Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1lev4R9tJIteYKvzeVpBPSKYtnI.roa
File:                     1lev4R9tJIteYKvzeVpBPSKYtnI.roa (raw, json)
Hash identifier:          GKHOuOn2CAuAYU7bo2WhAxGEkuOir2yVwer43ohxqlw=
Subject key identifier:   D6:57:AF:E1:1F:6D:24:8B:5E:60:AB:F3:79:5A:41:3D:22:98:B6:72
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018E748FCE6076EE456766FEB5A34D9A1B62
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1lev4R9tJIteYKvzeVpBPSKYtnI.roa
Signing time:             Mon 25 Mar 2024 07:42:45 +0000
ROA not before:           Mon 25 Mar 2024 07:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        2a13:c900::/32 maxlen: 32
                          2a13:c901::/32 maxlen: 32
                          2a13:c902::/32 maxlen: 32
                          2a13:c903::/32 maxlen: 32
                          2a13:c904::/32 maxlen: 32
                          2a13:c905::/32 maxlen: 32
                          2a13:c906::/32 maxlen: 32
                          2a13:c907::/32 maxlen: 32
                          2a13:d700::/32 maxlen: 32
                          2a13:d701::/32 maxlen: 32
                          2a13:d702::/32 maxlen: 32
                          2a13:d703::/32 maxlen: 32
                          2a13:d704::/32 maxlen: 32
                          2a13:d705::/32 maxlen: 32
                          2a13:d706::/32 maxlen: 32
                          2a13:d707::/32 maxlen: 32
                          2a13:d900::/32 maxlen: 32
                          2a13:d901::/32 maxlen: 32
                          2a13:d902::/32 maxlen: 32
                          2a13:d903::/32 maxlen: 32
                          2a13:d904::/32 maxlen: 32
                          2a13:d905::/32 maxlen: 32
                          2a13:d906::/32 maxlen: 32
                          2a13:d907::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 25 Mar 2024 07:44:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:8f:ce:60:76:ee:45:67:66:fe:b5:a3:4d:9a:1b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 25 07:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d657afe11f6d248b5e60abf3795a413d2298b672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6e:f9:d3:f3:30:5d:d0:ed:7e:40:6d:73:7f:
                    41:26:90:f0:8c:4f:c8:88:fb:85:f9:7d:bc:72:25:
                    93:07:5d:c0:12:60:d8:05:28:f0:67:a6:7a:17:13:
                    cd:f3:6a:a7:7e:07:7c:e4:da:ab:e4:9b:01:6a:08:
                    9a:b1:21:59:51:9c:75:0d:33:bd:59:85:fa:55:d9:
                    1c:a0:b7:15:ea:74:c7:4e:56:93:55:0f:90:72:e7:
                    85:6f:17:07:bd:79:44:1a:66:00:95:94:9f:83:3b:
                    f8:b2:aa:bc:0f:b5:1e:5c:90:f1:e2:a5:49:bd:98:
                    9c:45:da:84:38:c8:ae:32:3f:3d:55:7e:a7:fa:d1:
                    17:9e:e6:a3:45:a6:9b:8b:41:39:5d:72:0e:74:5e:
                    39:f7:a9:b6:ee:e7:8d:10:53:ea:c2:2a:1d:bc:76:
