Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/2D-Zxj126PDGZMMZjvLHu7k1bLQ.roa
File:                     2D-Zxj126PDGZMMZjvLHu7k1bLQ.roa (raw, json)
Hash identifier:          Maq8I21eqBlks5rOzQucJYvr7dOGIibf8sMZabZf5Ac=
Subject key identifier:   D8:3F:99:C6:3D:76:E8:F0:C6:64:C3:19:8E:F2:C7:BB:B9:35:6C:B4
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197E57336FD0805A5078E5DA932F99A5417
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/2D-Zxj126PDGZMMZjvLHu7k1bLQ.roa
Signing time:             Mon 07 Jul 2025 15:13:42 +0000
ROA not before:           Mon 07 Jul 2025 15:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0e:f04::/32 maxlen: 32
                          2a0e:f07::/32 maxlen: 32
                          2a11:15c1::/32 maxlen: 32
                          2a11:3180::/32 maxlen: 32
                          2a11:4a04::/32 maxlen: 32
                          2a11:4a07::/32 maxlen: 32
                          2a11:7883::/32 maxlen: 32
                          2a11:8500::/32 maxlen: 32
                          2a11:8507::/32 maxlen: 32
                          2a12:4144::/32 maxlen: 32
                          2a12:4147::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 10 Jul 2025 14:10:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:73:36:fd:08:05:a5:07:8e:5d:a9:32:f9:9a:54:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul  7 15:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83f99c63d76e8f0c664c3198ef2c7bbb9356cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:55:17:2f:4a:99:1d:9d:0e:f9:83:ca:c6:b5:
                    4d:d6:74:40:60:33:5a:03:f1:5f:c1:51:cf:d4:3a:
                    64:00:4d:66:02:81:7a:57:02:99:36:f8:cc:8c:4f:
                    4c:d7:d7:e8:5f:48:56:1f:ea:e4:11:fc:29:ed:ad:
                    77:4a:73:b4:3d:3e:38:c4:41:e6:07:e5:be:6a:a3:
                    36:48:cd:6e:16:09:16:0e:64:48:4b:02:57:de:88:
                    38:dc:00:5d:e3:04:5e:6a:53:9e:48:36:f5:f6:c0:
                    1e:9c:4c:80:d0:a0:a3:53:88:e7:3c:fd:b9:7b:26:
                    24:59:b3:1e:eb:af:5a:37:92:ce:27:78:e3:98:4d:
                    9c:f6:87:cf:7d:c1:fa:40:de:7c:f3:87:db:6b:4a:
                    fb:31:90:44:ba:3d:44:aa:f8:ab:98:61:cb:8d:0d:
                    2c:0c:6c:33:5a:d9:b0:ea:fc:95:17:2f:63:60:6d:
                    ba:cd:ae:54:53:49:39:71:b1:ff:e7:a2:3f:3e:ae:
                    b0:24:44:e1:57:00:25:e9:c0:70:44:3a:12:58:a7:
                    69:73:af:19:0b:d8:0a:3c:09:9b:fe:59:10:d8:9f:
                    7b:60:9a:f5:10:34:57:7e:60:1c:af:dc:36:1d:bb:
                    d2:6b:d9:c4:30:77:7b:bb:f2:b3:95:18:9e:bd:32:
                    47:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3F:99:C6:3D:76:E8:F0:C6:64:C3:19:8E:F2:C7:BB:B9:35:6C:B4
