Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Qj3lbwkHwj1N64dbT2pizxY2rH4.roa
File:                     Qj3lbwkHwj1N64dbT2pizxY2rH4.roa (raw, json)
Hash identifier:          kyA3Ivm3hasMJklz98JdpgA+6sHIJ6D2ixIw3TC9EaE=
Subject key identifier:   42:3D:E5:6F:09:07:C2:3D:4D:EB:87:5B:4F:6A:62:CF:16:36:AC:7E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01902B42779E57CDE1D2BC3E49BB2B52ADB9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Qj3lbwkHwj1N64dbT2pizxY2rH4.roa
Signing time:             Tue 18 Jun 2024 12:11:34 +0000
ROA not before:           Tue 18 Jun 2024 12:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0c:7884::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e847:1::/48 maxlen: 48
                          2a0f:e940::/29 maxlen: 29
                          2a12:d6c0::/29 maxlen: 29
                          2a13:18c3::/32 maxlen: 32
                          2a13:2b40::/29 maxlen: 32
                          2a13:4900::/29 maxlen: 29
Validation:               Failed, certificate revoked on Tue 18 Jun 2024 14:25:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:42:77:9e:57:cd:e1:d2:bc:3e:49:bb:2b:52:ad:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 18 12:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=423de56f0907c23d4deb875b4f6a62cf1636ac7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:00:fd:30:62:6e:5c:0d:ef:7a:da:05:d3:fa:
                    ea:df:e0:51:90:00:1c:1d:ed:b8:30:d7:97:e7:a3:
                    0d:c1:44:bc:e0:19:51:90:41:a7:87:a1:b9:92:49:
                    10:70:c5:47:00:75:9c:46:54:a4:57:17:be:86:5e:
                    31:dc:c0:7a:7b:6d:b8:94:ed:92:b4:ef:15:1e:30:
                    5f:31:5d:aa:eb:a1:40:04:b6:79:83:bd:b9:e5:5c:
                    56:8d:8f:7e:f6:06:b4:ad:21:2f:9a:90:d8:6d:13:
                    8f:b5:4a:9a:ac:d6:28:4f:57:5a:80:f5:4a:f6:20:
                    53:5a:74:c5:76:dd:36:e5:b6:0b:4a:6b:92:5d:14:
                    86:d6:fb:6d:4f:25:b5:8d:a4:74:31:91:af:4a:29:
                    8a:31:4a:5b:a9:ab:e1:d2:e7:ff:42:30:df:81:79:
                    f0:a3:8c:2c:f8:68:34:e7:4a:80:5a:7d:53:53:df:
                    1e:80:df:d5:6c:d6:b0:76:10:54:ed:b6:2f:be:f9:
                    18:55:08:d7:20:38:b8:4f:59:e8:0f:21:28:38:31:
                    f1:31:e0:73:c1:d9:f6:5f:28:60:ce:06:ea:92:23:
                    3f:25:94:c7:71:da:7f:ee:31:45:a6:42:81:9e:dc:
                    3d:3c:49:53:4c:10:50:cf:5e:c4:7c:ad:ed:af:65:
                    cf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3D:E5:6F:09:07:C2:3D:4D:EB:87:5B:4F:6A:62:CF:16:36:AC:7E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Qj3lbwkHwj1N64dbT2pizxY2rH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0c:7884::/32
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e847:1::/48
                  2a0f:e940::/29
                  2a12:d6c0::/29
                  2a13:18c3::/32
                  2a13:2b40::/29
                  2a13:4900::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:e7:ec:fb:d0:37:53:e9:7d:7c:f4:1b:f7:cd:6d:de:3b:1f:
         e0:96:dd:4b:09:fc:02:f8:09:63:ec:17:ca:cd:ce:fe:19:ab:
         d7:77:e0:4a:7d:73:60:94:1e:d2:59:4b:27:05:32:17:24:34:
         94:4c:78:a5:94:d0:ee:5b:d5:1b:2f:9b:cb:81:cf:03:63:c9:
         5b:4f:6f:45:ab:58:2b:46:ba:39:11:cc:25:fc:ef:12:5a:c9:
         32:e9:30:3f:e7:eb:18:9f:d9:c4:be:5c:ca:0c:e0:c7:38:cf:
         74:b0:92:2f:08:b0:fc:4d:fa:f3:85:ea:de:88:20:d4:c9:1a:
         e6:e9:e2:9c:ab:f4:74:cd:b2:f0:73:20:fc:36:e6:c6:f2:be:
         4a:20:20:ce:c9:61:61:db:04:10:0d:18:41:e4:9c:90:7e:07:
         60:d3:ec:46:06:6f:df:6d:49:f0:63:7d:75:18:b8:35:ec:ab:
         27:eb:e7:0a:41:06:01:6a:29:d9:70:bc:4a:fe:f6:b9:2d:05:
         04:53:b1:68:da:69:1e:a6:34:e7:d7:27:01:9a:c6:fe:31:5c:
         d1:9f:40:7a:c5:97:b4:e7:9d:bb:f7:b2:3f:1d:1b:21:6f:f3:
         3b:bd:26:9d:d8:3a:a9:23:b6:7e:bf:fc:30:7e:42:06:67:5e:
         a2:d9:48:9e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZArQneeV83h0rw+SbsrUq25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjE4MTIxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjNkZTU2ZjA5MDdjMjNkNGRlYjg3NWI0ZjZhNjJjZjE2MzZhYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QD9MGJuXA3vetoF0/rq3+BRkAAc
He24MNeX56MNwUS84BlRkEGnh6G5kkkQcMVHAHWcRlSkVxe+hl4x3MB6e224lO2S
tO8VHjBfMV2q66FABLZ5g7255VxWjY9+9ga0rSEvmpDYbROPtUqarNYoT1dagPVK
9iBTWnTFdt025bYLSmuSXRSG1vttTyW1jaR0MZGvSimKMUpbqavh0uf/QjDfgXnw
o4ws+Gg050qAWn1TU98egN/VbNawdhBU7bYvvvkYVQjXIDi4T1noDyEoODHxMeBz
wdn2XyhgzgbqkiM/JZTHcdp/7jFFpkKBntw9PElTTBBQz17EfK3tr2XP0QIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFEI95W8JB8I9TeuHW09qYs8WNqx+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUWozbGJ3a0h3ajFONjRkYlQycGl6eFkyckg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwEgQCAAEwDAMEAC1WDAME
AC2YxjBbBAIAAjBVAwUAKgx4hAMFACoOGoQDBwAqDy2AEpIDBwAqD30AAAEDBwAq
D7wAocQDBwAqD+hHAAEDBQMqD+lAAwUDKhLWwAMFACoTGMMDBQMqEytAAwUDKhNJ
ADANBgkqhkiG9w0BAQsFAAOCAQEAhOfs+9A3U+l9fPQb981t3jsf4JbdSwn8AvgJ
Y+wXys3O/hmr13fgSn1zYJQe0llLJwUyFyQ0lEx4pZTQ7lvVGy+by4HPA2PJW09v
RatYK0a6ORHMJfzvElrJMukwP+frGJ/ZxL5cygzgxzjPdLCSLwiw/E3684Xq3ogg
1Mka5uninKv0dM2y8HMg/DbmxvK+SiAgzslhYdsEEA0YQeSckH4HYNPsRgZv321J
8GN9dRi4NeyrJ+vnCkEGAWop2XC8Sv72uS0FBFOxaNppHqY059cnAZrG/jFc0Z9A
esWXtOedu/eyPx0bIW/zO70mndg6qSO2fr/8MH5CBmdeotlIng==
-----END CERTIFICATE-----