Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/xt3kdVlG_FygdGDbHl90jMQWngs.roa
File:                     xt3kdVlG_FygdGDbHl90jMQWngs.roa (raw, json)
Hash identifier:          4nWYLozvm5W8fEkFKVtmSSU1H0TJ9aNbcVTPyS3U9tg=
Subject key identifier:   C6:DD:E4:75:59:46:FC:5C:A0:74:60:DB:1E:5F:74:8C:C4:16:9E:0B
Certificate issuer:       /CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
Certificate serial:       01983CC6E79B7869CE4FC31DF47AD0EF63D6
Authority key identifier: 42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/xt3kdVlG_FygdGDbHl90jMQWngs.roa
Signing time:             Thu 24 Jul 2025 14:12:04 +0000
ROA not before:           Thu 24 Jul 2025 14:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5400
IP address blocks:        2a00:2000::/23 maxlen: 23
                          2a00:2080::/32 maxlen: 32
                          2a00:2081::/32 maxlen: 32
                          2a00:2082::/32 maxlen: 32
                          2a00:2083::/32 maxlen: 32
                          2a00:2084::/32 maxlen: 32
                          2a00:2200::/25 maxlen: 25
                          2a00:2200::/40 maxlen: 40
                          2a00:2200:200::/40 maxlen: 40
                          2a00:2200:300::/40 maxlen: 40
                          2a00:2200:900::/40 maxlen: 40
                          2a00:2200:b00::/40 maxlen: 40
                          2a00:2200:d00::/40 maxlen: 40
                          2a00:2200:5300::/40 maxlen: 40
                          2a00:2280::/25 maxlen: 25
                          2a00:2300::/25 maxlen: 25
Validation:               Failed, certificate revoked on Thu 24 Jul 2025 16:27:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:c6:e7:9b:78:69:ce:4f:c3:1d:f4:7a:d0:ef:63:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
        Validity
            Not Before: Jul 24 14:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6dde4755946fc5ca07460db1e5f748cc4169e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:04:1e:58:90:17:31:6f:04:92:54:67:4b:d4:
                    4c:ad:1d:59:04:80:35:0a:3f:b0:fc:35:2b:94:4d:
                    a5:5a:74:e1:69:f0:e5:e3:d6:4d:98:8a:59:12:47:
                    fa:f2:62:a5:2e:10:9f:bf:b7:29:30:7a:c2:7e:95:
                    47:0a:0a:2f:3f:5c:d0:82:f7:fb:b6:55:2a:24:0b:
                    b0:47:37:c7:63:32:1a:9e:41:01:99:f5:f3:97:04:
                    8c:f9:f7:3b:3a:40:fc:f0:2d:c3:6d:fb:99:bb:d3:
                    10:19:78:09:ed:2d:4a:7f:c8:13:2f:44:b1:e1:9f:
                    5e:ec:42:0e:3f:44:ce:3e:ed:2d:2c:e5:e7:16:ab:
                    e8:2d:f0:a5:41:64:fc:11:54:67:d7:32:c2:df:f8:
                    dd:96:f9:c5:ec:42:ec:89:17:06:00:e0:f1:ba:ea:
                    be:73:71:6a:45:1e:26:41:d4:79:02:48:c3:34:4d:
                    7d:3a:1b:2f:d6:39:a4:bf:3e:bd:05:9c:e6:04:7c:
                    72:06:4a:0b:2a:46:51:74:bc:50:a2:14:d6:5e:6b:
                    d2:ee:00:1e:70:63:26:10:00:92:9e:ff:0f:9a:60:
                    c7:d4:de:57:af:ea:d2:31:e4:59:b0:c1:ca:32:b7:
                    7e:23:ad:12:0f:42:90:ea:4c:da:ce:a8:8c:96:a6:
                    68:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DD:E4:75:59:46:FC:5C:A0:74:60:DB:1E:5F:74:8C:C4:16:9E:0B
            X509v3 Authority Key Identifier:
                keyid:42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/xt3kdVlG_FygdGDbHl90jMQWngs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:2000::-2a00:237f:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         68:4f:fb:8b:27:0b:92:5f:5d:e6:60:de:5e:66:a4:d5:11:47:
         38:92:38:e0:47:5c:94:eb:67:dd:31:24:a2:66:2e:33:98:f2:
         65:d7:35:a3:2d:b5:5a:7b:45:41:dc:a9:cb:5b:96:e7:b2:02:
         ff:ce:d9:d6:1d:12:ce:30:ce:cd:cb:2f:3b:e9:34:a9:1e:2b:
         f3:5c:29:de:5b:e9:64:b8:48:7e:ef:f5:0c:9a:11:79:78:98:
         2c:21:96:da:21:ac:60:cc:91:42:10:6c:bc:18:ba:bf:07:02:
         28:fc:de:3c:f6:40:f9:c7:e0:92:47:30:ef:1f:08:eb:82:ee:
         88:96:53:43:cf:d8:94:52:70:76:9d:67:d1:88:5c:2e:0e:2a:
         8a:e1:0a:2e:d7:26:e3:f0:d3:3c:f5:26:45:76:32:02:f0:d0:
         00:15:6c:18:ac:25:cb:b3:a0:03:83:90:5e:e5:ca:f3:90:e4:
         d1:ee:cc:5e:7f:c3:69:fb:3b:e9:d0:29:3a:7d:04:18:a1:8e:
         1f:f1:28:f3:48:67:11:05:23:f0:1f:b8:30:18:91:93:fd:66:
         d5:0c:f0:82:dc:4f:03:53:ca:f9:1b:ee:4a:63:3a:96:37:c0:
         0d:99:37:31:eb:5c:53:df:66:d1:ba:86:82:f2:9d:2d:93:f8:
         88:40:ec:31
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZg8xuebeGnOT8Md9HrQ72PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjFhMjRjODBmZGNhMzI5NjQ0NTczYWU2ZDYxYzlmMmUz
NzRlZDgwHhcNMjUwNzI0MTQxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRkZTQ3NTU5NDZmYzVjYTA3NDYwZGIxZTVmNzQ4Y2M0MTY5ZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQQeWJAXMW8EklRnS9RMrR1ZBIA1
Cj+w/DUrlE2lWnThafDl49ZNmIpZEkf68mKlLhCfv7cpMHrCfpVHCgovP1zQgvf7
tlUqJAuwRzfHYzIankEBmfXzlwSM+fc7OkD88C3DbfuZu9MQGXgJ7S1Kf8gTL0Sx
4Z9e7EIOP0TOPu0tLOXnFqvoLfClQWT8EVRn1zLC3/jdlvnF7ELsiRcGAODxuuq+
c3FqRR4mQdR5AkjDNE19Ohsv1jmkvz69BZzmBHxyBkoLKkZRdLxQohTWXmvS7gAe
cGMmEACSnv8PmmDH1N5Xr+rSMeRZsMHKMrd+I60SD0KQ6kzazqiMlqZoLwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFMbd5HVZRvxcoHRg2x5fdIzEFp4LMB8GA1UdIwQY
MBaAFELxokyA/coylkRXOubWHJ8uN07YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzkt
NzE2OGFlMGI4Mjc4LzEveHQza2RWbEdfRnlnZEdEYkhsOTBqTVFXbmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzktNzE2OGFlMGI4Mjc4
LzEvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPMA0DBAUqACAD
BQcqACMAMA0GCSqGSIb3DQEBCwUAA4IBAQBoT/uLJwuSX13mYN5eZqTVEUc4kjjg
R1yU62fdMSSiZi4zmPJl1zWjLbVae0VB3KnLW5bnsgL/ztnWHRLOMM7Nyy876TSp
HivzXCneW+lkuEh+7/UMmhF5eJgsIZbaIaxgzJFCEGy8GLq/BwIo/N489kD5x+CS
RzDvHwjrgu6IllNDz9iUUnB2nWfRiFwuDiqK4Qou1ybj8NM89SZFdjIC8NAAFWwY
rCXLs6ADg5Be5crzkOTR7sxef8Np+zvp0Ck6fQQYoY4f8SjzSGcRBSPwH7gwGJGT
/WbVDPCC3E8DU8r5G+5KYzqWN8ANmTcx61xT32bRuoaC8p0tk/iIQOwx
-----END CERTIFICATE-----