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/2D-Zxj126PDGZMMZjvLHu7k1bLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f04::/32
                  2a0e:f07::/32
                  2a11:15c1::/32
                  2a11:3180::/32
                  2a11:4a04::/32
                  2a11:4a07::/32
                  2a11:7883::/32
                  2a11:8500::/32
                  2a11:8507::/32
                  2a12:4144::/32
                  2a12:4147::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:65:f2:04:f9:9b:dc:c9:c8:7e:fe:67:e6:26:ab:18:80:96:
         f3:5c:0c:8a:2f:84:b3:0e:5a:b0:75:68:d9:7d:19:eb:bf:7a:
         3a:87:89:96:be:17:96:28:31:22:19:08:f5:c4:71:76:b2:82:
         bf:19:84:c2:2d:90:9a:8f:2b:1d:a5:db:22:c5:97:a8:2a:a3:
         a0:48:ea:87:51:0d:7e:03:23:42:67:89:46:b6:64:4a:ed:8e:
         76:4c:31:80:63:15:0d:b2:37:09:14:6a:73:39:96:48:0e:62:
         4b:3c:1c:3e:e5:a9:c1:82:6e:af:0e:25:4a:80:c3:83:f3:71:
         78:82:c5:c9:50:d8:dd:6f:56:56:5e:32:15:43:fe:bb:26:24:
         01:35:02:aa:af:56:88:27:14:39:4f:c6:a9:6e:89:3e:3c:01:
         66:bc:b0:7b:e4:6d:e0:12:c4:01:49:0f:8d:b6:7f:bb:e7:a4:
         01:91:a0:ca:b2:21:e8:b5:f4:af:03:36:7f:48:0d:7a:3e:6e:
         3f:29:e7:75:f7:74:83:ce:44:31:9a:78:ea:a5:93:27:91:0d:
         70:59:89:ef:a2:88:b8:3c:b3:d3:5b:2c:ff:28:00:c8:95:86:
         f3:39:a2:ea:d8:62:41:44:6f:63:7f:56:41:62:44:dc:12:9d:
         5e:13:9a:dd
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZflczb9CAWlB45dqTL5mlQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzA3MTUxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNmOTljNjNkNzZlOGYwYzY2NGMzMTk4ZWYyYzdiYmI5MzU2Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFUXL0qZHZ0O+YPKxrVN1nRAYDNa
A/FfwVHP1DpkAE1mAoF6VwKZNvjMjE9M19foX0hWH+rkEfwp7a13SnO0PT44xEHm
B+W+aqM2SM1uFgkWDmRISwJX3og43ABd4wRealOeSDb19sAenEyA0KCjU4jnPP25
eyYkWbMe669aN5LOJ3jjmE2c9ofPfcH6QN5884fba0r7MZBEuj1EqvirmGHLjQ0s
DGwzWtmw6vyVFy9jYG26za5UU0k5cbH/56I/Pq6wJEThVwAl6cBwRDoSWKdpc68Z
C9gKPAmb/lkQ2J97YJr1EDRXfmAcr9w2HbvSa9nEMHd7u/KzlRievTJH1wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFNg/mcY9dujwxmTDGY7yx7u5NWy0MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvMkQtWnhqMTI2UERHWk1NWmp2TEh1N2sxYkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKg4PBAMF
ACoODwcDBQAqERXBAwUAKhExgAMFACoRSgQDBQAqEUoHAwUAKhF4gwMFACoRhQAD
BQAqEYUHAwUAKhJBRAMFACoSQUcwDQYJKoZIhvcNAQELBQADggEBABhl8gT5m9zJ
yH7+Z+YmqxiAlvNcDIovhLMOWrB1aNl9Geu/ejqHiZa+F5YoMSIZCPXEcXaygr8Z
hMItkJqPKx2l2yLFl6gqo6BI6odRDX4DI0JniUa2ZErtjnZMMYBjFQ2yNwkUanM5
lkgOYks8HD7lqcGCbq8OJUqAw4PzcXiCxclQ2N1vVlZeMhVD/rsmJAE1AqqvVogn
FDlPxqluiT48AWa8sHvkbeASxAFJD422f7vnpAGRoMqyIei19K8DNn9IDXo+bj8p
53X3dIPORDGaeOqlkyeRDXBZie+iiLg8s9NbLP8oAMiVhvM5ourYYkFEb2N/VkFi
RNwSnV4Tmt0=
-----END CERTIFICATE-----