Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rERcv90BR_WV8kOyQua0l4odX1c.roa
File:                     rERcv90BR_WV8kOyQua0l4odX1c.roa (raw, json)
Hash identifier:          VTcP3bJyGvf8Rp8h1Xg1c6XYeXzKtmSNQkxp1/6QPwg=
Subject key identifier:   AC:44:5C:BF:DD:01:47:F5:95:F2:43:B2:42:E6:B4:97:8A:1D:5F:57
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01902A07866C62DEE8EB1345A1CCBD80F888
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rERcv90BR_WV8kOyQua0l4odX1c.roa
Signing time:             Tue 18 Jun 2024 06:27:34 +0000
ROA not before:           Tue 18 Jun 2024 06:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.130.124.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0c:7884::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e847:1::/48 maxlen: 48
                          2a0f:e940::/29 maxlen: 29
                          2a12:d6c0::/29 maxlen: 29
                          2a13:18c3::/32 maxlen: 32
                          2a13:2b40::/29 maxlen: 32
                          2a13:4900::/29 maxlen: 29
Validation:               Failed, certificate revoked on Tue 18 Jun 2024 12:11:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:07:86:6c:62:de:e8:eb:13:45:a1:cc:bd:80:f8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 18 06:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac445cbfdd0147f595f243b242e6b4978a1d5f57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:f7:c3:d4:e6:cb:b6:18:36:1f:9a:c6:86:ae:
                    c0:0d:ef:f2:48:a6:35:fc:e3:65:ea:ce:52:20:5e:
                    9b:57:ae:71:2a:f7:a4:55:8e:21:67:65:bf:99:d8:
                    58:80:ad:ac:c6:3d:b4:aa:ef:a8:7d:dc:93:dd:7d:
                    2b:71:af:a9:43:cb:15:70:35:18:bf:ff:e2:4b:94:
                    d4:16:12:8a:9a:7c:c4:dc:b7:14:bd:cd:52:f8:23:
                    2b:91:09:89:f0:8a:92:99:8f:3e:df:40:62:3a:5a:
                    9b:a0:6d:71:8d:ea:30:bb:a6:3f:23:7b:4e:84:c6:
                    b8:ba:93:01:7b:93:7a:35:9c:9d:9a:b6:ac:1d:f6:
                    a6:88:69:c9:1a:f9:24:bb:45:ee:36:d8:b1:e1:61:
                    be:a3:db:88:c8:97:c5:ea:e6:79:e8:d3:70:e3:b8:
                    69:92:d2:a1:3f:c7:37:78:cc:d9:13:24:85:d2:d0:
                    13:dc:0a:52:d5:da:ff:4c:53:3b:39:19:58:bb:92:
                    68:35:1c:de:75:fe:01:04:fe:a2:4b:ed:33:9f:7a:
                    2a:0b:4a:df:75:12:78:11:c8:ea:91:45:11:cd:b7:
                    3b:b0:ed:d1:43:e0:93:a3:0c:01:9c:71:17:a5:ea:
                    ac:cd:54:35:62:37:20:21:40:0d:17:e3:48:5e:fc:
                    8f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:44:5C:BF:DD:01:47:F5:95:F2:43:B2:42:E6:B4:97:8A:1D:5F:57
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rERcv90BR_WV8kOyQua0l4odX1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.130.124.0/24
