Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z7xAW_X_TsrxWiB65AAgrR6ughA.roa
File:                     Z7xAW_X_TsrxWiB65AAgrR6ughA.roa (raw, json)
Hash identifier:          KXzjDuCVtx5KBh8hwiJv+t1uls9bRv376DqunyndZwI=
Subject key identifier:   67:BC:40:5B:F5:FF:4E:CA:F1:5A:20:7A:E4:00:20:AD:1E:AE:82:10
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018D4565207CB770249C391CDB8E65A9AC03
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z7xAW_X_TsrxWiB65AAgrR6ughA.roa
Signing time:             Fri 26 Jan 2024 10:51:11 +0000
ROA not before:           Fri 26 Jan 2024 10:51:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205544
IP address blocks:        2a09:17c0::/48 maxlen: 48
                          2a09:17c1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a0f:e6c6:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a12:ecc0:f::/48 maxlen: 48
                          2a12:ecc6:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a13:c700:1::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a13:e101:2::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 09 Feb 2024 08:41:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:65:20:7c:b7:70:24:9c:39:1c:db:8e:65:a9:ac:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan 26 10:51:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67bc405bf5ff4ecaf15a207ae40020ad1eae8210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:90:36:6b:c1:f8:33:97:28:fb:8e:5b:7e:91:
                    ab:66:c4:c6:d7:59:1a:51:7c:30:33:aa:b4:bd:7c:
                    63:df:02:ca:7c:54:67:ce:2a:9e:e9:4e:95:5d:0d:
                    e4:29:5d:2d:34:ca:fa:59:cd:18:30:9b:7a:9c:f1:
                    01:bf:17:7c:ad:19:9d:af:19:7e:ec:15:c6:31:0e:
                    a1:f9:06:51:df:08:48:a6:28:af:17:20:5c:a5:15:
                    86:b4:a4:2d:64:21:61:8d:06:29:8d:b9:85:bc:81:
                    e8:a8:98:ee:48:29:fb:d9:67:a2:17:e9:27:e3:24:
                    52:b1:b4:92:4a:23:4d:d9:d9:cb:ad:39:7f:35:78:
                    1a:db:c7:26:1a:31:66:ab:19:5a:0a:2f:d9:d1:4a:
                    50:d2:a8:12:55:0e:23:e0:2a:52:85:37:b4:92:6d:
                    ed:c4:85:d7:07:20:cc:d3:47:96:67:ef:1e:bc:64:
                    01:b6:05:0f:50:9c:83:2e:40:b5:fa:34:b6:26:5e:
                    17:98:83:d9:1f:ad:d1:54:48:f8:b5:36:71:a4:c9:
                    af:6a:fa:8c:26:33:3c:d9:cb:8e:49:cc:05:0a:8b:
                    65:ca:a9:84:fa:74:68:40:34:8c:28:85:12:80:10:
                    96:3b:ec:70:ed:c2:bc:ed:4f:81:20:c8:e7:d4:c2:
                    db:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:BC:40:5B:F5:FF:4E:CA:F1:5A:20:7A:E4:00:20:AD:1E:AE:82:10
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z7xAW_X_TsrxWiB65AAgrR6ughA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:17c0::/48
