwMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY0MWMxY2IwODQwYjZkZDY1MDVhZjZiZDRhNzIyMzZhZGMxMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMi3D48yvaB+qreH+jFTQw7ycXTl
4GU9Xw4voYeQYmhJeO73/mXX/PifeifVTw6C9g2GXB9aWbONVAN5xHCHScPuV4xt
CQT/2eO38CRo0HLng+nFn2IzQBZipIXdVwQNn71nF5q48ofzKiYc0Cspzr+uP6HN
b8OWJtWRLY4ygDIJJUtkDdlCYj/482v4hwecYaLO9p+1IkP9fICyW3JdxL5wOEVs
Y8j1MAjdCdTfBdAHPeaOc3COSX22D64Awc4QkY6D0/bI2xhaSlkYVIRex5axW+9O
1E6mE64QOBpVslUhNtqlajc8viQADeqDWtyRUPEqDkao7qsDer9jSEl63wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFD/0HBywhAtt1lBa9r1KciNq3BM0MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvUF9RY0hMQ0VDMjNXVUZyMnZVcHlJMnJjRXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKhEhwgMF
ACoRIcYDBQAqETCEAwUAKhE1wAMFACoRPQMDBQAqEXCFAwUAKhHTgAMFACoR1wAD
BQAqEiTBAwUAKhI1wgMFACoUlwcwDQYJKoZIhvcNAQELBQADggEBACI15deT7gfV
aYdGOOBoDyIJV1w1Z3ImZZd62ntmO1srb6uXex7c03zZSdATOpvRMi4TbV1XZ76l
UZYfzx9puPVg/sg25iXO7eA6K1+882SLFjawsc7qUwxPpd33H2aKJ9F1RUwmOOjq
8/GyjVHxGs8owiaxMvkNedk183h5EyQbfQ86L0z7Kv/YZU4YT7Ouy68j4P7VyvcZ
g2kqHCA5xbBTDoCl7plmsehOIgBrq35IzRkOUFVuVFb1aXjn6QWCauCn5gQv+haX
xcYpdCEXK349HG3YnpSq4enPOgFKvW7Iy6OyCgPH2vmmNsVJ8UiwVwjtjhhO87Eq
TnwPJg0bcKs=
-----END CERTIFICATE-----