Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/WRGVRj11bO7WWQj-mMn0ioNqO7o.roa
File:                     WRGVRj11bO7WWQj-mMn0ioNqO7o.roa (raw, json)
Hash identifier:          nbhlc1L3IKPNkKxDJkn97joxOmX2Fw5gURXdy02SLjY=
Subject key identifier:   59:11:95:46:3D:75:6C:EE:D6:59:08:FE:98:C9:F4:8A:83:6A:3B:BA
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0197CFCF5B86D9C4E5C023D53841D4184502
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/WRGVRj11bO7WWQj-mMn0ioNqO7o.roa
Signing time:             Thu 03 Jul 2025 10:22:42 +0000
ROA not before:           Thu 03 Jul 2025 10:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a09:da41::/32 maxlen: 32
                          2a09:da42::/32 maxlen: 32
                          2a0c:ac0::/32 maxlen: 32
                          2a0c:ac1::/32 maxlen: 32
                          2a0c:ac2::/32 maxlen: 32
                          2a0d:adc0::/32 maxlen: 32
                          2a0d:adc1::/32 maxlen: 32
                          2a0e:dfc0::/32 maxlen: 32
                          2a11:35c0::/32 maxlen: 32
                          2a11:35c1::/32 maxlen: 32
                          2a11:5a42::/32 maxlen: 32
                          2a11:d701::/32 maxlen: 32
                          2a12:1540::/32 maxlen: 32
                          2a12:1541::/32 maxlen: 32
                          2a12:7300::/32 maxlen: 32
                          2a12:7302::/32 maxlen: 32
                          2a14:9700::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 15:53:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:cf:5b:86:d9:c4:e5:c0:23:d5:38:41:d4:18:45:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jul  3 10:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=591195463d756ceed65908fe98c9f48a836a3bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e3:d8:f0:e7:1b:59:3f:40:b8:c8:f6:08:ac:
                    a7:da:4d:88:29:28:05:37:56:43:96:57:dc:41:48:
                    89:6e:c8:21:ce:81:f8:41:47:0d:6e:90:5c:da:72:
                    df:e5:45:50:82:41:99:a3:df:3e:c0:da:c7:35:25:
                    4a:74:21:99:15:b9:a8:c7:5b:9a:3b:ef:0d:d6:a4:
                    ed:ff:d4:73:76:3d:0e:b7:b7:7c:33:95:1f:b2:19:
                    01:e3:5d:2a:5e:00:53:5d:4d:df:33:2f:2a:6a:be:
                    88:23:e9:f8:19:a4:6d:88:98:10:ec:e0:f1:90:f2:
                    e3:36:5e:49:29:d5:aa:20:ab:ec:bd:76:2d:2e:7c:
                    c6:b3:8a:b2:f6:2f:c7:13:92:7f:62:7b:a1:c7:4d:
                    b7:ab:c6:76:ae:5b:24:10:02:0b:86:d6:91:dc:9e:
                    a0:d2:12:41:9d:69:bc:5a:72:ee:85:20:8b:ca:62:
                    34:a3:9c:8d:3c:d5:19:fa:97:f2:a6:ea:20:d2:2e:
                    e3:eb:08:00:d6:0a:01:59:a3:94:c7:10:59:78:31:
                    ed:f6:4a:41:7e:b4:27:c2:f8:3d:cd:8b:c9:f3:ca:
                    38:45:78:5a:29:e2:0b:32:8d:d3:08:14:e8:0b:14:
                    b8:1e:d1:20:2d:da:20:12:8b:c1:cf:5b:2f:84:14:
