Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9ehN6-H4Xg5gGb1-lm_wlj2Mn7c.roa
File:                     9ehN6-H4Xg5gGb1-lm_wlj2Mn7c.roa (raw, json)
Hash identifier:          J1y6zTL/QmlUrxwPqxCGMzyQi2L9qQXALrzz81tw6/A=
Subject key identifier:   F5:E8:4D:EB:E1:F8:5E:0E:60:19:BD:7E:96:6F:F0:96:3D:8C:9F:B7
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D065C012018909C0E546CBDDE2D291D16
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9ehN6-H4Xg5gGb1-lm_wlj2Mn7c.roa
Signing time:             Thu 19 Mar 2026 13:49:46 +0000
ROA not before:           Thu 19 Mar 2026 13:49:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0a:2d07:cc::/48 maxlen: 48
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:df45:25b::/48 maxlen: 48
                          2a12:ecc0:22::/48 maxlen: 48
                          2a13:18c6:c9a1::/48 maxlen: 48
                          2a13:9280::/32 maxlen: 32
                          2a13:c900:66::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 26 Mar 2026 16:07:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:5c:01:20:18:90:9c:0e:54:6c:bd:de:2d:29:1d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 19 13:49:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5e84debe1f85e0e6019bd7e966ff0963d8c9fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cf:03:bc:ae:dd:04:03:4b:91:d7:fd:68:60:
                    f0:f1:40:a4:eb:ea:1e:a4:83:dd:ad:f0:9f:ed:80:
                    9e:a0:c3:43:04:e6:f6:ab:da:11:23:61:86:3a:7d:
                    dc:12:8a:6f:11:21:43:15:60:d0:ff:77:f3:61:ca:
                    4e:a1:37:6b:79:dc:f1:bd:0c:67:96:ad:88:af:3e:
                    89:3e:12:c2:9e:ef:10:a1:36:77:39:4c:94:c8:40:
                    3a:dd:b8:c4:46:85:f5:ed:ff:ac:c7:23:c9:77:52:
                    5a:ec:f3:6e:71:56:e8:53:47:f1:c7:15:b0:e9:dd:
                    dc:1d:be:84:a3:d8:91:85:44:d5:e4:47:57:6a:c5:
                    9a:8f:74:e8:a9:52:86:d4:c2:83:ad:db:94:47:61:
                    57:8a:35:08:ab:89:84:78:82:ad:c0:a8:34:32:d8:
                    5a:f4:27:9d:33:02:d1:97:fc:d8:42:03:73:8a:f2:
                    b0:18:33:52:f1:21:00:7a:43:0b:ff:be:32:f9:01:
                    3a:47:3b:9b:27:96:a5:38:af:c4:a2:27:ec:f6:60:
                    ab:60:6c:d9:9e:d8:ba:a5:8b:c1:00:0c:dd:ba:33:
                    a6:90:34:0b:83:94:c1:ae:62:3f:d8:ec:00:4b:62:
                    7d:21:05:7d:5c:42:6f:7d:2d:c3:85:54:de:20:ad:
                    0d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E8:4D:EB:E1:F8:5E:0E:60:19:BD:7E:96:6F:F0:96:3D:8C:9F:B7
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9ehN6-H4Xg5gGb1-lm_wlj2Mn7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d07:cc::/48
                  2a0e:1a84::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:df45:25b::/48
                  2a12:ecc0:22::/48
                  2a13:18c6:c9a1::/48
                  2a13:9280::/32
                  2a13:c900:66::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:bf:af:30:33:66:2e:b7:de:67:89:7f:0f:fc:ce:b8:02:b5:
         39:8e:18:3c:b9:a8:66:f2:7f:99:c7:0e:98:f4:d0:66:9d:58:
         12:02:0c:93:43:a3:11:b3:34:49:a5:3a:af:6a:6d:39:a6:d1:
         76:37:d6:3f:8a:aa:6b:4c:f4:e3:39:e0:29:a8:14:bb:e9:14:
         1d:4a:a4:64:5d:59:e1:90:8e:9f:98:16:1d:49:3b:74:22:2a:
         f4:32:35:89:cc:89:c3:76:a1:47:66:4f:de:26:6b:84:92:54:
         c8:e2:ec:60:cc:22:86:1d:dd:5b:49:2e:39:c0:96:d0:63:42:
         cd:e9:ce:07:c5:88:fe:6e:33:bb:48:bd:02:ea:de:08:e4:a9:
         dd:0e:00:b7:65:2f:c3:af:9c:77:9f:b6:96:dd:84:9b:5d:bd:
         f5:8a:c8:5f:cb:6f:13:97:e8:6e:bc:e5:dc:aa:55:e5:4f:6e:
         8b:18:dd:6b:c6:47:94:b7:24:b2:be:9e:03:ec:ae:3c:43:34:
         86:39:a3:50:7e:7f:d1:3f:99:4d:4e:73:9f:15:ad:d8:b1:0f:
         39:dd:af:65:a4:61:08:a3:b0:6f:7b:cb:31:8f:25:a9:da:81:
         b7:ea:df:a0:0f:71:29:71:3a:9d:57:9a:77:a7:16:70:60:99:
         63:eb:8e:d4
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZ0GXAEgGJCcDlRsvd4tKR0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzE5MTM0OTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWU4NGRlYmUxZjg1ZTBlNjAxOWJkN2U5NjZmZjA5NjNkOGM5ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr88DvK7dBANLkdf9aGDw8UCk6+oe
pIPdrfCf7YCeoMNDBOb2q9oRI2GGOn3cEopvESFDFWDQ/3fzYcpOoTdredzxvQxn
lq2Irz6JPhLCnu8QoTZ3OUyUyEA63bjERoX17f+sxyPJd1Ja7PNucVboU0fxxxWw
6d3cHb6Eo9iRhUTV5EdXasWaj3ToqVKG1MKDrduUR2FXijUIq4mEeIKtwKg0Mtha
9CedMwLRl/zYQgNzivKwGDNS8SEAekML/74y+QE6RzubJ5alOK/Eoifs9mCrYGzZ
nti6pYvBAAzdujOmkDQLg5TBrmI/2OwAS2J9IQV9XEJvfS3DhVTeIK0NvQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPXoTevh+F4OYBm9fpZv8JY9jJ+3MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOWVoTjYtSDRYZzVnR2IxLWxtX3dsajJNbjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwcAKgotBwDM
AwUAKg4ahAMHACoPfQAAAQMHACoPvAChxAMHACoP30UCWwMHACoS7MAAIgMHACoT
GMbJoQMFACoTkoADBwAqE8kAAGYwDQYJKoZIhvcNAQELBQADggEBAIO/rzAzZi63
3meJfw/8zrgCtTmOGDy5qGbyf5nHDpj00GadWBICDJNDoxGzNEmlOq9qbTmm0XY3
1j+KqmtM9OM54CmoFLvpFB1KpGRdWeGQjp+YFh1JO3QiKvQyNYnMicN2oUdmT94m
a4SSVMji7GDMIoYd3VtJLjnAltBjQs3pzgfFiP5uM7tIvQLq3gjkqd0OALdlL8Ov
nHeftpbdhJtdvfWKyF/LbxOX6G685dyqVeVPbosY3WvGR5S3JLK+ngPsrjxDNIY5
o1B+f9E/mU1Oc58VrdixDzndr2WkYQijsG97yzGPJanagbfq36APcSlxOp1Xmnen
FnBgmWPrjtQ=
-----END CERTIFICATE-----