Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/h4aNfFE9T4mzcHoAMk3910tdZcE.roa
File:                     h4aNfFE9T4mzcHoAMk3910tdZcE.roa (raw, json)
Hash identifier:          NzIpT/s5r38BSBbNY/8OGgJhXKgDE4+a1h6q5uH3qrw=
Subject key identifier:   87:86:8D:7C:51:3D:4F:89:B3:70:7A:00:32:4D:FD:D7:4B:5D:65:C1
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       019644B9D125B202286C4B7707C7D43C651D
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/h4aNfFE9T4mzcHoAMk3910tdZcE.roa
Signing time:             Thu 17 Apr 2025 17:09:10 +0000
ROA not before:           Thu 17 Apr 2025 17:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:f01::/32 maxlen: 32
                          2a0e:13c0::/32 maxlen: 32
                          2a0e:67c1::/32 maxlen: 32
                          2a0e:8541::/32 maxlen: 32
                          2a0f:bb03::/32 maxlen: 32
                          2a0f:bb05::/32 maxlen: 32
                          2a11:640::/32 maxlen: 32
                          2a11:3181::/32 maxlen: 32
                          2a11:7882::/32 maxlen: 32
                          2a11:8504::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 28 Apr 2025 10:13:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:b9:d1:25:b2:02:28:6c:4b:77:07:c7:d4:3c:65:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 17 17:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87868d7c513d4f89b3707a00324dfdd74b5d65c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1a:cd:31:58:25:c7:72:d6:52:aa:8a:d2:b0:
                    a2:f3:5a:9f:db:87:cf:36:ee:0e:b8:33:27:24:5f:
                    de:6c:15:b4:5c:33:d4:70:05:b1:e7:59:35:43:2e:
                    64:5f:a3:72:05:82:ac:2c:d5:f7:a5:b3:f6:5f:cc:
                    d4:27:b5:98:7e:6a:42:0e:d1:ba:e6:08:54:93:ab:
                    15:12:ec:0c:66:40:72:e6:9b:bc:b0:18:b5:c7:6d:
                    a7:b7:f1:ca:be:23:f4:8b:bb:ac:6c:1a:e2:94:d4:
                    b8:1d:66:f9:8f:7c:67:86:85:8b:88:48:cd:4c:e6:
                    72:60:ee:bf:64:75:02:8d:77:18:98:3c:a3:19:c5:
                    4f:11:df:be:e0:aa:bc:60:6d:b7:f4:4c:dd:00:d2:
                    a3:f5:c1:91:a4:57:91:5d:91:55:e7:dc:5b:23:d4:
                    ad:7c:a4:48:bc:e2:f9:9e:a3:61:d3:d9:d7:2a:c1:
                    ec:f3:ff:33:79:39:52:81:78:d5:1c:38:dd:dd:ad:
                    fd:a3:9f:1c:9d:6c:bb:b7:ad:3a:9f:fc:3e:8f:2d:
                    ee:c4:44:76:a8:5f:3c:df:00:3a:03:ad:e8:f7:97:
                    fe:a0:a1:3f:1f:3d:fd:77:b8:c3:e3:88:b4:4b:36:
                    df:f6:b5:24:da:8d:67:c6:db:80:9b:46:ba:4b:9a:
                    46:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:86:8D:7C:51:3D:4F:89:B3:70:7A:00:32:4D:FD:D7:4B:5D:65:C1
