Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rZVKBSgL-TzMxP-XkD1cuuRbH1I.roa
File:                     rZVKBSgL-TzMxP-XkD1cuuRbH1I.roa (raw, json)
Hash identifier:          rwUenblfdPTZD4rwLCjNNxbr5wOh0Lr3ab8oeS10yeU=
Subject key identifier:   AD:95:4A:05:28:0B:F9:3C:CC:C4:FF:97:90:3D:5C:BA:E4:5B:1F:52
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0196F78388E78D807D295210A3462C4499FA
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rZVKBSgL-TzMxP-XkD1cuuRbH1I.roa
Signing time:             Thu 22 May 2025 10:21:54 +0000
ROA not before:           Thu 22 May 2025 10:21:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        79.121.188.0/23 maxlen: 24
                          79.121.194.0/23 maxlen: 24
                          79.121.208.0/23 maxlen: 24
                          79.121.222.0/23 maxlen: 24
                          93.152.0.0/23 maxlen: 24
                          93.152.10.0/23 maxlen: 24
                          93.152.12.0/22 maxlen: 24
                          93.152.48.0/22 maxlen: 24
                          93.152.64.0/22 maxlen: 24
                          93.152.116.0/22 maxlen: 24
                          109.204.0.0/22 maxlen: 24
                          109.204.16.0/22 maxlen: 24
                          109.204.24.0/22 maxlen: 24
                          109.204.96.0/22 maxlen: 24
                          109.204.124.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Fri 23 May 2025 08:27:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:83:88:e7:8d:80:7d:29:52:10:a3:46:2c:44:99:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 22 10:21:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad954a05280bf93cccc4ff97903d5cbae45b1f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:76:8b:8c:58:66:3e:58:63:3d:72:ca:da:54:
                    25:ec:44:70:92:bb:9d:28:42:ed:36:6b:5a:10:bb:
                    70:ff:f2:1d:03:37:69:43:53:b8:7b:48:ec:5b:58:
                    e3:f5:e4:e5:a2:2b:51:34:a9:32:b2:22:de:79:7d:
                    29:6d:af:10:e0:3a:76:de:28:cf:f3:b9:75:41:d3:
                    93:ab:6e:61:5a:9e:ff:73:10:11:38:78:78:f6:5f:
                    a9:84:ed:24:c9:61:f4:da:7c:8d:48:8b:dd:62:d8:
                    a5:20:f5:5b:46:20:e1:7e:6f:f2:64:c4:c3:4c:2f:
                    70:f4:f9:26:0a:54:fa:63:c7:0e:55:07:9a:2c:87:
                    ed:db:18:6c:44:c8:99:c6:c8:fe:8a:17:6f:8e:08:
                    df:26:f5:04:c9:19:3e:8e:67:3c:3b:99:c1:f1:68:
                    63:e4:1e:c9:8a:36:b8:21:92:89:a2:e4:f9:6f:c4:
                    e1:d6:e5:15:40:9a:be:43:13:a2:eb:1e:9f:ed:05:
                    b9:ba:9b:0e:b4:2b:25:bf:0f:26:d3:a2:f8:73:26:
                    33:12:81:80:80:d6:e8:b3:f6:e2:60:45:66:fa:fd:
                    8b:a7:7e:8e:c4:7b:38:7e:12:bb:9a:97:0b:7b:35:
                    50:44:61:89:1b:27:6d:06:d1:ca:d9:cf:ae:ee:6a:
                    82:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:95:4A:05:28:0B:F9:3C:CC:C4:FF:97:90:3D:5C:BA:E4:5B:1F:52
