Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Zz3eKggNwD6yvAoft2snUQz2h3s.roa
File:                     Zz3eKggNwD6yvAoft2snUQz2h3s.roa (raw, json)
Hash identifier:          XYkhHh9UWA7lX+Pi+CwdKhhrmjmTNSlsTV+SvWkKgBg=
Subject key identifier:   67:3D:DE:2A:08:0D:C0:3E:B2:BC:0A:1F:B7:6B:27:51:0C:F6:87:7B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01975BB638862E8EB9A58A5198B25167D48F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Zz3eKggNwD6yvAoft2snUQz2h3s.roa
Signing time:             Tue 10 Jun 2025 21:19:18 +0000
ROA not before:           Tue 10 Jun 2025 21:19:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a0f:3f80::/29 maxlen: 29
                          2a0f:b400::/29 maxlen: 29
                          2a10:5c00::/29 maxlen: 29
                          2a10:7700::/29 maxlen: 29
                          2a11:5c80::/29 maxlen: 29
                          2a11:8880::/29 maxlen: 29
                          2a12:4ac0::/29 maxlen: 29
                          2a12:dc00::/29 maxlen: 29
                          2a13:7400::/29 maxlen: 29
                          2a13:9380::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
                          2a13:cf00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 12 Jun 2025 06:21:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:b6:38:86:2e:8e:b9:a5:8a:51:98:b2:51:67:d4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 10 21:19:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=673dde2a080dc03eb2bc0a1fb76b27510cf6877b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3d:4e:6a:1d:2b:b4:0d:6b:27:2f:b2:e1:43:
                    23:7f:b5:79:0d:a4:57:34:46:95:9d:ef:5d:a9:80:
                    d9:50:69:af:f3:b8:40:04:1f:3b:e2:7d:a4:49:30:
                    1a:8c:83:b2:ed:31:75:83:c5:48:84:03:0b:de:6d:
                    72:26:0a:00:76:87:55:6b:6a:e6:70:c2:fb:80:d0:
                    91:3f:c3:a3:a8:f6:b1:d9:9c:f7:8b:9c:d5:f7:ef:
                    fb:49:95:5b:62:01:5f:53:a0:4e:fd:6c:7c:08:74:
                    a2:01:2f:76:e0:1b:62:27:f4:a8:c9:ff:09:d1:91:
                    31:4c:13:a3:8e:87:69:aa:16:f0:95:5e:16:6f:69:
                    c6:de:3f:8d:73:c3:a2:21:5f:fe:64:6c:7d:54:b4:
                    49:65:ef:6f:9e:24:fe:a7:59:21:cb:51:2d:e6:93:
                    a8:d4:b0:41:43:5a:89:b3:f9:a8:8d:60:b9:39:24:
                    ef:64:0d:95:58:2d:72:b0:83:cc:6a:0e:e8:33:90:
                    81:7d:46:7d:ff:c0:93:ce:43:06:2e:d4:d6:80:f8:
                    87:51:ef:ae:de:43:f1:7f:1f:5d:10:0d:49:c9:d3:
                    0a:e5:a2:a2:66:19:b4:44:3e:2d:3f:94:0b:26:c3:
                    e9:fb:3d:29:7e:92:dd:d7:68:54:75:26:ee:c7:d3:
                    09:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3D:DE:2A:08:0D:C0:3E:B2:BC:0A:1F:B7:6B:27:51:0C:F6:87:7B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Zz3eKggNwD6yvAoft2snUQz2h3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3f80::/29
