Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/jWGvxummst8e5T6RAUif38JXUho.roa
File:                     jWGvxummst8e5T6RAUif38JXUho.roa (raw, json)
Hash identifier:          ImnSe29BXyvBA58O75wTQM9B9LU38tW8sNIU9KG+kRs=
Subject key identifier:   8D:61:AF:C6:E9:A6:B2:DF:1E:E5:3E:91:01:48:9F:DF:C2:57:52:1A
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0197CFA53E202EF140D36FC315A91049225E
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/jWGvxummst8e5T6RAUif38JXUho.roa
Signing time:             Thu 03 Jul 2025 09:36:42 +0000
ROA not before:           Thu 03 Jul 2025 09:36:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:21c0::/32 maxlen: 32
                          2a11:3080::/32 maxlen: 32
                          2a11:3087::/32 maxlen: 32
                          2a11:3d05::/32 maxlen: 32
                          2a11:3d07::/32 maxlen: 32
                          2a11:7087::/32 maxlen: 32
                          2a11:d382::/32 maxlen: 32
                          2a11:d704::/32 maxlen: 32
                          2a12:24c0::/32 maxlen: 32
                          2a12:35c0::/32 maxlen: 32
                          2a12:35c1::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 15:37:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:a5:3e:20:2e:f1:40:d3:6f:c3:15:a9:10:49:22:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Jul  3 09:36:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d61afc6e9a6b2df1ee53e9101489fdfc257521a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fd:f9:6b:8d:12:a3:93:b9:1f:54:43:7a:0a:
                    21:f2:ff:30:d1:a2:f6:6a:5a:b5:06:3e:99:c2:a6:
                    89:01:6f:89:1b:06:4d:04:78:ec:f9:85:b2:e6:37:
                    db:c2:ff:e1:7e:bc:08:79:48:d8:aa:cb:83:48:fc:
                    09:a9:cd:d5:f1:f9:14:b8:58:04:ec:c7:88:66:52:
                    b0:26:00:01:26:52:ec:8a:b6:77:65:cc:b0:50:f1:
                    71:98:0f:ef:3f:eb:3d:b8:50:39:69:00:af:0c:61:
                    9f:64:b3:d1:d4:c2:27:73:fe:2b:c3:55:63:26:3a:
                    41:19:1e:e9:f3:af:68:fa:d7:be:f5:a9:df:f7:32:
                    c6:f3:01:49:85:96:57:21:c6:99:76:a7:38:1c:e6:
                    ea:43:9a:51:b6:61:ce:f0:e6:aa:85:06:a6:2c:00:
                    4e:1c:d1:e2:97:91:df:89:af:d6:a0:6b:a6:a3:5a:
                    14:6b:cb:48:d5:80:f4:3e:8d:7f:6e:04:bf:65:3b:
                    ec:9e:07:8f:ae:0c:10:0a:be:53:8e:92:84:36:bc:
                    cb:0b:f9:63:d4:c4:c1:d8:0f:23:30:79:52:39:5e:
                    09:84:2c:bc:74:12:ab:c9:45:5e:e6:17:2e:2a:a7:
                    6c:a0:15:0c:35:93:92:49:cd:a5:dd:8a:24:2a:66:
                    42:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:61:AF:C6:E9:A6:B2:DF:1E:E5:3E:91:01:48:9F:DF:C2:57:52:1A
