Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/HocpH_8bB8zDqxPZb0retCMmt04.roa
File:                     HocpH_8bB8zDqxPZb0retCMmt04.roa (raw, json)
Hash identifier:          9FCJGokoiUIUjy3DyDZVm3Ox2wMU/qgUzPJbPhgMW0o=
Subject key identifier:   1E:87:29:1F:FF:1B:07:CC:C3:AB:13:D9:6F:4A:DE:B4:23:26:B7:4E
Certificate issuer:       /CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
Certificate serial:       019A4FA8545E2BFA40211609A5D26E53C590
Authority key identifier: 4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/HocpH_8bB8zDqxPZb0retCMmt04.roa
Signing time:             Tue 04 Nov 2025 16:17:03 +0000
ROA not before:           Tue 04 Nov 2025 16:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:198:55a3:fcb4/128 maxlen: 128
                          2001:67c:64:ffff:0:198:5ff0:79dc/128 maxlen: 128
                          2001:67c:64:ffff:0:198:ad2f:c10a/128 maxlen: 128
                          2001:67c:64:ffff:0:199:70e1:b209/128 maxlen: 128
                          2001:67c:64:ffff:0:199:7262:3881/128 maxlen: 128
                          2001:67c:64:ffff:0:199:befc:c22a/128 maxlen: 128
Validation:               Failed, certificate revoked on Tue 04 Nov 2025 17:05:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:a8:54:5e:2b:fa:40:21:16:09:a5:d2:6e:53:c5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
        Validity
            Not Before: Nov  4 16:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e87291fff1b07ccc3ab13d96f4adeb42326b74e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:de:47:69:2f:9b:6e:2a:44:39:a1:49:19:03:
                    50:1b:d6:86:1e:31:2b:38:02:78:be:7b:68:94:b2:
                    1b:b9:5d:22:00:63:c2:98:d0:63:36:5e:77:02:7e:
                    7f:14:5e:76:c2:28:0e:78:be:bd:20:3d:87:3f:58:
                    48:40:c5:75:66:a6:5e:1c:ba:d3:fe:45:e4:c9:fe:
                    e4:a9:79:0c:b1:6c:62:a3:b8:82:05:47:28:60:c5:
                    7a:b5:1a:00:fd:72:cd:10:29:9a:d3:68:46:d1:57:
                    8a:1d:ab:13:6a:ce:9f:e2:f0:8d:8d:1b:b6:2c:12:
                    7b:85:f9:63:c2:15:76:9c:0e:cd:c5:34:59:43:10:
                    b9:93:e2:12:53:cb:a4:1e:16:a3:c5:01:34:8b:e5:
                    a0:32:4d:5f:b8:1f:9b:ab:88:1c:98:0b:74:91:48:
                    03:95:61:06:9a:bb:f7:03:2b:c6:38:1a:ef:05:7e:
                    2c:eb:42:4b:2b:a4:94:8d:80:ca:6b:25:8a:20:a9:
                    6c:39:d0:72:d4:45:38:42:d2:bf:eb:f3:c1:48:18:
                    b1:a7:c8:e2:ca:34:4a:72:bb:ce:ad:b9:36:f9:2e:
                    61:70:bd:49:4b:f8:65:82:e5:52:4a:91:37:d5:68:
                    fe:29:24:e6:9a:0d:49:99:6f:ed:2a:7d:45:d0:64:
                    17:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:87:29:1F:FF:1B:07:CC:C3:AB:13:D9:6F:4A:DE:B4:23:26:B7:4E
            X509v3 Authority Key Identifier:
                keyid:4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/HocpH_8bB8zDqxPZb0retCMmt04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/ThPQwKcD4JzaZMErCN2it0mgQpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:198:55a3:fcb4/128
