Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/dxhWp3_NqvTv1IRse6LQOHfx47g.roa
File:                     dxhWp3_NqvTv1IRse6LQOHfx47g.roa (raw, json)
Hash identifier:          mWGSet2Lx6Z+w3LOY+Kg9UF4I116qcxHWb+FJ66ZnOg=
Subject key identifier:   77:18:56:A7:7F:CD:AA:F4:EF:D4:84:6C:7B:A2:D0:38:77:F1:E3:B8
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0196169E404EEB5B525679E6AE8780C730B8
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/dxhWp3_NqvTv1IRse6LQOHfx47g.roa
Signing time:             Tue 08 Apr 2025 18:16:31 +0000
ROA not before:           Tue 08 Apr 2025 18:16:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:f01::/32 maxlen: 32
                          2a0e:13c0::/32 maxlen: 32
                          2a0e:67c1::/32 maxlen: 32
                          2a0e:8541::/32 maxlen: 32
                          2a0f:bb03::/32 maxlen: 32
                          2a11:640::/32 maxlen: 32
                          2a11:1341::/32 maxlen: 32
                          2a11:3181::/32 maxlen: 32
                          2a11:6343::/32 maxlen: 32
                          2a11:7882::/32 maxlen: 32
                          2a11:8504::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 17:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:16:9e:40:4e:eb:5b:52:56:79:e6:ae:87:80:c7:30:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr  8 18:16:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=771856a77fcdaaf4efd4846c7ba2d03877f1e3b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:64:72:8e:fc:d5:5b:fe:36:1d:a3:4f:4e:ea:
                    91:18:e2:9b:72:39:b6:1f:80:d7:36:6c:09:3b:be:
                    0e:0d:0b:46:94:0b:f8:9f:8a:b1:04:2f:65:ca:9b:
                    6b:13:ea:a8:0c:61:5b:33:8a:eb:c4:63:94:7c:f8:
                    9d:db:4b:1d:e3:59:47:50:a8:41:1b:98:5c:6a:19:
                    81:e0:69:5f:e1:bb:28:d1:e4:35:4f:59:aa:df:c1:
                    05:4b:88:b3:8f:eb:7e:8b:79:2e:6c:2e:ce:f8:4a:
                    da:b7:5b:ee:e7:06:77:59:44:5d:f9:84:53:06:3f:
                    ab:20:29:c3:67:72:18:9e:ce:13:2f:81:53:48:0d:
                    cd:16:14:82:08:94:7f:5f:f1:dd:e2:dd:3a:01:75:
                    12:fe:83:f5:ec:42:2c:45:48:ee:cc:d6:7a:bf:75:
                    7f:6c:a4:b3:a8:69:fe:ac:97:59:3d:fd:40:7e:d8:
                    22:9e:3a:5b:5b:35:e4:7b:45:32:c7:8d:77:88:77:
                    0d:8e:a1:d1:ac:ad:ca:e8:00:59:6b:6d:04:c7:50:
                    c7:1d:a0:b4:1c:51:23:5f:ab:b8:b3:cd:54:7f:d6:
                    a9:f1:94:d3:8f:91:2a:d6:77:e2:f1:7f:c8:6e:4e:
                    b6:a4:97:a3:ac:cc:48:82:79:b0:f5:0e:ab:b5:39:
                    77:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:18:56:A7:7F:CD:AA:F4:EF:D4:84:6C:7B:A2:D0:38:77:F1:E3:B8
