Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/_Kn_JuOtONQU0mQGW7uDSytiMNw.roa
File:                     _Kn_JuOtONQU0mQGW7uDSytiMNw.roa (raw, json)
Hash identifier:          2CtbNaHk3VrYt5ay3cXJ0SVMBJeReaD2cOp4qG9tq8Y=
Subject key identifier:   FC:A9:FF:26:E3:AD:38:D4:14:D2:64:06:5B:BB:83:4B:2B:62:30:DC
Certificate issuer:       /CN=b0c9e116678959b8a9478fcea7ca3c0603102162
Certificate serial:       019EBFCB97F58513BCCCE4AB78EE7C9F9599
Authority key identifier: B0:C9:E1:16:67:89:59:B8:A9:47:8F:CE:A7:CA:3C:06:03:10:21:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMnhFmeJWbipR4_Op8o8BgMQIWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/_Kn_JuOtONQU0mQGW7uDSytiMNw.roa
Signing time:             Sat 13 Jun 2026 07:04:11 +0000
ROA not before:           Sat 13 Jun 2026 07:04:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:19e:175a:3589/128 maxlen: 128
                          2001:67c:64:ffff:0:19e:8d95:c397/128 maxlen: 128
                          2001:67c:64:ffff:0:19e:9217:41cb/128 maxlen: 128
                          2001:67c:64:ffff:0:19e:973d:a4cb/128 maxlen: 128
                          2001:67c:64:ffff:0:19e:bfcb:2ead/128 maxlen: 128
Validation:               Failed, certificate revoked on Sat 13 Jun 2026 07:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bf:cb:97:f5:85:13:bc:cc:e4:ab:78:ee:7c:9f:95:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c9e116678959b8a9478fcea7ca3c0603102162
        Validity
            Not Before: Jun 13 07:04:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fca9ff26e3ad38d414d264065bbb834b2b6230dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ff:00:2d:57:5a:fd:35:fb:30:c0:09:75:5d:
                    1e:a4:31:46:cb:cb:ca:75:20:85:f0:67:03:96:8b:
                    e2:8b:06:10:1a:4c:2d:85:cb:e4:46:80:8a:67:85:
                    5e:d2:ba:44:de:86:42:5b:1c:f3:b4:e3:60:9f:8e:
                    7a:d2:96:95:ec:a8:e6:89:fd:3f:eb:ae:69:a5:4a:
                    51:b4:5b:46:85:7a:09:e8:e2:a7:2f:e0:76:78:8a:
                    e8:68:20:7e:19:66:e3:5d:54:6e:93:48:75:89:61:
                    7f:18:a9:7d:fe:d9:0f:b1:89:cb:55:51:f6:b0:fe:
                    2d:f2:ff:77:65:39:ec:b4:47:59:14:56:d3:ab:65:
                    92:b1:a8:ec:5c:98:f6:6b:aa:9d:8c:0d:ac:3c:f8:
                    b9:2f:15:6f:44:c7:e3:79:4e:0e:c6:39:d5:61:70:
                    2c:eb:90:e5:13:a2:73:28:81:3c:77:02:27:2e:c7:
                    df:50:4b:a1:c5:93:44:c8:0e:cc:55:78:4f:f5:d3:
                    b5:b5:20:e6:01:8b:1c:ba:c8:8d:19:5c:2f:70:49:
                    2c:6d:a8:1c:b4:a8:c2:b8:cf:1c:ab:37:ca:7b:4b:
                    72:c9:e4:46:d4:18:ef:35:07:8e:d9:c1:c1:63:03:
                    68:b9:71:41:8b:52:24:2d:46:0e:db:06:33:d1:2f:
                    3b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A9:FF:26:E3:AD:38:D4:14:D2:64:06:5B:BB:83:4B:2B:62:30:DC
            X509v3 Authority Key Identifier:
                keyid:B0:C9:E1:16:67:89:59:B8:A9:47:8F:CE:A7:CA:3C:06:03:10:21:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMnhFmeJWbipR4_Op8o8BgMQIWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/_Kn_JuOtONQU0mQGW7uDSytiMNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/sMnhFmeJWbipR4_Op8o8BgMQIWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:19e:175a:3589/128
