Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NcJnivWgkmypJK_w7YrO8mOWyrQ.roa
File:                     NcJnivWgkmypJK_w7YrO8mOWyrQ.roa (raw, json)
Hash identifier:          Z0tpcq0SYMFcc/GvXmJIy7AKry0cD5StVj6ons24gDs=
Subject key identifier:   35:C2:67:8A:F5:A0:92:6C:A9:24:AF:F0:ED:8A:CE:F2:63:96:CA:B4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019409614E17DAA529116A12BC1F3860DBD5
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NcJnivWgkmypJK_w7YrO8mOWyrQ.roa
Signing time:             Fri 27 Dec 2024 18:29:19 +0000
ROA not before:           Fri 27 Dec 2024 18:29:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        64.226.54.0/23 maxlen: 23
                          64.226.156.0/22 maxlen: 22
                          2a0d:8f80::/29 maxlen: 29
                          2a0e:1a81::/32 maxlen: 32
                          2a0e:f500::/29 maxlen: 29
                          2a0e:f602::/32 maxlen: 32
                          2a0f:3d83::/32 maxlen: 32
                          2a10:37c0::/29 maxlen: 29
                          2a10:67c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 30 Dec 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:09:61:4e:17:da:a5:29:11:6a:12:bc:1f:38:60:db:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Dec 27 18:29:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35c2678af5a0926ca924aff0ed8acef26396cab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7b:ea:73:f3:b6:59:b0:71:a6:89:bf:3c:ac:
                    99:9a:0b:e3:6d:e4:67:bc:0b:15:33:da:c6:62:d8:
                    f6:7f:d1:12:8a:a5:c1:c0:3e:d9:cd:3c:39:56:e3:
                    11:0b:e9:20:0a:81:97:ef:c3:73:4e:a3:c7:21:3f:
                    51:fe:a0:7d:bb:20:60:a5:87:5e:eb:1e:0d:d6:93:
                    84:7f:c0:1a:7c:b0:5d:26:eb:b4:fd:23:c7:af:86:
                    09:0e:a4:24:43:5b:53:29:e0:42:cd:9a:17:4e:1b:
                    46:7f:62:3c:d8:08:3e:2d:3c:2e:5f:0d:67:2d:c1:
                    f9:44:f4:4d:6f:d0:86:e1:0a:d3:cb:57:31:8b:02:
                    9b:f1:c3:1a:6c:6b:bb:f4:84:2b:62:7e:ef:e0:c7:
                    b8:1a:e5:2e:f3:9b:36:ed:71:96:b5:b7:c4:3f:99:
                    9f:98:5d:a9:47:a1:3d:17:e5:c5:e4:59:de:b2:1d:
                    15:b7:89:0b:36:77:17:6a:6c:1f:82:21:79:8f:6d:
                    46:2d:f8:5f:e0:ac:5e:0e:b8:51:a6:ce:31:15:07:
                    56:0d:5e:77:bd:ec:4e:b8:45:e9:d1:1e:25:87:42:
                    1a:7d:8d:a5:34:ba:c9:1f:4f:90:1a:f4:43:b3:8c:
                    e4:87:fb:2f:24:82:5c:1f:b9:4a:85:68:42:29:4e:
                    b7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C2:67:8A:F5:A0:92:6C:A9:24:AF:F0:ED:8A:CE:F2:63:96:CA:B4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NcJnivWgkmypJK_w7YrO8mOWyrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.226.54.0/23
