Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa
File:                     wU7StJW-DDMO2IfUhbKwRq03LH4.roa (raw, json)
Hash identifier:          agiiz9TYWVr1jFEi+ZSl3zujSY0tUFTBNcUwTs1U3zQ=
Subject key identifier:   C1:4E:D2:B4:95:BE:0C:33:0E:D8:87:D4:85:B2:B0:46:AD:37:2C:7E
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       01961196610534DE47FC1F57E5B03B1C20E0
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa
Signing time:             Mon 07 Apr 2025 18:49:49 +0000
ROA not before:           Mon 07 Apr 2025 18:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0a:c382::/32 maxlen: 32
                          2a11:2080::/32 maxlen: 32
                          2a11:2085::/32 maxlen: 32
                          2a11:6504::/32 maxlen: 32
                          2a11:8f85::/32 maxlen: 32
                          2a11:f186::/32 maxlen: 32
                          2a11:fb45::/32 maxlen: 32
                          2a12:1804::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 08 Apr 2025 18:16:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:11:96:61:05:34:de:47:fc:1f:57:e5:b0:3b:1c:20:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Apr  7 18:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c14ed2b495be0c330ed887d485b2b046ad372c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9f:9f:cd:82:d0:7a:ae:73:fe:63:24:93:1f:
                    9b:22:71:e5:93:ee:6e:c3:70:a5:4c:f2:c5:0a:a6:
                    19:03:1d:4e:08:21:30:bd:16:07:7f:d6:4d:88:31:
                    62:dd:04:91:57:25:24:53:73:fe:5e:48:09:f4:3a:
                    d5:73:07:47:9e:5b:db:92:ce:d3:43:03:35:7a:18:
                    02:12:64:51:ee:f9:1d:f0:e8:53:1a:f0:8c:95:5e:
                    59:e7:57:65:c2:08:79:4b:5c:df:f7:4d:62:a9:9f:
                    c4:9f:50:91:87:d3:1c:07:10:19:6f:8f:9e:f3:05:
                    1b:99:b2:9c:db:8f:d6:31:9d:d5:ba:e2:cd:15:1b:
                    a5:56:87:c2:94:50:63:d0:69:41:c6:eb:dc:8b:54:
                    12:f4:02:45:d0:c2:1d:90:46:3b:8a:71:19:c1:d1:
                    e5:2b:77:31:7e:e7:fd:3a:28:2e:c8:48:19:ce:22:
                    1d:f2:e1:eb:12:c9:a1:0e:00:03:9f:33:6e:64:b9:
                    73:24:b6:f3:31:63:16:23:32:6d:42:db:b9:11:5f:
                    ae:ae:55:d7:8c:54:39:b3:0e:ca:3c:e8:5d:27:aa:
                    24:9d:9c:4d:21:b5:61:9c:94:fd:71:69:8b:aa:63:
                    cc:24:14:c9:a4:9a:92:d3:50:a4:7c:74:db:1e:04:
                    d0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4E:D2:B4:95:BE:0C:33:0E:D8:87:D4:85:B2:B0:46:AD:37:2C:7E
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c382::/32
                  2a11:2080::/32
                  2a11:2085::/32
                  2a11:6504::/32
                  2a11:8f85::/32
                  2a11:f186::/32
                  2a11:fb45::/32
                  2a12:1804::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:5e:04:15:86:99:a0:21:7a:a0:2f:ee:96:a0:5d:cb:b8:8d:
         0d:48:51:59:c9:d5:a8:7c:7e:26:1f:bb:f9:e4:1e:15:ef:6b:
         d1:58:26:a0:5a:c7:39:8a:dd:04:06:22:5f:84:32:25:cc:ff:
         4b:76:c4:c8:be:2f:d0:50:6a:80:62:67:c3:f7:98:19:10:81:
         ca:3a:31:3f:93:c7:d5:c1:25:c7:69:23:32:a8:00:5f:00:fd:
         16:f8:bd:21:25:40:15:e6:55:92:5f:4c:48:ac:9f:85:2f:e0:
         5c:0e:34:8d:bf:22:be:be:62:1f:11:e9:95:53:a8:a1:6b:58:
         20:a0:ea:fa:9d:2d:7c:2a:81:8e:c5:28:3b:ff:db:41:30:94:
         82:64:4f:18:80:09:10:4a:0e:9d:92:d5:fb:1e:b1:d1:03:11:
         f4:67:01:45:79:17:f7:4f:75:53:ff:4d:85:d1:10:c6:18:0b:
         41:d7:36:96:87:00:93:db:d6:5f:74:4d:96:21:30:2e:4f:73:
         b2:7f:c9:c7:4f:aa:05:21:94:02:15:95:2c:18:66:8b:4a:f3:
         c8:dc:d4:8f:c4:b0:93:44:12:66:51:71:7e:1c:00:44:e1:35:
         40:55:b2:30:85:07:3d:79:c0:c9:cc:16:05:de:b9:26:99:03:
         a8:b5:cf:e5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZYRlmEFNN5H/B9X5bA7HCDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwNDA3MTg0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRlZDJiNDk1YmUwYzMzMGVkODg3ZDQ4NWIyYjA0NmFkMzcyYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ+fzYLQeq5z/mMkkx+bInHlk+5u
w3ClTPLFCqYZAx1OCCEwvRYHf9ZNiDFi3QSRVyUkU3P+XkgJ9DrVcwdHnlvbks7T
QwM1ehgCEmRR7vkd8OhTGvCMlV5Z51dlwgh5S1zf901iqZ/En1CRh9McBxAZb4+e
8wUbmbKc24/WMZ3VuuLNFRulVofClFBj0GlBxuvci1QS9AJF0MIdkEY7inEZwdHl
K3cxfuf9OiguyEgZziId8uHrEsmhDgADnzNuZLlzJLbzMWMWIzJtQtu5EV+urlXX
jFQ5sw7KPOhdJ6oknZxNIbVhnJT9cWmLqmPMJBTJpJqS01CkfHTbHgTQLwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFMFO0rSVvgwzDtiH1IWysEatNyx+MB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvd1U3U3RKVy1ERE1PMklmVWhiS3dScTAzTEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKgrDggMF
ACoRIIADBQAqESCFAwUAKhFlBAMFACoRj4UDBQAqEfGGAwUAKhH7RQMFACoSGAQw
DQYJKoZIhvcNAQELBQADggEBABdeBBWGmaAheqAv7pagXcu4jQ1IUVnJ1ah8fiYf
u/nkHhXva9FYJqBaxzmK3QQGIl+EMiXM/0t2xMi+L9BQaoBiZ8P3mBkQgco6MT+T
x9XBJcdpIzKoAF8A/Rb4vSElQBXmVZJfTEisn4Uv4FwONI2/Ir6+Yh8R6ZVTqKFr
WCCg6vqdLXwqgY7FKDv/20EwlIJkTxiACRBKDp2S1fsesdEDEfRnAUV5F/dPdVP/
TYXREMYYC0HXNpaHAJPb1l90TZYhMC5Pc7J/ycdPqgUhlAIVlSwYZotK88jc1I/E
sJNEEmZRcX4cAEThNUBVsjCFBz15wMnMFgXeuSaZA6i1z+U=
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:55:31 2025 by rpki-client