Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5QrZoG7qYQv0aFhzxunU8uRYEdo.roa
File:                     5QrZoG7qYQv0aFhzxunU8uRYEdo.roa (raw, json)
Hash identifier:          VXdZ20y1GpuZFsaDtlet4BuHwpidsye2ZVQekUzfFJE=
Subject key identifier:   E5:0A:D9:A0:6E:EA:61:0B:F4:68:58:73:C6:E9:D4:F2:E4:58:11:DA
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019524A5397EAD7991973AEBFA91B30C1B39
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5QrZoG7qYQv0aFhzxunU8uRYEdo.roa
Signing time:             Thu 20 Feb 2025 18:36:02 +0000
ROA not before:           Thu 20 Feb 2025 18:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        64.226.54.0/23 maxlen: 23
                          64.226.156.0/22 maxlen: 22
                          2a06:1186::/32 maxlen: 32
                          2a06:35c2::/32 maxlen: 32
                          2a0d:8f80::/29 maxlen: 29
                          2a0e:1a81::/32 maxlen: 32
                          2a0e:c783::/32 maxlen: 32
                          2a0e:f500::/29 maxlen: 29
                          2a0e:f602::/32 maxlen: 32
                          2a0f:1e82::/32 maxlen: 32
                          2a0f:3d83::/32 maxlen: 32
                          2a10:37c0::/29 maxlen: 29
                          2a10:67c0::/32 maxlen: 32
                          2a13:9281::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 07 Mar 2025 16:15:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:24:a5:39:7e:ad:79:91:97:3a:eb:fa:91:b3:0c:1b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 20 18:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e50ad9a06eea610bf4685873c6e9d4f2e45811da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f7:c8:3a:91:2f:45:c1:b4:93:94:10:83:05:
                    4e:3e:32:a0:ff:c9:95:c3:ae:54:34:6d:f6:e7:65:
                    4f:aa:62:72:fb:cb:a4:57:05:66:3d:51:fc:bb:df:
                    6c:72:f5:74:d1:ae:4d:fd:8a:02:03:5b:e5:3e:37:
                    59:01:20:a4:90:57:95:ee:d8:58:5b:d9:80:9b:63:
                    d5:b1:87:77:58:dc:87:3b:91:a0:d0:29:3b:fa:d3:
                    44:f1:a7:7a:86:b1:18:94:8d:64:58:56:fe:23:85:
                    25:57:ce:73:29:a8:17:c8:0f:eb:39:97:6f:4a:bd:
                    af:cb:0c:4a:99:e9:ed:68:b4:b7:c6:ab:45:e8:78:
                    eb:db:85:3c:8c:57:df:d9:02:59:85:2a:b1:59:84:
                    fa:56:dd:d3:55:a2:b8:88:60:a9:38:42:e2:8a:bd:
                    d6:5e:45:07:f5:e4:0e:e3:55:cb:13:f6:22:c5:94:
                    da:46:98:55:07:c1:c2:bb:0d:98:48:05:7c:5c:c5:
                    16:9c:a5:38:e7:f9:89:1c:3d:fc:b5:fb:34:21:b1:
                    e7:a4:d1:81:d9:05:06:c3:2a:a0:56:68:20:1c:d8:
                    6c:88:3f:57:5a:ef:27:24:f1:42:8f:5a:d2:d6:c6:
                    8f:b6:c3:8d:30:32:36:f9:b1:53:a4:90:51:f1:84:
                    ac:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0A:D9:A0:6E:EA:61:0B:F4:68:58:73:C6:E9:D4:F2:E4:58:11:DA