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rZVKBSgL-TzMxP-XkD1cuuRbH1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.121.188.0/23
                  79.121.194.0/23
                  79.121.208.0/23
                  79.121.222.0/23
                  93.152.0.0/23
                  93.152.10.0-93.152.15.255
                  93.152.48.0/22
                  93.152.64.0/22
                  93.152.116.0/22
                  109.204.0.0/22
                  109.204.16.0/22
                  109.204.24.0/22
                  109.204.96.0/22
                  109.204.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dd:17:5b:47:79:5e:69:f5:fc:e0:6d:a9:1f:8c:3d:13:d1:82:
         97:4b:43:fc:08:a9:31:47:d8:c6:0c:4d:92:a0:cc:85:71:bd:
         d7:d5:81:f3:02:c5:0e:b9:1a:32:77:d8:84:48:8f:95:01:ed:
         a9:d6:ee:cc:9c:12:10:4c:1b:27:74:9e:47:32:53:45:56:bc:
         74:50:da:e0:46:dc:00:6e:fa:ef:74:86:cf:75:05:0d:b1:86:
         be:78:be:b2:b5:7d:84:b9:32:ca:c2:38:8a:34:c1:30:c8:53:
         64:1b:73:1a:2e:57:14:ef:8f:5b:b3:97:83:c4:03:67:81:b6:
         9a:47:9c:74:71:b7:29:2c:3b:45:30:de:f5:57:74:6a:a1:2f:
         4d:65:51:dc:e8:c1:c9:a6:35:1c:97:a0:0c:ca:2a:95:3c:32:
         cb:a9:49:d3:93:9b:67:0d:3d:db:17:17:8f:47:a3:89:bd:b6:
         f9:25:64:e2:64:19:1f:d0:92:85:ac:e8:1f:90:67:72:76:78:
         29:0d:18:88:85:52:6c:ae:a6:53:9f:8b:fb:90:78:ff:78:57:
         7a:e4:79:f0:6b:8d:e7:fb:36:d0:b3:79:91:00:f5:5e:5a:d5:
         9a:9a:ae:64:30:44:47:e3:36:87:88:4d:22:d1:0e:cc:88:7a:
         e6:30:af:32
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAZb3g4jnjYB9KVIQo0YsRJn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwNTIyMTAyMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk1NGEwNTI4MGJmOTNjY2NjNGZmOTc5MDNkNWNiYWU0NWIxZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnaLjFhmPlhjPXLK2lQl7ERwkrud
KELtNmtaELtw//IdAzdpQ1O4e0jsW1jj9eTloitRNKkysiLeeX0pba8Q4Dp23ijP
87l1QdOTq25hWp7/cxAROHh49l+phO0kyWH02nyNSIvdYtilIPVbRiDhfm/yZMTD
TC9w9PkmClT6Y8cOVQeaLIft2xhsRMiZxsj+ihdvjgjfJvUEyRk+jmc8O5nB8Whj
5B7Jija4IZKJouT5b8Th1uUVQJq+QxOi6x6f7QW5upsOtCslvw8m06L4cyYzEoGA
gNbos/biYEVm+v2Lp36OxHs4fhK7mpcLezVQRGGJGydtBtHK2c+u7mqCmwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFK2VSgUoC/k8zMT/l5A9XLrkWx9SMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvclpWS0JTZ0wtVHpNeFAtWGtEMWN1dVJiSDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQBT3m8AwQB
T3nCAwQBT3nQAwQBT3neAwQBXZgAMAwDBAFdmAoDBARdmAADBAJdmDADBAJdmEAD
BAJdmHQDBAJtzAADBAJtzBADBAJtzBgDBAJtzGADBAFtzHwwDQYJKoZIhvcNAQEL
BQADggEBAN0XW0d5Xmn1/OBtqR+MPRPRgpdLQ/wIqTFH2MYMTZKgzIVxvdfVgfMC
xQ65GjJ32IRIj5UB7anW7sycEhBMGyd0nkcyU0VWvHRQ2uBG3ABu+u90hs91BQ2x
hr54vrK1fYS5MsrCOIo0wTDIU2QbcxouVxTvj1uzl4PEA2eBtppHnHRxtyksO0Uw
3vVXdGqhL01lUdzowcmmNRyXoAzKKpU8MsupSdOTm2cNPdsXF49Ho4m9tvklZOJk
GR/QkoWs6B+QZ3J2eCkNGIiFUmyuplOfi/uQeP94V3rkefBrjef7NtCzeZEA9V5a
1ZqarmQwREfjNoeITSLRDsyIeuYwrzI=
-----END CERTIFICATE-----