Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/TCrShaRUjRReLI2smM7TH1RJ86g.roa
File:                     TCrShaRUjRReLI2smM7TH1RJ86g.roa (raw, json)
Hash identifier:          /wq4t/iKsGAvfhmEPKS2DaFOssOFrqURscvuEmjfTqE=
Subject key identifier:   4C:2A:D2:85:A4:54:8D:14:5E:2C:8D:AC:98:CE:D3:1F:54:49:F3:A8
Certificate issuer:       /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial:       019736894FBD89F4E67D135D08CFB686029A
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/TCrShaRUjRReLI2smM7TH1RJ86g.roa
Signing time:             Tue 03 Jun 2025 16:04:17 +0000
ROA not before:           Tue 03 Jun 2025 16:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
                          2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
                          2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
                          2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
                          2001:67c:64:ffff:0:197:3689:4936/128 maxlen: 128
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 16:12:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:89:4f:bd:89:f4:e6:7d:13:5d:08:cf:b6:86:02:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
        Validity
            Not Before: Jun  3 16:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c2ad285a4548d145e2c8dac98ced31f5449f3a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:77:91:7a:6d:56:7e:c4:e6:79:69:82:8c:ec:
                    15:3c:61:60:a6:41:ca:76:e5:e5:ba:71:d6:b5:53:
                    ca:6a:f0:ee:f6:ff:b7:88:21:9a:f5:e2:81:de:37:
                    a1:a2:e2:f7:c2:64:7a:ac:ea:a8:ad:a5:e1:85:c0:
                    77:83:9d:27:67:d1:9b:b6:7b:50:58:24:79:b5:cc:
                    f3:ee:3c:73:91:76:b8:0d:fb:b2:fc:1a:8b:5d:cb:
                    1a:3f:98:57:6a:d8:50:9e:3a:d4:23:4f:76:5a:19:
                    04:b9:70:28:0f:f3:89:36:3d:18:e3:8a:ce:63:84:
                    dd:d7:9e:99:fd:81:01:a6:04:af:10:7d:7c:15:b1:
                    51:06:fe:9d:37:6c:7f:f0:28:ea:b6:c9:44:d1:6c:
                    13:82:49:cb:ce:08:b0:9e:c0:8c:bc:a2:f3:13:ca:
                    c8:7c:0d:16:6f:a2:dd:d6:62:0e:2f:d8:36:a2:1e:
                    87:01:9f:ce:56:25:df:3e:b6:8e:c6:27:fa:73:01:
                    1d:a7:7d:7c:ce:b7:76:a8:75:a8:80:8e:35:e6:78:
                    04:7b:c5:37:3b:9f:a2:d1:81:44:0f:3a:38:3f:e2:
                    56:3b:33:45:55:c9:0a:de:79:d2:94:2d:45:e5:78:
                    6e:ca:e1:65:40:df:84:ca:3e:ec:81:e5:71:ac:57:
                    bb:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2A:D2:85:A4:54:8D:14:5E:2C:8D:AC:98:CE:D3:1F:54:49:F3:A8
            X509v3 Authority Key Identifier:
                keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/TCrShaRUjRReLI2smM7TH1RJ86g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:196:ed5d:8c28/128
                  2001:67c:64:ffff:0:197:108e:927e/128
                  2001:67c:64:ffff:0:197:15eb:6226/128
                  2001:67c:64:ffff:0:197:353f:be91/128
                  2001:67c:64:ffff:0:197:3689:4936/128

    Signature Algorithm: sha256WithRSAEncryption
         bb:5a:73:4c:83:24:11:5b:00:ef:bb:69:98:1b:d3:b1:74:11:
         55:97:be:4f:97:d4:29:1e:5b:05:25:e7:15:63:65:5c:c7:12:
         93:6e:76:ff:58:95:1d:26:91:4b:16:94:e8:e0:09:bb:3e:ed:
         70:f5:ba:5b:4e:2a:88:f3:19:aa:94:ca:99:a5:43:3f:d2:c1:
         98:38:98:9d:57:3f:85:27:50:f2:22:92:5b:14:c2:10:9f:f0:
         28:37:31:c4:cc:40:41:33:5f:5a:38:b8:78:75:d8:3a:cc:cc:
         7f:50:79:57:54:43:a2:b2:fb:64:79:3c:3a:4d:41:f1:f5:45:
         fa:46:ee:47:9b:f6:5a:23:5a:49:6e:03:34:52:c9:41:d1:a4:
         06:42:8f:45:fc:1d:16:86:39:6e:a7:23:8f:86:57:76:4d:e5:
         60:00:1a:d2:07:35:1d:ad:6c:c5:f6:bc:dd:a8:cf:a3:01:24:
         86:6d:31:6f:ed:90:37:66:c6:e5:2e:af:4c:0a:92:40:8b:69:
         7d:c8:23:dc:bf:1e:aa:ee:e1:92:05:ce:4c:f9:bf:ca:e1:93:
         5e:d2:76:4a:16:c5:5c:b5:99:37:59:82:2c:94:26:9a:d7:c7:
         2f:17:13:cc:67:56:79:6d:68:cb:f1:50:7a:a0:77:1f:ed:3c:
         90:a6:cf:12
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZc2iU+9ifTmfRNdCM+2hgKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjAzMTYwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJhZDI4NWE0NTQ4ZDE0NWUyYzhkYWM5OGNlZDMxZjU0NDlmM2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqneRem1WfsTmeWmCjOwVPGFgpkHK
duXlunHWtVPKavDu9v+3iCGa9eKB3jehouL3wmR6rOqoraXhhcB3g50nZ9GbtntQ
WCR5tczz7jxzkXa4Dfuy/BqLXcsaP5hXathQnjrUI092WhkEuXAoD/OJNj0Y44rO
Y4Td156Z/YEBpgSvEH18FbFRBv6dN2x/8CjqtslE0WwTgknLzgiwnsCMvKLzE8rI
fA0Wb6Ld1mIOL9g2oh6HAZ/OViXfPraOxif6cwEdp318zrd2qHWogI415ngEe8U3
O5+i0YFEDzo4P+JWOzNFVckK3nnSlC1F5XhuyuFlQN+Eyj7sgeVxrFe75QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFEwq0oWkVI0UXiyNrJjO0x9USfOoMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvVENyU2hhUlVqUlJlTEkyc21NN1RIMVJKODZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kQMRACABBnwAZP//AAABlzaJSTYwDQYJKoZIhvcN
AQELBQADggEBALtac0yDJBFbAO+7aZgb07F0EVWXvk+X1CkeWwUl5xVjZVzHEpNu
dv9YlR0mkUsWlOjgCbs+7XD1ultOKojzGaqUypmlQz/SwZg4mJ1XP4UnUPIiklsU
whCf8Cg3McTMQEEzX1o4uHh12DrMzH9QeVdUQ6Ky+2R5PDpNQfH1RfpG7keb9loj
WkluAzRSyUHRpAZCj0X8HRaGOW6nI4+GV3ZN5WAAGtIHNR2tbMX2vN2oz6MBJIZt
MW/tkDdmxuUur0wKkkCLaX3II9y/Hqru4ZIFzkz5v8rhk17SdkoWxVy1mTdZgiyU
JprXxy8XE8xnVnltaMvxUHqgdx/tPJCmzxI=
-----END CERTIFICATE-----