Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/XmTMLRT6O6K2eug8z1OuFcVdsps.roa
File:                     XmTMLRT6O6K2eug8z1OuFcVdsps.roa (raw, json)
Hash identifier:          JZb2wE1sYjSSR36DJhW/Zy7gIqUbr+iOEtfbJAdSE6Y=
Subject key identifier:   5E:64:CC:2D:14:FA:3B:A2:B6:7A:E8:3C:CF:53:AE:15:C5:5D:B2:9B
Certificate issuer:       /CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
Certificate serial:       01857271020631350625A701569B6DF32790
Authority key identifier: 3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/XmTMLRT6O6K2eug8z1OuFcVdsps.roa
Signing time:             Mon 02 Jan 2023 12:24:46 +0000
ROA not before:           Mon 02 Jan 2023 12:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203500
IP address blocks:        193.25.200.0/24 maxlen: 24
                          185.178.185.0/24 maxlen: 24
                          185.178.186.0/24 maxlen: 24
                          185.178.184.0/24 maxlen: 24
                          2a07:6780::/29 maxlen: 29
                          2a0a:6680:bee::/48 maxlen: 48
                          2a0a:6680:bee6::/48 maxlen: 48
                          2a0a:6680:1979::/48 maxlen: 48
                          2a0a:6680:bee1::/48 maxlen: 48
                          2a0a:6680:bee5::/48 maxlen: 48
                          2a0a:6680:1000::/36 maxlen: 36
                          2a0a:6680:2000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:71:02:06:31:35:06:25:a7:01:56:9b:6d:f3:27:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
        Validity
            Not Before: Jan  2 12:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e64cc2d14fa3ba2b67ae83ccf53ae15c55db29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a4:04:bc:6d:34:07:b4:2c:2d:7b:8a:0d:9d:
                    be:89:66:6f:93:9a:4c:5b:fe:9e:7c:3f:30:a6:61:
                    56:f3:29:22:16:4b:74:a2:ec:ac:b9:36:09:b3:0b:
                    d4:7b:83:85:36:20:27:20:de:47:2a:88:a6:4f:9c:
                    2c:67:93:fc:39:ac:a6:83:d6:72:3a:d5:47:7b:28:
                    46:22:49:2d:00:8f:72:09:6e:b6:68:6c:06:0f:b5:
                    2a:86:1f:0d:95:1f:60:65:35:b0:c9:97:c4:97:ab:
                    ab:24:6c:ab:75:13:51:8a:cb:1f:4f:0b:5e:f3:91:
                    6c:06:4d:07:e1:82:d9:3f:15:bb:73:cf:9e:98:09:
                    03:1d:64:cb:66:ec:ed:25:66:b7:9c:08:40:60:ec:
                    d6:52:ae:99:0b:4d:01:04:3e:1f:c6:d1:a7:9c:f6:
                    ee:fe:fa:05:86:61:3b:b0:e8:e0:9e:89:ae:99:ed:
                    91:e8:6c:33:b4:41:db:5c:34:af:95:49:d6:dd:e9:
                    84:32:78:8d:c6:eb:41:f0:fa:26:1d:6f:b8:79:bf:
                    0a:a1:91:25:b4:7b:21:b2:10:2a:cc:74:2a:6c:33:
                    b0:f7:b1:b6:38:68:66:8e:51:c9:0b:60:27:6e:16:
                    91:ed:ae:57:d9:77:f7:d7:e6:12:df:d7:6e:60:0b:
                    eb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:64:CC:2D:14:FA:3B:A2:B6:7A:E8:3C:CF:53:AE:15:C5:5D:B2:9B
            X509v3 Authority Key Identifier:
                keyid:3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/XmTMLRT6O6K2eug8z1OuFcVdsps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/OsePM-jhGHMnZn-pT9dEa42R5bQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.184.0-185.178.186.255
                  193.25.200.0/24
                IPv6:
                  2a07:6780::/29
                  2a0a:6680:bee::/48
                  2a0a:6680:1000::-2a0a:6680:2fff:ffff:ffff:ffff:ffff:ffff
                  2a0a:6680:bee1::/48
                  2a0a:6680:bee5::-2a0a:6680:bee6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3f:3b:98:27:6d:64:07:dc:07:99:60:48:4f:e7:b5:6f:63:58:
         1b:8c:34:09:67:fe:60:91:3f:38:ff:0a:4f:a0:ff:62:9e:68:
         27:7a:0f:3d:28:a9:3a:e4:e5:a9:d6:07:04:7e:cf:60:47:09:
         b5:aa:68:20:c4:3b:40:87:0e:fe:33:9a:f6:69:1f:81:07:88:
         29:f0:76:46:97:43:23:d4:22:20:2d:b5:1f:fe:51:f2:0e:61:
         c7:5b:c0:31:f7:c0:c6:07:0e:83:c7:a1:78:1a:99:6e:23:90:
         9c:8f:50:9a:3b:16:40:fe:56:93:df:37:28:bc:b2:04:b2:a8:
         5c:a4:10:2c:78:07:a3:32:59:7a:62:7e:37:dd:1c:86:93:c2:
         7a:b9:1d:8e:45:50:9e:64:74:b3:48:71:f9:34:f5:03:3c:a5:
         5e:64:13:8a:19:fb:53:c0:f4:6d:20:f2:0d:13:ac:0b:3e:48:
         9a:86:25:fc:c9:e1:f3:4d:1b:bb:7e:6e:1b:2d:4c:48:56:c2:
         f5:e1:79:35:77:14:c3:10:0b:9f:21:cc:55:8e:12:47:99:93:
         7b:c1:4d:e2:f1:44:ce:09:a2:db:9a:ad:3c:42:33:4a:06:05:
         ba:43:81:91:ae:c2:0d:26:d9:13:71:01:46:05:e1:10:2e:08:
         5a:e2:f4:fe
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYVycQIGMTUGJacBVptt8yeQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYzc4ZjMzZThlMTE4NzMyNzY2N2ZhOTRmZDc0NDZiOGQ5
MWU1YjQwHhcNMjMwMTAyMTIyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY0Y2MyZDE0ZmEzYmEyYjY3YWU4M2NjZjUzYWUxNWM1NWRiMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaQEvG00B7QsLXuKDZ2+iWZvk5pM
W/6efD8wpmFW8ykiFkt0ouysuTYJswvUe4OFNiAnIN5HKoimT5wsZ5P8Oaymg9Zy
OtVHeyhGIkktAI9yCW62aGwGD7Uqhh8NlR9gZTWwyZfEl6urJGyrdRNRissfTwte
85FsBk0H4YLZPxW7c8+emAkDHWTLZuztJWa3nAhAYOzWUq6ZC00BBD4fxtGnnPbu
/voFhmE7sOjgnomume2R6GwztEHbXDSvlUnW3emEMniNxutB8PomHW+4eb8KoZEl
tHshshAqzHQqbDOw97G2OGhmjlHJC2AnbhaR7a5X2Xf31+YS39duYAvrCQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFF5kzC0U+juitnroPM9TrhXFXbKbMB8GA1UdIwQY
MBaAFDrHjzPo4RhzJ2Z/qU/XRGuNkeW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEt
ZGMwMWY0YjRiYWU0LzEvWG1UTUxSVDZPNksyZXVnOHoxT3VGY1Zkc3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEtZGMwMWY0YjRiYWU0
LzEvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzAaBAIAATAUMAwDBAO5srgD
BAC5sroDBADBGcgwRQQCAAIwPwMFAyoHZ4ADBwAqCmaAC+4wEAMGBCoKZoAQAwYE
KgpmgCADBwAqCmaAvuEwEgMHACoKZoC+5QMHACoKZoC+5jANBgkqhkiG9w0BAQsF
AAOCAQEAPzuYJ21kB9wHmWBIT+e1b2NYG4w0CWf+YJE/OP8KT6D/Yp5oJ3oPPSip
OuTlqdYHBH7PYEcJtapoIMQ7QIcO/jOa9mkfgQeIKfB2RpdDI9QiIC21H/5R8g5h
x1vAMffAxgcOg8eheBqZbiOQnI9QmjsWQP5Wk983KLyyBLKoXKQQLHgHozJZemJ+
N90chpPCerkdjkVQnmR0s0hx+TT1AzylXmQTihn7U8D0bSDyDROsCz5ImoYl/Mnh
800bu35uGy1MSFbC9eF5NXcUwxALnyHMVY4SR5mTe8FN4vFEzgmi25qtPEIzSgYF
ukOBka7CDSbZE3EBRgXhEC4IWuL0/g==
-----END CERTIFICATE-----