                  2001:67c:64:ffff:0:198:5ff0:79dc/128
                  2001:67c:64:ffff:0:198:ad2f:c10a/128
                  2001:67c:64:ffff:0:199:70e1:b209/128
                  2001:67c:64:ffff:0:199:7262:3881/128
                  2001:67c:64:ffff:0:199:befc:c22a/128

    Signature Algorithm: sha256WithRSAEncryption
         12:2c:8d:53:3f:8a:a1:50:9f:02:78:21:da:5d:b3:f6:3a:9a:
         27:ca:c8:b0:d7:22:6f:2a:47:f3:5c:21:b6:bc:82:c2:e7:dd:
         5f:11:89:ae:77:f8:79:33:12:04:17:b2:d6:91:63:2a:c1:0b:
         5c:f7:c7:a2:db:85:62:27:97:8d:0f:dc:0d:8f:f3:a3:ff:70:
         9c:36:48:9f:7c:69:28:2d:a9:7d:28:4f:dd:20:a8:34:8a:28:
         c1:3d:fb:d0:e7:93:ee:a2:f0:f1:6b:01:da:33:e7:32:19:f7:
         60:47:08:94:74:83:e4:36:47:15:ca:99:cc:45:24:2d:75:97:
         2a:d8:8b:1d:fe:45:ca:b6:7d:35:6e:98:47:07:99:3d:0e:27:
         05:a1:0d:40:57:ac:46:cb:05:0c:09:3b:7f:fa:fa:6e:bb:8f:
         ec:e9:84:73:dc:6a:48:b5:3a:60:b6:04:ae:dd:1c:92:15:52:
         79:87:0d:80:c7:dd:a0:06:c2:70:a3:6e:8b:3a:48:2e:22:2e:
         ed:37:8a:ed:2e:6e:f7:a1:c1:df:ec:14:09:a3:63:0d:92:d8:
         11:9e:8d:c7:74:f7:c4:0e:a0:d5:99:7b:02:75:66:6d:7c:36:
         c0:10:dd:d3:b2:84:55:ff:7c:7f:6f:3f:a9:fa:eb:b5:e9:08:
         7f:e2:71:5e
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZpPqFReK/pAIRYJpdJuU8WQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTNkMGMwYTcwM2UwOWNkYTY0YzEyYjA4ZGRhMmI3NDlh
MDQyOWMwHhcNMjUxMTA0MTYxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTg3MjkxZmZmMWIwN2NjYzNhYjEzZDk2ZjRhZGViNDIzMjZiNzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6d5HaS+bbipEOaFJGQNQG9aGHjEr
OAJ4vntolLIbuV0iAGPCmNBjNl53An5/FF52wigOeL69ID2HP1hIQMV1ZqZeHLrT
/kXkyf7kqXkMsWxio7iCBUcoYMV6tRoA/XLNECma02hG0VeKHasTas6f4vCNjRu2
LBJ7hfljwhV2nA7NxTRZQxC5k+ISU8ukHhajxQE0i+WgMk1fuB+bq4gcmAt0kUgD
lWEGmrv3AyvGOBrvBX4s60JLK6SUjYDKayWKIKlsOdBy1EU4QtK/6/PBSBixp8ji
yjRKcrvOrbk2+S5hcL1JS/hlguVSSpE31Wj+KSTmmg1JmW/tKn1F0GQX4wIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFB6HKR//GwfMw6sT2W9K3rQjJrdOMB8GA1UdIwQY
MBaAFE4T0MCnA+Cc2mTBKwjdordJoEKcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYt
NmFhNDQzNTI4Y2U1LzEvSG9jcEhfOGJCOHpEcXhQWmIwcmV0Q01tdDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYtNmFhNDQzNTI4Y2U1
LzEvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAIwcgMRACABBnwA
ZP//AAABmFWj/LQDEQAgAQZ8AGT//wAAAZhf8HncAxEAIAEGfABk//8AAAGYrS/B
CgMRACABBnwAZP//AAABmXDhsgkDEQAgAQZ8AGT//wAAAZlyYjiBAxEAIAEGfABk
//8AAAGZvvzCKjANBgkqhkiG9w0BAQsFAAOCAQEAEiyNUz+KoVCfAngh2l2z9jqa
J8rIsNcibypH81whtryCwufdXxGJrnf4eTMSBBey1pFjKsELXPfHotuFYieXjQ/c
DY/zo/9wnDZIn3xpKC2pfShP3SCoNIoowT370OeT7qLw8WsB2jPnMhn3YEcIlHSD
5DZHFcqZzEUkLXWXKtiLHf5FyrZ9NW6YRweZPQ4nBaENQFesRssFDAk7f/r6bruP
7OmEc9xqSLU6YLYErt0ckhVSeYcNgMfdoAbCcKNuizpILiIu7TeK7S5u96HB3+wU
CaNjDZLYEZ6Nx3T3xA6g1Zl7AnVmbXw2wBDd07KEVf98f28/qfrrtekIf+JxXg==
-----END CERTIFICATE-----