Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/U4PRwbQqhvtOYbsMnz30dIHu5ag.roa
File:                     U4PRwbQqhvtOYbsMnz30dIHu5ag.roa (raw, json)
Hash identifier:          vfGN+kkBcIwmBK0M4I3GhrJg4zx51S9YDyjyVjZAc54=
Subject key identifier:   53:83:D1:C1:B4:2A:86:FB:4E:61:BB:0C:9F:3D:F4:74:81:EE:E5:A8
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019ECA8D7F1B8724CE8D1DDBDAA5127B9086
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/U4PRwbQqhvtOYbsMnz30dIHu5ag.roa
Signing time:             Mon 15 Jun 2026 09:12:11 +0000
ROA not before:           Mon 15 Jun 2026 09:12:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a0e:d300::/29 maxlen: 29
                          2a0f:e3c0::/29 maxlen: 29
                          2a10:7ac0::/29 maxlen: 29
                          2a10:a9c0::/29 maxlen: 29
                          2a13:b740::/29 maxlen: 29
                          2a13:bd40::/29 maxlen: 29
                          2a13:be40::/29 maxlen: 29
                          2a13:bec0::/29 maxlen: 29
                          2a13:d0c0::/29 maxlen: 29
                          2a13:d1c0::/29 maxlen: 29
                          2a13:dd40::/29 maxlen: 29
                          2a13:dfc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Tue 23 Jun 2026 11:35:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:8d:7f:1b:87:24:ce:8d:1d:db:da:a5:12:7b:90:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 15 09:12:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5383d1c1b42a86fb4e61bb0c9f3df47481eee5a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c6:14:df:85:a4:b3:dd:65:96:02:52:53:3e:
                    55:94:5e:be:f7:75:1d:6b:ab:cc:58:0a:96:df:61:
                    a8:4b:93:ce:fb:02:78:fe:6b:08:1a:5b:ad:1f:02:
                    6f:64:8c:54:1d:db:ff:ac:96:e4:5b:25:8c:1c:7e:
                    b0:d2:c7:c7:ad:53:d5:76:66:f6:0f:1b:07:e7:fa:
                    d2:bc:ff:bd:3d:e6:97:6b:0b:de:40:20:88:e0:7b:
                    8b:47:51:b5:b7:34:a1:eb:32:69:f8:4b:7a:f3:ba:
                    43:70:2c:f0:b0:0d:0f:e9:7f:58:c2:50:b1:c6:17:
                    0e:01:a9:d2:0a:ff:06:3b:8c:79:07:b7:19:88:91:
                    da:08:06:f6:0d:84:84:61:36:7b:44:88:98:6b:47:
                    15:9a:ef:21:39:cb:dc:6b:a1:c6:b8:c7:0f:1e:f8:
                    73:68:c4:d4:4a:d5:05:5c:4d:e8:39:e0:07:e8:12:
                    10:d0:43:1b:aa:99:8d:87:0c:cb:7e:2e:94:00:78:
                    9c:06:23:a2:a0:e8:47:f0:14:e6:67:8f:16:cb:07:
                    bd:dd:e2:bc:7a:75:7f:6e:1d:5d:ba:44:9c:b7:c0:
                    26:88:7e:8e:e7:5e:89:c5:f4:ac:83:54:20:1e:d1:
                    c4:b3:70:77:4d:be:73:1d:9e:49:a4:d5:46:69:49:
                    b5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:83:D1:C1:B4:2A:86:FB:4E:61:BB:0C:9F:3D:F4:74:81:EE:E5:A8
