Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/y6nWLIVX9B9rkbcUGXzzDBBbB7A.roa
File:                     y6nWLIVX9B9rkbcUGXzzDBBbB7A.roa (raw, json)
Hash identifier:          sxhMtYT6RJaccKjyoURLyHZ+qGE+2O4oV6r5rXF2hEk=
Subject key identifier:   CB:A9:D6:2C:85:57:F4:1F:6B:91:B7:14:19:7C:F3:0C:10:5B:07:B0
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01911254113C31A03DFDCA1D366F26D0E6EE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/y6nWLIVX9B9rkbcUGXzzDBBbB7A.roa
Signing time:             Fri 02 Aug 2024 09:03:04 +0000
ROA not before:           Fri 02 Aug 2024 09:03:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.86.12.0/24 maxlen: 24
                          45.152.198.0/24 maxlen: 24
                          2a0e:15c4::/32 maxlen: 32
                          2a0e:1a84::/32 maxlen: 32
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e1c3::/32 maxlen: 32
                          2a13:18c3::/32 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Tue 06 Aug 2024 17:04:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:54:11:3c:31:a0:3d:fd:ca:1d:36:6f:26:d0:e6:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  2 09:03:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba9d62c8557f41f6b91b714197cf30c105b07b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:79:be:81:9e:c1:6c:e8:58:4e:3b:b2:4b:4a:
                    70:53:08:e1:8d:e9:1a:fc:2b:f8:1f:05:63:11:aa:
                    cc:7f:7b:7c:db:f0:4d:2c:ec:80:6b:fa:f2:10:d9:
                    03:4a:af:1a:82:c8:01:dc:95:54:7f:ea:2d:4b:66:
                    ab:71:47:29:89:4e:57:85:51:d8:1c:99:32:07:77:
                    ac:59:9f:2e:d9:69:cb:44:9a:69:68:4e:85:21:5b:
                    90:05:b6:60:9c:54:05:26:e9:1b:03:f1:fd:ee:34:
                    8a:c8:0b:f6:bf:22:c4:30:f8:51:e5:c7:7e:45:e9:
                    aa:7a:16:fc:80:76:2a:43:cf:47:0f:b8:a1:9f:20:
                    6a:17:e4:43:dc:2e:3f:1b:ba:bd:7f:47:e8:65:4e:
                    cd:89:34:97:81:f1:61:00:75:12:be:dc:a6:26:76:
                    95:0d:d8:4d:0e:eb:a1:35:e3:6c:e2:53:d1:0a:06:
                    7a:5c:44:1e:89:bf:ab:34:59:b2:b4:40:91:84:4c:
                    ed:8e:cb:b0:bf:00:dd:39:47:c7:b9:0b:4b:87:27:
                    c2:1d:1d:f5:97:c2:1b:37:3d:40:e7:aa:3e:b1:6d:
                    1e:fb:7a:60:7a:f8:3e:cb:1a:40:d9:32:9d:35:fa:
                    d1:6c:a2:fa:da:e6:75:4d:8c:4e:3d:8f:84:00:50:
                    16:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A9:D6:2C:85:57:F4:1F:6B:91:B7:14:19:7C:F3:0C:10:5B:07:B0
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/y6nWLIVX9B9rkbcUGXzzDBBbB7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.12.0/24
                  45.152.198.0/24
                IPv6:
                  2a0e:15c4::/32
                  2a0e:1a84::/32
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e1c3::/32
                  2a13:18c3::/32
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:1c:94:fa:4c:83:a4:70:a6:0b:e4:94:a7:56:96:77:3a:e2:
         59:f5:cc:74:37:c9:29:4f:1d:22:4f:07:e9:38:00:3e:39:35:
         ad:31:4e:a9:50:de:57:41:7b:02:81:a1:43:de:c3:f6:dc:22:
         95:41:ab:8c:07:14:d7:24:35:8e:96:1c:2f:e1:5f:bf:ec:62:
         05:62:57:71:d1:eb:a0:91:72:5a:b9:ab:2e:fb:52:41:c2:15:
         68:bc:aa:ec:52:5f:28:82:48:1a:4e:36:83:2f:b0:f0:77:ba:
         47:ae:87:06:e6:92:31:2e:b3:22:9e:42:e8:9f:1c:f0:c7:d1:
         2f:a1:6b:cf:68:01:25:45:c1:2a:e2:98:26:26:db:a2:c6:41:
         e4:0e:cd:00:e7:d2:34:c6:f0:f1:fc:8d:06:ac:0d:bf:9d:51:
         81:35:71:87:9b:27:a5:79:e8:b2:14:3a:39:61:69:8b:20:01:
         27:fb:52:90:a3:99:fc:cc:71:30:41:c6:f6:90:64:46:95:44:
         fa:9c:6b:78:73:0a:e5:e0:45:2a:16:a6:5d:30:8b:b9:0d:ef:
         db:7d:0f:38:a4:16:22:f1:8a:ff:2e:a6:98:6b:be:fb:98:77:
         0e:e9:eb:7b:92:f6:b3:49:e8:d4:aa:90:69:07:f4:64:e5:89:
         86:01:25:4b
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAZESVBE8MaA9/codNm8m0ObuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwODAyMDkwMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE5ZDYyYzg1NTdmNDFmNmI5MWI3MTQxOTdjZjMwYzEwNWIwN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Hm+gZ7BbOhYTjuyS0pwUwjhjeka
/Cv4HwVjEarMf3t82/BNLOyAa/ryENkDSq8agsgB3JVUf+otS2arcUcpiU5XhVHY
HJkyB3esWZ8u2WnLRJppaE6FIVuQBbZgnFQFJukbA/H97jSKyAv2vyLEMPhR5cd+
Remqehb8gHYqQ89HD7ihnyBqF+RD3C4/G7q9f0foZU7NiTSXgfFhAHUSvtymJnaV
DdhNDuuhNeNs4lPRCgZ6XEQeib+rNFmytECRhEztjsuwvwDdOUfHuQtLhyfCHR31
l8IbNz1A56o+sW0e+3pgevg+yxpA2TKdNfrRbKL62uZ1TYxOPY+EAFAWQQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFMup1iyFV/Qfa5G3FBl88wwQWwewMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEveTZuV0xJVlg5Qjlya2JjVUdYenpEQkJiQjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTASBAIAATAMAwQALVYMAwQA
LZjGMDsEAgACMDUDBQAqDhXEAwUAKg4ahAMHACoPfQAAAQMHACoPvAChxAMFACoP
4cMDBQAqExjDAwUDKhMrQDANBgkqhkiG9w0BAQsFAAOCAQEAiRyU+kyDpHCmC+SU
p1aWdzriWfXMdDfJKU8dIk8H6TgAPjk1rTFOqVDeV0F7AoGhQ97D9twilUGrjAcU
1yQ1jpYcL+Ffv+xiBWJXcdHroJFyWrmrLvtSQcIVaLyq7FJfKIJIGk42gy+w8He6
R66HBuaSMS6zIp5C6J8c8MfRL6Frz2gBJUXBKuKYJibbosZB5A7NAOfSNMbw8fyN
BqwNv51RgTVxh5snpXnoshQ6OWFpiyABJ/tSkKOZ/MxxMEHG9pBkRpVE+pxreHMK
5eBFKhamXTCLuQ3v230POKQWIvGK/y6mmGu++5h3Dunre5L2s0no1KqQaQf0ZOWJ
hgElSw==
-----END CERTIFICATE-----