Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/l9IXUe0KJP_IvWZQRHtWZlj2xks.roa
File:                     l9IXUe0KJP_IvWZQRHtWZlj2xks.roa (raw, json)
Hash identifier:          LyYiyBPq2hdWy1KvynEGknZjyiX1WHelWwpHT+NK7MA=
Subject key identifier:   97:D2:17:51:ED:0A:24:FF:C8:BD:66:50:44:7B:56:66:58:F6:C6:4B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019072427203A90C3D1E440113DD4F5E4F42
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/l9IXUe0KJP_IvWZQRHtWZlj2xks.roa
Signing time:             Tue 02 Jul 2024 07:04:35 +0000
ROA not before:           Tue 02 Jul 2024 07:04:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0c:7884::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:18c0:2::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 32
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Tue 02 Jul 2024 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:42:72:03:a9:0c:3d:1e:44:01:13:dd:4f:5e:4f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul  2 07:04:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d21751ed0a24ffc8bd6650447b566658f6c64b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:f3:b3:f1:02:65:f7:6c:8b:2e:dd:45:b2:
                    4b:34:e8:6e:8c:85:14:7a:92:a0:05:a1:72:3c:bc:
                    94:1f:73:ab:26:33:27:32:65:f7:8c:f0:ab:ac:38:
                    92:57:6a:df:a8:47:56:7d:0b:92:47:8e:ee:f4:4e:
                    6f:05:83:31:e0:db:3d:a3:ad:22:dc:8d:27:7f:64:
                    e3:70:58:75:3e:d9:8e:fe:38:1f:0c:70:74:69:6e:
                    b4:87:f9:2e:f9:57:fd:c3:e0:da:ba:85:b0:ef:f8:
                    93:c2:87:f4:3a:f0:75:13:06:ee:3c:73:fe:e2:4c:
                    c3:20:0b:dd:c9:9c:fd:64:64:98:f8:64:c1:37:2e:
                    d6:a8:df:59:1c:87:37:dd:a3:22:16:d2:3e:e8:dd:
                    4b:be:6a:df:e9:ea:22:e9:78:c6:1c:40:ab:e9:f7:
                    00:ab:a0:c5:ba:da:d5:3e:66:21:b8:42:6d:75:69:
                    f8:3d:f3:06:fc:3f:73:eb:4b:dc:78:b0:55:79:61:
                    e0:0f:13:b1:0e:a6:9f:74:37:fd:87:49:64:33:f9:
                    c9:e6:1d:f5:eb:53:a1:4f:e9:94:d9:0b:3f:48:82:
                    21:2c:ce:49:9c:66:07:90:dd:9a:54:33:5a:25:6b:
                    61:cd:65:b7:67:54:30:9b:e9:fd:af:f5:d2:49:32:
                    ba:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D2:17:51:ED:0A:24:FF:C8:BD:66:50:44:7B:56:66:58:F6:C6:4B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/l9IXUe0KJP_IvWZQRHtWZlj2xks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0c:7884::/32
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:18c0:2::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:fa:de:37:eb:ee:8d:55:14:e9:5a:bb:9a:f1:0e:50:8a:90:
         ec:95:45:c6:b7:d4:84:84:77:15:80:f2:b8:46:8d:7a:cb:8e:
         f5:14:2c:0a:9d:e8:cf:50:3c:1f:65:f2:1d:ff:f9:9c:7d:59:
         1d:eb:f1:80:33:5f:f3:9d:50:fa:a4:74:4d:d1:d1:08:ce:34:
         66:d6:90:2a:8e:e9:d1:18:b2:e1:ad:c4:30:35:5a:08:b5:33:
         a9:6b:4c:5c:3b:1e:49:51:2c:6e:1a:17:72:92:c4:81:5e:77:
         21:9e:52:b8:19:c3:19:67:8f:d8:c2:c8:28:c6:5a:0e:0a:3d:
         dc:99:99:61:9c:6c:50:19:7b:60:9d:36:d1:03:f1:be:d2:36:
         a7:e9:eb:cc:27:df:58:55:67:29:d6:e2:32:f4:03:98:39:31:
         8f:35:a6:c8:6f:d1:ab:ad:25:3f:3b:28:fc:a7:e3:b4:9c:70:
         7f:b8:72:31:35:0a:a8:e1:ce:4f:6a:dd:5d:b5:13:d1:9e:b1:
         d3:97:35:f7:66:83:68:c4:e0:8a:4d:47:7e:12:74:3f:c0:51:
         7e:14:2d:35:1c:5e:65:60:52:25:3d:91:39:ea:7a:a2:b6:82:
         69:43:21:d4:df:ac:dc:42:8e:06:06:8e:fd:dc:3f:e9:d3:40:
         6d:da:7e:e9
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZByQnIDqQw9HkQBE91PXk9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNzAyMDcwNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2QyMTc1MWVkMGEyNGZmYzhiZDY2NTA0NDdiNTY2NjU4ZjZjNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxPzs/ECZfdsiy7dRbJLNOhujIUU
epKgBaFyPLyUH3OrJjMnMmX3jPCrrDiSV2rfqEdWfQuSR47u9E5vBYMx4Ns9o60i
3I0nf2TjcFh1PtmO/jgfDHB0aW60h/ku+Vf9w+DauoWw7/iTwof0OvB1EwbuPHP+
4kzDIAvdyZz9ZGSY+GTBNy7WqN9ZHIc33aMiFtI+6N1Lvmrf6eoi6XjGHECr6fcA
q6DFutrVPmYhuEJtdWn4PfMG/D9z60vceLBVeWHgDxOxDqafdDf9h0lkM/nJ5h31
61OhT+mU2Qs/SIIhLM5JnGYHkN2aVDNaJWthzWW3Z1Qwm+n9r/XSSTK67QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJfSF1HtCiT/yL1mUER7VmZY9sZLMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbDlJWFVlMEtKUF9JdldaUVJIdFdabGoyeGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDASBAIAATAMAwQALVYMAwQA
LZjGMEYEAgACMEADBQAqDHiEAwUAKg4ahAMHACoPLYASkgMHACoPfQAAAQMHACoP
vAChxAMHACoTGMAAAgMFACoTGMMDBQMqEytAMA0GCSqGSIb3DQEBCwUAA4IBAQAl
+t436+6NVRTpWrua8Q5QipDslUXGt9SEhHcVgPK4Ro16y471FCwKnejPUDwfZfId
//mcfVkd6/GAM1/znVD6pHRN0dEIzjRm1pAqjunRGLLhrcQwNVoItTOpa0xcOx5J
USxuGhdyksSBXnchnlK4GcMZZ4/YwsgoxloOCj3cmZlhnGxQGXtgnTbRA/G+0jan
6evMJ99YVWcp1uIy9AOYOTGPNabIb9GrrSU/Oyj8p+O0nHB/uHIxNQqo4c5Pat1d
tRPRnrHTlzX3ZoNoxOCKTUd+EnQ/wFF+FC01HF5lYFIlPZE56nqitoJpQyHU36zc
Qo4GBo793D/p00Bt2n7p
-----END CERTIFICATE-----