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5QrZoG7qYQv0aFhzxunU8uRYEdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.226.54.0/23
                  64.226.156.0/22
                IPv6:
                  2a06:1186::/32
                  2a06:35c2::/32
                  2a0d:8f80::/29
                  2a0e:1a81::/32
                  2a0e:c783::/32
                  2a0e:f500::/29
                  2a0e:f602::/32
                  2a0f:1e82::/32
                  2a0f:3d83::/32
                  2a10:37c0::/29
                  2a10:67c0::/32
                  2a13:9281::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:a2:f1:4a:53:c9:44:13:2c:69:ec:85:b2:4d:31:ed:9f:04:
         e3:17:9d:c9:80:33:d3:22:d1:aa:9e:9a:86:57:db:62:63:3a:
         b7:ce:38:f5:e1:86:42:07:f5:32:8d:a0:98:d4:2b:29:2d:be:
         02:2e:84:0f:ac:06:9e:27:d8:49:69:f2:38:c8:dd:7c:76:65:
         e6:45:9e:ad:6a:42:f5:06:e1:23:5a:2c:6f:14:d2:14:c9:50:
         5e:06:76:ca:06:e4:a4:ff:85:50:d8:fa:33:af:40:05:f6:f7:
         8a:ea:59:f1:f3:c0:fe:06:1c:5a:96:4a:6e:c7:c0:c3:1a:ed:
         89:68:25:4a:d0:54:ed:42:67:4d:6b:2f:b0:5c:0f:18:58:9d:
         50:b8:1c:5e:9f:77:f0:d7:97:b6:6b:c2:92:45:91:d8:2d:a8:
         64:64:55:15:6e:e9:51:f1:2f:23:30:a1:1c:62:d6:a5:70:28:
         34:21:10:bb:f0:1c:55:00:05:ad:c9:2e:bd:9d:90:68:f6:81:
         58:ae:1e:b0:97:c2:97:0c:0f:3d:16:4a:b1:07:b1:90:4e:f9:
         6e:fc:fe:08:ef:f4:3c:c0:c0:b9:b2:1a:68:6c:63:2a:97:05:
         ef:4b:aa:5c:c5:7f:9b:95:30:03:22:da:45:3f:07:c8:0f:7d:
         6d:bb:49:36
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZUkpTl+rXmRlzrr+pGzDBs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMjIwMTgzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBhZDlhMDZlZWE2MTBiZjQ2ODU4NzNjNmU5ZDRmMmU0NTgxMWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vfIOpEvRcG0k5QQgwVOPjKg/8mV
w65UNG3252VPqmJy+8ukVwVmPVH8u99scvV00a5N/YoCA1vlPjdZASCkkFeV7thY
W9mAm2PVsYd3WNyHO5Gg0Ck7+tNE8ad6hrEYlI1kWFb+I4UlV85zKagXyA/rOZdv
Sr2vywxKmentaLS3xqtF6Hjr24U8jFff2QJZhSqxWYT6Vt3TVaK4iGCpOELiir3W
XkUH9eQO41XLE/YixZTaRphVB8HCuw2YSAV8XMUWnKU45/mJHD38tfs0IbHnpNGB
2QUGwyqgVmggHNhsiD9XWu8nJPFCj1rS1saPtsONMDI2+bFTpJBR8YSsgQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFOUK2aBu6mEL9GhYc8bp1PLkWBHaMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNVFyWm9HN3FZUXYwYUZoenh1blU4dVJZRWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwEgQCAAEwDAMEAUDiNgME
AkDinDBaBAIAAjBUAwUAKgYRhgMFACoGNcIDBQMqDY+AAwUAKg4agQMFACoOx4MD
BQMqDvUAAwUAKg72AgMFACoPHoIDBQAqDz2DAwUDKhA3wAMFACoQZ8ADBQAqE5KB
MA0GCSqGSIb3DQEBCwUAA4IBAQCDovFKU8lEEyxp7IWyTTHtnwTjF53JgDPTItGq
npqGV9tiYzq3zjj14YZCB/UyjaCY1CspLb4CLoQPrAaeJ9hJafI4yN18dmXmRZ6t
akL1BuEjWixvFNIUyVBeBnbKBuSk/4VQ2Pozr0AF9veK6lnx88D+Bhxalkpux8DD
Gu2JaCVK0FTtQmdNay+wXA8YWJ1QuBxen3fw15e2a8KSRZHYLahkZFUVbulR8S8j
MKEcYtalcCg0IRC78BxVAAWtyS69nZBo9oFYrh6wl8KXDA89FkqxB7GQTvlu/P4I
7/Q8wMC5shpobGMqlwXvS6pcxX+blTADItpFPwfID31tu0k2
-----END CERTIFICATE-----