Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/wyskNsEjC79qDMt2xsZbL3GIGg4.roa
File:                     wyskNsEjC79qDMt2xsZbL3GIGg4.roa (raw, json)
Hash identifier:          U8CgXmESFCJYJcJpPpxIk+EJR4kpdY80cDmuYlyORdI=
Subject key identifier:   C3:2B:24:36:C1:23:0B:BF:6A:0C:CB:76:C6:C6:5B:2F:71:88:1A:0E
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0197F4AC191796DBCF4D594AEF305C2AB432
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/wyskNsEjC79qDMt2xsZbL3GIGg4.roa
Signing time:             Thu 10 Jul 2025 14:10:08 +0000
ROA not before:           Thu 10 Jul 2025 14:10:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0c:2846::/32 maxlen: 32
                          2a0e:f04::/32 maxlen: 32
                          2a0e:f07::/32 maxlen: 32
                          2a11:15c1::/32 maxlen: 32
                          2a11:3180::/32 maxlen: 32
                          2a11:4a04::/32 maxlen: 32
                          2a11:4a07::/32 maxlen: 32
                          2a11:7883::/32 maxlen: 32
                          2a11:8500::/32 maxlen: 32
                          2a11:8507::/32 maxlen: 32
                          2a12:4144::/32 maxlen: 32
                          2a12:4147::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 24 Jul 2025 09:10:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:ac:19:17:96:db:cf:4d:59:4a:ef:30:5c:2a:b4:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul 10 14:10:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c32b2436c1230bbf6a0ccb76c6c65b2f71881a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6c:a1:8e:2a:91:e7:25:2f:cd:e2:d3:ff:29:
                    8b:f0:fa:bd:cf:21:7c:c9:1a:8a:b8:42:7f:16:5b:
                    94:e9:a5:f5:ea:bf:64:96:7a:f9:db:32:b1:0a:c8:
                    82:de:98:66:ed:0d:a4:fd:56:59:c1:bd:26:83:49:
                    b1:5b:59:02:69:65:0e:59:4d:26:b3:cc:46:18:c9:
                    0a:d0:4e:8b:1b:b3:7f:d9:87:96:80:99:c5:ba:46:
                    6a:91:51:c3:91:80:c2:87:09:45:69:f2:1a:af:85:
                    e1:8d:8e:a7:63:3f:ec:a6:10:2e:ac:3d:1f:63:b8:
                    c0:30:4b:4f:22:06:a0:07:88:3e:b2:b5:b6:56:26:
                    1c:ba:31:7e:c5:55:9e:9b:45:b3:3d:09:07:37:ba:
                    d8:04:b5:0e:80:92:fd:c3:f6:c2:c1:5a:1c:d8:27:
                    a7:d3:e8:f3:88:49:db:d4:e3:77:4f:fa:38:40:fe:
                    d9:c5:02:d6:4c:71:7c:8e:13:d4:c8:4d:dc:63:d8:
                    4b:bc:e6:38:9f:14:01:84:4e:74:e9:4b:a0:f0:d1:
                    ab:d7:82:e3:a6:5a:e0:ca:ad:84:d3:e0:73:8f:fa:
                    c3:44:9e:c0:c4:15:c7:1b:98:eb:e1:0a:a2:71:61:
                    32:14:6b:4c:35:08:a1:69:e9:4c:78:12:74:1c:63:
                    56:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:2B:24:36:C1:23:0B:BF:6A:0C:CB:76:C6:C6:5B:2F:71:88:1A:0E
