Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/MX7GPHfM3tFzrAqi54VUl76cKBU.roa
File:                     MX7GPHfM3tFzrAqi54VUl76cKBU.roa (raw, json)
Hash identifier:          3SN2v321t1SoU6Ftk6fOOCeBhKYobYitK2lNjjbnlBI=
Subject key identifier:   31:7E:C6:3C:77:CC:DE:D1:73:AC:0A:A2:E7:85:54:97:BE:9C:28:15
Certificate issuer:       /CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
Certificate serial:       0197843ECE29164266CB5BB06C73FEBF635F
Authority key identifier: 4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/MX7GPHfM3tFzrAqi54VUl76cKBU.roa
Signing time:             Wed 18 Jun 2025 18:13:17 +0000
ROA not before:           Wed 18 Jun 2025 18:13:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:197:6851:789c/128 maxlen: 128
Validation:               Failed, certificate revoked on Wed 18 Jun 2025 19:04:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:84:3e:ce:29:16:42:66:cb:5b:b0:6c:73:fe:bf:63:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
        Validity
            Not Before: Jun 18 18:13:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=317ec63c77ccded173ac0aa2e7855497be9c2815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b8:6f:51:e7:f2:b5:42:1a:37:9f:92:87:d5:
                    68:5c:36:38:75:12:8e:01:ad:d1:2a:5b:36:71:c3:
                    9f:57:d4:48:0a:5c:5d:ee:1d:1c:02:a5:4d:d7:78:
                    51:1b:2b:fc:97:e6:10:64:4c:bc:5b:1e:ed:e8:01:
                    4f:cf:ea:92:c5:8b:18:55:39:78:09:9f:48:bd:a0:
                    3c:10:20:33:73:92:a3:df:87:18:45:5c:96:f8:7e:
                    08:df:1a:43:9d:50:bd:24:e0:6b:bb:59:d6:42:08:
                    7d:9c:69:7d:49:33:77:56:22:68:fb:6b:8c:fb:ea:
                    86:b8:58:3a:d8:b8:f0:00:c1:13:5d:d7:f8:18:e3:
                    95:9c:1b:18:ec:51:bb:ae:3a:9b:fd:20:c2:9d:7b:
                    9d:53:4d:9c:1d:c3:79:62:ed:82:7c:17:9c:8b:6a:
                    39:e4:9f:72:2f:41:1e:08:09:ec:5e:dc:28:99:11:
                    34:19:8f:1c:7f:81:22:a1:38:d6:e4:bd:be:0d:18:
                    5f:eb:da:f5:e4:02:a0:9a:3d:af:44:0c:5d:e6:e2:
                    e1:dc:13:ea:76:8a:af:1c:23:82:d1:91:26:e0:9e:
                    97:78:f5:e0:a6:d0:7e:a8:8d:d4:36:af:37:a2:81:
                    f6:ea:7f:87:e4:7f:15:88:6a:89:55:d6:07:33:06:
                    6d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7E:C6:3C:77:CC:DE:D1:73:AC:0A:A2:E7:85:54:97:BE:9C:28:15
            X509v3 Authority Key Identifier:
                keyid:4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/MX7GPHfM3tFzrAqi54VUl76cKBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/ThPQwKcD4JzaZMErCN2it0mgQpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:197:6851:789c/128

