Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SirZInV_LRXHi_5BwBsCkjP_Uzo.roa
File:                     SirZInV_LRXHi_5BwBsCkjP_Uzo.roa (raw, json)
Hash identifier:          MWBGfRLsGPccyukKIXpV0vLNx2im91CTCd96pt/Hhd4=
Subject key identifier:   4A:2A:D9:22:75:7F:2D:15:C7:8B:FE:41:C0:1B:02:92:33:FF:53:3A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194080910D0A076E10603B53FCDC2E70585
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SirZInV_LRXHi_5BwBsCkjP_Uzo.roa
Signing time:             Fri 27 Dec 2024 12:13:19 +0000
ROA not before:           Fri 27 Dec 2024 12:13:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        103.114.40.0/24 maxlen: 24
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:1e80:100::/48 maxlen: 48
                          2a0f:1e80:1986::/48 maxlen: 48
                          2a0f:1e84:20::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e6c6:5532::/48 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
                          2a13:e102:10::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:50:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:08:09:10:d0:a0:76:e1:06:03:b5:3f:cd:c2:e7:05:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Dec 27 12:13:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a2ad922757f2d15c78bfe41c01b029233ff533a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1e:6e:54:c7:d6:08:c8:48:f9:bc:38:03:83:
                    c8:8a:b9:b1:3e:d7:73:7c:05:74:33:31:d0:ec:ad:
                    c1:b7:80:20:11:95:57:35:ae:8a:b9:37:31:3e:01:
                    3c:60:a9:e8:a1:1b:9c:29:68:2f:09:a3:09:7f:3c:
                    81:8b:f9:af:4c:a1:2a:73:0a:8f:48:3d:25:47:d5:
                    79:2f:2a:1f:a3:b5:22:34:e2:33:97:ed:4d:0a:80:
                    1d:93:ea:8f:a6:62:90:3a:f4:68:c3:8d:b0:52:9f:
                    9c:bf:ef:57:ff:c2:34:96:28:7e:10:19:f1:d9:5d:
                    e7:dd:10:c3:9d:a3:f9:54:05:96:53:72:d6:49:cf:
                    0e:cf:37:6a:8f:31:1f:db:19:78:91:f5:77:31:5b:
                    40:9a:8d:f6:0d:99:dc:15:69:c4:b6:40:0b:00:98:
                    51:7f:09:0e:50:b7:5f:be:db:a9:21:f0:6b:05:e0:
                    44:bb:26:ac:23:1b:1b:9f:d2:60:52:83:91:cd:18:
                    65:03:7b:8a:4a:e2:17:f7:c9:9c:da:04:fa:4a:13:
                    5c:bc:35:cc:85:6e:b4:d0:77:29:28:5e:45:3d:95:
                    85:a7:99:4f:77:8b:85:66:b2:c2:dd:df:32:70:00:
                    41:dc:93:2e:a8:27:64:56:27:76:8c:c3:39:69:0e:
                    a3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2A:D9:22:75:7F:2D:15:C7:8B:FE:41:C0:1B:02:92:33:FF:53:3A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SirZInV_LRXHi_5BwBsCkjP_Uzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.40.0/24
                IPv6:
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:1e80:100::/48
                  2a0f:1e80:1986::/48
                  2a0f:1e84:20::/48
                  2a0f:3d80:bac::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e6c6:5532::/48
                  2a13:2b40::/29
                  2a13:e102:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:57:c5:75:18:2f:7c:a5:7b:3f:34:ec:00:12:e6:9c:97:6d:
         4b:6d:38:a7:f1:f7:73:e3:95:f2:be:6a:58:33:dd:be:44:96:
         ee:e5:94:0c:84:1d:27:8e:74:3c:56:65:bf:d7:58:bb:f0:49:
         c7:af:67:55:76:ac:f8:5c:0d:2d:41:17:00:2b:54:75:90:58:
         91:b9:fd:e9:ac:89:0b:95:cf:b4:dc:4f:09:e0:24:9b:20:f0:
         01:29:93:e6:4f:71:73:8b:18:a4:39:e2:7a:81:92:15:35:fa:
         1c:5e:e6:49:cb:72:d8:ff:ac:3c:bd:0f:ae:9d:6d:a8:cf:27:
         2f:30:d6:f2:40:29:91:9f:7f:e6:a9:72:4e:86:d6:59:6c:13:
         d2:89:5e:e1:00:96:53:99:b3:dc:15:91:9a:24:7e:b8:d4:83:
         51:9a:09:67:d1:50:e6:64:5e:8f:6d:72:d5:9c:0c:71:56:37:
         cb:a2:06:4b:54:a4:8b:26:d2:f7:4d:5f:40:e4:dc:34:99:38:
         7c:3c:c1:78:79:1e:9e:ba:47:40:08:c1:7c:f3:f3:cb:88:6f:
         18:72:44:b0:19:ae:2e:2a:b9:26:da:cb:d3:d6:6b:2d:97:5e:
         64:53:59:f1:81:96:8d:f5:5e:7b:90:e8:75:37:10:ce:83:56:
         aa:df:72:32
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZQICRDQoHbhBgO1P83C5wWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMjI3MTIxMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTJhZDkyMjc1N2YyZDE1Yzc4YmZlNDFjMDFiMDI5MjMzZmY1MzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2h5uVMfWCMhI+bw4A4PIirmxPtdz
fAV0MzHQ7K3Bt4AgEZVXNa6KuTcxPgE8YKnooRucKWgvCaMJfzyBi/mvTKEqcwqP
SD0lR9V5Lyofo7UiNOIzl+1NCoAdk+qPpmKQOvRow42wUp+cv+9X/8I0lih+EBnx
2V3n3RDDnaP5VAWWU3LWSc8OzzdqjzEf2xl4kfV3MVtAmo32DZncFWnEtkALAJhR
fwkOULdfvtupIfBrBeBEuyasIxsbn9JgUoORzRhlA3uKSuIX98mc2gT6ShNcvDXM
hW600HcpKF5FPZWFp5lPd4uFZrLC3d8ycABB3JMuqCdkVid2jMM5aQ6jEQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFEoq2SJ1fy0Vx4v+QcAbApIz/1M6MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvU2lyWkluVl9MUlhIaV81QndCc0NralBfVXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwDAQCAAEwBgMEAGdyKDBl
BAIAAjBfAwUAKg4ahAMHACoO9gAAXwMHACoPHoABAAMHACoPHoAZhgMHACoPHoQA
IAMHACoPPYALrAMHACoPfQAAAQMHACoPvAChxAMHACoP5sZVMgMFAyoTK0ADBwAq
E+ECABAwDQYJKoZIhvcNAQELBQADggEBAM1XxXUYL3ylez807AAS5pyXbUttOKfx
93PjlfK+algz3b5Elu7llAyEHSeOdDxWZb/XWLvwScevZ1V2rPhcDS1BFwArVHWQ
WJG5/emsiQuVz7TcTwngJJsg8AEpk+ZPcXOLGKQ54nqBkhU1+hxe5knLctj/rDy9
D66dbajPJy8w1vJAKZGff+apck6G1llsE9KJXuEAllOZs9wVkZokfrjUg1GaCWfR
UOZkXo9tctWcDHFWN8uiBktUpIsm0vdNX0Dk3DSZOHw8wXh5Hp66R0AIwXzz88uI
bxhyRLAZri4quSbay9PWay2XXmRTWfGBlo31XnuQ6HU3EM6DVqrfcjI=
-----END CERTIFICATE-----