                    7b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:11:95:46:3D:75:6C:EE:D6:59:08:FE:98:C9:F4:8A:83:6A:3B:BA
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/WRGVRj11bO7WWQj-mMn0ioNqO7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:da41::-2a09:da42:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:ac0::-2a0c:ac2:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0d:adc0::/31
                  2a0e:dfc0::/32
                  2a11:35c0::/31
                  2a11:5a42::/32
                  2a11:d701::/32
                  2a12:1540::/31
                  2a12:7300::/32
                  2a12:7302::/32
                  2a14:9700::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:3a:63:12:6a:2a:9b:7d:07:99:8b:32:7e:64:8b:bc:ee:8f:
         dc:07:e1:9a:30:97:99:83:2d:17:1e:09:b4:6e:1e:5b:cb:b4:
         2f:dd:3c:44:05:8a:08:13:1c:74:02:68:23:18:a5:91:7d:b9:
         e8:a2:d5:33:e9:60:de:c6:dc:9f:b9:cb:94:3b:17:ae:ba:9b:
         75:32:ba:e3:a6:65:09:3e:6d:41:a0:dc:d9:9c:17:68:6b:4c:
         d6:46:64:3f:8b:74:bf:f4:3d:50:a5:f8:91:b6:d7:03:71:84:
         be:c2:1c:70:10:e2:68:b2:44:73:7a:cc:74:a1:24:c0:2f:f1:
         86:1f:5c:25:c3:6e:e9:57:0b:68:2f:c1:33:68:0b:14:20:78:
         e3:21:28:27:ef:70:03:6a:c2:c1:41:8d:d6:c2:43:64:f3:d1:
         0c:f0:d7:4d:e0:ef:5f:a1:59:c0:1a:9a:9a:d4:d8:b3:34:ef:
         8e:f1:06:5b:f9:80:d5:88:ad:d8:9c:54:28:37:f0:7c:33:75:
         dc:d2:5f:04:63:be:c3:40:21:bc:6c:26:9c:d4:15:af:7c:01:
         de:81:42:e3:88:d5:e1:7e:df:92:d4:ff:12:fb:5f:2d:9b:79:
         48:eb:fd:00:6f:e5:f2:e9:cb:48:23:f1:72:f8:e6:50:07:9e:
         95:f8:7d:e0
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZfPz1uG2cTlwCPVOEHUGEUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNzAzMTAyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTExOTU0NjNkNzU2Y2VlZDY1OTA4ZmU5OGM5ZjQ4YTgzNmEzYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuPY8OcbWT9AuMj2CKyn2k2IKSgF
N1ZDllfcQUiJbsghzoH4QUcNbpBc2nLf5UVQgkGZo98+wNrHNSVKdCGZFbmox1ua
O+8N1qTt/9Rzdj0Ot7d8M5UfshkB410qXgBTXU3fMy8qar6II+n4GaRtiJgQ7ODx
kPLjNl5JKdWqIKvsvXYtLnzGs4qy9i/HE5J/Ynuhx023q8Z2rlskEAILhtaR3J6g
0hJBnWm8WnLuhSCLymI0o5yNPNUZ+pfypuog0i7j6wgA1goBWaOUxxBZeDHt9kpB
frQnwvg9zYvJ88o4RXhaKeILMo3TCBToCxS4HtEgLdogEovBz1svhBR7awIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFFkRlUY9dWzu1lkI/pjJ9IqDaju6MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvV1JHVlJqMTFiTzdXV1FqLW1NbjBpb05xTzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfMA4DBQAqCdpB
AwUAKgnaQjAOAwUGKgwKwAMFACoMCsIDBQEqDa3AAwUAKg7fwAMFASoRNcADBQAq
EVpCAwUAKhHXAQMFASoSFUADBQAqEnMAAwUAKhJzAgMFACoUlwAwDQYJKoZIhvcN
AQELBQADggEBAGs6YxJqKpt9B5mLMn5ki7zuj9wH4Zowl5mDLRceCbRuHlvLtC/d
PEQFiggTHHQCaCMYpZF9ueii1TPpYN7G3J+5y5Q7F666m3UyuuOmZQk+bUGg3Nmc
F2hrTNZGZD+LdL/0PVCl+JG21wNxhL7CHHAQ4miyRHN6zHShJMAv8YYfXCXDbulX
C2gvwTNoCxQgeOMhKCfvcANqwsFBjdbCQ2Tz0Qzw103g71+hWcAamprU2LM0747x
Blv5gNWIrdicVCg38HwzddzSXwRjvsNAIbxsJpzUFa98Ad6BQuOI1eF+35LU/xL7
Xy2beUjr/QBv5fLpy0gj8XL45lAHnpX4feA=
-----END CERTIFICATE-----