Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/JnsUv98kNZIIk1a-tKMerID7rCM.roa
File:                     JnsUv98kNZIIk1a-tKMerID7rCM.roa (raw, json)
Hash identifier:          VVggJEtPbM0RVztNEkxpHz5RTdwTInvjBacm5vSRX3M=
Subject key identifier:   26:7B:14:BF:DF:24:35:92:08:93:56:BE:B4:A3:1E:AC:80:FB:AC:23
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01963F8D0C6CC22883690C9324F9838D6B88
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/JnsUv98kNZIIk1a-tKMerID7rCM.roa
Signing time:             Wed 16 Apr 2025 17:02:10 +0000
ROA not before:           Wed 16 Apr 2025 17:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:f01::/32 maxlen: 32
                          2a0e:13c0::/32 maxlen: 32
                          2a0e:67c1::/32 maxlen: 32
                          2a0e:8541::/32 maxlen: 32
                          2a0f:bb03::/32 maxlen: 32
                          2a0f:bb05::/32 maxlen: 32
                          2a11:640::/32 maxlen: 32
                          2a11:1341::/32 maxlen: 32
                          2a11:3181::/32 maxlen: 32
                          2a11:6343::/32 maxlen: 32
                          2a11:7882::/32 maxlen: 32
                          2a11:8504::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 17:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:8d:0c:6c:c2:28:83:69:0c:93:24:f9:83:8d:6b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 16 17:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=267b14bfdf243592089356beb4a31eac80fbac23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:62:25:48:d6:4a:34:ed:ad:7c:7c:cb:f0:12:
                    76:d0:5a:b9:7e:9b:9d:db:f5:23:f8:64:35:56:3a:
                    05:3e:1c:52:20:03:e8:2f:4b:98:62:ce:2c:e2:6b:
                    81:3e:7d:8c:f9:91:72:10:d9:46:6c:92:cc:5c:e6:
                    19:3b:ea:41:e8:2c:10:1c:9c:96:88:fb:08:6c:40:
                    b2:d9:1e:72:75:c7:49:48:88:5d:81:94:6d:0d:1b:
                    c3:85:2b:f2:9d:75:4e:d3:c8:85:93:9e:7e:f8:46:
                    9b:7e:e1:f2:f3:8a:ad:c9:1e:cc:c1:04:0a:95:b4:
                    49:ad:72:1c:6d:cc:b9:82:1e:38:2d:8f:06:39:ea:
                    37:38:1b:3a:95:f7:90:b4:1f:10:e2:a5:a2:91:41:
                    40:2d:9f:db:97:f6:6f:93:91:57:5d:e0:82:78:aa:
                    dc:3d:5f:02:cf:98:db:76:2e:9d:5b:27:ae:9c:d8:
                    d7:f8:d1:e6:e9:db:ca:26:10:06:b4:6c:16:27:00:
                    93:86:a0:49:1e:a8:77:17:fe:ba:86:5b:61:fc:49:
                    57:02:ba:ea:2e:31:15:2e:5b:db:4f:f8:63:17:a4:
                    c6:3e:d9:4a:67:96:1f:64:16:dd:6a:2a:05:ff:3a:
                    7c:0e:fa:5d:87:aa:0f:3d:73:45:b4:0b:40:df:a5:
                    b7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7B:14:BF:DF:24:35:92:08:93:56:BE:B4:A3:1E:AC:80:FB:AC:23
