Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hepMSL2Adbt5InFPNpOr5p82cb0.roa
File:                     hepMSL2Adbt5InFPNpOr5p82cb0.roa (raw, json)
Hash identifier:          aw2iCYc0TiJoekN/FQuud+k7F02i5C645Zps+WX82o8=
Subject key identifier:   85:EA:4C:48:BD:80:75:BB:79:22:71:4F:36:93:AB:E6:9F:36:71:BD
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196F25EFFF1A644510CB2D47F2CA2C523B2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hepMSL2Adbt5InFPNpOr5p82cb0.roa
Signing time:             Wed 21 May 2025 10:23:54 +0000
ROA not before:           Wed 21 May 2025 10:23:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        84.21.188.0/24 maxlen: 24
                          2a06:a600::/29 maxlen: 29
                          2a06:b5c0::/29 maxlen: 29
                          2a06:bf40::/29 maxlen: 29
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:1e84:20::/48 maxlen: 48
                          2a0f:3047::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Sat 24 May 2025 18:04:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:5e:ff:f1:a6:44:51:0c:b2:d4:7f:2c:a2:c5:23:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 21 10:23:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85ea4c48bd8075bb7922714f3693abe69f3671bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:54:59:b8:89:2b:d1:82:83:26:d5:02:b5:aa:
                    5b:2f:5f:48:82:b5:ae:26:5b:97:8c:f1:3a:76:89:
                    d6:30:5b:66:a2:b3:c2:b1:5d:84:c2:35:ad:f6:9d:
                    d7:a6:43:ce:77:b2:db:bb:35:32:da:f5:c7:f2:de:
                    5b:e0:99:c0:d7:eb:a4:a8:b9:f8:02:30:68:02:a7:
                    98:ea:d2:d1:fb:29:9a:eb:26:c8:98:18:ed:39:ed:
                    06:c9:14:81:64:f6:a8:db:83:5e:e5:30:92:3c:98:
                    5f:dc:7d:44:db:18:72:73:e4:43:cc:11:7a:ec:f7:
                    e8:ec:ab:9c:85:6b:93:30:c2:ed:42:a8:00:cb:cd:
                    14:99:b0:fb:71:51:75:27:48:28:2c:a9:08:05:b2:
                    7d:22:40:ff:b8:cf:3d:de:e9:c0:42:4a:f8:b2:e1:
                    22:91:49:22:a9:bb:9e:b3:bb:07:da:e0:60:c7:d8:
                    0c:3b:f8:3b:3b:92:73:c4:22:c9:46:8d:08:50:ae:
                    0e:4b:32:28:8c:fa:b4:81:58:4d:f7:17:04:6e:c3:
                    11:a9:16:57:92:ee:6a:61:57:3e:de:f7:4d:0a:00:
                    ac:ba:89:a8:30:56:32:e2:3b:cd:9e:6b:95:7a:ea:
                    5c:2f:77:3b:51:c5:1f:e5:2b:46:9c:51:4b:1d:0e:
                    08:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EA:4C:48:BD:80:75:BB:79:22:71:4F:36:93:AB:E6:9F:36:71:BD
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hepMSL2Adbt5InFPNpOr5p82cb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.188.0/24
                IPv6:
                  2a06:a600::/29
                  2a06:b5c0::/29
                  2a06:bf40::/29
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:1e84:20::/48
                  2a0f:3047::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:38:51:c4:de:84:e0:19:57:4c:74:1a:b3:9f:00:0e:7f:27:
         fd:e1:ec:2b:26:a4:d2:5c:d3:53:73:5f:8e:02:4b:12:e5:5a:
         35:f1:55:a0:b2:7b:0c:e2:47:66:c5:ca:84:e5:5e:cf:23:7d:
         e6:e3:82:28:92:e4:fb:5f:01:84:22:5b:40:4c:27:cf:0b:ed:
         51:8f:42:3f:00:a1:7a:03:7d:22:86:7e:76:4e:d0:04:f9:c5:
         c5:aa:21:da:09:63:88:8f:46:db:9b:7b:27:e0:db:8f:b7:f4:
         88:e4:f5:ac:a1:98:7f:ba:6e:dc:10:b4:61:86:96:80:30:0a:
         de:3a:0f:63:49:20:aa:7b:cb:4b:b4:9b:d9:76:00:76:39:6b:
         34:ed:e6:e9:d8:94:26:cb:8e:6a:c1:c5:1d:77:83:18:3d:9c:
         f8:11:87:1b:c7:a8:9e:95:8f:3b:8d:6b:88:fc:db:a1:86:0c:
         f1:d1:30:f6:d5:c5:27:75:8e:33:b9:7d:ed:98:1e:5b:61:23:
         ef:ad:ac:2f:06:e0:5a:2c:68:08:10:d2:6d:43:fc:be:a6:3e:
         96:ee:75:bc:a9:c5:c7:ff:08:db:7e:f0:92:37:ed:7c:c9:fd:
         05:82:b2:8f:b7:73:3f:54:83:18:15:f6:2b:a6:d2:cf:81:b6:
         9a:1c:41:9c
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZbyXv/xpkRRDLLUfyyixSOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTIxMTAyMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVhNGM0OGJkODA3NWJiNzkyMjcxNGYzNjkzYWJlNjlmMzY3MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01RZuIkr0YKDJtUCtapbL19IgrWu
JluXjPE6donWMFtmorPCsV2EwjWt9p3XpkPOd7LbuzUy2vXH8t5b4JnA1+ukqLn4
AjBoAqeY6tLR+yma6ybImBjtOe0GyRSBZPao24Ne5TCSPJhf3H1E2xhyc+RDzBF6
7Pfo7KuchWuTMMLtQqgAy80UmbD7cVF1J0goLKkIBbJ9IkD/uM893unAQkr4suEi
kUkiqbues7sH2uBgx9gMO/g7O5JzxCLJRo0IUK4OSzIojPq0gVhN9xcEbsMRqRZX
ku5qYVc+3vdNCgCsuomoMFYy4jvNnmuVeupcL3c7UcUf5StGnFFLHQ4IewIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFIXqTEi9gHW7eSJxTzaTq+afNnG9MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaGVwTVNMMkFkYnQ1SW5GUE5wT3I1cDgyY2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjAMBAIAATAGAwQAVBW8MFYE
AgACMFADBQMqBqYAAwUDKga1wAMFAyoGv0ADBQAqDhqEAwcAKg72AABfAwcAKg8e
hAAgAwcAKg8wRwAAAwcAKg99AAABAwcAKg+8AKHEAwUDKhMrQDANBgkqhkiG9w0B
AQsFAAOCAQEATjhRxN6E4BlXTHQas58ADn8n/eHsKyak0lzTU3NfjgJLEuVaNfFV
oLJ7DOJHZsXKhOVezyN95uOCKJLk+18BhCJbQEwnzwvtUY9CPwChegN9IoZ+dk7Q
BPnFxaoh2gljiI9G25t7J+Dbj7f0iOT1rKGYf7pu3BC0YYaWgDAK3joPY0kgqnvL
S7Sb2XYAdjlrNO3m6diUJsuOasHFHXeDGD2c+BGHG8eonpWPO41riPzboYYM8dEw
9tXFJ3WOM7l97ZgeW2Ej762sLwbgWixoCBDSbUP8vqY+lu51vKnFx/8I237wkjft
fMn9BYKyj7dzP1SDGBX2K6bSz4G2mhxBnA==
-----END CERTIFICATE-----