Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/SJn0mWIEZYazydCuCLeOf5Rs2gw.roa
File:                     SJn0mWIEZYazydCuCLeOf5Rs2gw.roa (raw, json)
Hash identifier:          NdHDLXlL1i1qsaT+KGTuI39anJ38CSpYZcvxuQ8gePM=
Subject key identifier:   48:99:F4:99:62:04:65:86:B3:C9:D0:AE:08:B7:8E:7F:94:6C:DA:0C
Certificate issuer:       /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial:       018CC3B7074F3F0D8C5FF291D59442406C6C
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/SJn0mWIEZYazydCuCLeOf5Rs2gw.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34343
IP address blocks:        91.148.224.0/22 maxlen: 24
                          91.148.228.0/22 maxlen: 24
                          195.200.84.0/24 maxlen: 24
                          195.200.85.0/24 maxlen: 24
                          193.138.220.0/24 maxlen: 24
                          85.12.56.0/24 maxlen: 24
                          176.124.71.0/24 maxlen: 24
                          91.148.192.0/24 maxlen: 24
                          185.91.29.0/24 maxlen: 24
                          2a01:788:aaac::/48 maxlen: 48
                          2a01:788:aaaa::/48 maxlen: 48
                          2a01:788:aaab::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 10:06:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:07:4f:3f:0d:8c:5f:f2:91:d5:94:42:40:6c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4899f49962046586b3c9d0ae08b78e7f946cda0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2d:74:ff:15:35:6e:26:e7:ed:99:ba:c9:f2:
                    a2:14:83:42:df:2c:da:98:e5:00:c3:ac:d0:65:19:
                    de:d3:cf:5d:88:61:79:4d:7f:af:75:77:01:b5:a3:
                    aa:e9:9c:df:9c:e8:32:4c:c4:a2:a9:b0:d5:36:0d:
                    49:b1:ea:9e:18:9a:a4:2d:03:b6:61:ee:f1:1e:e2:
                    3b:d9:ab:a4:81:cb:99:ae:85:75:12:ec:b7:78:ea:
                    27:c1:d8:f6:1b:4a:62:ed:31:68:f9:52:c1:bc:a4:
                    16:c2:6b:78:a4:af:17:69:5c:92:2a:09:72:31:8e:
                    c2:c8:fe:f9:6e:be:02:1a:d3:a5:70:87:75:49:f7:
                    00:00:40:e7:5c:66:7c:a2:e6:69:7d:2e:ca:92:df:
                    0a:62:ec:f9:d9:99:c9:22:a0:fa:4d:4c:e7:26:98:
                    53:a7:65:f4:b7:9e:1f:51:b6:9d:b2:a2:5c:d6:64:
                    74:46:24:71:af:7e:84:d4:23:4a:ff:2c:b5:68:62:
                    53:b6:5e:b2:f4:6e:4f:81:16:84:37:15:fc:2c:93:
                    1d:79:28:c7:1e:c2:95:5b:18:49:a8:43:70:1f:db:
                    d5:15:f4:0f:10:96:0c:99:e3:f2:5a:63:ea:90:52:
                    fe:74:5c:0b:52:11:34:de:4a:2e:2e:56:95:9e:5d:
                    45:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:99:F4:99:62:04:65:86:B3:C9:D0:AE:08:B7:8E:7F:94:6C:DA:0C