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/wyskNsEjC79qDMt2xsZbL3GIGg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2846::/32
                  2a0e:f04::/32
                  2a0e:f07::/32
                  2a11:15c1::/32
                  2a11:3180::/32
                  2a11:4a04::/32
                  2a11:4a07::/32
                  2a11:7883::/32
                  2a11:8500::/32
                  2a11:8507::/32
                  2a12:4144::/32
                  2a12:4147::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:20:6b:13:b3:ff:c5:f7:58:ba:b5:fe:e7:3b:e5:c4:8f:77:
         a7:ad:a2:d7:d7:72:01:1f:5c:6e:6e:0e:f4:10:4e:13:32:2a:
         1b:e5:e8:53:62:e5:9d:1b:8b:c6:bf:2b:fb:0f:4b:cc:5e:b9:
         5e:23:9d:d4:b4:5f:e6:dc:dd:f4:96:90:12:7d:60:e6:81:74:
         e4:c1:22:d7:67:13:8c:08:05:97:1d:bc:ce:09:73:04:81:14:
         81:38:b6:78:40:a9:0d:65:9e:cf:66:da:ba:f7:fd:d7:d3:d5:
         b1:56:c1:56:18:8c:11:99:13:64:c5:b7:11:d8:37:5d:a1:0a:
         df:40:7e:af:f0:3a:66:30:68:af:24:d6:26:ff:36:77:d7:e9:
         c7:cd:93:b8:32:20:41:66:02:a0:aa:c5:7c:f2:aa:de:05:7d:
         15:06:0a:bb:7b:f9:43:79:ec:a8:51:fe:ea:59:28:94:36:47:
         a4:95:52:08:59:6a:88:fd:3b:da:a7:e4:6d:9d:ee:da:c7:b9:
         8b:89:c7:b1:0f:7b:e2:9c:b2:ff:f7:05:81:7c:f1:a1:14:ab:
         42:6e:8e:18:cf:4d:f5:c1:57:fb:d5:e7:83:12:b0:37:c2:dc:
         82:55:81:8c:af:46:35:3a:63:f7:b8:eb:88:dd:07:3d:7b:1b:
         6a:c4:c0:9e
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZf0rBkXltvPTVlK7zBcKrQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzEwMTQxMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzJiMjQzNmMxMjMwYmJmNmEwY2NiNzZjNmM2NWIyZjcxODgxYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2yhjiqR5yUvzeLT/ymL8Pq9zyF8
yRqKuEJ/FluU6aX16r9klnr52zKxCsiC3phm7Q2k/VZZwb0mg0mxW1kCaWUOWU0m
s8xGGMkK0E6LG7N/2YeWgJnFukZqkVHDkYDChwlFafIar4XhjY6nYz/sphAurD0f
Y7jAMEtPIgagB4g+srW2ViYcujF+xVWem0WzPQkHN7rYBLUOgJL9w/bCwVoc2Cen
0+jziEnb1ON3T/o4QP7ZxQLWTHF8jhPUyE3cY9hLvOY4nxQBhE506Uug8NGr14Lj
plrgyq2E0+Bzj/rDRJ7AxBXHG5jr4QqicWEyFGtMNQihaelMeBJ0HGNWVwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFMMrJDbBIwu/agzLdsbGWy9xiBoOMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvd3lza05zRWpDNzlxRE10MnhzWmJMM0dJR2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUAKgwoRgMF
ACoODwQDBQAqDg8HAwUAKhEVwQMFACoRMYADBQAqEUoEAwUAKhFKBwMFACoReIMD
BQAqEYUAAwUAKhGFBwMFACoSQUQDBQAqEkFHMA0GCSqGSIb3DQEBCwUAA4IBAQBn
IGsTs//F91i6tf7nO+XEj3enraLX13IBH1xubg70EE4TMiob5ehTYuWdG4vGvyv7
D0vMXrleI53UtF/m3N30lpASfWDmgXTkwSLXZxOMCAWXHbzOCXMEgRSBOLZ4QKkN
ZZ7PZtq69/3X09WxVsFWGIwRmRNkxbcR2DddoQrfQH6v8DpmMGivJNYm/zZ31+nH
zZO4MiBBZgKgqsV88qreBX0VBgq7e/lDeeyoUf7qWSiUNkeklVIIWWqI/Tvap+Rt
ne7ax7mLicexD3vinLL/9wWBfPGhFKtCbo4Yz031wVf71eeDErA3wtyCVYGMr0Y1
OmP3uOuI3Qc9extqxMCe
-----END CERTIFICATE-----