Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MeIaVBdBgsnV3m-T_t1xaagIQCM.roa
File:                     MeIaVBdBgsnV3m-T_t1xaagIQCM.roa (raw, json)
Hash identifier:          Qhf4N1kQfdM79okBciszLFNXm6w7zw/WZ5dPhusaZtI=
Subject key identifier:   31:E2:1A:54:17:41:82:C9:D5:DE:6F:93:FE:DD:71:69:A8:08:40:23
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01916A95BA1344EA7EFC39BF5F46E65F6FD9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MeIaVBdBgsnV3m-T_t1xaagIQCM.roa
Signing time:             Mon 19 Aug 2024 12:21:23 +0000
ROA not before:           Mon 19 Aug 2024 12:21:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          103.114.40.0/24 maxlen: 24
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Wed 21 Aug 2024 14:52:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:95:ba:13:44:ea:7e:fc:39:bf:5f:46:e6:5f:6f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 19 12:21:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31e21a54174182c9d5de6f93fedd7169a8084023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:64:53:ba:66:8d:35:0c:91:04:c6:53:dc:dc:
                    59:bb:a1:03:62:07:f6:fd:a5:8a:d3:67:78:d5:67:
                    22:88:1f:6a:ae:66:7d:46:6f:29:af:2c:6e:81:bb:
                    e2:cb:59:95:6e:68:bc:e6:71:dc:7e:4e:b8:8e:48:
                    fd:38:4e:13:1d:c3:06:0f:46:2e:9c:72:65:55:5c:
                    e0:19:42:89:1d:b8:63:06:81:4b:77:ba:4e:b4:0a:
                    6b:84:fd:8e:c3:10:e6:af:1b:eb:da:4e:6d:1e:a5:
                    c2:75:83:c2:a2:6e:8c:86:e2:37:33:de:3b:ba:f7:
                    8a:a7:f8:65:55:fb:6e:52:e2:c7:25:14:70:67:76:
                    f1:45:57:22:a2:c1:d6:35:f6:3c:64:d4:f4:96:b9:
                    bd:08:b3:c1:f3:04:35:5b:aa:3f:2c:1b:25:fa:93:
                    34:d5:8d:22:52:51:41:f8:4c:f4:7c:b5:ed:45:fe:
                    be:6a:6f:fd:ef:5f:01:b0:58:15:eb:a8:a6:65:ce:
                    a8:1b:35:c9:29:4a:11:c4:c2:57:da:d7:de:69:17:
                    92:f6:a9:0f:85:0f:c7:61:64:1d:82:9d:9c:60:5b:
                    70:17:61:0c:ee:d1:bf:8e:25:45:44:79:d8:7c:20:
                    37:c0:53:31:2c:5e:7c:2b:6c:05:2e:78:a7:8f:62:
                    8f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E2:1A:54:17:41:82:C9:D5:DE:6F:93:FE:DD:71:69:A8:08:40:23
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MeIaVBdBgsnV3m-T_t1xaagIQCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                  103.114.40.0/24
                IPv6:
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a12:ecc2::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:68:a5:56:17:6e:32:8a:76:02:9c:28:00:77:da:e2:09:da:
         f5:71:a6:2f:0f:8b:86:e4:33:9d:44:a0:b4:8b:5c:28:d2:f7:
         a3:2e:4b:55:4c:44:26:4e:69:bc:3d:e2:5f:2d:bd:f0:e2:7e:
         51:f1:ec:12:05:ee:c8:17:16:21:70:ab:3a:20:8c:50:c1:e6:
         66:98:b5:90:8c:03:bc:93:ac:b0:7e:6f:41:f5:a3:c3:53:46:
         a3:d1:27:17:7b:5a:bd:be:ca:41:e8:5b:ae:fb:f6:46:e1:c8:
         cf:07:c6:0b:c0:60:f0:a4:1d:ef:18:26:02:89:6b:f8:f6:cb:
         6f:59:ab:a6:3a:ec:5d:e5:07:f4:5f:2b:1d:c2:ec:a6:c4:48:
         53:9c:cb:aa:a6:fb:bb:b8:f1:3d:cc:98:ed:ad:3c:df:b3:eb:
         be:6d:3f:dd:67:3a:4e:a7:65:e6:5e:fc:ab:73:bd:04:4c:32:
         f0:54:a9:24:f4:03:05:1b:60:32:cd:ff:a5:53:cb:a1:7d:be:
         22:05:a8:f7:42:36:25:0a:98:cd:84:87:61:30:45:54:6f:ba:
         24:d9:28:07:55:db:e0:0e:71:32:c7:d7:63:62:ed:42:ad:15:
         c1:94:87:4e:2d:f9:d1:aa:82:d4:2f:e1:3e:50:09:7e:6b:2d:
         5a:5e:de:17
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZFqlboTROp+/Dm/X0bmX2/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODE5MTIyMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWUyMWE1NDE3NDE4MmM5ZDVkZTZmOTNmZWRkNzE2OWE4MDg0MDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2RTumaNNQyRBMZT3NxZu6EDYgf2
/aWK02d41WciiB9qrmZ9Rm8pryxugbviy1mVbmi85nHcfk64jkj9OE4THcMGD0Yu
nHJlVVzgGUKJHbhjBoFLd7pOtAprhP2OwxDmrxvr2k5tHqXCdYPCom6MhuI3M947
uveKp/hlVftuUuLHJRRwZ3bxRVciosHWNfY8ZNT0lrm9CLPB8wQ1W6o/LBsl+pM0
1Y0iUlFB+Ez0fLXtRf6+am/9718BsFgV66imZc6oGzXJKUoRxMJX2tfeaReS9qkP
hQ/HYWQdgp2cYFtwF2EM7tG/jiVFRHnYfCA3wFMxLF58K2wFLninj2KPTwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFDHiGlQXQYLJ1d5vk/7dcWmoCEAjMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTWVJYVZCZEJnc25WM20tVF90MXhhYWdJUUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAYBAIAATASAwQALVYMAwQA
LZjGAwQAZ3IoMEYEAgACMEADBQAqDhqEAwcAKg72AABfAwcAKg89gAusAwUAKg89
ggMHACoPfQAAAQMHACoPvAChxAMFACoS7MIDBQMqEytAMA0GCSqGSIb3DQEBCwUA
A4IBAQAzaKVWF24yinYCnCgAd9riCdr1caYvD4uG5DOdRKC0i1wo0vejLktVTEQm
Tmm8PeJfLb3w4n5R8ewSBe7IFxYhcKs6IIxQweZmmLWQjAO8k6ywfm9B9aPDU0aj
0ScXe1q9vspB6Fuu+/ZG4cjPB8YLwGDwpB3vGCYCiWv49stvWaumOuxd5Qf0Xysd
wuymxEhTnMuqpvu7uPE9zJjtrTzfs+u+bT/dZzpOp2XmXvyrc70ETDLwVKkk9AMF
G2Ayzf+lU8uhfb4iBaj3QjYlCpjNhIdhMEVUb7ok2SgHVdvgDnEyx9djYu1CrRXB
lIdOLfnRqoLUL+E+UAl+ay1aXt4X
-----END CERTIFICATE-----