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/h4aNfFE9T4mzcHoAMk3910tdZcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f01::/32
                  2a0e:13c0::/32
                  2a0e:67c1::/32
                  2a0e:8541::/32
                  2a0f:bb03::/32
                  2a0f:bb05::/32
                  2a11:640::/32
                  2a11:3181::/32
                  2a11:7882::/32
                  2a11:8504::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:34:09:6b:4c:f1:93:36:32:e3:2c:f8:e8:40:d5:5b:b8:8b:
         9d:3c:1e:f7:01:f5:a4:f2:ad:ac:e5:92:9d:67:9f:dc:cc:86:
         cb:b6:93:4c:e1:b1:dd:54:14:58:80:ca:77:40:7a:e6:ec:67:
         b5:f1:77:82:37:dd:b4:cd:9f:10:c4:4a:bf:e1:88:26:47:a3:
         5d:fe:92:e1:f2:fc:2f:67:d3:54:2b:7a:65:aa:dc:ea:40:12:
         ad:41:e7:b4:db:e2:41:fe:58:a1:47:05:a2:cc:2f:7a:e4:f1:
         55:60:15:64:83:a2:03:45:5b:bf:a9:93:46:11:fe:b4:de:29:
         ea:df:4b:c5:dc:13:e8:ba:48:38:f4:fa:2a:bb:3e:c1:e9:19:
         76:e1:03:cf:63:a1:77:31:e0:23:a9:3b:6a:96:ce:bb:3a:f1:
         ca:58:06:d3:5e:ee:bb:e4:7f:14:dd:eb:9c:98:e3:dd:53:04:
         d0:39:8b:02:18:00:6c:b0:ee:cc:36:92:6a:d5:e1:f7:e2:c7:
         c6:d2:1a:7c:66:a7:68:cf:40:36:6e:7c:7a:23:5c:aa:36:0e:
         a2:ab:e9:81:04:1c:83:78:87:b6:0b:6e:bc:54:e9:5f:38:4d:
         7e:3a:55:e5:c5:7b:4c:9b:9b:a8:9e:68:25:db:28:8f:de:7a:
         92:7e:52:e5
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZZEudElsgIobEt3B8fUPGUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDE3MTcwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg2OGQ3YzUxM2Q0Zjg5YjM3MDdhMDAzMjRkZmRkNzRiNWQ2NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxrNMVglx3LWUqqK0rCi81qf24fP
Nu4OuDMnJF/ebBW0XDPUcAWx51k1Qy5kX6NyBYKsLNX3pbP2X8zUJ7WYfmpCDtG6
5ghUk6sVEuwMZkBy5pu8sBi1x22nt/HKviP0i7usbBrilNS4HWb5j3xnhoWLiEjN
TOZyYO6/ZHUCjXcYmDyjGcVPEd++4Kq8YG239EzdANKj9cGRpFeRXZFV59xbI9St
fKRIvOL5nqNh09nXKsHs8/8zeTlSgXjVHDjd3a39o58cnWy7t606n/w+jy3uxER2
qF883wA6A63o95f+oKE/Hz39d7jD44i0Szbf9rUk2o1nxtuAm0a6S5pGiQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIeGjXxRPU+Js3B6ADJN/ddLXWXBMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvaDRhTmZGRTlUNG16Y0hvQU1rMzkxMHRkWmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKg4PAQMF
ACoOE8ADBQAqDmfBAwUAKg6FQQMFACoPuwMDBQAqD7sFAwUAKhEGQAMFACoRMYED
BQAqEXiCAwUAKhGFBDANBgkqhkiG9w0BAQsFAAOCAQEAQDQJa0zxkzYy4yz46EDV
W7iLnTwe9wH1pPKtrOWSnWef3MyGy7aTTOGx3VQUWIDKd0B65uxntfF3gjfdtM2f
EMRKv+GIJkejXf6S4fL8L2fTVCt6Zarc6kASrUHntNviQf5YoUcFoswveuTxVWAV
ZIOiA0Vbv6mTRhH+tN4p6t9LxdwT6LpIOPT6Krs+wekZduEDz2OhdzHgI6k7apbO
uzrxylgG017uu+R/FN3rnJjj3VME0DmLAhgAbLDuzDaSatXh9+LHxtIafGanaM9A
Nm58eiNcqjYOoqvpgQQcg3iHtgtuvFTpXzhNfjpV5cV7TJubqJ5oJdsoj956kn5S
5Q==
-----END CERTIFICATE-----