Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/zKmj2hotz4mWsbqQpyQR-K0GN2g.roa
File:                     zKmj2hotz4mWsbqQpyQR-K0GN2g.roa (raw, json)
Hash identifier:          B/F5Zi0ZZ0/39LVZ8fDa8CTWGgzts3zzMpc7xwLpocU=
Subject key identifier:   CC:A9:A3:DA:1A:2D:CF:89:96:B1:BA:90:A7:24:11:F8:AD:06:37:68
Certificate issuer:       /CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
Certificate serial:       019A726BC8A449764894989F6AF54A8F6EAC
Authority key identifier: 4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/zKmj2hotz4mWsbqQpyQR-K0GN2g.roa
Signing time:             Tue 11 Nov 2025 10:17:37 +0000
ROA not before:           Tue 11 Nov 2025 10:17:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:198:55a3:fcb4/128 maxlen: 128
                          2001:67c:64:ffff:0:198:5ff0:79dc/128 maxlen: 128
                          2001:67c:64:ffff:0:198:ad2f:c10a/128 maxlen: 128
                          2001:67c:64:ffff:0:199:70e1:b209/128 maxlen: 128
                          2001:67c:64:ffff:0:199:7262:3881/128 maxlen: 128
                          2001:67c:64:ffff:0:199:befc:c22a/128 maxlen: 128
Validation:               Failed, certificate revoked on Tue 11 Nov 2025 11:05:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:6b:c8:a4:49:76:48:94:98:9f:6a:f5:4a:8f:6e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
        Validity
            Not Before: Nov 11 10:17:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cca9a3da1a2dcf8996b1ba90a72411f8ad063768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:17:2c:17:f5:27:3e:b8:23:90:c7:99:87:bb:
                    8f:ed:8d:cd:5b:3f:77:0f:10:45:50:eb:4d:20:18:
                    e7:ab:79:05:38:60:8d:51:81:55:cc:ae:35:20:10:
                    5e:4d:a4:38:76:72:c4:06:7f:93:fb:14:80:de:a1:
                    8c:05:85:7d:45:c3:9d:5d:25:63:32:fe:6d:8a:e2:
                    85:f6:d8:fa:bd:a6:e2:4e:dd:92:3d:d9:a6:c4:26:
                    5a:bb:f4:f8:2a:ed:df:7a:d9:f5:83:6b:03:98:ac:
                    e4:fd:c8:d7:f2:27:cf:f1:6d:98:85:57:17:dd:04:
                    d4:c2:e6:2f:0e:06:e2:3f:22:8b:6f:6a:aa:3c:6d:
                    a7:e6:05:a6:83:f1:d4:3b:07:45:b0:ef:40:ad:5b:
                    7f:94:16:61:43:15:5c:70:87:29:9b:62:bc:3c:28:
                    4a:3f:1d:fe:b3:c0:95:e0:f5:f6:72:ed:06:08:3c:
                    8d:49:54:d7:aa:8d:63:62:8c:60:2b:74:83:53:f6:
                    f7:2c:c1:27:e4:60:84:97:d2:76:f9:ac:7d:80:ba:
                    50:53:b7:af:e0:40:f6:8f:02:55:e1:9f:68:3e:15:
                    0f:15:be:b7:c4:60:ae:2e:ef:38:9e:7f:b0:fd:b9:
                    fe:68:89:da:ab:cf:4a:d9:99:97:ff:62:e2:6e:e9:
                    9e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A9:A3:DA:1A:2D:CF:89:96:B1:BA:90:A7:24:11:F8:AD:06:37:68
            X509v3 Authority Key Identifier:
                keyid:4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/zKmj2hotz4mWsbqQpyQR-K0GN2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/ThPQwKcD4JzaZMErCN2it0mgQpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:198:55a3:fcb4/128
