Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/0SuF8xQ5Ova9hdBzG5_jOqr9ZeI.roa
File:                     0SuF8xQ5Ova9hdBzG5_jOqr9ZeI.roa (raw, json)
Hash identifier:          mmACBud3Dia7EC5QdqDXuwl6Hj9kA3t3WsCjceVTwUA=
Subject key identifier:   D1:2B:85:F3:14:39:3A:F6:BD:85:D0:73:1B:9F:E3:3A:AA:FD:65:E2
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019136B51CA49B6AF9FF29425AC3587F56F3
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/0SuF8xQ5Ova9hdBzG5_jOqr9ZeI.roa
Signing time:             Fri 09 Aug 2024 10:35:24 +0000
ROA not before:           Fri 09 Aug 2024 10:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Fri 09 Aug 2024 11:56:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:b5:1c:a4:9b:6a:f9:ff:29:42:5a:c3:58:7f:56:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  9 10:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d12b85f314393af6bd85d0731b9fe33aaafd65e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1c:8d:0c:62:ac:9c:b4:bf:39:d5:7e:69:24:
                    2f:aa:57:71:e4:7b:e5:79:c8:33:10:45:cb:7b:16:
                    e3:55:0a:66:fe:b0:f5:71:65:56:b6:60:31:55:f4:
                    02:34:0f:c3:4a:dd:28:e7:ba:ba:61:c3:36:0b:90:
                    3a:d2:30:50:e7:95:1f:9d:56:30:00:f2:ea:30:b6:
                    4d:97:89:47:a9:5b:20:1e:07:25:44:e8:f2:fc:e4:
                    ba:ab:57:c2:b4:cd:27:70:67:4c:e0:57:ea:5c:e4:
                    9a:c6:ac:d1:20:8a:75:ee:2f:fe:8f:e5:54:12:a7:
                    c1:86:af:ce:be:e5:aa:82:9a:36:1b:a3:b0:e1:01:
                    a5:f6:db:6f:27:68:fa:4e:58:af:77:ec:bd:ef:d8:
                    c1:0a:de:5b:d3:13:cb:a5:6b:b2:20:15:fc:e3:08:
                    de:e7:7d:be:2b:66:51:bd:e8:da:92:dd:30:70:0d:
                    d0:4e:88:c1:6c:de:53:63:82:63:00:b5:02:fd:dd:
                    60:10:7b:ca:9a:6b:9b:ed:fc:ea:1a:80:aa:2c:5d:
                    42:de:f1:e6:d9:9a:a1:d1:70:4e:25:f4:a5:d3:0c:
                    4d:9f:3c:19:76:b2:4a:46:be:3d:bb:93:f4:a7:a8:
                    d8:82:15:17:5e:a3:1d:6a:4e:33:a6:cb:df:8b:f7:
                    c7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2B:85:F3:14:39:3A:F6:BD:85:D0:73:1B:9F:E3:3A:AA:FD:65:E2
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/0SuF8xQ5Ova9hdBzG5_jOqr9ZeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:b5:cd:04:ef:59:9d:3b:7e:e1:83:b5:b9:1b:27:62:80:ec:
         4e:ef:05:6a:a7:b9:90:df:01:11:10:2b:f2:35:2e:4d:66:81:
         b2:b9:d9:ca:ee:38:8d:0f:66:ec:2c:6d:e1:6e:c8:34:98:51:
         75:8c:45:55:7c:96:fa:da:99:98:c4:45:9e:24:86:f7:2f:69:
         41:4b:e2:dd:a5:91:db:05:5b:19:35:ce:00:f1:35:e4:7a:0e:
         3d:fb:e5:78:a7:a3:64:48:0a:74:36:11:89:f2:b7:f3:7d:83:
         f9:ef:c6:01:88:9d:b7:14:17:a3:a6:e5:82:78:38:d0:af:8b:
         41:5c:c0:bf:c9:57:e5:8f:8e:82:37:4f:b7:51:dd:fe:e5:0f:
         4e:96:cb:7d:16:1e:d8:6c:06:cf:d5:ef:4c:3d:e2:cf:bb:ff:
         b6:51:fa:4f:5e:3e:84:69:04:e3:f8:38:47:9e:72:20:92:60:
         5f:d4:62:e9:30:c7:7c:41:e1:72:99:0b:28:24:ab:e0:48:c6:
         24:28:59:87:6a:eb:03:b1:f2:b0:67:2c:d7:18:52:d0:9b:47:
         fe:64:fc:2e:0b:8c:5a:a8:b8:31:7f:9e:3c:e5:4b:75:f4:88:
         bc:f6:da:c7:de:47:dc:cd:ff:f7:ec:b6:28:38:3a:36:3c:e8:
         61:94:d7:ce
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZE2tRykm2r5/ylCWsNYf1bzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODA5MTAzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTJiODVmMzE0MzkzYWY2YmQ4NWQwNzMxYjlmZTMzYWFhZmQ2NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiByNDGKsnLS/OdV+aSQvqldx5Hvl
ecgzEEXLexbjVQpm/rD1cWVWtmAxVfQCNA/DSt0o57q6YcM2C5A60jBQ55UfnVYw
APLqMLZNl4lHqVsgHgclROjy/OS6q1fCtM0ncGdM4FfqXOSaxqzRIIp17i/+j+VU
EqfBhq/OvuWqgpo2G6Ow4QGl9ttvJ2j6Tlivd+y979jBCt5b0xPLpWuyIBX84wje
532+K2ZRvejakt0wcA3QTojBbN5TY4JjALUC/d1gEHvKmmub7fzqGoCqLF1C3vHm
2Zqh0XBOJfSl0wxNnzwZdrJKRr49u5P0p6jYghUXXqMdak4zpsvfi/fHlwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFNErhfMUOTr2vYXQcxuf4zqq/WXiMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMFN1Rjh4UTVPdmE5aGRCekc1X2pPcXI5WmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjASBAIAATAMAwQALVYMAwQA
LZjGMEQEAgACMD4DBQAqDhXEAwUAKg4ahAMHACoPPYALrAMFACoPPYIDBwAqD30A
AAEDBwAqD7wAocQDBQAqExjDAwUDKhMrQDANBgkqhkiG9w0BAQsFAAOCAQEAZLXN
BO9ZnTt+4YO1uRsnYoDsTu8Faqe5kN8BERAr8jUuTWaBsrnZyu44jQ9m7Cxt4W7I
NJhRdYxFVXyW+tqZmMRFniSG9y9pQUvi3aWR2wVbGTXOAPE15HoOPfvleKejZEgK
dDYRifK3832D+e/GAYidtxQXo6blgng40K+LQVzAv8lX5Y+OgjdPt1Hd/uUPTpbL
fRYe2GwGz9XvTD3iz7v/tlH6T14+hGkE4/g4R55yIJJgX9Ri6TDHfEHhcpkLKCSr
4EjGJChZh2rrA7HysGcs1xhS0JtH/mT8LguMWqi4MX+ePOVLdfSIvPbax95H3M3/
9+y2KDg6NjzoYZTXzg==
-----END CERTIFICATE-----