                  45.152.198.0/24
                IPv6:
                  2a0c:7884::/32
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e847:1::/48
                  2a0f:e940::/29
                  2a12:d6c0::/29
                  2a13:18c3::/32
                  2a13:2b40::/29
                  2a13:4900::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:60:45:d8:81:da:b9:7b:28:bf:6e:95:94:56:64:c8:6f:34:
         5e:1c:7d:a1:0f:60:97:79:2a:44:81:c5:a6:a0:40:2c:12:df:
         3e:69:8d:f9:e7:a1:af:12:b7:4d:9a:fd:16:99:81:b0:55:62:
         81:06:03:06:9d:43:92:bb:b8:c3:84:b7:75:cc:b4:db:d1:14:
         61:9e:07:12:99:44:c5:9b:15:b0:08:e6:a9:11:3d:cd:b0:79:
         53:49:6f:43:26:bf:a5:9d:87:3c:02:da:ad:c4:b3:f3:cc:7c:
         d2:9b:4f:ae:85:ee:7d:a1:c4:e4:0b:f0:87:b5:97:98:cf:ff:
         b0:87:18:14:7f:f2:68:99:f1:d9:09:d5:0b:39:a2:dc:e1:7d:
         3a:71:bc:f0:21:63:c2:6c:0d:f5:7e:60:1d:a6:c8:ae:d1:24:
         e8:7e:b3:86:dc:2d:09:59:2c:a4:df:60:92:d9:49:17:bd:53:
         e7:fb:b4:3b:95:21:94:c5:c6:91:7d:7e:36:58:29:a2:73:29:
         37:9a:ec:41:ee:b1:ae:28:92:cd:e6:44:f5:e2:cd:a4:15:0e:
         dc:a9:30:eb:43:cf:a5:ec:17:93:c5:7b:8b:28:c0:f5:e0:52:
         35:5c:f0:43:34:0d:c7:1c:52:13:ad:bc:9e:bb:6f:d2:80:cd:
         9c:f7:fe:82
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAZAqB4ZsYt7o6xNFocy9gPiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjE4MDYyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ0NWNiZmRkMDE0N2Y1OTVmMjQzYjI0MmU2YjQ5NzhhMWQ1ZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/fD1ObLthg2H5rGhq7ADe/ySKY1
/ONl6s5SIF6bV65xKvekVY4hZ2W/mdhYgK2sxj20qu+ofdyT3X0rca+pQ8sVcDUY
v//iS5TUFhKKmnzE3LcUvc1S+CMrkQmJ8IqSmY8+30BiOlqboG1xjeowu6Y/I3tO
hMa4upMBe5N6NZydmrasHfamiGnJGvkku0XuNtix4WG+o9uIyJfF6uZ56NNw47hp
ktKhP8c3eMzZEySF0tAT3ApS1dr/TFM7ORlYu5JoNRzedf4BBP6iS+0zn3oqC0rf
dRJ4EcjqkUURzbc7sO3RQ+CTowwBnHEXpeqszVQ1YjcgIUANF+NIXvyPYQIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFKxEXL/dAUf1lfJDskLmtJeKHV9XMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvckVSY3Y5MEJSX1dWOGtPeVF1YTBsNG9kWDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwGAQCAAEwEgMEAC1WDAME
AC2CfAMEAC2YxjBbBAIAAjBVAwUAKgx4hAMFACoOGoQDBwAqDy2AEpIDBwAqD30A
AAEDBwAqD7wAocQDBwAqD+hHAAEDBQMqD+lAAwUDKhLWwAMFACoTGMMDBQMqEytA
AwUDKhNJADANBgkqhkiG9w0BAQsFAAOCAQEAGGBF2IHauXsov26VlFZkyG80Xhx9
oQ9gl3kqRIHFpqBALBLfPmmN+eehrxK3TZr9FpmBsFVigQYDBp1Dkru4w4S3dcy0
29EUYZ4HEplExZsVsAjmqRE9zbB5U0lvQya/pZ2HPALarcSz88x80ptProXufaHE
5Avwh7WXmM//sIcYFH/yaJnx2QnVCzmi3OF9OnG88CFjwmwN9X5gHabIrtEk6H6z
htwtCVkspN9gktlJF71T5/u0O5UhlMXGkX1+NlgponMpN5rsQe6xriiSzeZE9eLN
pBUO3Kkw60PPpewXk8V7iyjA9eBSNVzwQzQNxxxSE628nrtv0oDNnPf+gg==
-----END CERTIFICATE-----