Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/190AkwdHVrxiX8PkalPdqF-wcdo.roa
File:                     190AkwdHVrxiX8PkalPdqF-wcdo.roa (raw, json)
Hash identifier:          97q1ZtdnDcTpvOvWQEIPwbEhEYExotR6QfMpuoPNc+Q=
Subject key identifier:   D7:DD:00:93:07:47:56:BC:62:5F:C3:E4:6A:53:DD:A8:5F:B0:71:DA
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01912D76653FDE3BA04E66A5EFABA8C21B75
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/190AkwdHVrxiX8PkalPdqF-wcdo.roa
Signing time:             Wed 07 Aug 2024 15:30:19 +0000
ROA not before:           Wed 07 Aug 2024 15:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Thu 08 Aug 2024 14:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2d:76:65:3f:de:3b:a0:4e:66:a5:ef:ab:a8:c2:1b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  7 15:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7dd0093074756bc625fc3e46a53dda85fb071da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c1:29:4f:fb:74:1c:b2:04:e5:40:4f:45:06:
                    d6:ac:16:3c:3e:1c:82:a8:b7:f5:ab:26:e8:99:4d:
                    ce:b0:c0:53:bf:7e:d8:d2:48:41:1d:b9:3a:64:c9:
                    fc:8b:26:70:fe:39:da:11:8f:55:e8:62:3b:79:38:
                    c4:40:99:1a:9f:c1:d0:f0:2e:0b:d4:b9:c8:a2:e3:
                    6a:57:e8:20:2e:7d:85:59:30:9a:5f:0a:42:e9:c8:
                    00:ea:d9:c5:e0:14:19:cf:f2:3f:b4:30:4e:43:78:
                    39:1a:85:41:73:8a:a1:64:f7:41:b3:a1:f5:5c:8b:
                    d2:a9:d4:72:e2:8a:25:a3:c0:71:dc:90:7a:f9:90:
                    78:15:29:50:d4:c2:6f:35:ce:3c:e7:e1:d2:3a:64:
                    43:2b:1c:cd:f7:47:d0:8d:32:93:7d:63:ee:3e:72:
                    b4:2d:da:16:f3:5a:43:7d:c9:47:28:98:7a:52:fb:
                    bd:13:9b:87:be:2f:58:48:96:83:80:b5:91:84:39:
                    fa:44:7e:dd:12:1d:83:b9:30:59:68:a7:5e:65:8f:
                    ef:56:1d:74:01:61:a1:0e:39:26:56:90:9b:d5:34:
                    95:b3:22:8d:2f:75:b6:a4:c3:4b:51:c3:1f:f3:79:
                    c2:54:dc:58:67:82:5c:c3:46:a0:c0:3a:c0:75:39:
                    17:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:DD:00:93:07:47:56:BC:62:5F:C3:E4:6A:53:DD:A8:5F:B0:71:DA
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/190AkwdHVrxiX8PkalPdqF-wcdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:d1:4e:db:56:74:17:db:5f:e7:97:23:8a:ed:d5:85:71:fd:
         80:17:54:bf:02:a1:2f:ea:2c:b5:92:c5:a1:c1:7e:f2:55:4a:
         02:13:dd:61:1e:14:9c:fc:07:8f:af:73:fb:42:53:7d:79:71:
         f9:52:99:10:37:d8:36:29:9c:8d:ff:92:82:a9:49:1f:ca:2e:
         81:28:20:a6:ae:38:87:0a:a0:90:af:d0:d1:0b:e1:cd:59:4e:
         7d:9d:02:e1:21:47:06:d0:e6:32:87:bb:a6:ec:70:bf:4d:c1:
         3a:d4:30:ba:c5:40:8a:eb:30:f5:1c:5d:7b:fb:0b:ba:d9:34:
         fa:cb:f7:56:0a:ff:e4:8c:55:2e:63:2e:5d:90:88:e0:92:7e:
         7b:43:37:c1:c8:df:d4:55:d0:2f:a9:0c:33:c2:aa:23:47:bc:
         2b:f3:46:33:40:3e:56:59:db:13:f0:fb:e7:ae:ef:ec:af:d3:
         40:5e:ae:96:61:34:5d:8e:c3:68:6b:5a:69:09:34:3c:81:64:
         8a:9a:4a:f7:42:2a:d3:f0:77:c7:ba:6d:c7:99:c2:55:c6:8c:
         e3:38:c6:30:bc:82:15:79:9a:71:03:84:30:0b:a1:58:62:86:
         95:a6:bb:0f:b6:ee:c4:d6:54:32:10:7b:8e:f7:d2:79:19:af:
         e7:1b:14:08
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZEtdmU/3jugTmal76uowht1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODA3MTUzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2RkMDA5MzA3NDc1NmJjNjI1ZmMzZTQ2YTUzZGRhODVmYjA3MWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusEpT/t0HLIE5UBPRQbWrBY8PhyC
qLf1qybomU3OsMBTv37Y0khBHbk6ZMn8iyZw/jnaEY9V6GI7eTjEQJkan8HQ8C4L
1LnIouNqV+ggLn2FWTCaXwpC6cgA6tnF4BQZz/I/tDBOQ3g5GoVBc4qhZPdBs6H1
XIvSqdRy4oolo8Bx3JB6+ZB4FSlQ1MJvNc485+HSOmRDKxzN90fQjTKTfWPuPnK0
LdoW81pDfclHKJh6Uvu9E5uHvi9YSJaDgLWRhDn6RH7dEh2DuTBZaKdeZY/vVh10
AWGhDjkmVpCb1TSVsyKNL3W2pMNLUcMf83nCVNxYZ4Jcw0agwDrAdTkX4wIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFNfdAJMHR1a8Yl/D5GpT3ahfsHHaMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMTkwQWt3ZEhWcnhpWDhQa2FsUGRxRi13Y2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjASBAIAATAMAwQALVYMAwQA
LZjGMEQEAgACMD4DBQAqDhXEAwUAKg4ahAMHACoPPYALrAMFACoPPYIDBwAqD30A
AAEDBwAqD7wAocQDBQAqExjDAwUDKhMrQDANBgkqhkiG9w0BAQsFAAOCAQEAudFO
21Z0F9tf55cjiu3VhXH9gBdUvwKhL+ostZLFocF+8lVKAhPdYR4UnPwHj69z+0JT
fXlx+VKZEDfYNimcjf+SgqlJH8ougSggpq44hwqgkK/Q0QvhzVlOfZ0C4SFHBtDm
Moe7puxwv03BOtQwusVAiusw9Rxde/sLutk0+sv3Vgr/5IxVLmMuXZCI4JJ+e0M3
wcjf1FXQL6kMM8KqI0e8K/NGM0A+VlnbE/D7567v7K/TQF6ulmE0XY7DaGtaaQk0
PIFkippK90Iq0/B3x7ptx5nCVcaM4zjGMLyCFXmacQOEMAuhWGKGlaa7D7buxNZU
MhB7jvfSeRmv5xsUCA==
-----END CERTIFICATE-----