Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/unoc2AnVQcV7Tb-Nk9IubPQGhpc.roa
File:                     unoc2AnVQcV7Tb-Nk9IubPQGhpc.roa (raw, json)
Hash identifier:          7TV3XMo7v6wnkguusAErUpcrp6lq/I2ri1Nr3a+tJpE=
Subject key identifier:   BA:7A:1C:D8:09:D5:41:C5:7B:4D:BF:8D:93:D2:2E:6C:F4:06:86:97
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0191756CAF7A04B1A753F45081CA6B21E78B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/unoc2AnVQcV7Tb-Nk9IubPQGhpc.roa
Signing time:             Wed 21 Aug 2024 14:52:22 +0000
ROA not before:           Wed 21 Aug 2024 14:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          103.114.40.0/24 maxlen: 24
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e6c6:5532::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Thu 22 Aug 2024 11:53:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:75:6c:af:7a:04:b1:a7:53:f4:50:81:ca:6b:21:e7:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 21 14:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba7a1cd809d541c57b4dbf8d93d22e6cf4068697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:89:a5:ba:dd:a3:71:7a:b7:1a:c2:4e:9c:af:
                    59:41:28:54:4f:d4:d9:3b:a0:18:7a:23:7f:5d:78:
                    be:03:46:4d:f7:2d:b2:2d:4d:b8:10:a0:a5:a5:10:
                    19:45:43:3f:24:3a:61:d2:89:36:ca:77:d4:47:4f:
                    aa:ae:c9:f2:26:76:8f:9a:4c:dc:df:1b:09:67:84:
                    a7:6a:c3:1c:19:0b:7b:92:4c:73:bf:c6:61:b3:de:
                    48:bc:e3:41:02:71:6b:2e:bc:fd:54:18:aa:08:c0:
                    25:98:54:95:c7:87:46:a9:86:47:c8:ea:92:d1:7a:
                    57:07:86:d5:05:16:ee:17:66:8c:74:ec:a8:09:1e:
                    cf:92:60:e8:b5:c0:5b:67:be:69:83:8d:3a:0b:50:
                    ae:ad:95:89:34:43:42:76:17:43:78:c2:f4:06:fe:
                    2b:72:05:3f:b3:7f:44:1c:56:4a:3d:52:ab:6b:c3:
                    02:1c:33:9d:eb:b7:fa:5e:6c:87:1d:86:fc:82:e5:
                    ac:50:05:29:bb:cd:ed:fb:a5:9e:0d:e9:14:6d:e7:
                    14:d4:4e:f7:28:3c:12:6c:b9:ad:18:f4:62:6d:42:
                    49:48:2a:25:84:66:e5:09:ef:b2:cd:bd:ba:72:11:
                    b5:55:fb:16:a3:68:af:19:d2:63:e5:09:26:32:83:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7A:1C:D8:09:D5:41:C5:7B:4D:BF:8D:93:D2:2E:6C:F4:06:86:97
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/unoc2AnVQcV7Tb-Nk9IubPQGhpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                  103.114.40.0/24
                IPv6:
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e6c6:5532::/48
                  2a12:ecc2::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:13:ef:5f:91:27:c1:38:98:43:db:62:e8:ab:d3:57:27:a0:
         a5:96:d4:c1:27:53:79:e9:dd:a2:fb:ef:8b:de:bd:64:f4:30:
         57:8c:a1:04:fb:3c:03:cc:d9:d0:26:ea:c1:1d:30:13:cd:08:
         5c:17:32:c1:bb:56:ce:1d:5b:05:d1:d0:cb:0b:1d:49:a2:71:
         be:14:aa:e1:3c:46:ef:13:ce:7e:e9:3a:a1:bf:fb:f8:35:86:
         93:51:21:68:c8:51:18:92:ca:d2:ee:37:12:ea:e4:8b:ee:b9:
         ea:8d:30:56:e5:24:ef:f4:bc:b6:5e:27:e4:8c:10:8c:de:e1:
         08:1d:9f:99:64:a0:87:d6:7e:bc:4d:8e:4f:06:96:ba:ee:b3:
         38:96:d3:73:cb:bf:d3:84:4d:c2:62:3b:42:85:7f:02:bf:c9:
         ac:4b:78:00:db:03:e8:24:ff:e6:67:3e:11:1b:14:43:94:6c:
         2a:25:1a:dd:12:f7:30:bb:33:e7:b7:ca:f7:40:eb:14:65:89:
         09:2d:3a:45:21:54:3d:c4:1d:63:25:86:13:b6:94:e5:c9:55:
         d4:eb:9f:27:a6:e9:57:32:18:e7:e8:d4:05:74:90:b4:61:50:
         89:73:71:e0:f8:3d:1d:86:80:5a:c3:53:af:63:f1:ee:44:83:
         b9:66:f6:4d
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZF1bK96BLGnU/RQgcprIeeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODIxMTQ1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdhMWNkODA5ZDU0MWM1N2I0ZGJmOGQ5M2QyMmU2Y2Y0MDY4Njk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24mlut2jcXq3GsJOnK9ZQShUT9TZ
O6AYeiN/XXi+A0ZN9y2yLU24EKClpRAZRUM/JDph0ok2ynfUR0+qrsnyJnaPmkzc
3xsJZ4SnasMcGQt7kkxzv8Zhs95IvONBAnFrLrz9VBiqCMAlmFSVx4dGqYZHyOqS
0XpXB4bVBRbuF2aMdOyoCR7PkmDotcBbZ75pg406C1CurZWJNENCdhdDeML0Bv4r
cgU/s39EHFZKPVKra8MCHDOd67f6XmyHHYb8guWsUAUpu83t+6WeDekUbecU1E73
KDwSbLmtGPRibUJJSColhGblCe+yzb26chG1VfsWo2ivGdJj5QkmMoPQiQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFLp6HNgJ1UHFe02/jZPSLmz0BoaXMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdW5vYzJBblZRY1Y3VGItTms5SXViUFFHaHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazAYBAIAATASAwQALVYMAwQA
LZjGAwQAZ3IoME8EAgACMEkDBQAqDhqEAwcAKg72AABfAwcAKg89gAusAwUAKg89
ggMHACoPfQAAAQMHACoPvAChxAMHACoP5sZVMgMFACoS7MIDBQMqEytAMA0GCSqG
SIb3DQEBCwUAA4IBAQBYE+9fkSfBOJhD22Loq9NXJ6ClltTBJ1N56d2i+++L3r1k
9DBXjKEE+zwDzNnQJurBHTATzQhcFzLBu1bOHVsF0dDLCx1JonG+FKrhPEbvE85+
6Tqhv/v4NYaTUSFoyFEYksrS7jcS6uSL7rnqjTBW5STv9Ly2XifkjBCM3uEIHZ+Z
ZKCH1n68TY5PBpa67rM4ltNzy7/ThE3CYjtChX8Cv8msS3gA2wPoJP/mZz4RGxRD
lGwqJRrdEvcwuzPnt8r3QOsUZYkJLTpFIVQ9xB1jJYYTtpTlyVXU658npulXMhjn
6NQFdJC0YVCJc3Hg+D0dhoBaw1OvY/HuRIO5ZvZN
-----END CERTIFICATE-----