Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9_o4Woh2BAf-9yC3jaBf7OfzvrI.roa
File:                     9_o4Woh2BAf-9yC3jaBf7OfzvrI.roa (raw, json)
Hash identifier:          I5ke3O60JZdPhp4aqZascLe/SgRViWhMFvTJfzOunDA=
Subject key identifier:   F7:FA:38:5A:88:76:04:07:FE:F7:20:B7:8D:A0:5F:EC:E7:F3:BE:B2
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01914AE88B75A3A80065159CBCE306257501
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9_o4Woh2BAf-9yC3jaBf7OfzvrI.roa
Signing time:             Tue 13 Aug 2024 08:43:59 +0000
ROA not before:           Tue 13 Aug 2024 08:43:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Thu 15 Aug 2024 08:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4a:e8:8b:75:a3:a8:00:65:15:9c:bc:e3:06:25:75:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 13 08:43:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7fa385a88760407fef720b78da05fece7f3beb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b9:5d:6f:fe:a5:89:3d:ce:cb:96:9d:ec:08:
                    d3:e5:2c:0c:c2:18:f3:31:09:ce:c5:12:2a:87:4e:
                    20:3e:b9:c3:05:54:4c:43:df:c2:ca:84:54:e5:f0:
                    64:0b:17:2a:6a:e3:49:58:0a:de:14:c3:9b:cf:d9:
                    2e:0b:c9:69:53:c7:72:0e:2b:d2:f9:cf:f1:2d:b5:
                    92:09:57:a4:62:5a:ac:15:d8:ba:1c:45:8d:89:b1:
                    91:fd:fa:ff:a2:7e:3f:cd:bf:b4:47:4c:b5:71:65:
                    95:aa:03:18:dd:a6:88:0d:c5:37:e8:54:f5:4d:ad:
                    24:93:a1:85:79:57:38:31:0a:16:b8:72:2a:3f:fd:
                    6f:00:e0:03:4a:17:88:7a:5e:e1:6c:6c:26:38:b4:
                    52:85:27:cc:84:c5:75:d2:9a:00:ac:9b:24:c7:18:
                    40:7e:c5:0e:22:69:5f:69:f9:7e:24:08:7e:fc:34:
                    db:7b:24:f1:84:0a:9d:dc:cf:32:4f:dc:fc:65:88:
                    d6:70:35:3d:5e:79:b7:df:47:42:92:5e:60:3f:be:
                    05:17:96:6c:38:88:20:a8:0a:5f:72:4d:01:06:0a:
                    b1:8f:37:94:14:83:15:31:b6:0e:44:20:89:f3:a6:
                    14:a2:46:ef:57:1e:e7:9c:ae:db:4f:2f:67:55:4a:
                    ab:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:FA:38:5A:88:76:04:07:FE:F7:20:B7:8D:A0:5F:EC:E7:F3:BE:B2
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/9_o4Woh2BAf-9yC3jaBf7OfzvrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a12:ecc2::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:e7:89:b5:be:e5:d6:bb:3a:ea:44:a0:df:04:82:fb:3f:eb:
         73:97:ad:99:e7:56:2f:f3:ee:5a:bc:21:f1:e4:61:8c:2f:e6:
         61:6a:de:4b:8f:ec:8f:d5:18:2c:3d:eb:c8:85:d4:d5:ed:79:
         43:65:24:b0:19:2d:38:33:e0:48:5e:f6:0f:19:67:15:26:6c:
         4e:e8:ee:7f:80:40:43:de:13:12:bb:c0:f6:a0:93:40:31:6c:
         c0:d0:44:dd:b2:f8:5a:a0:20:cd:8c:ec:4e:d3:04:32:83:67:
         25:b6:bf:40:1c:36:0d:51:1a:22:51:a2:f2:57:ef:92:00:5f:
         2e:00:d2:ca:21:b0:e5:31:ce:98:01:bf:77:b4:49:d9:cc:25:
         36:1e:be:23:b4:5a:43:f3:e4:ce:d8:62:1a:c9:5d:83:a2:d3:
         2d:3b:a1:41:63:95:a3:35:f6:ae:99:b1:61:e0:1c:af:eb:83:
         df:68:a2:b9:7e:d7:f2:d7:5a:43:0b:f0:4e:6e:9d:c0:f0:c9:
         3d:31:aa:3f:f0:f9:7f:7a:70:e3:74:08:03:f4:c7:67:ff:d2:
         e9:ce:43:e7:db:1c:ea:c7:ed:f8:06:b2:98:4c:97:6b:2b:da:
         b6:b9:59:78:c9:50:08:82:51:06:21:94:e2:fd:78:74:dc:bf:
         c0:eb:a3:da
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZFK6It1o6gAZRWcvOMGJXUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODEzMDg0MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ZhMzg1YTg4NzYwNDA3ZmVmNzIwYjc4ZGEwNWZlY2U3ZjNiZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLldb/6liT3Oy5ad7AjT5SwMwhjz
MQnOxRIqh04gPrnDBVRMQ9/CyoRU5fBkCxcqauNJWAreFMObz9kuC8lpU8dyDivS
+c/xLbWSCVekYlqsFdi6HEWNibGR/fr/on4/zb+0R0y1cWWVqgMY3aaIDcU36FT1
Ta0kk6GFeVc4MQoWuHIqP/1vAOADSheIel7hbGwmOLRShSfMhMV10poArJskxxhA
fsUOImlfafl+JAh+/DTbeyTxhAqd3M8yT9z8ZYjWcDU9Xnm330dCkl5gP74FF5Zs
OIggqApfck0BBgqxjzeUFIMVMbYORCCJ86YUokbvVx7nnK7bTy9nVUqr9QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFPf6OFqIdgQH/vcgt42gX+zn876yMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOV9vNFdvaDJCQWYtOXlDM2phQmY3T2Z6dnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDASBAIAATAMAwQALVYMAwQA
LZjGMEYEAgACMEADBQAqDhqEAwcAKg72AABfAwcAKg89gAusAwUAKg89ggMHACoP
fQAAAQMHACoPvAChxAMFACoS7MIDBQMqEytAMA0GCSqGSIb3DQEBCwUAA4IBAQCT
54m1vuXWuzrqRKDfBIL7P+tzl62Z51Yv8+5avCHx5GGML+Zhat5Lj+yP1RgsPevI
hdTV7XlDZSSwGS04M+BIXvYPGWcVJmxO6O5/gEBD3hMSu8D2oJNAMWzA0ETdsvha
oCDNjOxO0wQyg2cltr9AHDYNURoiUaLyV++SAF8uANLKIbDlMc6YAb93tEnZzCU2
Hr4jtFpD8+TO2GIayV2DotMtO6FBY5WjNfaumbFh4Byv64PfaKK5ftfy11pDC/BO
bp3A8Mk9Mao/8Pl/enDjdAgD9Mdn/9LpzkPn2xzqx+34BrKYTJdrK9q2uVl4yVAI
glEGIZTi/Xh03L/A66Pa
-----END CERTIFICATE-----