                  2001:67c:64:ffff:0:19e:8d95:c397/128
                  2001:67c:64:ffff:0:19e:9217:41cb/128
                  2001:67c:64:ffff:0:19e:973d:a4cb/128
                  2001:67c:64:ffff:0:19e:bfcb:2ead/128

    Signature Algorithm: sha256WithRSAEncryption
         41:aa:96:2e:d7:63:fd:22:b2:13:a6:9e:2f:f8:c0:8d:17:27:
         ce:ee:79:06:cb:03:4f:6e:e2:bc:40:e4:2c:f3:0b:80:be:3b:
         fe:d0:6c:c5:32:ee:11:28:c6:74:8e:dd:a3:bd:e9:0a:f4:0a:
         ad:26:e9:ba:33:53:ac:55:a9:8c:99:f1:26:85:d9:7e:6a:6a:
         94:d0:dd:dd:70:95:41:52:9b:63:f3:6c:b7:7e:ee:f5:12:7d:
         dd:a7:0c:ef:af:06:94:b3:71:f9:9b:a7:d6:77:04:69:ce:52:
         e1:5d:52:ab:c2:08:13:18:a4:65:63:e7:dd:00:64:18:ca:f2:
         d0:22:6d:74:51:ce:88:5e:49:ca:87:54:fa:42:17:45:aa:d5:
         2d:41:82:a3:ff:5a:ad:7f:65:d1:46:15:07:66:ac:9e:0a:b4:
         f4:95:67:ba:6c:9b:29:46:bf:e7:b6:fd:89:95:76:c7:4f:a8:
         0c:70:fe:85:b3:5c:4d:41:f0:77:18:06:e7:b5:c9:ca:40:36:
         5d:c4:9f:a6:90:92:ef:d1:9f:75:74:25:be:f3:62:08:6c:d5:
         bf:ec:27:65:1f:82:57:c2:73:f1:27:ad:3f:e3:c4:d3:91:49:
         e7:19:1d:a4:6e:83:a0:01:fd:88:15:f0:3c:7e:c5:fd:40:b4:
         96:14:00:19
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZ6/y5f1hRO8zOSreO58n5WZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzllMTE2Njc4OTU5YjhhOTQ3OGZjZWE3Y2EzYzA2MDMx
MDIxNjIwHhcNMjYwNjEzMDcwNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E5ZmYyNmUzYWQzOGQ0MTRkMjY0MDY1YmJiODM0YjJiNjIzMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyv8ALVda/TX7MMAJdV0epDFGy8vK
dSCF8GcDloviiwYQGkwthcvkRoCKZ4Ve0rpE3oZCWxzztONgn4560paV7Kjmif0/
665ppUpRtFtGhXoJ6OKnL+B2eIroaCB+GWbjXVRuk0h1iWF/GKl9/tkPsYnLVVH2
sP4t8v93ZTnstEdZFFbTq2WSsajsXJj2a6qdjA2sPPi5LxVvRMfjeU4OxjnVYXAs
65DlE6JzKIE8dwInLsffUEuhxZNEyA7MVXhP9dO1tSDmAYscusiNGVwvcEksbagc
tKjCuM8cqzfKe0tyyeRG1BjvNQeO2cHBYwNouXFBi1IkLUYO2wYz0S87KQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFPyp/ybjrTjUFNJkBlu7g0srYjDcMB8GA1UdIwQY
MBaAFLDJ4RZniVm4qUePzqfKPAYDECFiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01uaEZtZUpXYmlwUjRfT3A4bzhCZ01RSVdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC82OGJmMWQtNmU1MC00OTk2LTgyYWYt
MGFjNTgxYTU4Y2QxLzEvX0tuX0p1T3RPTlFVMG1RR1c3dURTeXRpTU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC82OGJmMWQtNmU1MC00OTk2LTgyYWYtMGFjNTgxYTU4Y2Qx
LzEvc01uaEZtZUpXYmlwUjRfT3A4bzhCZ01RSVdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGeF1o1iQMRACABBnwAZP//AAABno2Vw5cDEQAgAQZ8AGT//wAAAZ6SF0HL
AxEAIAEGfABk//8AAAGelz2kywMRACABBnwAZP//AAABnr/LLq0wDQYJKoZIhvcN
AQELBQADggEBAEGqli7XY/0ishOmni/4wI0XJ87ueQbLA09u4rxA5CzzC4C+O/7Q
bMUy7hEoxnSO3aO96Qr0Cq0m6bozU6xVqYyZ8SaF2X5qapTQ3d1wlUFSm2PzbLd+
7vUSfd2nDO+vBpSzcfmbp9Z3BGnOUuFdUqvCCBMYpGVj590AZBjK8tAibXRRzohe
ScqHVPpCF0Wq1S1BgqP/Wq1/ZdFGFQdmrJ4KtPSVZ7psmylGv+e2/YmVdsdPqAxw
/oWzXE1B8HcYBue1ycpANl3En6aQku/Rn3V0Jb7zYghs1b/sJ2UfglfCc/EnrT/j
xNORSecZHaRug6AB/YgV8Dx+xf1AtJYUABk=
-----END CERTIFICATE-----