Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5kkN2FzQ6E74UgAhK7UN8O1ohuQ.roa
File:                     5kkN2FzQ6E74UgAhK7UN8O1ohuQ.roa (raw, json)
Hash identifier:          KnH0sY9MSTo53bC03yo8QA+Hrp/i9HSiosWEIx7AuUU=
Subject key identifier:   E6:49:0D:D8:5C:D0:E8:4E:F8:52:00:21:2B:B5:0D:F0:ED:68:86:E4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01902FE069D1676C3AD67C68FEFEC7514187
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5kkN2FzQ6E74UgAhK7UN8O1ohuQ.roa
Signing time:             Wed 19 Jun 2024 09:42:34 +0000
ROA not before:           Wed 19 Jun 2024 09:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0c:7884::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e940::/29 maxlen: 29
                          2a12:d6c0::/29 maxlen: 29
                          2a13:18c3::/32 maxlen: 32
                          2a13:1940::/29 maxlen: 29
                          2a13:2b40::/29 maxlen: 32
                          2a13:4900::/29 maxlen: 29
                          2a13:fc00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 19 Jun 2024 19:38:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:e0:69:d1:67:6c:3a:d6:7c:68:fe:fe:c7:51:41:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 19 09:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6490dd85cd0e84ef85200212bb50df0ed6886e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d4:d3:5d:67:58:56:35:99:20:50:4e:48:ff:
                    ff:74:35:4c:a1:46:60:85:b3:f7:8c:db:26:10:ac:
                    fe:59:c3:66:ba:f5:0d:ae:ee:ae:a4:09:54:64:5b:
                    3d:ca:b3:2d:41:3a:65:ed:29:f4:96:c0:cb:a5:24:
                    73:0a:26:d1:23:f6:78:fc:5d:7d:64:ba:a0:ad:ec:
                    d2:2d:cd:5c:3c:eb:9a:d1:08:4c:c5:2b:3f:ee:99:
                    03:60:32:e0:f5:74:1b:96:3d:ed:21:9f:65:8d:e4:
                    0b:5e:c8:11:8e:81:ae:dd:b1:29:37:bc:54:f0:f9:
                    d0:7e:f0:ef:61:3c:28:3a:58:1a:3d:25:a1:0c:81:
                    00:36:e3:5c:c3:68:67:2a:0c:a6:5e:ca:4c:3c:4a:
                    fe:50:60:c0:d0:57:e1:6a:3c:24:6d:f9:aa:07:dd:
                    8a:2a:96:13:84:7f:71:75:b4:1e:35:00:6e:81:38:
                    ff:9b:9c:a0:f9:8c:c9:73:d2:33:50:be:99:92:59:
                    7a:0e:5f:9a:6f:8c:7c:da:69:9c:22:f3:1f:d4:4c:
                    d8:6f:3c:a9:cb:cb:4c:31:bf:66:e6:c3:05:7e:5a:
                    e9:bf:8f:a4:54:c6:4e:89:60:1e:8b:0e:ce:3f:a8:
                    ae:7a:24:b5:ff:ef:eb:e7:8f:ca:02:e5:13:ea:05:
                    08:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:49:0D:D8:5C:D0:E8:4E:F8:52:00:21:2B:B5:0D:F0:ED:68:86:E4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5kkN2FzQ6E74UgAhK7UN8O1ohuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0c:7884::/32
