Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VFixCVqDTtsuVTHROWi-IlsYwMQ.roa
File:                     VFixCVqDTtsuVTHROWi-IlsYwMQ.roa (raw, json)
Hash identifier:          /Tp6jFtL0lAvVlGPtuLNnCLc9wvarH3Kjinrpd6RIaY=
Subject key identifier:   54:58:B1:09:5A:83:4E:DB:2E:55:31:D1:39:68:BE:22:5B:18:C0:C4
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019E925F7599456587CBB3F6C70D0103EF76
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VFixCVqDTtsuVTHROWi-IlsYwMQ.roa
Signing time:             Thu 04 Jun 2026 11:23:10 +0000
ROA not before:           Thu 04 Jun 2026 11:23:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203936
IP address blocks:        45.93.180.0/22 maxlen: 24
                          45.144.248.0/22 maxlen: 24
                          89.40.238.0/24 maxlen: 24
                          89.43.198.0/24 maxlen: 24
                          89.44.145.0/24 maxlen: 24
                          185.249.232.0/24 maxlen: 24
                          185.253.144.0/22 maxlen: 24
                          193.39.92.0/24 maxlen: 24
                          193.39.93.0/24 maxlen: 24
                          193.39.94.0/24 maxlen: 24
                          193.39.95.0/24 maxlen: 24
                          194.15.219.0/24 maxlen: 24
                          194.15.232.0/24 maxlen: 24
                          194.26.1.0/24 maxlen: 24
                          2a0c:1380::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 11 Jun 2026 11:54:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:5f:75:99:45:65:87:cb:b3:f6:c7:0d:01:03:ef:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jun  4 11:23:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5458b1095a834edb2e5531d13968be225b18c0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:93:e8:35:90:c2:b6:5b:d2:1e:6d:4b:6b:5d:
                    a2:38:2a:a9:62:aa:8e:1b:c0:1f:1e:27:e4:34:dc:
                    67:46:4c:4c:dd:09:11:b1:a1:9f:45:8f:c9:b0:bc:
                    90:6c:67:4c:65:10:43:fe:e8:f9:36:2f:a1:eb:fe:
                    91:85:82:f4:ea:f1:5a:12:29:f9:7c:34:50:4f:d3:
                    16:19:f6:74:31:46:ca:64:d1:e6:fa:59:b6:84:87:
                    93:f3:47:d7:35:1c:fb:2e:80:28:c6:a2:8c:e6:02:
                    59:54:b7:15:a5:b1:2e:a7:b4:d2:f7:f0:64:a7:4f:
                    17:61:dc:5b:08:ba:9b:43:cf:76:1b:d8:8f:56:6d:
                    20:61:73:62:b4:fa:79:b9:ce:41:ac:77:66:2a:81:
                    fa:62:eb:fb:0b:2d:40:65:c6:9a:5d:78:d5:85:5d:
                    57:42:84:ca:16:2a:06:24:6c:bb:53:8b:12:b9:dc:
                    55:6c:4d:1d:74:b0:e9:5d:56:ad:43:cd:3a:56:97:
                    d9:bb:28:bf:c7:ad:6c:6d:eb:37:e1:72:b5:31:66:
                    41:52:78:67:38:f5:f9:b9:30:1a:d9:44:39:74:a5:
                    bb:91:29:70:47:e8:69:f8:e5:64:6e:55:92:61:08:
                    c6:03:17:b0:b7:4b:05:1a:86:c4:cb:ba:0e:eb:59:
                    cd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:58:B1:09:5A:83:4E:DB:2E:55:31:D1:39:68:BE:22:5B:18:C0:C4
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VFixCVqDTtsuVTHROWi-IlsYwMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.180.0/22
                  45.144.248.0/22
                  89.40.238.0/24
                  89.43.198.0/24
                  89.44.145.0/24
                  185.249.232.0/24
                  185.253.144.0/22
                  193.39.92.0/22
                  194.15.219.0/24
                  194.15.232.0/24
                  194.26.1.0/24
                IPv6:
                  2a0c:1380::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:84:bf:22:0a:bc:ec:a2:8b:3b:0e:e6:1d:68:2a:45:3c:24:
         cd:64:56:01:f8:1a:db:14:d3:03:2e:27:17:d2:9f:e9:54:e1:
         87:83:55:7c:6e:6a:4f:80:19:ba:80:5b:04:4a:02:c6:55:26:
         c4:40:7c:7e:18:6b:68:5d:af:c8:0d:3f:b0:c5:c7:be:27:a5:
         b0:83:4b:43:f4:1e:cb:fa:b3:e1:16:f5:2e:87:66:d7:e4:18:
         3b:a8:50:66:5b:bc:50:97:49:23:35:c0:38:b5:62:05:70:0c:
         16:a7:9b:20:ed:69:7f:c3:f9:8d:7d:94:f7:33:21:6d:ef:b7:
         cf:6e:1a:79:60:c4:7a:5e:c6:28:48:54:83:80:82:63:45:9a:
         06:1e:e8:c6:93:ce:17:8d:99:06:4f:e0:9e:f0:37:65:c1:03:
         37:1e:7d:1d:2d:7a:06:b4:39:0c:c0:49:18:b2:23:36:00:2d:
         fe:a1:f8:d9:a9:e0:5d:23:f7:6e:64:41:dc:93:7c:1c:e6:14:
         f5:82:ab:09:66:24:74:75:76:79:cd:54:42:a6:74:a8:d9:1d:
         96:86:b4:a9:25:de:58:ae:31:99:e1:76:69:6a:33:e3:9e:15:
         55:9c:3a:0f:e1:33:38:b7:f7:d0:1e:1d:91:4d:fe:e3:1f:b9:
         9e:bc:ee:d4
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZ6SX3WZRWWHy7P2xw0BA+92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwNjA0MTEyMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDU4YjEwOTVhODM0ZWRiMmU1NTMxZDEzOTY4YmUyMjViMThjMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5PoNZDCtlvSHm1La12iOCqpYqqO
G8AfHifkNNxnRkxM3QkRsaGfRY/JsLyQbGdMZRBD/uj5Ni+h6/6RhYL06vFaEin5
fDRQT9MWGfZ0MUbKZNHm+lm2hIeT80fXNRz7LoAoxqKM5gJZVLcVpbEup7TS9/Bk
p08XYdxbCLqbQ892G9iPVm0gYXNitPp5uc5BrHdmKoH6Yuv7Cy1AZcaaXXjVhV1X
QoTKFioGJGy7U4sSudxVbE0ddLDpXVatQ806VpfZuyi/x61sbes34XK1MWZBUnhn
OPX5uTAa2UQ5dKW7kSlwR+hp+OVkblWSYQjGAxewt0sFGobEy7oO61nNrQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFFRYsQlag07bLlUx0TloviJbGMDEMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvVkZpeENWcURUdHN1VlRIUk9XaS1JbHNZd01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQCLV20AwQC
LZD4AwQAWSjuAwQAWSvGAwQAWSyRAwQAufnoAwQCuf2QAwQCwSdcAwQAwg/bAwQA
wg/oAwQAwhoBMA0EAgACMAcDBQMqDBOAMA0GCSqGSIb3DQEBCwUAA4IBAQB+hL8i
Crzsoos7DuYdaCpFPCTNZFYB+BrbFNMDLicX0p/pVOGHg1V8bmpPgBm6gFsESgLG
VSbEQHx+GGtoXa/IDT+wxce+J6Wwg0tD9B7L+rPhFvUuh2bX5Bg7qFBmW7xQl0kj
NcA4tWIFcAwWp5sg7Wl/w/mNfZT3MyFt77fPbhp5YMR6XsYoSFSDgIJjRZoGHujG
k84XjZkGT+Ce8DdlwQM3Hn0dLXoGtDkMwEkYsiM2AC3+ofjZqeBdI/duZEHck3wc
5hT1gqsJZiR0dXZ5zVRCpnSo2R2WhrSpJd5YrjGZ4XZpajPjnhVVnDoP4TM4t/fQ
Hh2RTf7jH7mevO7U
-----END CERTIFICATE-----