            X509v3 Authority Key Identifier:
                keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/SJn0mWIEZYazydCuCLeOf5Rs2gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.12.56.0/24
                  91.148.192.0/24
                  91.148.224.0/21
                  176.124.71.0/24
                  185.91.29.0/24
                  193.138.220.0/24
                  195.200.84.0/23
                IPv6:
                  2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6f:5c:7d:b5:10:e8:cf:0b:ad:03:f2:b5:bd:94:b5:53:dc:9f:
         63:6f:7e:c8:41:ef:15:a7:72:b9:ae:d2:97:5f:6e:77:b9:be:
         ce:86:e3:6c:6a:98:00:e0:1d:a4:6f:83:86:60:aa:4a:1f:95:
         d1:1e:a9:2a:34:57:94:d0:58:75:d9:78:02:e5:39:86:8c:42:
         61:a1:53:21:b5:36:bf:db:78:c3:ca:49:8a:d3:1f:e3:4e:f9:
         57:c6:f9:84:72:e6:c9:37:60:e6:9f:df:5f:58:a0:67:dc:33:
         94:3c:3b:0d:39:03:62:7d:18:7b:73:75:70:a1:aa:eb:d0:bf:
         22:b4:27:bf:8c:99:37:00:00:17:5b:de:10:3f:67:e0:8c:2f:
         a2:80:4b:60:49:b4:1d:d5:e3:ae:0c:f8:d3:b5:ef:f4:56:5f:
         b3:9a:21:6b:8f:74:c8:c1:58:e4:58:af:90:cd:d4:26:26:30:
         af:4c:e2:36:44:06:4f:14:1e:66:23:b2:a1:58:46:3c:fe:2e:
         aa:61:00:ae:6f:ae:dd:56:33:66:cb:30:bf:5c:e2:c1:25:54:
         c7:cb:bb:bd:01:8d:32:dd:82:c4:24:ed:97:0c:23:f2:fb:98:
         39:b2:0e:68:da:2b:01:28:14:75:d8:2e:86:cf:d2:19:cc:95:
         9d:64:e7:b6
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzDtwdPPw2MX/KR1ZRCQGxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODk5ZjQ5OTYyMDQ2NTg2YjNjOWQwYWUwOGI3OGU3Zjk0NmNkYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC10/xU1bibn7Zm6yfKiFINC3yza
mOUAw6zQZRne089diGF5TX+vdXcBtaOq6ZzfnOgyTMSiqbDVNg1JseqeGJqkLQO2
Ye7xHuI72aukgcuZroV1Euy3eOonwdj2G0pi7TFo+VLBvKQWwmt4pK8XaVySKgly
MY7CyP75br4CGtOlcId1SfcAAEDnXGZ8ouZpfS7Kkt8KYuz52ZnJIqD6TUznJphT
p2X0t54fUbadsqJc1mR0RiRxr36E1CNK/yy1aGJTtl6y9G5PgRaENxX8LJMdeSjH
HsKVWxhJqENwH9vVFfQPEJYMmePyWmPqkFL+dFwLUhE03kouLlaVnl1FyQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEiZ9JliBGWGs8nQrgi3jn+UbNoMMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvU0puMG1XSUVaWWF6eWRDdUNMZU9mNVJzMmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAwBAIAATAqAwQAVQw4AwQA
W5TAAwQDW5TgAwQAsHxHAwQAuVsdAwQAwYrcAwQBw8hUMBoEAgACMBQwEgMHASoB
B4iqqgMHACoBB4iqrDANBgkqhkiG9w0BAQsFAAOCAQEAb1x9tRDozwutA/K1vZS1
U9yfY29+yEHvFadyua7Sl19ud7m+zobjbGqYAOAdpG+DhmCqSh+V0R6pKjRXlNBY
ddl4AuU5hoxCYaFTIbU2v9t4w8pJitMf4075V8b5hHLmyTdg5p/fX1igZ9wzlDw7
DTkDYn0Ye3N1cKGq69C/IrQnv4yZNwAAF1veED9n4IwvooBLYEm0HdXjrgz407Xv
9FZfs5oha490yMFY5FivkM3UJiYwr0ziNkQGTxQeZiOyoVhGPP4uqmEArm+u3VYz
Zsswv1ziwSVUx8u7vQGNMt2CxCTtlwwj8vuYObIOaNorASgUddguhs/SGcyVnWTn
tg==
-----END CERTIFICATE-----