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/U4PRwbQqhvtOYbsMnz30dIHu5ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d300::/29
                  2a0f:e3c0::/29
                  2a10:7ac0::/29
                  2a10:a9c0::/29
                  2a13:b740::/29
                  2a13:bd40::/29
                  2a13:be40::/29
                  2a13:bec0::/29
                  2a13:d0c0::/29
                  2a13:d1c0::/29
                  2a13:dd40::/29
                  2a13:dfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:f2:fe:56:9c:fc:66:9d:41:e5:47:cd:f3:9c:1b:59:38:24:
         54:bc:2a:70:1b:d3:46:f1:ea:e5:4f:8e:9a:ea:b2:37:76:62:
         9d:d9:aa:e7:70:1a:55:be:e4:5b:fa:97:7d:97:4f:e2:af:a7:
         ec:de:aa:bf:dc:a9:14:8b:f1:36:a8:2d:f3:a6:20:73:c4:ba:
         e8:7c:44:42:0c:c2:87:b1:a2:24:65:ee:db:b9:16:c5:41:eb:
         ca:56:a4:de:00:25:29:27:cf:b4:0c:84:d5:4d:a1:c6:3e:11:
         29:df:6a:8e:7d:ae:c8:5f:ce:7e:d3:e9:35:ea:03:5c:18:4b:
         19:d3:62:7b:10:c3:55:9e:3e:66:4d:f8:89:1a:cd:cf:1e:1c:
         44:e3:33:ae:fc:2a:67:29:32:0b:10:d5:c8:8b:5f:6c:20:72:
         59:1f:4c:79:e8:e0:3f:65:e3:39:2a:d2:67:3c:27:d8:88:c5:
         fd:00:f6:59:de:25:95:18:dd:f4:03:65:f4:66:42:b8:04:a5:
         4b:2f:99:7c:85:b4:87:c6:f7:01:79:ef:8c:06:49:6b:d7:a3:
         ed:93:7c:44:7e:d2:f4:e8:fd:b0:70:04:17:04:5b:70:af:12:
         8e:95:4d:82:e7:2b:cf:fc:6f:d8:49:a9:61:76:a4:a6:57:66:
         05:36:fb:ae
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZ7KjX8bhyTOjR3b2qUSe5CGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNjE1MDkxMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzgzZDFjMWI0MmE4NmZiNGU2MWJiMGM5ZjNkZjQ3NDgxZWVlNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMYU34Wks91llgJSUz5VlF6+93Ud
a6vMWAqW32GoS5PO+wJ4/msIGlutHwJvZIxUHdv/rJbkWyWMHH6w0sfHrVPVdmb2
DxsH5/rSvP+9PeaXawveQCCI4HuLR1G1tzSh6zJp+Et687pDcCzwsA0P6X9YwlCx
xhcOAanSCv8GO4x5B7cZiJHaCAb2DYSEYTZ7RIiYa0cVmu8hOcvca6HGuMcPHvhz
aMTUStUFXE3oOeAH6BIQ0EMbqpmNhwzLfi6UAHicBiOioOhH8BTmZ48Wywe93eK8
enV/bh1dukSct8AmiH6O516JxfSsg1QgHtHEs3B3Tb5zHZ5JpNVGaUm1PQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFFOD0cG0Kob7TmG7DJ899HSB7uWoMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvVTRQUndiUXFodnRPWWJzTW56MzBkSUh1NWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUDKg7TAAMF
AyoP48ADBQMqEHrAAwUDKhCpwAMFAyoTt0ADBQMqE71AAwUDKhO+QAMFAyoTvsAD
BQMqE9DAAwUDKhPRwAMFAyoT3UADBQMqE9/AMA0GCSqGSIb3DQEBCwUAA4IBAQBt
8v5WnPxmnUHlR83znBtZOCRUvCpwG9NG8erlT46a6rI3dmKd2arncBpVvuRb+pd9
l0/ir6fs3qq/3KkUi/E2qC3zpiBzxLrofERCDMKHsaIkZe7buRbFQevKVqTeACUp
J8+0DITVTaHGPhEp32qOfa7IX85+0+k16gNcGEsZ02J7EMNVnj5mTfiJGs3PHhxE
4zOu/CpnKTILENXIi19sIHJZH0x56OA/ZeM5KtJnPCfYiMX9APZZ3iWVGN30A2X0
ZkK4BKVLL5l8hbSHxvcBee+MBklr16Ptk3xEftL06P2wcAQXBFtwrxKOlU2C5yvP
/G/YSalhdqSmV2YFNvuu
-----END CERTIFICATE-----