Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/nK9HXinnjc0u4_h1A1Hq16mJA3I.roa
File:                     nK9HXinnjc0u4_h1A1Hq16mJA3I.roa (raw, json)
Hash identifier:          +0q7s5kfa+iphYdyk9DXCrgc8dVPvyK3+/S/kPiotHI=
Subject key identifier:   9C:AF:47:5E:29:E7:8D:CD:2E:E3:F8:75:03:51:EA:D7:A9:89:03:72
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0191324BF7E5F59847BC04CEF9EA777781E3
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/nK9HXinnjc0u4_h1A1Hq16mJA3I.roa
Signing time:             Thu 08 Aug 2024 14:02:05 +0000
ROA not before:           Thu 08 Aug 2024 14:02:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:1587::/32 maxlen: 32
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:3d82::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Fri 09 Aug 2024 10:35:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:4b:f7:e5:f5:98:47:bc:04:ce:f9:ea:77:77:81:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  8 14:02:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9caf475e29e78dcd2ee3f8750351ead7a9890372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8a:45:31:6c:a1:fc:ec:88:85:92:5f:17:7f:
                    b8:34:c6:db:ac:59:7e:5a:7c:78:58:9c:9b:0a:e9:
                    63:bf:4f:f9:d2:67:4c:7e:e0:dd:71:2d:7f:4a:cc:
                    3b:21:a1:40:62:6a:43:40:82:70:32:44:58:11:2e:
                    4a:e6:c0:d9:7f:f4:5a:55:60:ba:47:a6:cb:b3:88:
                    cc:6b:9a:ac:32:1e:16:51:86:90:3b:44:eb:89:1b:
                    d9:cd:70:04:ea:13:77:a3:4d:c0:52:3f:a9:ca:53:
                    cf:14:5b:69:ce:bf:5e:b0:7d:7d:78:c0:db:6e:47:
                    89:aa:56:90:c6:fc:49:94:d4:90:e4:05:f0:e9:70:
                    e5:09:84:07:e6:fa:38:4d:ec:d7:86:bb:ed:26:11:
                    5b:a8:df:26:fa:00:e1:4b:3b:a3:d3:a5:da:e0:a3:
                    41:26:34:4e:ee:ca:3b:de:0f:74:36:91:f8:e7:66:
                    b2:f0:be:59:b9:d4:31:63:58:37:51:52:c2:66:6f:
                    45:e9:c2:bd:a5:0e:5d:77:56:85:fe:5b:ff:fd:a4:
                    4f:09:a5:0b:9c:33:a3:19:09:84:64:a4:08:a6:47:
                    94:16:2f:54:ba:95:ad:86:d3:6f:01:b2:f9:b2:a0:
                    a2:3b:3a:fb:78:cf:aa:75:eb:65:6c:c3:52:b4:6c:
                    8f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AF:47:5E:29:E7:8D:CD:2E:E3:F8:75:03:51:EA:D7:A9:89:03:72
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/nK9HXinnjc0u4_h1A1Hq16mJA3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:1587::/32
                  2a0f:3d80:bac::/48
                  2a0f:3d82::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:70:60:db:24:f5:92:a5:24:4c:b6:e0:de:28:8b:13:6e:f7:
         4a:5b:96:1e:b7:4a:15:0e:b2:e2:9e:31:2e:5f:32:bf:b1:7c:
         b1:19:d6:c4:1e:cc:9a:c5:24:7d:b5:b4:e7:2d:2c:1f:d5:0c:
         3a:ae:cc:d8:51:97:ad:d6:6f:41:16:8f:69:20:cf:62:f0:2d:
         64:da:71:30:a2:01:b5:4e:19:33:e5:2d:53:90:b0:e6:e8:61:
         99:c7:77:9b:a6:cb:1f:e6:01:55:ab:3c:7c:8a:af:5e:76:33:
         fb:cc:ef:6f:6d:d2:89:3e:f1:7f:44:e2:47:59:4f:1d:81:b9:
         be:12:4d:37:28:17:93:bd:17:14:91:0e:11:b1:87:2d:92:2c:
         01:bb:f0:6a:1a:e1:5c:0d:83:2c:57:60:2a:3c:ed:bb:0b:9e:
         ea:a2:3f:25:8c:91:4f:a5:bb:ec:e0:f2:70:e1:14:2a:3a:89:
         ab:63:68:05:ab:40:8c:cc:f4:2b:ee:75:2c:a2:e7:4e:0c:37:
         97:59:e9:3d:ec:1f:ac:fe:df:66:2b:43:02:2b:ec:6f:ad:43:
         9f:97:e6:5c:b3:95:57:58:6f:3f:79:46:75:11:d1:dd:15:fd:
         2b:72:60:3a:63:36:ff:5c:77:64:27:7d:cb:e6:f4:c5:d8:ab:
         2d:9e:e9:7e
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZEyS/fl9ZhHvATO+ep3d4HjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODA4MTQwMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2FmNDc1ZTI5ZTc4ZGNkMmVlM2Y4NzUwMzUxZWFkN2E5ODkwMzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IpFMWyh/OyIhZJfF3+4NMbbrFl+
Wnx4WJybCuljv0/50mdMfuDdcS1/Ssw7IaFAYmpDQIJwMkRYES5K5sDZf/RaVWC6
R6bLs4jMa5qsMh4WUYaQO0TriRvZzXAE6hN3o03AUj+pylPPFFtpzr9esH19eMDb
bkeJqlaQxvxJlNSQ5AXw6XDlCYQH5vo4TezXhrvtJhFbqN8m+gDhSzuj06Xa4KNB
JjRO7so73g90NpH452ay8L5ZudQxY1g3UVLCZm9F6cK9pQ5dd1aF/lv//aRPCaUL
nDOjGQmEZKQIpkeUFi9UupWthtNvAbL5sqCiOzr7eM+qdetlbMNStGyPWQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFJyvR14p543NLuP4dQNR6tepiQNyMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbks5SFhpbm5qYzB1NF9oMUExSHExNm1KQTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTASBAIAATAMAwQALVYMAwQA
LZjGMEsEAgACMEUDBQAqDhXEAwUAKg4ahAMFACoPFYcDBwAqDz2AC6wDBQAqDz2C
AwcAKg99AAABAwcAKg+8AKHEAwUAKhMYwwMFAyoTK0AwDQYJKoZIhvcNAQELBQAD
ggEBAGVwYNsk9ZKlJEy24N4oixNu90pblh63ShUOsuKeMS5fMr+xfLEZ1sQezJrF
JH21tOctLB/VDDquzNhRl63Wb0EWj2kgz2LwLWTacTCiAbVOGTPlLVOQsOboYZnH
d5umyx/mAVWrPHyKr152M/vM729t0ok+8X9E4kdZTx2Bub4STTcoF5O9FxSRDhGx
hy2SLAG78Goa4VwNgyxXYCo87bsLnuqiPyWMkU+lu+zg8nDhFCo6iatjaAWrQIzM
9CvudSyi504MN5dZ6T3sH6z+32YrQwIr7G+tQ5+X5lyzlVdYbz95RnUR0d0V/Sty
YDpjNv9cd2Qnfcvm9MXYqy2e6X4=
-----END CERTIFICATE-----