                    ca:c6:6c:99:20:79:c0:fc:dc:dd:4e:46:7c:ac:1a:
                    7b:d2:85:01:e5:f4:dc:00:b6:4d:88:34:a3:ea:3c:
                    d1:59:ec:c4:ad:48:96:0b:e3:a5:88:74:ef:9b:74:
                    ca:a2:8c:dc:7c:65:e4:ee:60:8b:11:c8:d6:22:ca:
                    a8:f6:44:b6:d5:b9:59:e6:a7:e4:fa:48:dd:b1:ea:
                    d1:45:37:ea:ce:26:73:ec:13:45:b8:f6:98:22:ca:
                    cf:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:57:AF:E1:1F:6D:24:8B:5E:60:AB:F3:79:5A:41:3D:22:98:B6:72
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1lev4R9tJIteYKvzeVpBPSKYtnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c900::/29
                  2a13:d700::/29
                  2a13:d900::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:19:a3:d7:1a:85:80:a1:55:44:9b:0b:45:8c:97:19:cb:e4:
         ac:84:5d:3d:62:be:09:fa:f7:80:e6:3f:49:f7:1f:aa:42:2e:
         0d:94:f3:e0:80:01:f8:8b:e1:a8:6c:3f:b6:9f:84:ed:90:e3:
         d9:44:df:51:ab:b5:91:33:f4:32:cf:cf:d6:d7:26:8d:58:8b:
         d7:fc:2f:1a:e9:9c:a7:af:9f:74:b1:b6:81:87:b8:86:2d:d6:
         a7:5e:bf:22:73:9e:30:48:2e:07:4c:75:31:3b:92:4b:6a:49:
         a9:d0:98:22:76:8f:01:5e:18:17:0f:92:45:89:99:d6:bc:54:
         22:59:5b:09:60:fa:c8:28:7a:3e:87:16:04:76:6c:df:ca:28:
         64:17:29:c5:f2:22:b0:b9:ef:80:56:a1:a5:bc:a8:1f:3b:d6:
         90:8f:fa:d1:1b:b8:3f:89:86:dd:b1:47:24:50:d8:39:56:19:
         27:cf:8d:ba:44:5a:1a:fd:70:5b:36:a8:b2:69:5c:71:d9:6b:
         dd:93:4c:fa:8d:dd:33:00:66:ea:e3:ac:8f:91:c6:74:89:84:
         80:50:8d:ce:70:2e:f7:ac:f8:65:b2:28:0d:0c:93:cd:e5:6e:
         a2:89:f0:e9:fd:01:7d:26:c8:d5:e5:42:ec:5d:16:d3:3d:d7:
         21:b2:29:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY50j85gdu5FZ2b+taNNmhtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMzI1MDc0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjU3YWZlMTFmNmQyNDhiNWU2MGFiZjM3OTVhNDEzZDIyOThiNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiW750/MwXdDtfkBtc39BJpDwjE/I
iPuF+X28ciWTB13AEmDYBSjwZ6Z6FxPN82qnfgd85Nqr5JsBagiasSFZUZx1DTO9
WYX6VdkcoLcV6nTHTlaTVQ+QcueFbxcHvXlEGmYAlZSfgzv4sqq8D7UeXJDx4qVJ
vZicRdqEOMiuMj89VX6n+tEXnuajRaabi0E5XXIOdF4596m27ueNEFPqwiodvHbK
xmyZIHnA/NzdTkZ8rBp70oUB5fTcALZNiDSj6jzRWezErUiWC+OliHTvm3TKoozc
fGXk7mCLEcjWIsqo9kS21blZ5qfk+kjdserRRTfqziZz7BNFuPaYIsrPbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNZXr+EfbSSLXmCr83laQT0imLZyMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMWxldjRSOXRKSXRlWUt2emVWcEJQU0tZdG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhPJAAMF
AyoT1wADBQMqE9kAMA0GCSqGSIb3DQEBCwUAA4IBAQB9GaPXGoWAoVVEmwtFjJcZ
y+SshF09Yr4J+veA5j9J9x+qQi4NlPPggAH4i+GobD+2n4TtkOPZRN9Rq7WRM/Qy
z8/W1yaNWIvX/C8a6Zynr590sbaBh7iGLdanXr8ic54wSC4HTHUxO5JLakmp0Jgi
do8BXhgXD5JFiZnWvFQiWVsJYPrIKHo+hxYEdmzfyihkFynF8iKwue+AVqGlvKgf
O9aQj/rRG7g/iYbdsUckUNg5Vhknz426RFoa/XBbNqiyaVxx2Wvdk0z6jd0zAGbq
46yPkcZ0iYSAUI3OcC73rPhlsigNDJPN5W6iifDp/QF9JsjV5ULsXRbTPdchsil6
-----END CERTIFICATE-----