    Signature Algorithm: sha256WithRSAEncryption
         0c:23:94:6a:f2:0b:a4:15:02:46:ed:46:84:6c:5d:04:f1:34:
         a2:09:b2:01:5f:d3:89:ba:db:b3:51:7e:61:68:41:73:cb:1a:
         0c:f8:c8:b0:e5:7a:23:4d:b4:f7:8c:c2:48:33:e1:19:5c:3b:
         13:d6:b9:7e:59:76:99:c5:64:c5:ad:26:47:3d:0f:9d:98:7d:
         ef:ed:a2:9d:76:7b:6d:56:53:a7:a0:ad:f5:ea:96:ca:d7:81:
         e2:ce:48:31:e8:f4:7d:2b:27:f3:f4:28:10:37:1b:ed:b4:5b:
         0e:e4:d6:b8:a6:c5:de:b7:b4:14:e5:80:b8:6e:3b:4c:a5:ea:
         22:ec:88:4e:78:3d:26:90:2b:58:28:75:ab:b8:ea:02:c8:fc:
         43:28:e3:b7:f5:1e:b4:39:21:67:ee:f3:4d:5e:e7:47:e2:34:
         a6:a3:b4:10:53:55:0f:af:cd:ee:27:32:e2:f2:be:13:a2:4a:
         32:b7:e7:61:9f:55:d8:de:9f:89:cb:62:0d:87:f8:0f:3a:de:
         e0:d8:68:a6:f2:9c:a1:2f:98:1e:33:a5:91:11:0b:7b:fd:76:
         92:c0:b0:a0:ed:1d:dd:00:38:6c:8f:1c:8e:6f:ac:45:e7:f6:
         e5:79:b9:d3:0c:eb:c3:02:46:aa:05:97:f0:27:30:0b:ca:8d:
         7c:64:6d:be
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZeEPs4pFkJmy1uwbHP+v2NfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTNkMGMwYTcwM2UwOWNkYTY0YzEyYjA4ZGRhMmI3NDlh
MDQyOWMwHhcNMjUwNjE4MTgxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdlYzYzYzc3Y2NkZWQxNzNhYzBhYTJlNzg1NTQ5N2JlOWMyODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bhvUefytUIaN5+Sh9VoXDY4dRKO
Aa3RKls2ccOfV9RIClxd7h0cAqVN13hRGyv8l+YQZEy8Wx7t6AFPz+qSxYsYVTl4
CZ9IvaA8ECAzc5Kj34cYRVyW+H4I3xpDnVC9JOBru1nWQgh9nGl9STN3ViJo+2uM
++qGuFg62LjwAMETXdf4GOOVnBsY7FG7rjqb/SDCnXudU02cHcN5Yu2CfBeci2o5
5J9yL0EeCAnsXtwomRE0GY8cf4EioTjW5L2+DRhf69r15AKgmj2vRAxd5uLh3BPq
doqvHCOC0ZEm4J6XePXgptB+qI3UNq83ooH26n+H5H8ViGqJVdYHMwZtTwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFDF+xjx3zN7Rc6wKoueFVJe+nCgVMB8GA1UdIwQY
MBaAFE4T0MCnA+Cc2mTBKwjdordJoEKcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYt
NmFhNDQzNTI4Y2U1LzEvTVg3R1BIZk0zdEZ6ckFxaTU0VlVsNzZjS0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYtNmFhNDQzNTI4Y2U1
LzEvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATAxEAIAEGfABk
//8AAAGXaFF4nDANBgkqhkiG9w0BAQsFAAOCAQEADCOUavILpBUCRu1GhGxdBPE0
ogmyAV/Tibrbs1F+YWhBc8saDPjIsOV6I02094zCSDPhGVw7E9a5fll2mcVkxa0m
Rz0PnZh97+2inXZ7bVZTp6Ct9eqWyteB4s5IMej0fSsn8/QoEDcb7bRbDuTWuKbF
3re0FOWAuG47TKXqIuyITng9JpArWCh1q7jqAsj8Qyjjt/UetDkhZ+7zTV7nR+I0
pqO0EFNVD6/N7icy4vK+E6JKMrfnYZ9V2N6fictiDYf4Dzre4NhopvKcoS+YHjOl
kRELe/12ksCwoO0d3QA4bI8cjm+sRef25Xm50wzrwwJGqgWX8CcwC8qNfGRtvg==
-----END CERTIFICATE-----
Generated at Sat Jul 5 15:45:21 2025 by rpki-client