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/JnsUv98kNZIIk1a-tKMerID7rCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f01::/32
                  2a0e:13c0::/32
                  2a0e:67c1::/32
                  2a0e:8541::/32
                  2a0f:bb03::/32
                  2a0f:bb05::/32
                  2a11:640::/32
                  2a11:1341::/32
                  2a11:3181::/32
                  2a11:6343::/32
                  2a11:7882::/32
                  2a11:8504::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:4b:76:e8:38:f8:70:0b:a6:fd:6f:5b:a3:e6:a4:34:ea:8d:
         26:59:a1:cb:08:2b:ea:37:fc:16:5f:64:0d:46:bd:f2:fe:37:
         8e:67:1c:38:47:3e:be:12:ac:8f:a9:9d:f8:1c:72:31:50:b9:
         1d:b5:67:85:02:db:c2:a8:b4:62:b3:31:cb:6c:b8:1c:19:ca:
         1f:97:3a:e0:4d:36:78:15:77:50:dc:e8:46:ab:c9:9e:db:48:
         b5:1f:83:2e:dc:b5:ee:b6:8a:1d:50:a9:03:38:30:3c:e0:c6:
         55:55:26:da:65:da:af:79:b6:15:04:7b:4d:01:ea:d8:1e:e6:
         bf:53:88:82:68:5b:00:03:63:25:75:ab:c6:45:a5:c3:b8:a9:
         80:bd:4b:7c:53:38:73:8a:88:eb:c3:c2:56:a5:02:83:e7:04:
         83:50:f8:1c:80:06:7f:04:bd:47:1b:99:fd:bb:ed:a6:c7:71:
         c8:0b:ed:44:75:ee:47:94:e4:d9:16:86:09:6e:ad:23:c5:b4:
         a7:9d:cd:c4:6f:fa:e2:c5:b2:59:58:2d:b5:e3:3d:7c:bd:57:
         fa:0e:bb:10:11:a1:91:49:0b:7b:31:6d:78:2b:71:91:cd:8c:
         7d:cf:5e:8c:76:a6:32:0b:4e:74:d7:9e:c4:46:d4:a0:41:e0:
         e4:9f:63:a1
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZY/jQxswiiDaQyTJPmDjWuIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDE2MTcwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdiMTRiZmRmMjQzNTkyMDg5MzU2YmViNGEzMWVhYzgwZmJhYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22IlSNZKNO2tfHzL8BJ20Fq5fpud
2/Uj+GQ1VjoFPhxSIAPoL0uYYs4s4muBPn2M+ZFyENlGbJLMXOYZO+pB6CwQHJyW
iPsIbECy2R5ydcdJSIhdgZRtDRvDhSvynXVO08iFk55++EabfuHy84qtyR7MwQQK
lbRJrXIcbcy5gh44LY8GOeo3OBs6lfeQtB8Q4qWikUFALZ/bl/Zvk5FXXeCCeKrc
PV8Cz5jbdi6dWyeunNjX+NHm6dvKJhAGtGwWJwCThqBJHqh3F/66hlth/ElXArrq
LjEVLlvbT/hjF6TGPtlKZ5YfZBbdaioF/zp8Dvpdh6oPPXNFtAtA36W39wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFCZ7FL/fJDWSCJNWvrSjHqyA+6wjMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvSm5zVXY5OGtOWklJazFhLXRLTWVySUQ3ckNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUAKg4PAQMF
ACoOE8ADBQAqDmfBAwUAKg6FQQMFACoPuwMDBQAqD7sFAwUAKhEGQAMFACoRE0ED
BQAqETGBAwUAKhFjQwMFACoReIIDBQAqEYUEMA0GCSqGSIb3DQEBCwUAA4IBAQAA
S3boOPhwC6b9b1uj5qQ06o0mWaHLCCvqN/wWX2QNRr3y/jeOZxw4Rz6+EqyPqZ34
HHIxULkdtWeFAtvCqLRiszHLbLgcGcoflzrgTTZ4FXdQ3OhGq8me20i1H4Mu3LXu
toodUKkDODA84MZVVSbaZdqvebYVBHtNAerYHua/U4iCaFsAA2MldavGRaXDuKmA
vUt8Uzhziojrw8JWpQKD5wSDUPgcgAZ/BL1HG5n9u+2mx3HIC+1Ede5HlOTZFoYJ
bq0jxbSnnc3Eb/rixbJZWC214z18vVf6DrsQEaGRSQt7MW14K3GRzYx9z16MdqYy
C050157ERtSgQeDkn2Oh
-----END CERTIFICATE-----