Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/itFY14THA8tVdmrXVHCVEOXyqIE.roa
File:                     itFY14THA8tVdmrXVHCVEOXyqIE.roa (raw, json)
Hash identifier:          nvU5z4QT2gEAWTkWHJaulZoY9s3hly0VTwQlYb8vRd8=
Subject key identifier:   8A:D1:58:D7:84:C7:03:CB:55:76:6A:D7:54:70:95:10:E5:F2:A8:81
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019069064CD4D0810B0D2972681DCA24C241
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/itFY14THA8tVdmrXVHCVEOXyqIE.roa
Signing time:             Sun 30 Jun 2024 12:02:18 +0000
ROA not before:           Sun 30 Jun 2024 12:02:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:18c0:2::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 32
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Tue 02 Jul 2024 07:04:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:69:06:4c:d4:d0:81:0b:0d:29:72:68:1d:ca:24:c2:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 30 12:02:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad158d784c703cb55766ad754709510e5f2a881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8a:2e:5a:4b:2e:70:88:5f:43:bd:11:94:2e:
                    4b:04:05:43:a1:4b:c5:a5:c1:da:28:44:36:c5:f4:
                    e3:11:3e:1a:94:cb:80:95:43:96:da:68:80:85:b3:
                    49:fd:7a:17:71:e8:a3:ba:d9:fd:5a:1a:d2:a5:96:
                    33:2e:f8:ca:62:d7:4f:76:34:d2:aa:bb:0a:cf:b3:
                    74:52:85:80:37:db:9a:26:a9:09:32:5f:3a:50:2f:
                    44:ce:50:07:c3:92:99:ef:34:04:f7:2e:9e:07:9d:
                    05:c6:6a:fe:11:30:c4:7c:9c:81:1e:43:df:6a:ea:
                    80:b1:e4:c1:8e:c5:8a:0a:5d:06:88:05:08:51:96:
                    24:05:d2:e9:4f:0d:7f:98:07:f0:d4:e0:20:96:e8:
                    cf:f1:ec:56:c3:af:3d:1e:9b:55:79:7a:3f:30:5e:
                    70:5f:ad:bb:45:7d:e7:a1:a5:e8:05:43:13:04:34:
                    ae:57:f2:c1:05:9c:83:30:05:d4:7e:3c:32:d6:14:
                    3a:ed:09:15:5d:66:b1:05:c7:80:a8:8f:cc:16:9d:
                    4b:e1:7b:57:32:9a:a8:42:82:7b:90:a4:5c:46:58:
                    1e:13:89:41:65:4e:39:bf:c8:f2:26:51:06:3b:ec:
                    9b:ed:cd:d4:8c:86:af:08:5f:c4:32:05:30:c6:c0:
                    b9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D1:58:D7:84:C7:03:CB:55:76:6A:D7:54:70:95:10:E5:F2:A8:81
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/itFY14THA8tVdmrXVHCVEOXyqIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:18c0:2::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:83:8f:84:59:d3:18:a9:28:9a:ec:56:7c:4c:13:9f:61:67:
         fd:94:a0:fe:6a:53:96:64:3c:83:9e:9c:5a:2e:2c:66:f6:1c:
         e5:1e:97:8e:33:f2:17:97:d2:0f:d4:02:fb:df:55:13:84:9f:
         c5:c7:b1:ff:c9:7e:62:dc:f0:1f:a7:33:c5:0f:ca:a5:d1:f8:
         13:2a:77:9d:e6:21:02:ce:16:12:fc:46:a5:53:a3:06:c1:cd:
         22:8f:6a:e6:a2:51:08:98:48:81:28:d8:00:1f:16:28:15:13:
         ca:1b:cc:9d:cc:f7:df:d5:84:14:04:39:4e:6c:f3:73:d3:e7:
         98:80:44:73:fd:ee:04:38:ea:2a:fb:40:ab:43:9c:a2:4f:cb:
         b9:fb:9c:a7:d5:96:45:06:28:73:d1:af:99:e9:10:eb:03:ef:
         ce:25:28:b8:0c:27:fb:fe:51:2d:e7:9e:df:48:b2:82:a5:9e:
         77:79:72:30:bc:1e:90:bf:66:1f:fa:cb:56:44:28:89:fd:15:
         e2:40:13:45:b7:e3:3c:45:76:da:aa:31:01:f3:09:0a:7c:5c:
         27:73:a8:94:26:96:0f:fd:b5:d2:fe:98:b8:ca:3f:2f:bb:8f:
         70:94:1a:fa:a2:82:00:35:45:0c:85:26:53:4f:de:1d:af:0d:
         0d:f2:45:45
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZBpBkzU0IELDSlyaB3KJMJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjMwMTIwMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQxNThkNzg0YzcwM2NiNTU3NjZhZDc1NDcwOTUxMGU1ZjJhODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4ouWksucIhfQ70RlC5LBAVDoUvF
pcHaKEQ2xfTjET4alMuAlUOW2miAhbNJ/XoXceijutn9WhrSpZYzLvjKYtdPdjTS
qrsKz7N0UoWAN9uaJqkJMl86UC9EzlAHw5KZ7zQE9y6eB50Fxmr+ETDEfJyBHkPf
auqAseTBjsWKCl0GiAUIUZYkBdLpTw1/mAfw1OAglujP8exWw689HptVeXo/MF5w
X627RX3noaXoBUMTBDSuV/LBBZyDMAXUfjwy1hQ67QkVXWaxBceAqI/MFp1L4XtX
MpqoQoJ7kKRcRlgeE4lBZU45v8jyJlEGO+yb7c3UjIavCF/EMgUwxsC5KQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFIrRWNeExwPLVXZq11RwlRDl8qiBMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaXRGWTE0VEhBOHRWZG1yWFZIQ1ZFT1h5cUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTASBAIAATAMAwQALVYMAwQA
LZjGMD8EAgACMDkDBQAqDhqEAwcAKg8tgBKSAwcAKg99AAABAwcAKg+8AKHEAwcA
KhMYwAACAwUAKhMYwwMFAyoTK0AwDQYJKoZIhvcNAQELBQADggEBAFSDj4RZ0xip
KJrsVnxME59hZ/2UoP5qU5ZkPIOenFouLGb2HOUel44z8heX0g/UAvvfVROEn8XH
sf/JfmLc8B+nM8UPyqXR+BMqd53mIQLOFhL8RqVTowbBzSKPauaiUQiYSIEo2AAf
FigVE8obzJ3M99/VhBQEOU5s83PT55iARHP97gQ46ir7QKtDnKJPy7n7nKfVlkUG
KHPRr5npEOsD784lKLgMJ/v+US3nnt9IsoKlnnd5cjC8HpC/Zh/6y1ZEKIn9FeJA
E0W34zxFdtqqMQHzCQp8XCdzqJQmlg/9tdL+mLjKPy+7j3CUGvqiggA1RQyFJlNP
3h2vDQ3yRUU=
-----END CERTIFICATE-----