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/dxhWp3_NqvTv1IRse6LQOHfx47g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f01::/32
                  2a0e:13c0::/32
                  2a0e:67c1::/32
                  2a0e:8541::/32
                  2a0f:bb03::/32
                  2a11:640::/32
                  2a11:1341::/32
                  2a11:3181::/32
                  2a11:6343::/32
                  2a11:7882::/32
                  2a11:8504::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:bd:5f:64:2a:76:7f:cf:34:93:1a:05:e5:95:89:d0:84:de:
         20:b6:2a:4b:27:ad:68:83:a8:fe:ca:23:93:72:ff:8b:48:81:
         35:a4:bb:26:93:19:a6:39:4c:bf:40:9d:fb:ef:51:4d:ac:b0:
         ac:97:82:5c:04:dd:cf:3f:cc:52:16:bb:24:98:a8:cc:17:e7:
         bd:20:07:8c:42:ab:ed:f0:31:7a:f4:81:a5:a0:bd:d9:8c:8e:
         c7:88:a7:18:93:bd:88:80:33:e7:50:24:35:e2:80:fa:df:ba:
         9a:65:9c:af:06:c9:d8:de:33:09:28:e3:67:b4:4e:9f:69:bb:
         ea:17:d3:be:57:25:60:08:73:c3:6c:3e:ed:b4:df:a7:b0:b1:
         1b:00:0c:33:d4:61:f8:87:f0:b4:55:68:6e:0d:a1:69:30:fa:
         34:c3:33:6a:05:1e:c9:87:8d:85:c2:37:16:11:4b:90:9d:d6:
         ed:d8:e0:07:fa:64:89:88:b8:f3:6f:20:b9:6a:8e:56:8b:de:
         80:5a:5b:c2:ce:44:6a:c9:c5:4a:ed:72:24:4e:ff:21:eb:80:
         c7:5f:4c:39:2d:93:0e:5c:ad:89:35:1c:99:41:cf:e4:21:db:
         cb:4e:33:41:4d:54:8e:f4:66:ec:19:a0:99:e5:e7:61:23:51:
         0a:07:60:86
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZYWnkBO61tSVnnmroeAxzC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDA4MTgxNjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzE4NTZhNzdmY2RhYWY0ZWZkNDg0NmM3YmEyZDAzODc3ZjFlM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmRyjvzVW/42HaNPTuqRGOKbcjm2
H4DXNmwJO74ODQtGlAv4n4qxBC9lyptrE+qoDGFbM4rrxGOUfPid20sd41lHUKhB
G5hcahmB4Glf4bso0eQ1T1mq38EFS4izj+t+i3kubC7O+Erat1vu5wZ3WURd+YRT
Bj+rICnDZ3IYns4TL4FTSA3NFhSCCJR/X/Hd4t06AXUS/oP17EIsRUjuzNZ6v3V/
bKSzqGn+rJdZPf1AftginjpbWzXke0Uyx413iHcNjqHRrK3K6ABZa20Ex1DHHaC0
HFEjX6u4s81Uf9ap8ZTTj5Eq1nfi8X/Ibk62pJejrMxIgnmw9Q6rtTl35QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFHcYVqd/zar079SEbHui0Dh38eO4MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvZHhoV3AzX05xdlR2MUlSc2U2TFFPSGZ4NDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKg4PAQMF
ACoOE8ADBQAqDmfBAwUAKg6FQQMFACoPuwMDBQAqEQZAAwUAKhETQQMFACoRMYED
BQAqEWNDAwUAKhF4ggMFACoRhQQwDQYJKoZIhvcNAQELBQADggEBAEW9X2Qqdn/P
NJMaBeWVidCE3iC2KksnrWiDqP7KI5Ny/4tIgTWkuyaTGaY5TL9AnfvvUU2ssKyX
glwE3c8/zFIWuySYqMwX570gB4xCq+3wMXr0gaWgvdmMjseIpxiTvYiAM+dQJDXi
gPrfupplnK8GydjeMwko42e0Tp9pu+oX075XJWAIc8NsPu2036ewsRsADDPUYfiH
8LRVaG4NoWkw+jTDM2oFHsmHjYXCNxYRS5Cd1u3Y4Af6ZImIuPNvILlqjlaL3oBa
W8LORGrJxUrtciRO/yHrgMdfTDktkw5crYk1HJlBz+Qh28tOM0FNVI70ZuwZoJnl
52EjUQoHYIY=
-----END CERTIFICATE-----