Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/Snc2ITJHgB6MXIxXkOCjuP2LA0A.roa
File:                     Snc2ITJHgB6MXIxXkOCjuP2LA0A.roa (raw, json)
Hash identifier:          cf0aGbUmpN0HQeFu1sn5n+d16vDF6il/y1LNWFrUwyM=
Subject key identifier:   4A:77:36:21:32:47:80:1E:8C:5C:8C:57:90:E0:A3:B8:FD:8B:03:40
Certificate issuer:       /CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
Certificate serial:       018CCA2A4939E8EC209AB8B48332A0A46647
Authority key identifier: 3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/Snc2ITJHgB6MXIxXkOCjuP2LA0A.roa
Signing time:             Tue 02 Jan 2024 12:33:38 +0000
ROA not before:           Tue 02 Jan 2024 12:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203500
IP address blocks:        193.25.200.0/24 maxlen: 24
                          185.178.185.0/24 maxlen: 24
                          185.178.186.0/24 maxlen: 24
                          185.178.184.0/24 maxlen: 24
                          2a07:6780::/29 maxlen: 29
                          2a0a:6680:bee::/48 maxlen: 48
                          2a0a:6680:bee6::/48 maxlen: 48
                          2a0a:6680:1979::/48 maxlen: 48
                          2a0a:6680:bee1::/48 maxlen: 48
                          2a0a:6680:bee5::/48 maxlen: 48
                          2a0a:6680:1000::/36 maxlen: 36
                          2a0a:6680:2000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Mon 18 Mar 2024 13:28:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:49:39:e8:ec:20:9a:b8:b4:83:32:a0:a4:66:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
        Validity
            Not Before: Jan  2 12:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a7736213247801e8c5c8c5790e0a3b8fd8b0340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d4:81:70:39:9c:6d:74:9f:8d:5b:4a:d9:40:
                    ee:35:61:76:51:00:34:f1:2e:49:c2:d4:94:66:37:
                    97:77:03:ef:39:7b:0b:d5:69:d0:cd:b5:25:0e:ba:
                    88:77:1f:45:60:24:b3:35:f7:67:66:67:96:6a:7d:
                    3f:96:c0:66:64:af:55:3b:c7:12:67:b2:4b:6c:23:
                    a8:71:31:df:3e:9e:63:65:0c:e6:1d:b3:07:e0:06:
                    db:b6:4d:34:37:c0:e9:ad:5c:78:1e:2c:e5:11:d7:
                    7e:f7:85:60:9d:35:14:3e:6c:9e:e1:99:3d:93:aa:
                    0c:e1:87:01:b5:cb:7e:49:3d:43:21:5e:47:d3:48:
                    87:9c:4d:d0:3b:33:46:1a:a1:d3:d8:15:62:b2:c9:
                    e4:38:73:9d:96:3d:b5:26:27:4a:07:cd:05:55:dc:
                    6b:b6:d3:bb:3f:be:72:63:28:3c:0c:12:20:1f:c4:
                    7b:7c:4c:da:d6:5e:c8:f7:0e:f5:5e:5f:a9:2b:63:
                    2c:aa:4e:86:a9:5b:8d:66:07:51:36:44:f2:ef:5a:
                    77:20:f9:21:c9:d7:8b:2a:87:a8:f3:1f:f9:62:4d:
                    2c:f0:0b:93:00:27:18:c3:e1:37:cc:f2:df:10:7e:
                    df:b4:4e:5d:8a:1c:25:04:54:9c:65:3d:13:04:c1:
                    45:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:77:36:21:32:47:80:1E:8C:5C:8C:57:90:E0:A3:B8:FD:8B:03:40
            X509v3 Authority Key Identifier:
                keyid:3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/Snc2ITJHgB6MXIxXkOCjuP2LA0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/OsePM-jhGHMnZn-pT9dEa42R5bQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.184.0-185.178.186.255
                  193.25.200.0/24
                IPv6:
                  2a07:6780::/29
                  2a0a:6680:bee::/48
                  2a0a:6680:1000::-2a0a:6680:2fff:ffff:ffff:ffff:ffff:ffff
                  2a0a:6680:bee1::/48
                  2a0a:6680:bee5::-2a0a:6680:bee6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         ca:36:f9:9d:a4:e3:3f:67:49:8a:c9:a5:0e:2c:86:cf:b7:10:
         19:e1:e8:51:fe:84:d5:02:01:96:2b:4d:fc:b3:0c:b5:ed:11:
         24:07:63:c1:68:86:99:df:bc:9b:e2:04:6f:5e:d2:63:90:f2:
         a3:00:73:6f:cc:a9:9a:4f:e7:23:b0:5b:08:57:f8:8f:09:42:
         5f:ad:e0:f2:48:d8:62:77:53:ef:84:4e:52:27:8d:25:22:21:
         56:76:01:0a:3d:59:84:c3:68:0c:bd:ce:21:79:3c:67:81:23:
         0d:b2:c0:d6:bb:f4:4a:73:f4:8a:72:6b:fb:d8:32:94:69:c2:
         3b:94:2b:45:86:38:dd:c0:98:96:9f:b9:ee:42:e3:05:0f:48:
         69:1b:17:f8:c6:04:86:16:23:e1:78:bf:bd:86:32:2d:f9:92:
         c2:9b:d6:af:b0:85:89:8c:38:af:63:cc:61:c4:45:e2:b6:07:
         01:54:66:69:b8:8d:0b:f2:f6:70:8a:11:04:14:7c:91:8a:74:
         52:53:75:e1:7a:0d:8e:cd:44:e0:5e:a6:91:2c:ef:8d:93:e2:
         a1:83:80:c1:64:74:e1:89:1d:2d:c1:da:dc:f9:4d:b7:98:91:
         10:ad:12:b5:75:c2:aa:09:18:48:e6:21:59:5f:c9:e1:8a:44:
         17:7c:59:51
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYzKKkk56Owgmri0gzKgpGZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYzc4ZjMzZThlMTE4NzMyNzY2N2ZhOTRmZDc0NDZiOGQ5
MWU1YjQwHhcNMjQwMTAyMTIzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc3MzYyMTMyNDc4MDFlOGM1YzhjNTc5MGUwYTNiOGZkOGIwMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdSBcDmcbXSfjVtK2UDuNWF2UQA0
8S5JwtSUZjeXdwPvOXsL1WnQzbUlDrqIdx9FYCSzNfdnZmeWan0/lsBmZK9VO8cS
Z7JLbCOocTHfPp5jZQzmHbMH4Abbtk00N8DprVx4HizlEdd+94VgnTUUPmye4Zk9
k6oM4YcBtct+ST1DIV5H00iHnE3QOzNGGqHT2BVissnkOHOdlj21JidKB80FVdxr
ttO7P75yYyg8DBIgH8R7fEza1l7I9w71Xl+pK2Msqk6GqVuNZgdRNkTy71p3IPkh
ydeLKoeo8x/5Yk0s8AuTACcYw+E3zPLfEH7ftE5dihwlBFScZT0TBMFF5wIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFEp3NiEyR4AejFyMV5Dgo7j9iwNAMB8GA1UdIwQY
MBaAFDrHjzPo4RhzJ2Z/qU/XRGuNkeW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEt
ZGMwMWY0YjRiYWU0LzEvU25jMklUSkhnQjZNWEl4WGtPQ2p1UDJMQTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEtZGMwMWY0YjRiYWU0
LzEvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzAaBAIAATAUMAwDBAO5srgD
BAC5sroDBADBGcgwRQQCAAIwPwMFAyoHZ4ADBwAqCmaAC+4wEAMGBCoKZoAQAwYE
KgpmgCADBwAqCmaAvuEwEgMHACoKZoC+5QMHACoKZoC+5jANBgkqhkiG9w0BAQsF
AAOCAQEAyjb5naTjP2dJismlDiyGz7cQGeHoUf6E1QIBlitN/LMMte0RJAdjwWiG
md+8m+IEb17SY5DyowBzb8ypmk/nI7BbCFf4jwlCX63g8kjYYndT74ROUieNJSIh
VnYBCj1ZhMNoDL3OIXk8Z4EjDbLA1rv0SnP0inJr+9gylGnCO5QrRYY43cCYlp+5
7kLjBQ9IaRsX+MYEhhYj4Xi/vYYyLfmSwpvWr7CFiYw4r2PMYcRF4rYHAVRmabiN
C/L2cIoRBBR8kYp0UlN14XoNjs1E4F6mkSzvjZPioYOAwWR04YkdLcHa3PlNt5iR
EK0StXXCqgkYSOYhWV/J4YpEF3xZUQ==
-----END CERTIFICATE-----