Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/BRfaZLz2qyuhLwIf7mJzH6Twe-c.roa
File:                     BRfaZLz2qyuhLwIf7mJzH6Twe-c.roa (raw, json)
Hash identifier:          g1+DoAcK5lk+4XhnKIZdmN2ytfwwADr0bk3Qu1ZQ5JY=
Subject key identifier:   05:17:DA:64:BC:F6:AB:2B:A1:2F:02:1F:EE:62:73:1F:A4:F0:7B:E7
Certificate issuer:       /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial:       01973A2F25C95CE7B36EFE1FAA0E9107E043
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/BRfaZLz2qyuhLwIf7mJzH6Twe-c.roa
Signing time:             Wed 04 Jun 2025 09:04:17 +0000
ROA not before:           Wed 04 Jun 2025 09:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
                          2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
                          2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
                          2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
                          2001:67c:64:ffff:0:197:3a2e:fe49/128 maxlen: 128
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 09:14:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:2f:25:c9:5c:e7:b3:6e:fe:1f:aa:0e:91:07:e0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
        Validity
            Not Before: Jun  4 09:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0517da64bcf6ab2ba12f021fee62731fa4f07be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a2:2b:24:14:3c:e2:61:e2:8b:da:09:7d:fa:
                    38:e2:aa:dc:c4:b3:3e:28:fe:4a:ed:09:6b:bf:46:
                    37:8a:65:75:d5:b1:8d:73:e7:eb:fa:83:ec:5f:98:
                    a0:7a:85:29:7c:a0:ab:24:60:fd:8b:36:09:50:d7:
                    82:56:83:6d:91:22:d1:5a:ca:66:11:f9:0e:ae:6f:
                    b3:50:0a:4b:98:54:05:fe:74:90:b0:df:e5:31:c8:
                    d6:8e:5d:74:69:69:9d:d3:2a:49:2d:76:b6:9d:86:
                    ca:b9:82:93:4f:17:74:50:75:42:5c:df:d9:a1:8a:
                    40:43:ca:e0:68:8e:58:30:f0:92:0d:87:8c:0c:60:
                    ba:3a:55:d9:3e:5b:f8:f6:35:ff:50:2d:9f:7d:8c:
                    31:48:97:71:7b:aa:1f:9c:99:2e:5a:cc:ab:b8:ab:
                    19:47:cd:46:43:68:fb:f9:86:01:df:85:b9:9e:e7:
                    03:a1:93:50:ca:ce:d1:38:0d:b9:4e:26:99:af:6d:
                    d2:22:21:e0:75:0b:1f:ab:15:4d:f8:31:ca:1f:24:
                    1c:29:6f:88:13:21:d4:05:ad:d0:c7:d8:a7:ca:3c:
                    46:7d:c1:0c:2b:5a:da:1e:d1:3a:8e:42:31:e5:ca:
                    0f:d5:e6:c4:9d:29:e8:9b:0c:37:62:ad:88:bd:17:
                    19:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:17:DA:64:BC:F6:AB:2B:A1:2F:02:1F:EE:62:73:1F:A4:F0:7B:E7
            X509v3 Authority Key Identifier:
                keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/BRfaZLz2qyuhLwIf7mJzH6Twe-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:196:ed5d:8c28/128
                  2001:67c:64:ffff:0:197:108e:927e/128
                  2001:67c:64:ffff:0:197:15eb:6226/128
                  2001:67c:64:ffff:0:197:353f:be91/128
                  2001:67c:64:ffff:0:197:3a2e:fe49/128

    Signature Algorithm: sha256WithRSAEncryption
         3b:69:f4:e5:5f:4c:ba:2e:b9:0e:dc:04:b3:30:f1:8a:94:5b:
         3d:9e:56:8b:e2:fb:26:0b:9e:31:37:62:af:34:a6:32:5c:8c:
         ef:30:6c:ed:e3:d4:91:70:aa:e1:88:76:fc:bc:67:98:f8:53:
         9f:6a:b3:a8:25:4e:e1:e7:d5:51:f2:a2:d0:bc:5c:c7:82:d5:
         93:aa:5c:28:ca:13:4a:f0:a9:91:ba:ba:e5:e4:f2:51:f5:ff:
         d9:e2:25:b8:0f:b0:06:85:c9:6b:04:59:dd:d5:c1:3c:7c:bf:
         42:e6:84:09:d7:60:11:c9:ac:9e:11:28:3b:54:0d:aa:a4:40:
         30:40:10:ed:e9:0a:03:d0:3d:71:12:64:7c:5d:c8:0d:e8:9d:
         be:86:b9:37:b0:2b:20:33:d1:4a:a6:18:bd:d4:45:5c:43:b5:
         a4:39:88:b1:15:9d:6e:80:3e:fb:ed:3a:43:04:69:ba:a8:8e:
         74:8a:30:0f:22:ab:0b:a1:70:cf:fd:97:af:e5:ce:db:85:93:
         73:15:a7:b1:38:12:25:72:d2:84:a7:cc:52:be:79:72:5e:60:
         f8:1a:7b:24:07:f7:11:ed:90:8a:e2:7d:e1:14:d1:a2:b2:bd:
         55:2c:47:f0:87:b5:51:9c:5f:23:dd:4f:71:83:f6:0d:8f:9f:
         f1:5f:63:bc
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZc6LyXJXOezbv4fqg6RB+BDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA0MDkwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTE3ZGE2NGJjZjZhYjJiYTEyZjAyMWZlZTYyNzMxZmE0ZjA3YmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qIrJBQ84mHii9oJffo44qrcxLM+
KP5K7Qlrv0Y3imV11bGNc+fr+oPsX5igeoUpfKCrJGD9izYJUNeCVoNtkSLRWspm
EfkOrm+zUApLmFQF/nSQsN/lMcjWjl10aWmd0ypJLXa2nYbKuYKTTxd0UHVCXN/Z
oYpAQ8rgaI5YMPCSDYeMDGC6OlXZPlv49jX/UC2ffYwxSJdxe6ofnJkuWsyruKsZ
R81GQ2j7+YYB34W5nucDoZNQys7ROA25TiaZr23SIiHgdQsfqxVN+DHKHyQcKW+I
EyHUBa3Qx9inyjxGfcEMK1raHtE6jkIx5coP1ebEnSnomww3Yq2IvRcZpQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFAUX2mS89qsroS8CH+5icx+k8HvnMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvQlJmYVpMejJxeXVoTHdJZjdtSnpINlR3ZS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kQMRACABBnwAZP//AAABlzou/kkwDQYJKoZIhvcN
AQELBQADggEBADtp9OVfTLouuQ7cBLMw8YqUWz2eVovi+yYLnjE3Yq80pjJcjO8w
bO3j1JFwquGIdvy8Z5j4U59qs6glTuHn1VHyotC8XMeC1ZOqXCjKE0rwqZG6uuXk
8lH1/9niJbgPsAaFyWsEWd3VwTx8v0LmhAnXYBHJrJ4RKDtUDaqkQDBAEO3pCgPQ
PXESZHxdyA3onb6GuTewKyAz0UqmGL3URVxDtaQ5iLEVnW6APvvtOkMEabqojnSK
MA8iqwuhcM/9l6/lztuFk3MVp7E4EiVy0oSnzFK+eXJeYPgaeyQH9xHtkIrifeEU
0aKyvVUsR/CHtVGcXyPdT3GD9g2Pn/FfY7w=
-----END CERTIFICATE-----