Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rNmh0TfQcP-1a4YfYjQ8zGlo_KU.roa
File:                     rNmh0TfQcP-1a4YfYjQ8zGlo_KU.roa (raw, json)
Hash identifier:          C3kdH0PhoBppstqms2jgfIubRf2YmnSGrkSRT75fLTo=
Subject key identifier:   AC:D9:A1:D1:37:D0:70:FF:B5:6B:86:1F:62:34:3C:CC:69:68:FC:A5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C3465CFE64BB7594F508B15F0EA26E12E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rNmh0TfQcP-1a4YfYjQ8zGlo_KU.roa
Signing time:             Fri 06 Feb 2026 19:20:13 +0000
ROA not before:           Fri 06 Feb 2026 19:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215590
IP address blocks:        64.188.118.0/23 maxlen: 24
                          77.239.108.0/22 maxlen: 24
                          144.31.152.0/23 maxlen: 24
                          144.31.186.0/23 maxlen: 24
                          144.31.202.0/24 maxlen: 24
                          150.241.88.0/23 maxlen: 24
                          150.241.106.0/23 maxlen: 24
                          150.241.115.0/24 maxlen: 24
                          150.241.116.0/24 maxlen: 24
                          150.241.123.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 09 Feb 2026 21:24:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:34:65:cf:e6:4b:b7:59:4f:50:8b:15:f0:ea:26:e1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb  6 19:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acd9a1d137d070ffb56b861f62343ccc6968fca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:32:70:8c:20:95:b9:bc:88:f8:38:c6:e4:a3:
                    0c:2e:e7:d1:f3:b6:c0:90:c1:5b:aa:09:87:46:72:
                    dc:29:9b:4a:75:ea:d4:d3:bf:94:b9:09:08:c8:00:
                    85:bf:0f:13:a2:a0:c2:73:d4:ef:bf:ab:a2:38:49:
                    d6:c2:56:18:7b:81:07:c4:76:c5:11:7e:1c:03:c1:
                    46:78:68:77:34:63:c6:01:2f:a9:32:ee:6f:4c:3b:
                    25:6c:c4:5c:d4:16:2b:a8:09:62:97:fa:fc:3d:a1:
                    f0:45:fe:b0:68:f2:11:34:13:cf:4a:d9:bb:6b:02:
                    bc:c0:c3:3e:42:19:37:75:8a:4e:10:1e:05:8e:3b:
                    42:33:fd:6f:03:44:3a:c1:14:2d:31:2b:7a:b3:79:
                    dd:43:80:2b:20:3a:10:0c:88:48:1c:12:f1:5a:f0:
                    f9:a2:12:ac:49:99:5b:c1:00:fc:d4:61:1d:1f:32:
                    ad:8f:ff:3c:8f:50:a3:0b:50:1b:b0:45:4b:1a:a8:
                    bb:c6:9e:3f:88:0e:0c:79:cf:84:6f:52:46:32:2d:
                    e5:44:3f:a0:d3:6a:9b:ba:69:70:12:f2:a3:f7:35:
                    9e:f2:a5:7d:b8:cd:a8:10:22:ee:a2:d2:db:f1:7c:
                    50:7d:fe:77:dd:ba:55:cd:99:3d:d2:6b:63:ab:eb:
                    43:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D9:A1:D1:37:D0:70:FF:B5:6B:86:1F:62:34:3C:CC:69:68:FC:A5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rNmh0TfQcP-1a4YfYjQ8zGlo_KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.188.118.0/23
                  77.239.108.0/22
                  144.31.152.0/23
                  144.31.186.0/23
                  144.31.202.0/24
                  150.241.88.0/23
                  150.241.106.0/23
                  150.241.115.0-150.241.116.255
                  150.241.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e0:65:3e:50:56:14:a3:b3:6b:ec:ea:80:f6:d1:99:82:85:
         7f:8d:81:64:d4:98:c5:01:4d:20:02:7f:b3:3b:8a:b8:f9:56:
         97:96:27:7e:70:09:9d:c2:02:5e:81:de:dc:61:70:7d:6c:73:
         25:3e:61:01:3b:a1:2f:3e:a9:08:7c:ff:68:7f:0b:bc:7d:a3:
         ea:4a:0a:9a:d1:bc:c2:2d:90:c8:a7:5a:f6:dc:bf:1d:59:71:
         6d:09:47:21:15:fb:39:49:0b:0d:9a:e9:d9:7f:ae:80:1e:e3:
         95:92:0d:00:d9:88:93:4c:7b:5e:74:be:1a:dc:c2:76:d7:39:
         5a:13:00:10:e3:26:18:0e:7a:9e:c4:ea:7b:6e:17:98:16:99:
         2c:57:49:1f:52:8a:92:10:d2:6b:f0:1a:16:07:2a:3b:76:cf:
         80:76:a2:25:be:19:26:98:3d:f1:65:ff:87:d4:70:ce:f1:3d:
         b8:da:aa:3f:3b:2b:24:8f:e1:79:63:34:03:9a:82:9c:23:8f:
         e3:cb:4a:78:6f:d8:e2:52:5e:5d:b1:85:08:9f:80:83:b4:f7:
         71:3d:dc:98:b9:9e:47:46:ae:d9:48:df:ef:3b:f1:2a:50:ad:
         fd:69:68:37:55:17:5f:30:b6:a4:4f:54:f9:5a:1d:78:6b:3f:
         0f:ee:0e:7f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZw0Zc/mS7dZT1CLFfDqJuEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA2MTkyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Q5YTFkMTM3ZDA3MGZmYjU2Yjg2MWY2MjM0M2NjYzY5NjhmY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzJwjCCVubyI+DjG5KMMLufR87bA
kMFbqgmHRnLcKZtKderU07+UuQkIyACFvw8ToqDCc9Tvv6uiOEnWwlYYe4EHxHbF
EX4cA8FGeGh3NGPGAS+pMu5vTDslbMRc1BYrqAlil/r8PaHwRf6waPIRNBPPStm7
awK8wMM+Qhk3dYpOEB4FjjtCM/1vA0Q6wRQtMSt6s3ndQ4ArIDoQDIhIHBLxWvD5
ohKsSZlbwQD81GEdHzKtj/88j1CjC1AbsEVLGqi7xp4/iA4Mec+Eb1JGMi3lRD+g
02qbumlwEvKj9zWe8qV9uM2oECLuotLb8XxQff533bpVzZk90mtjq+tD2wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKzZodE30HD/tWuGH2I0PMxpaPylMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvck5taDBUZlFjUC0xYTRZZllqUTh6R2xvX0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBQLx2AwQC
Te9sAwQBkB+YAwQBkB+6AwQAkB/KAwQBlvFYAwQBlvFqMAwDBACW8XMDBACW8XQD
BACW8XswDQYJKoZIhvcNAQELBQADggEBACjgZT5QVhSjs2vs6oD20ZmChX+NgWTU
mMUBTSACf7M7irj5VpeWJ35wCZ3CAl6B3txhcH1scyU+YQE7oS8+qQh8/2h/C7x9
o+pKCprRvMItkMinWvbcvx1ZcW0JRyEV+zlJCw2a6dl/roAe45WSDQDZiJNMe150
vhrcwnbXOVoTABDjJhgOep7E6ntuF5gWmSxXSR9SipIQ0mvwGhYHKjt2z4B2oiW+
GSaYPfFl/4fUcM7xPbjaqj87KySP4XljNAOagpwjj+PLSnhv2OJSXl2xhQifgIO0
93E93Ji5nkdGrtlI3+878SpQrf1paDdVF18wtqRPVPlaHXhrPw/uDn8=
-----END CERTIFICATE-----