                  2a0f:b400::/29
                  2a10:5c00::/29
                  2a10:7700::/29
                  2a11:5c80::/29
                  2a11:8880::/29
                  2a12:4ac0::/29
                  2a12:dc00::/29
                  2a13:7400::/29
                  2a13:9380::/29
                  2a13:9f00::/29
                  2a13:cf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:cf:13:1a:ab:d8:7d:22:32:60:a1:36:36:ce:17:d4:43:73:
         77:7e:51:b4:62:af:5c:50:be:c9:56:76:a8:47:27:38:76:97:
         32:14:b0:2f:94:a0:cd:db:bd:66:6b:7f:27:a1:52:82:68:12:
         e8:e1:a6:31:ec:6d:16:fa:9b:00:87:8a:fe:a1:b1:a3:30:e8:
         75:38:9b:b6:b1:7e:bb:0c:6c:4c:87:4d:52:91:4d:05:1d:f3:
         16:63:d1:7a:1d:ed:ab:07:0f:45:30:b3:f1:b1:ae:63:ed:d5:
         25:54:d4:7d:61:b9:d0:a8:05:11:6d:50:cf:aa:6d:65:00:0b:
         59:8c:1e:98:79:82:ea:c6:86:2a:ad:c6:c3:dc:98:f2:7b:03:
         5f:92:b1:23:c9:a2:f0:74:10:12:c0:cb:6a:8a:05:1e:34:85:
         74:2e:12:84:83:62:f9:67:d5:f2:af:c4:4c:ff:5c:4c:9a:2b:
         e1:38:84:68:e7:5a:ba:62:f4:f8:df:2f:90:ae:3f:64:b4:a6:
         94:d9:b8:cc:f9:54:26:3a:7d:c1:5f:ea:3a:aa:bd:e9:30:1d:
         21:ba:b3:e9:0b:8a:ae:db:98:54:f1:dd:ee:d2:61:2a:ff:0a:
         b0:e6:f3:b0:f5:60:46:cc:a1:b5:ca:03:55:ab:97:bd:71:aa:
         ba:7e:bf:92
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZdbtjiGLo65pYpRmLJRZ9SPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjEwMjExOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNkZGUyYTA4MGRjMDNlYjJiYzBhMWZiNzZiMjc1MTBjZjY4NzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT1Oah0rtA1rJy+y4UMjf7V5DaRX
NEaVne9dqYDZUGmv87hABB874n2kSTAajIOy7TF1g8VIhAML3m1yJgoAdodVa2rm
cML7gNCRP8OjqPax2Zz3i5zV9+/7SZVbYgFfU6BO/Wx8CHSiAS924BtiJ/Soyf8J
0ZExTBOjjodpqhbwlV4Wb2nG3j+Nc8OiIV/+ZGx9VLRJZe9vniT+p1khy1Et5pOo
1LBBQ1qJs/mojWC5OSTvZA2VWC1ysIPMag7oM5CBfUZ9/8CTzkMGLtTWgPiHUe+u
3kPxfx9dEA1JydMK5aKiZhm0RD4tP5QLJsPp+z0pfpLd12hUdSbux9MJYwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFGc93ioIDcA+srwKH7drJ1EM9od7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWnozZUtnZ053RDZ5dkFvZnQyc25VUXoyaDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUDKg8/gAMF
AyoPtAADBQMqEFwAAwUDKhB3AAMFAyoRXIADBQMqEYiAAwUDKhJKwAMFAyoS3AAD
BQMqE3QAAwUDKhOTgAMFAyoTnwADBQMqE88AMA0GCSqGSIb3DQEBCwUAA4IBAQC5
zxMaq9h9IjJgoTY2zhfUQ3N3flG0Yq9cUL7JVnaoRyc4dpcyFLAvlKDN271ma38n
oVKCaBLo4aYx7G0W+psAh4r+obGjMOh1OJu2sX67DGxMh01SkU0FHfMWY9F6He2r
Bw9FMLPxsa5j7dUlVNR9YbnQqAURbVDPqm1lAAtZjB6YeYLqxoYqrcbD3JjyewNf
krEjyaLwdBASwMtqigUeNIV0LhKEg2L5Z9Xyr8RM/1xMmivhOIRo51q6YvT43y+Q
rj9ktKaU2bjM+VQmOn3BX+o6qr3pMB0hurPpC4qu25hU8d3u0mEq/wqw5vOw9WBG
zKG1ygNVq5e9caq6fr+S
-----END CERTIFICATE-----