Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xs1xNFjcMFZV7aZutX9P4-lIAhc.roa
File:                     xs1xNFjcMFZV7aZutX9P4-lIAhc.roa (raw, json)
Hash identifier:          RkMbdihFqeLu4G/WMNplxygrBSMnDov8llCq7MmRnXk=
Subject key identifier:   C6:CD:71:34:58:DC:30:56:55:ED:A6:6E:B5:7F:4F:E3:E9:48:02:17
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019137002FC2FAE7A81BC308E91C61518934
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xs1xNFjcMFZV7aZutX9P4-lIAhc.roa
Signing time:             Fri 09 Aug 2024 11:57:24 +0000
ROA not before:           Fri 09 Aug 2024 11:57:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 48
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Tue 13 Aug 2024 07:23:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:00:2f:c2:fa:e7:a8:1b:c3:08:e9:1c:61:51:89:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  9 11:57:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6cd713458dc305655eda66eb57f4fe3e9480217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:99:2e:c7:33:5c:60:d3:6e:5c:4d:0f:09:55:
                    da:cb:be:31:9b:81:84:60:4c:8c:72:a7:a4:6b:96:
                    b6:26:e9:88:85:6b:00:b7:49:fd:0c:6d:47:71:c0:
                    13:da:f9:9c:ef:d0:b1:4f:40:33:37:07:76:e4:71:
                    7e:f0:8c:5c:23:47:be:20:2f:56:65:9f:43:a9:fb:
                    b6:dc:3a:53:4b:a3:8a:f4:c8:92:02:69:7d:b3:a7:
                    32:5b:b5:e1:0b:0f:8a:b5:d2:23:05:74:25:02:4a:
                    8d:c8:ef:2e:87:1c:03:2f:ec:b0:43:cd:31:4c:82:
                    10:e1:a7:17:4e:4e:34:fd:9c:11:eb:f2:fb:24:1a:
                    40:9e:b4:0f:8f:f2:03:90:2e:1b:80:88:98:2d:a2:
                    97:35:bb:75:89:17:2e:0d:3f:45:ca:13:c6:72:0c:
                    67:e1:ed:69:c6:b6:bb:67:40:3c:32:be:6b:b8:f7:
                    af:a0:be:fd:49:20:96:cb:6a:1f:4d:13:27:72:49:
                    45:6c:56:7e:57:14:db:0a:e8:38:da:39:09:26:a7:
                    27:57:a9:54:b5:58:e2:a6:cd:e2:df:a7:aa:63:c8:
                    74:05:fe:cc:8d:40:f4:ad:be:48:ca:c4:bc:27:1d:
                    52:01:ef:be:ef:bf:6a:81:20:30:d8:2a:0f:12:0d:
                    1b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CD:71:34:58:DC:30:56:55:ED:A6:6E:B5:7F:4F:E3:E9:48:02:17
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xs1xNFjcMFZV7aZutX9P4-lIAhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a12:ecc2::/32
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:21:3c:fc:73:41:48:08:85:61:1b:46:ed:2b:2a:f6:8e:3b:
         cc:b3:dc:8e:db:91:a6:1e:bd:3e:17:8b:c5:eb:4f:41:5c:38:
         7e:c6:87:db:66:a2:1e:31:ae:2c:30:82:b5:8b:a8:a8:5d:6f:
         00:5f:c4:d9:7e:49:cb:ae:75:b6:f6:e7:bd:3d:f6:ca:3c:93:
         24:14:77:b3:ca:2b:11:86:dd:3c:25:8b:95:02:e9:60:6e:15:
         08:4c:41:83:25:e0:76:36:86:08:09:b0:d5:20:18:8b:19:ac:
         8e:6d:21:ba:ff:fb:29:32:8c:41:e5:9a:c0:f5:af:ae:3a:7c:
         8f:c9:97:5c:c1:53:8c:eb:a3:09:5d:52:25:93:7a:78:5c:a8:
         be:36:66:a9:a5:bf:04:c4:c3:25:13:38:53:b3:76:db:0c:2a:
         52:52:db:4a:9e:de:51:07:49:d2:20:56:25:bf:47:6e:1f:bf:
         65:d1:3e:42:74:d5:49:e3:00:99:3f:67:e5:0a:dd:19:f1:8b:
         d2:8d:a3:bf:c5:88:d7:c5:b6:2d:c6:2b:4e:b8:3c:04:1a:ad:
         9c:6e:67:c5:65:3c:a2:14:1c:58:f1:c4:44:83:06:cb:fc:fa:
         f5:8d:53:b9:02:96:a5:73:c3:f8:26:32:3c:b1:a2:ac:38:3b:
         d7:8f:b1:a8
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZE3AC/C+ueoG8MI6RxhUYk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODA5MTE1NzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmNkNzEzNDU4ZGMzMDU2NTVlZGE2NmViNTdmNGZlM2U5NDgwMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5kuxzNcYNNuXE0PCVXay74xm4GE
YEyMcqeka5a2JumIhWsAt0n9DG1HccAT2vmc79CxT0AzNwd25HF+8IxcI0e+IC9W
ZZ9Dqfu23DpTS6OK9MiSAml9s6cyW7XhCw+KtdIjBXQlAkqNyO8uhxwDL+ywQ80x
TIIQ4acXTk40/ZwR6/L7JBpAnrQPj/IDkC4bgIiYLaKXNbt1iRcuDT9FyhPGcgxn
4e1pxra7Z0A8Mr5ruPevoL79SSCWy2ofTRMncklFbFZ+VxTbCug42jkJJqcnV6lU
tVjips3i36eqY8h0Bf7MjUD0rb5IysS8Jx1SAe++779qgSAw2CoPEg0b+wIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFMbNcTRY3DBWVe2mbrV/T+PpSAIXMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEveHMxeE5GamNNRlpWN2FadXRYOVA0LWxJQWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTASBAIAATAMAwQALVYMAwQA
LZjGMEsEAgACMEUDBQAqDhXEAwUAKg4ahAMHACoPPYALrAMFACoPPYIDBwAqD30A
AAEDBwAqD7wAocQDBQAqEuzCAwUAKhMYwwMFAyoTK0AwDQYJKoZIhvcNAQELBQAD
ggEBABohPPxzQUgIhWEbRu0rKvaOO8yz3I7bkaYevT4Xi8XrT0FcOH7Gh9tmoh4x
riwwgrWLqKhdbwBfxNl+Scuudbb257099so8kyQUd7PKKxGG3Twli5UC6WBuFQhM
QYMl4HY2hggJsNUgGIsZrI5tIbr/+ykyjEHlmsD1r646fI/Jl1zBU4zrowldUiWT
enhcqL42ZqmlvwTEwyUTOFOzdtsMKlJS20qe3lEHSdIgViW/R24fv2XRPkJ01Unj
AJk/Z+UK3Rnxi9KNo7/FiNfFti3GK064PAQarZxuZ8VlPKIUHFjxxESDBsv8+vWN
U7kClqVzw/gmMjyxoqw4O9ePsag=
-----END CERTIFICATE-----