Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Im89SIWLRVyM-dfA_uQrqeTJKL4.roa
File:                     Im89SIWLRVyM-dfA_uQrqeTJKL4.roa (raw, json)
Hash identifier:          JG5+/pzbzi01/1StB9/5ZNcYR4n5WhkoMT8fIAJY4FU=
Subject key identifier:   22:6F:3D:48:85:8B:45:5C:8C:F9:D7:C0:FE:E4:2B:A9:E4:C9:28:BE
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0191DB399226DBBDAFB94936F7A71C4E96F2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Im89SIWLRVyM-dfA_uQrqeTJKL4.roa
Signing time:             Tue 10 Sep 2024 09:17:48 +0000
ROA not before:           Tue 10 Sep 2024 09:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          103.114.40.0/24 maxlen: 24
                          2a0a:2d07:44::/48 maxlen: 48
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:1584::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e6c6:5532::/48 maxlen: 48
                          2a12:ecc2::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Wed 18 Sep 2024 06:46:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:39:92:26:db:bd:af:b9:49:36:f7:a7:1c:4e:96:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 10 09:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=226f3d48858b455c8cf9d7c0fee42ba9e4c928be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e7:02:cd:87:25:c4:d7:b0:7a:66:5e:0c:7e:
                    ec:e8:82:48:f5:c4:6a:c3:85:3b:20:98:57:38:6a:
                    19:9c:8f:b2:a4:93:65:af:82:ce:f0:2b:16:1d:47:
                    f7:6c:ee:f1:66:bf:39:14:ae:96:23:3e:1c:b4:9f:
                    ff:f9:4c:bc:1d:91:02:c6:a2:11:0a:60:2f:2a:ce:
                    de:25:fb:42:75:20:68:93:89:6c:02:76:fb:2b:65:
                    61:96:2b:6d:f0:4e:db:0e:5a:2a:f2:a0:04:90:d2:
                    78:8f:bc:d2:77:28:cc:27:4b:33:f2:3a:b5:aa:00:
                    54:86:55:4e:56:ec:de:f1:93:1d:f1:2b:12:37:52:
                    26:fb:97:80:86:61:92:b2:53:5b:fd:a5:da:e1:fa:
                    c5:f8:51:3f:e8:c1:b7:22:a6:93:fe:4f:d6:35:fd:
                    ce:06:e2:c2:b1:63:e3:20:f6:66:5f:1a:3f:15:ad:
                    78:9f:95:ad:e7:79:5b:c6:86:0d:5a:82:b8:13:fc:
                    c8:9b:c5:af:a6:9e:e9:20:6e:b9:f7:9c:92:cd:6f:
                    4f:51:c8:bb:2d:e7:be:98:2e:f5:e0:f9:38:13:45:
                    93:c6:80:d6:d1:fb:19:6e:1d:8d:aa:4f:bd:42:65:
                    b4:db:4b:97:aa:fd:06:83:8d:0f:52:e3:0c:84:76:
                    6a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6F:3D:48:85:8B:45:5C:8C:F9:D7:C0:FE:E4:2B:A9:E4:C9:28:BE
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Im89SIWLRVyM-dfA_uQrqeTJKL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                  103.114.40.0/24
                IPv6:
                  2a0a:2d07:44::/48
                  2a0e:1a84::/32
                  2a0f:1584::/48
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e6c6:5532::/48
                  2a12:ecc2::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:41:08:8f:91:19:53:d2:7d:94:a1:e4:9a:40:a4:23:3c:f3:
         c1:ad:e3:b7:82:29:f6:e6:f7:08:8a:69:31:9d:80:67:99:50:
         7b:97:88:85:b5:4b:be:fd:8f:1e:bd:6d:4c:42:91:3a:8e:fd:
         df:72:b7:3c:c9:c6:d3:0e:c0:a8:59:b1:44:27:b5:1c:2e:c6:
         71:7f:6e:0d:04:52:54:69:00:3d:c2:a8:31:04:93:9a:f0:21:
         4b:85:00:6d:46:54:8c:1c:5f:12:5e:f6:ec:f8:74:1f:c5:17:
         7c:3f:6e:28:b6:06:9b:73:b6:eb:68:cf:ea:70:a5:15:ac:55:
         e9:ba:e0:3a:ce:bd:7c:55:c5:23:94:25:96:f2:30:49:6f:4a:
         cd:82:fe:3a:4e:d9:bd:b1:9e:79:31:aa:b5:8e:03:c6:07:7f:
         76:e9:cf:d3:db:46:45:bf:9e:55:c3:9a:98:db:fc:8f:5b:20:
         77:3d:1a:5a:19:6c:f0:b1:12:9e:b6:1f:07:b9:90:8f:87:28:
         fc:a8:a0:4f:6d:1f:9a:6d:5a:8b:dc:35:db:e8:89:f7:db:67:
         ab:49:5f:95:4e:30:87:89:76:52:17:5e:7e:f2:2c:20:79:84:
         a4:d9:19:21:27:73:b2:25:1e:05:4e:e1:6f:c0:da:c1:44:42:
         3d:71:33:a1
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZHbOZIm272vuUk296ccTpbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwOTEwMDkxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjZmM2Q0ODg1OGI0NTVjOGNmOWQ3YzBmZWU0MmJhOWU0YzkyOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArucCzYclxNewemZeDH7s6IJI9cRq
w4U7IJhXOGoZnI+ypJNlr4LO8CsWHUf3bO7xZr85FK6WIz4ctJ//+Uy8HZECxqIR
CmAvKs7eJftCdSBok4lsAnb7K2Vhlitt8E7bDloq8qAEkNJ4j7zSdyjMJ0sz8jq1
qgBUhlVOVuze8ZMd8SsSN1Im+5eAhmGSslNb/aXa4frF+FE/6MG3IqaT/k/WNf3O
BuLCsWPjIPZmXxo/Fa14n5Wt53lbxoYNWoK4E/zIm8Wvpp7pIG6595ySzW9PUci7
Lee+mC714Pk4E0WTxoDW0fsZbh2Nqk+9QmW020uXqv0Gg40PUuMMhHZq3QIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFCJvPUiFi0VcjPnXwP7kK6nkySi+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSW04OVNJV0xSVnlNLWRmQV91UXJxZVRKS0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwGAQCAAEwEgMEAC1WDAME
AC2YxgMEAGdyKDBYBAIAAjBSAwcAKgotBwBEAwUAKg4ahAMHACoPFYQAAAMHACoP
PYALrAMFACoPPYIDBwAqD30AAAEDBwAqD7wAocQDBwAqD+bGVTIDBQAqEuzCAwUD
KhMrQDANBgkqhkiG9w0BAQsFAAOCAQEAbUEIj5EZU9J9lKHkmkCkIzzzwa3jt4Ip
9ub3CIppMZ2AZ5lQe5eIhbVLvv2PHr1tTEKROo7933K3PMnG0w7AqFmxRCe1HC7G
cX9uDQRSVGkAPcKoMQSTmvAhS4UAbUZUjBxfEl727Ph0H8UXfD9uKLYGm3O262jP
6nClFaxV6brgOs69fFXFI5QllvIwSW9KzYL+Ok7ZvbGeeTGqtY4Dxgd/dunP09tG
Rb+eVcOamNv8j1sgdz0aWhls8LESnrYfB7mQj4co/KigT20fmm1ai9w12+iJ99tn
q0lflU4wh4l2UhdefvIsIHmEpNkZISdzsiUeBU7hb8DawURCPXEzoQ==
-----END CERTIFICATE-----