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e940::/29
                  2a12:d6c0::/29
                  2a13:18c3::/32
                  2a13:1940::/29
                  2a13:2b40::/29
                  2a13:4900::/29
                  2a13:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:32:4c:4d:12:c2:3b:0d:9a:ba:0e:93:92:9d:28:24:72:5b:
         e6:5e:39:0c:0f:cd:a3:1b:a9:28:4a:7b:73:81:3f:36:75:09:
         ba:af:30:32:79:cc:9e:ea:41:40:52:2c:64:9e:4d:47:b8:b3:
         98:67:94:c3:f0:73:ff:7b:c4:99:e1:82:52:4e:c1:da:b5:13:
         6c:5b:59:a9:76:bc:e5:0d:1d:59:ce:95:d3:f3:63:14:4d:d5:
         35:67:61:91:88:a0:d0:46:e7:1a:68:99:03:d4:f7:95:c2:74:
         33:62:56:70:4d:88:c3:8c:5d:6b:9c:f5:18:8a:e6:51:6a:29:
         e3:01:3c:36:4e:fc:43:2c:83:70:ab:60:74:7d:3a:93:bb:8a:
         46:32:21:c8:57:11:99:15:d9:40:dd:76:07:15:9f:c7:01:fc:
         bd:bc:33:05:e3:15:e8:3e:4e:8e:59:77:5e:45:09:e2:d9:bd:
         4f:fc:5a:99:be:f3:24:fe:75:20:05:d7:b5:f6:c6:d3:e6:6c:
         84:28:21:03:68:04:e4:03:e5:92:b1:56:e8:36:8c:a2:26:8f:
         d7:de:e2:21:99:26:33:5b:92:56:a1:0a:6a:1c:5f:d8:fe:44:
         b4:a3:6c:6e:c0:99:e7:a6:bd:15:5f:91:9c:00:de:49:85:26:
         87:24:4e:49
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAZAv4GnRZ2w61nxo/v7HUUGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjE5MDk0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQ5MGRkODVjZDBlODRlZjg1MjAwMjEyYmI1MGRmMGVkNjg4NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8tTTXWdYVjWZIFBOSP//dDVMoUZg
hbP3jNsmEKz+WcNmuvUNru6upAlUZFs9yrMtQTpl7Sn0lsDLpSRzCibRI/Z4/F19
ZLqgrezSLc1cPOua0QhMxSs/7pkDYDLg9XQblj3tIZ9ljeQLXsgRjoGu3bEpN7xU
8PnQfvDvYTwoOlgaPSWhDIEANuNcw2hnKgymXspMPEr+UGDA0FfhajwkbfmqB92K
KpYThH9xdbQeNQBugTj/m5yg+YzJc9IzUL6Zkll6Dl+ab4x82mmcIvMf1EzYbzyp
y8tMMb9m5sMFflrpv4+kVMZOiWAeiw7OP6iueiS1/+/r54/KAuUT6gUITwIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFOZJDdhc0OhO+FIAISu1DfDtaIbkMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNWtrTjJGelE2RTc0VWdBaEs3VU44TzFvaHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwEgQCAAEwDAMEAC1WDAME
AC2YxjBgBAIAAjBaAwUAKgx4hAMFACoOGoQDBwAqDy2AEpIDBwAqD30AAAEDBwAq
D7wAocQDBQMqD+lAAwUDKhLWwAMFACoTGMMDBQMqExlAAwUDKhMrQAMFAyoTSQAD
BQMqE/wAMA0GCSqGSIb3DQEBCwUAA4IBAQAVMkxNEsI7DZq6DpOSnSgkclvmXjkM
D82jG6koSntzgT82dQm6rzAyecye6kFAUixknk1HuLOYZ5TD8HP/e8SZ4YJSTsHa
tRNsW1mpdrzlDR1ZzpXT82MUTdU1Z2GRiKDQRucaaJkD1PeVwnQzYlZwTYjDjF1r
nPUYiuZRainjATw2TvxDLINwq2B0fTqTu4pGMiHIVxGZFdlA3XYHFZ/HAfy9vDMF
4xXoPk6OWXdeRQni2b1P/FqZvvMk/nUgBde19sbT5myEKCEDaATkA+WSsVboNoyi
Jo/X3uIhmSYzW5JWoQpqHF/Y/kS0o2xuwJnnpr0VX5GcAN5JhSaHJE5J
-----END CERTIFICATE-----