                  2a09:17c1::/48
                  2a0f:e1c0:1::/48
                  2a0f:e440::/29
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a12:ecc0:f::/48
                  2a12:ecc6:1::/48
                  2a13:3380:1::/48
                  2a13:c700:1::/48
                  2a13:e101:1::-2a13:e101:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         cf:bd:94:84:9e:15:ca:38:a1:99:e7:dd:ea:60:d9:a7:1f:f1:
         fb:40:c1:f0:d2:1f:06:d5:b5:85:04:ec:79:48:5d:bc:3e:0c:
         3e:62:91:6e:46:8f:6c:2b:22:57:16:76:ec:7b:23:f8:c2:30:
         31:00:78:69:3e:dc:44:de:54:ce:ec:e4:46:67:49:9a:60:0d:
         ab:bb:23:3f:54:a5:d9:aa:d7:e2:1a:e0:bf:f3:6c:8d:63:bf:
         2c:03:db:b9:ec:53:47:be:ca:f4:39:22:d8:88:06:21:62:b9:
         08:d6:c6:9e:53:fe:7e:70:19:5b:54:b9:95:27:c0:01:4f:99:
         e7:2c:dc:bd:fd:8b:bc:6d:00:02:39:4d:6e:f1:22:4c:3b:33:
         7a:6f:da:5a:01:73:8a:86:3c:f6:da:63:75:aa:45:ae:65:18:
         b6:37:69:4d:2e:a7:4f:ec:35:c8:28:10:41:af:e9:0a:83:93:
         8f:3c:2d:7f:ef:04:4d:e5:dd:fd:c7:3e:58:2f:9d:04:3b:88:
         77:73:d7:b3:54:37:04:b1:c8:45:19:ba:d2:91:3d:e5:e3:28:
         c9:dd:42:aa:b0:cc:0d:08:d0:47:ce:a1:0d:65:e0:c6:1f:1d:
         b9:7d:ac:79:51:26:f4:6d:a2:16:65:60:2f:99:9a:52:3f:ea:
         44:6d:d9:d4
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAY1FZSB8t3AknDkc245lqawDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTI2MTA1MTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2JjNDA1YmY1ZmY0ZWNhZjE1YTIwN2FlNDAwMjBhZDFlYWU4MjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpA2a8H4M5co+45bfpGrZsTG11ka
UXwwM6q0vXxj3wLKfFRnziqe6U6VXQ3kKV0tNMr6Wc0YMJt6nPEBvxd8rRmdrxl+
7BXGMQ6h+QZR3whIpiivFyBcpRWGtKQtZCFhjQYpjbmFvIHoqJjuSCn72WeiF+kn
4yRSsbSSSiNN2dnLrTl/NXga28cmGjFmqxlaCi/Z0UpQ0qgSVQ4j4CpShTe0km3t
xIXXByDM00eWZ+8evGQBtgUPUJyDLkC1+jS2Jl4XmIPZH63RVEj4tTZxpMmvavqM
JjM82cuOScwFCotlyqmE+nRoQDSMKIUSgBCWO+xw7cK87U+BIMjn1MLbOwIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFGe8QFv1/07K8VogeuQAIK0eroIQMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWjd4QVdfWF9Uc3J4V2lCNjVBQWdyUjZ1Z2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAIwbAMHACoJF8AA
AAMHACoJF8EAAAMHACoP4cAAAQMFAyoP5EADBwAqD+bGAAEDBwAqD+bHAAEDBwAq
EuzAAA8DBwAqEuzGAAEDBwAqEzOAAAEDBwAqE8cAAAEwEgMHACoT4QEAAQMHACoT
4QEAAjANBgkqhkiG9w0BAQsFAAOCAQEAz72UhJ4Vyjihmefd6mDZpx/x+0DB8NIf
BtW1hQTseUhdvD4MPmKRbkaPbCsiVxZ27Hsj+MIwMQB4aT7cRN5UzuzkRmdJmmAN
q7sjP1Sl2arX4hrgv/NsjWO/LAPbuexTR77K9Dki2IgGIWK5CNbGnlP+fnAZW1S5
lSfAAU+Z5yzcvf2LvG0AAjlNbvEiTDszem/aWgFzioY89tpjdapFrmUYtjdpTS6n
T+w1yCgQQa/pCoOTjzwtf+8ETeXd/cc+WC+dBDuId3PXs1Q3BLHIRRm60pE95eMo
yd1CqrDMDQjQR86hDWXgxh8duX2seVEm9G2iFmVgL5maUj/qRG3Z1A==
-----END CERTIFICATE-----