                  2001:67c:64:ffff:0:198:5ff0:79dc/128
                  2001:67c:64:ffff:0:198:ad2f:c10a/128
                  2001:67c:64:ffff:0:199:70e1:b209/128
                  2001:67c:64:ffff:0:199:7262:3881/128
                  2001:67c:64:ffff:0:199:befc:c22a/128

    Signature Algorithm: sha256WithRSAEncryption
         03:93:60:7a:80:d2:4d:38:e1:25:28:aa:ad:74:78:dc:f2:ea:
         c7:b3:a8:f1:43:46:03:aa:a8:43:71:e6:d2:1c:ba:8e:a2:14:
         d0:e8:1c:84:eb:e3:ea:a1:bd:c1:8f:1e:3c:06:73:8f:74:88:
         47:de:26:42:f1:ab:31:12:97:f1:77:52:e8:f9:8a:e4:82:22:
         95:cc:28:a0:7b:6c:58:12:47:06:5f:17:5e:55:8d:18:41:35:
         c3:b5:e3:db:d3:f3:11:f1:5f:de:c1:a2:50:06:97:f7:6a:dd:
         47:0e:a9:93:57:32:2d:8b:20:2a:d3:88:90:41:f1:04:a9:af:
         70:90:ae:bf:1e:2b:d9:a4:b7:2a:8d:59:e6:1a:28:70:a3:cd:
         71:69:87:38:95:ca:02:c2:2c:a2:77:63:2b:7c:1b:61:d3:7b:
         b6:d7:f7:63:23:44:76:4a:69:1c:36:fb:61:23:ef:fc:ff:1f:
         2e:a6:64:1b:fd:12:0b:98:33:38:6c:78:97:c9:d4:8f:c6:88:
         ec:31:f6:8c:94:06:a8:1f:49:01:81:17:dd:b3:ee:96:07:46:
         32:54:6b:19:64:98:b4:5d:21:0e:45:82:ac:4d:05:2f:a6:07:
         cb:53:85:d6:ec:f8:39:5c:b0:92:f8:d5:cc:d0:4e:75:46:1c:
         c6:50:20:e9
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZpya8ikSXZIlJifavVKj26sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTNkMGMwYTcwM2UwOWNkYTY0YzEyYjA4ZGRhMmI3NDlh
MDQyOWMwHhcNMjUxMTExMTAxNzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E5YTNkYTFhMmRjZjg5OTZiMWJhOTBhNzI0MTFmOGFkMDYzNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthcsF/UnPrgjkMeZh7uP7Y3NWz93
DxBFUOtNIBjnq3kFOGCNUYFVzK41IBBeTaQ4dnLEBn+T+xSA3qGMBYV9RcOdXSVj
Mv5tiuKF9tj6vabiTt2SPdmmxCZau/T4Ku3fetn1g2sDmKzk/cjX8ifP8W2YhVcX
3QTUwuYvDgbiPyKLb2qqPG2n5gWmg/HUOwdFsO9ArVt/lBZhQxVccIcpm2K8PChK
Px3+s8CV4PX2cu0GCDyNSVTXqo1jYoxgK3SDU/b3LMEn5GCEl9J2+ax9gLpQU7ev
4ED2jwJV4Z9oPhUPFb63xGCuLu84nn+w/bn+aInaq89K2ZmX/2LibumemwIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFMypo9oaLc+JlrG6kKckEfitBjdoMB8GA1UdIwQY
MBaAFE4T0MCnA+Cc2mTBKwjdordJoEKcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYt
NmFhNDQzNTI4Y2U1LzEvekttajJob3R6NG1Xc2JxUXB5UVItSzBHTjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYtNmFhNDQzNTI4Y2U1
LzEvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAIwcgMRACABBnwA
ZP//AAABmFWj/LQDEQAgAQZ8AGT//wAAAZhf8HncAxEAIAEGfABk//8AAAGYrS/B
CgMRACABBnwAZP//AAABmXDhsgkDEQAgAQZ8AGT//wAAAZlyYjiBAxEAIAEGfABk
//8AAAGZvvzCKjANBgkqhkiG9w0BAQsFAAOCAQEAA5NgeoDSTTjhJSiqrXR43PLq
x7Oo8UNGA6qoQ3Hm0hy6jqIU0OgchOvj6qG9wY8ePAZzj3SIR94mQvGrMRKX8XdS
6PmK5IIilcwooHtsWBJHBl8XXlWNGEE1w7Xj29PzEfFf3sGiUAaX92rdRw6pk1cy
LYsgKtOIkEHxBKmvcJCuvx4r2aS3Ko1Z5hoocKPNcWmHOJXKAsIsondjK3wbYdN7
ttf3YyNEdkppHDb7YSPv/P8fLqZkG/0SC5gzOGx4l8nUj8aI7DH2jJQGqB9JAYEX
3bPulgdGMlRrGWSYtF0hDkWCrE0FL6YHy1OF1uz4OVywkvjVzNBOdUYcxlAg6Q==
-----END CERTIFICATE-----