                  64.226.156.0/22
                IPv6:
                  2a0d:8f80::/29
                  2a0e:1a81::/32
                  2a0e:f500::/29
                  2a0e:f602::/32
                  2a0f:3d83::/32
                  2a10:37c0::/29
                  2a10:67c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:de:c7:ad:22:ad:5a:2b:4b:40:bc:cc:ef:ed:78:26:8f:37:
         86:ac:79:0a:a6:0a:be:50:79:ce:46:ae:cf:1b:5d:95:75:48:
         63:d9:71:39:c2:cd:fc:d2:7d:00:a5:66:2c:03:9d:5b:66:6a:
         21:dd:65:e0:3d:e5:6c:8b:f7:dd:10:b5:e3:35:81:01:44:3b:
         fa:e8:a5:10:bf:3a:8c:82:d1:2f:c9:61:45:6e:d1:84:95:3e:
         c6:7f:24:41:bb:9c:6f:eb:f2:c5:aa:87:2e:8e:08:08:4c:26:
         02:6b:3d:8c:61:bb:8a:a9:07:a7:5f:e3:a4:38:8c:82:a8:ca:
         19:78:bd:24:85:61:9a:82:bc:db:69:57:2e:0a:ad:a2:89:46:
         ed:78:c5:d8:23:01:b3:4e:63:53:d7:1b:ac:3d:60:65:68:29:
         38:9a:0d:a3:a6:93:4e:89:e6:7c:91:13:41:12:a7:72:29:9a:
         2f:3c:a2:89:d4:cb:8f:f3:af:f9:c9:c8:97:05:4f:2e:51:c0:
         4f:49:16:89:06:10:b0:1a:d2:79:e6:a3:6e:1a:80:4a:d8:a3:
         35:55:af:a3:28:e7:80:4a:77:90:d2:66:00:37:9c:20:25:c2:
         7e:80:4c:3a:f1:7b:07:37:87:1c:10:75:34:2d:55:e2:34:7d:
         ca:7f:f4:e5
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQJYU4X2qUpEWoSvB84YNvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMjI3MTgyOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWMyNjc4YWY1YTA5MjZjYTkyNGFmZjBlZDhhY2VmMjYzOTZjYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13vqc/O2WbBxpom/PKyZmgvjbeRn
vAsVM9rGYtj2f9ESiqXBwD7ZzTw5VuMRC+kgCoGX78NzTqPHIT9R/qB9uyBgpYde
6x4N1pOEf8AafLBdJuu0/SPHr4YJDqQkQ1tTKeBCzZoXThtGf2I82Ag+LTwuXw1n
LcH5RPRNb9CG4QrTy1cxiwKb8cMabGu79IQrYn7v4Me4GuUu85s27XGWtbfEP5mf
mF2pR6E9F+XF5Fnesh0Vt4kLNncXamwfgiF5j21GLfhf4KxeDrhRps4xFQdWDV53
vexOuEXp0R4lh0IafY2lNLrJH0+QGvRDs4zkh/svJIJcH7lKhWhCKU63WQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDXCZ4r1oJJsqSSv8O2KzvJjlsq0MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTmNKbml2V2drbXlwSktfdzdZck84bU9XeXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTASBAIAATAMAwQBQOI2AwQC
QOKcMDcEAgACMDEDBQMqDY+AAwUAKg4agQMFAyoO9QADBQAqDvYCAwUAKg89gwMF
AyoQN8ADBQAqEGfAMA0GCSqGSIb3DQEBCwUAA4IBAQCI3setIq1aK0tAvMzv7Xgm
jzeGrHkKpgq+UHnORq7PG12VdUhj2XE5ws380n0ApWYsA51bZmoh3WXgPeVsi/fd
ELXjNYEBRDv66KUQvzqMgtEvyWFFbtGElT7GfyRBu5xv6/LFqocujggITCYCaz2M
YbuKqQenX+OkOIyCqMoZeL0khWGagrzbaVcuCq2iiUbteMXYIwGzTmNT1xusPWBl
aCk4mg2jppNOieZ8kRNBEqdyKZovPKKJ1MuP86/5yciXBU8uUcBPSRaJBhCwGtJ5
5qNuGoBK2KM1Va+jKOeASneQ0mYAN5wgJcJ+gEw68XsHN4ccEHU0LVXiNH3Kf/Tl
-----END CERTIFICATE-----