Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8dMPA5HFnPMo5f447HlRwJLeDeY.roa
File:                     8dMPA5HFnPMo5f447HlRwJLeDeY.roa (raw, json)
Hash identifier:          eKHUeTIxfSnQpfaSwRVFVIWRvxlXGBOFlljq06poW8w=
Subject key identifier:   F1:D3:0F:03:91:C5:9C:F3:28:E5:FE:38:EC:79:51:C0:92:DE:0D:E6
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019128A5DEE31BDD735BAAF3D319A9182536
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8dMPA5HFnPMo5f447HlRwJLeDeY.roa
Signing time:             Tue 06 Aug 2024 17:04:04 +0000
ROA not before:           Tue 06 Aug 2024 17:04:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 32
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Wed 07 Aug 2024 07:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:28:a5:de:e3:1b:dd:73:5b:aa:f3:d3:19:a9:18:25:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  6 17:04:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d30f0391c59cf328e5fe38ec7951c092de0de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7c:fb:6d:ef:43:58:e2:a0:32:3a:88:da:b5:
                    3a:43:bc:60:ca:30:1a:15:29:eb:c2:7b:87:36:14:
                    60:ed:8f:89:8b:d7:eb:42:69:a1:64:2a:8c:d3:01:
                    3f:05:53:98:a5:1e:53:ea:a2:be:42:59:af:b5:2c:
                    5b:f7:c1:f3:d0:6b:ff:d6:a7:a1:ee:9c:94:01:6c:
                    79:ed:84:01:71:dc:2c:bd:72:dc:4d:ad:f5:c2:1b:
                    60:4f:5d:44:ab:54:69:65:d5:da:a1:04:5f:32:c8:
                    d6:b7:61:77:59:71:cc:c9:70:16:d1:0e:63:33:e9:
                    d6:4d:cf:52:d9:92:8a:c9:4f:7c:d9:d2:aa:e0:f2:
                    33:d9:e7:8d:28:92:d5:51:4f:98:b4:f8:be:26:1b:
                    38:03:57:ff:84:07:0e:44:9c:c0:42:40:28:48:f9:
                    c2:21:fa:ce:de:84:56:0d:a4:eb:88:75:25:ea:69:
                    a3:eb:b6:4e:b0:ad:e2:e6:89:0e:88:56:9b:0a:a2:
                    1d:43:e8:54:b4:a8:aa:5f:73:a7:d1:ba:53:48:5b:
                    d2:a4:df:38:5d:6e:7e:d6:85:19:ac:c2:8d:a4:e4:
                    d5:e6:8d:0a:0e:fb:22:40:65:7c:a4:07:c1:bf:2f:
                    ec:0d:3a:1a:5d:4c:1d:fd:45:04:1b:23:33:56:40:
                    a1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D3:0F:03:91:C5:9C:F3:28:E5:FE:38:EC:79:51:C0:92:DE:0D:E6
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8dMPA5HFnPMo5f447HlRwJLeDeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a12:ecc2::/32
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         cf:9a:11:66:a6:0c:2a:f4:14:c6:7f:e7:64:0a:cd:7e:01:71:
         ce:73:03:0a:5b:84:e2:d7:30:d6:5d:95:c7:ec:04:d6:0a:e2:
         3f:3f:35:b9:97:29:a6:3c:8a:ae:94:83:59:be:51:20:d1:dc:
         e5:c2:cf:3b:ee:59:e9:bf:cb:45:d8:1e:15:71:f0:65:db:91:
         2d:10:ec:ac:f8:94:e8:96:5e:5f:5a:77:e4:0d:cf:16:e6:ad:
         0d:ae:e4:90:5e:d3:a3:e1:fe:b0:c1:bb:f5:13:8a:40:e6:87:
         51:bc:3c:0e:56:e8:17:d9:e0:bb:2f:34:a2:bf:87:40:d7:50:
         f6:9e:64:ab:17:66:dc:9b:17:98:5e:6d:e2:cc:8d:00:02:57:
         fe:1b:ac:bf:b4:b7:e1:46:b8:a0:5d:19:35:5e:50:53:6d:8e:
         e0:fa:ea:bd:42:30:1e:d5:4b:a1:78:05:29:e5:99:d4:da:ce:
         69:f6:37:41:e4:f7:b5:34:d3:72:d6:b9:05:26:1a:34:e5:b0:
         a9:ed:2c:53:13:2e:4b:1c:24:23:89:cd:dd:64:1e:b6:6d:4f:
         5f:01:a1:5a:3c:d2:a8:e4:f9:77:4f:51:f9:b0:57:da:04:b3:
         90:f3:1f:2b:bf:b8:9c:35:5d:76:48:e1:26:39:61:c0:93:21:
         aa:65:5f:25
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAZEopd7jG91zW6rz0xmpGCU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODA2MTcwNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQzMGYwMzkxYzU5Y2YzMjhlNWZlMzhlYzc5NTFjMDkyZGUwZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53z7be9DWOKgMjqI2rU6Q7xgyjAa
FSnrwnuHNhRg7Y+Ji9frQmmhZCqM0wE/BVOYpR5T6qK+QlmvtSxb98Hz0Gv/1qeh
7pyUAWx57YQBcdwsvXLcTa31whtgT11Eq1RpZdXaoQRfMsjWt2F3WXHMyXAW0Q5j
M+nWTc9S2ZKKyU982dKq4PIz2eeNKJLVUU+YtPi+Jhs4A1f/hAcORJzAQkAoSPnC
IfrO3oRWDaTriHUl6mmj67ZOsK3i5okOiFabCqIdQ+hUtKiqX3On0bpTSFvSpN84
XW5+1oUZrMKNpOTV5o0KDvsiQGV8pAfBvy/sDToaXUwd/UUEGyMzVkChkwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFPHTDwORxZzzKOX+OOx5UcCS3g3mMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOGRNUEE1SEZuUE1vNWY0NDdIbFJ3SkxlRGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTASBAIAATAMAwQALVYMAwQA
LZjGMDsEAgACMDUDBQAqDhXEAwUAKg4ahAMHACoPfQAAAQMHACoPvAChxAMFACoS
7MIDBQAqExjDAwUDKhMrQDANBgkqhkiG9w0BAQsFAAOCAQEAz5oRZqYMKvQUxn/n
ZArNfgFxznMDCluE4tcw1l2Vx+wE1griPz81uZcppjyKrpSDWb5RINHc5cLPO+5Z
6b/LRdgeFXHwZduRLRDsrPiU6JZeX1p35A3PFuatDa7kkF7To+H+sMG79ROKQOaH
Ubw8DlboF9nguy80or+HQNdQ9p5kqxdm3JsXmF5t4syNAAJX/husv7S34Ua4oF0Z
NV5QU22O4PrqvUIwHtVLoXgFKeWZ1NrOafY3QeT3tTTTcta5BSYaNOWwqe0sUxMu
SxwkI4nN3WQetm1PXwGhWjzSqOT5d09R+bBX2gSzkPMfK7+4nDVddkjhJjlhwJMh
qmVfJQ==
-----END CERTIFICATE-----