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/jWGvxummst8e5T6RAUif38JXUho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:21c0::/32
                  2a11:3080::/32
                  2a11:3087::/32
                  2a11:3d05::/32
                  2a11:3d07::/32
                  2a11:7087::/32
                  2a11:d382::/32
                  2a11:d704::/32
                  2a12:24c0::/32
                  2a12:35c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         7d:34:e0:f1:e9:8c:27:ff:6a:45:63:34:94:fc:b9:49:56:4d:
         70:2d:dc:12:56:a6:3b:57:26:ed:22:a7:e7:ca:87:6e:12:29:
         3b:27:b9:31:9e:d3:43:e5:88:95:7d:a5:44:98:9d:d9:91:c4:
         19:f9:8e:37:c4:04:2b:a9:3a:08:73:ae:ce:ee:0f:89:b1:70:
         20:43:b4:27:84:30:82:43:4a:5d:2b:64:3f:1f:c9:95:49:9c:
         23:f6:f7:e0:60:2b:e2:f1:17:52:68:5a:07:07:7b:18:33:40:
         80:f1:94:0e:45:95:e3:8e:42:d6:b2:c5:40:38:90:88:5a:f6:
         a5:a8:ef:80:07:2a:a8:f1:37:39:c7:b1:08:d7:c2:88:08:d3:
         ee:0d:b4:01:61:dc:f3:6c:38:de:37:95:62:b6:91:d5:68:2d:
         8e:7c:8e:1b:9d:41:54:53:86:92:33:70:a3:2a:54:3b:da:b0:
         36:47:67:7c:84:cd:7c:b9:e2:07:82:f8:87:88:45:45:d2:87:
         03:65:30:f9:85:f8:02:fc:e7:26:b4:8b:9f:59:87:94:b6:3d:
         5b:f7:1e:af:ce:db:07:c9:64:50:4b:6e:c4:07:ae:56:79:15:
         df:7a:57:f0:5f:71:19:8e:da:25:af:ef:e0:99:aa:cc:6c:b3:
         da:86:b3:31
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZfPpT4gLvFA02/DFakQSSJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNzAzMDkzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDYxYWZjNmU5YTZiMmRmMWVlNTNlOTEwMTQ4OWZkZmMyNTc1MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/35a40So5O5H1RDegoh8v8w0aL2
alq1Bj6ZwqaJAW+JGwZNBHjs+YWy5jfbwv/hfrwIeUjYqsuDSPwJqc3V8fkUuFgE
7MeIZlKwJgABJlLsirZ3ZcywUPFxmA/vP+s9uFA5aQCvDGGfZLPR1MInc/4rw1Vj
JjpBGR7p869o+te+9anf9zLG8wFJhZZXIcaZdqc4HObqQ5pRtmHO8OaqhQamLABO
HNHil5Hfia/WoGumo1oUa8tI1YD0Po1/bgS/ZTvsngePrgwQCr5TjpKENrzLC/lj
1MTB2A8jMHlSOV4JhCy8dBKryUVe5hcuKqdsoBUMNZOSSc2l3YokKmZCYwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI1hr8bpprLfHuU+kQFIn9/CV1IaMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvaldHdnh1bW1zdDhlNVQ2UkFVaWYzOEpYVWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKhEhwAMF
ACoRMIADBQAqETCHAwUAKhE9BQMFACoRPQcDBQAqEXCHAwUAKhHTggMFACoR1wQD
BQAqEiTAAwUBKhI1wDANBgkqhkiG9w0BAQsFAAOCAQEAfTTg8emMJ/9qRWM0lPy5
SVZNcC3cElamO1cm7SKn58qHbhIpOye5MZ7TQ+WIlX2lRJid2ZHEGfmON8QEK6k6
CHOuzu4PibFwIEO0J4QwgkNKXStkPx/JlUmcI/b34GAr4vEXUmhaBwd7GDNAgPGU
DkWV445C1rLFQDiQiFr2pajvgAcqqPE3OcexCNfCiAjT7g20AWHc82w43jeVYraR
1WgtjnyOG51BVFOGkjNwoypUO9qwNkdnfITNfLniB4L4h4hFRdKHA2Uw+YX4Avzn
JrSLn1mHlLY9W/cer87bB8lkUEtuxAeuVnkV33pX8F9xGY7aJa/v4JmqzGyz2oaz
MQ==
-----END CERTIFICATE-----