Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j4fJjdfwl1mIZ_CMx_Cm4vFrsYw.roa
File:                     j4fJjdfwl1mIZ_CMx_Cm4vFrsYw.roa (raw, json)
Hash identifier:          8n27UFlHrEfebCE9f/70UIpgpvfinKiVUgX+CPOFrWU=
Subject key identifier:   8F:87:C9:8D:D7:F0:97:59:88:67:F0:8C:C7:F0:A6:E2:F1:6B:B1:8C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019010FFFDE94D6FF7EED6EEAE3E9F49C331
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j4fJjdfwl1mIZ_CMx_Cm4vFrsYw.roa
Signing time:             Thu 13 Jun 2024 09:48:50 +0000
ROA not before:           Thu 13 Jun 2024 09:48:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.130.124.0/24 maxlen: 24
                          2a0c:7884::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:2d80:1292::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e847:1::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 32
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Mon 17 Jun 2024 11:05:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:ff:fd:e9:4d:6f:f7:ee:d6:ee:ae:3e:9f:49:c3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 13 09:48:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f87c98dd7f097598867f08cc7f0a6e2f16bb18c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:64:89:63:e2:37:53:e8:19:66:28:76:f1:5b:
                    6f:15:67:5c:17:d6:74:11:8c:f5:52:83:70:70:29:
                    2c:d3:92:3d:fc:27:f2:c0:0a:45:eb:39:17:4e:3f:
                    54:82:07:3b:39:95:ae:8d:56:45:4f:20:14:ca:cb:
                    ba:88:42:dd:d2:3d:b6:9a:8e:08:2b:ae:aa:b2:82:
                    ee:fe:11:d3:0f:fe:e1:28:82:98:7b:65:63:95:ee:
                    93:54:52:ac:46:f0:e2:df:bd:66:71:45:32:e2:96:
                    a7:dc:b0:e6:f2:23:98:ec:38:01:26:c5:8e:93:a3:
                    21:b7:af:44:91:73:89:b8:bf:f6:5a:05:54:25:7b:
                    78:2b:ed:d1:a2:ac:d9:29:9a:2a:77:9b:22:60:25:
                    f2:db:af:af:f8:ac:4b:23:24:53:c5:ef:28:a5:4e:
                    34:ba:74:e3:76:a9:78:5a:45:6e:0d:24:65:c2:df:
                    49:75:c0:13:ec:7b:49:22:60:13:c0:32:37:20:d3:
                    a4:a7:e8:70:b5:b8:25:d2:0d:c3:89:4e:30:2e:5c:
                    ca:84:14:b1:81:43:eb:c3:74:0d:05:a1:c2:26:fc:
                    d6:1c:3c:15:63:29:8f:b4:90:87:5d:ba:c8:3e:40:
                    ee:59:6b:1e:22:3f:1e:df:9a:d6:05:d6:e6:69:38:
                    74:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:87:C9:8D:D7:F0:97:59:88:67:F0:8C:C7:F0:A6:E2:F1:6B:B1:8C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j4fJjdfwl1mIZ_CMx_Cm4vFrsYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.130.124.0/24
                IPv6:
                  2a0c:7884::/32
                  2a0e:1a84::/32
                  2a0f:2d80:1292::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e847:1::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:b2:ff:32:c4:07:ea:bc:fb:06:f9:db:54:9b:a2:6e:74:4d:
         95:a9:bb:aa:c2:b2:37:13:b4:39:56:ef:da:72:ac:a5:73:e1:
         1c:96:3b:03:97:40:c7:ba:6c:89:ff:f9:07:dd:e8:e1:a0:07:
         41:c0:a9:35:31:e1:cf:75:be:71:aa:af:84:f0:5d:04:7b:c1:
         db:e8:f2:f6:06:8a:92:f1:8e:ce:c2:32:9b:d1:16:3b:21:27:
         67:ee:d4:bb:e2:08:e7:65:f5:af:78:08:59:2f:47:c4:0f:1a:
         08:b2:f1:4c:63:70:f4:79:25:b4:53:8a:1d:f3:1d:56:17:6b:
         cf:af:b0:b4:27:0e:15:5f:56:db:dd:6c:5c:51:3a:a3:99:84:
         cc:fd:20:fc:f4:59:fa:65:52:46:45:46:72:9b:d5:cf:6d:37:
         1f:9c:9b:5d:be:1f:9b:f0:c8:d8:33:c0:02:aa:13:61:3e:89:
         6a:ad:b4:52:41:59:8f:dc:93:58:24:54:2d:25:89:d0:5e:c8:
         85:7a:76:b5:eb:ad:44:08:85:4f:e8:0f:2a:6a:3f:b0:53:7a:
         d7:84:39:d7:6f:cd:e5:bd:00:25:20:15:79:0a:f9:7c:48:69:
         aa:b5:4f:f1:53:de:92:f7:7c:df:f0:f5:ab:a9:2b:44:49:3f:
         d6:39:60:42
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZAQ//3pTW/37tburj6fScMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNjEzMDk0ODUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjg3Yzk4ZGQ3ZjA5NzU5ODg2N2YwOGNjN2YwYTZlMmYxNmJiMThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2SJY+I3U+gZZih28VtvFWdcF9Z0
EYz1UoNwcCks05I9/CfywApF6zkXTj9Uggc7OZWujVZFTyAUysu6iELd0j22mo4I
K66qsoLu/hHTD/7hKIKYe2Vjle6TVFKsRvDi371mcUUy4pan3LDm8iOY7DgBJsWO
k6Mht69EkXOJuL/2WgVUJXt4K+3RoqzZKZoqd5siYCXy26+v+KxLIyRTxe8opU40
unTjdql4WkVuDSRlwt9JdcAT7HtJImATwDI3INOkp+hwtbgl0g3DiU4wLlzKhBSx
gUPrw3QNBaHCJvzWHDwVYymPtJCHXbrIPkDuWWseIj8e35rWBdbmaTh0WwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFI+HyY3X8JdZiGfwjMfwpuLxa7GMMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvajRmSmpkZndsMW1JWl9DTXhfQ200dkZyc1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDASBAIAATAMAwQALVYMAwQA
LYJ8MEYEAgACMEADBQAqDHiEAwUAKg4ahAMHACoPLYASkgMHACoPfQAAAQMHACoP
vAChxAMHACoP6EcAAQMFACoTGMMDBQMqEytAMA0GCSqGSIb3DQEBCwUAA4IBAQAo
sv8yxAfqvPsG+dtUm6JudE2VqbuqwrI3E7Q5Vu/acqylc+EcljsDl0DHumyJ//kH
3ejhoAdBwKk1MeHPdb5xqq+E8F0Ee8Hb6PL2BoqS8Y7OwjKb0RY7ISdn7tS74gjn
ZfWveAhZL0fEDxoIsvFMY3D0eSW0U4od8x1WF2vPr7C0Jw4VX1bb3WxcUTqjmYTM
/SD89Fn6ZVJGRUZym9XPbTcfnJtdvh+b8MjYM8ACqhNhPolqrbRSQVmP3JNYJFQt
JYnQXsiFena1661ECIVP6A8qaj+wU3rXhDnXb83lvQAlIBV5Cvl8SGmqtU/xU96S
93zf8PWrqStEST/WOWBC
-----END CERTIFICATE-----