Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/OniyQKYc2c39WaIRajdwuA6HR0o.roa
File:                     OniyQKYc2c39WaIRajdwuA6HR0o.roa (raw, json)
Hash identifier:          owsj+bsObFjb8M3Uh8pdXBayHLrKG7QvW4WRuqQV84Y=
Subject key identifier:   3A:78:B2:40:A6:1C:D9:CD:FD:59:A2:11:6A:37:70:B8:0E:87:47:4A
Certificate issuer:       /CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
Certificate serial:       018A517656EC0418224585108DA060D86E74
Authority key identifier: 49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/OniyQKYc2c39WaIRajdwuA6HR0o.roa
Signing time:             Fri 01 Sep 2023 15:57:04 +0000
ROA not before:           Fri 01 Sep 2023 15:57:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35676
IP address blocks:        178.213.66.0/23 maxlen: 23
                          178.213.68.0/22 maxlen: 22
                          178.213.68.0/24 maxlen: 24
                          194.5.88.0/23 maxlen: 23
                          195.234.36.0/24 maxlen: 24
                          185.16.252.0/23 maxlen: 23
                          185.16.252.0/22 maxlen: 22
                          185.16.254.0/23 maxlen: 23
                          178.213.64.0/23 maxlen: 23
                          178.213.64.0/22 maxlen: 22
                          193.105.186.0/24 maxlen: 24
                          2a03:6f82::/32 maxlen: 32
                          2a03:6f81::/33 maxlen: 33
                          2a03:6f81::/32 maxlen: 33
                          2a03:6f80::/32 maxlen: 33
                          2a03:6f80::/33 maxlen: 33

Validation:               Failed, certificate revoked on Fri 01 Sep 2023 17:06:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:51:76:56:ec:04:18:22:45:85:10:8d:a0:60:d8:6e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
        Validity
            Not Before: Sep  1 15:57:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a78b240a61cd9cdfd59a2116a3770b80e87474a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:63:50:0d:5e:46:bf:e6:36:ee:fa:fd:fb:e0:
                    b2:c1:37:a4:16:2d:2b:78:e8:01:21:02:90:e9:09:
                    c8:cf:44:19:d8:f3:93:fa:c7:9c:19:ec:2b:37:95:
                    83:b0:33:e7:ba:eb:f8:df:45:2e:9a:99:82:9f:b4:
                    1b:d0:d4:60:00:42:b5:1e:d9:9d:5a:47:21:27:01:
                    e0:65:35:c8:82:ab:4b:97:f5:b7:ac:59:9f:b0:f1:
                    d6:2b:f5:69:82:10:1b:2d:bf:e1:39:c7:f3:6b:08:
                    d4:56:5f:b7:21:6f:ac:92:a1:21:f3:9a:ed:3b:32:
                    94:c2:78:59:bb:7a:ad:fd:cc:1a:01:bb:4c:0b:4a:
                    4f:22:ca:0a:07:e1:fd:e0:74:e6:ad:41:27:d4:17:
                    2e:04:49:21:78:42:86:1b:38:24:97:c0:4b:56:2f:
                    7f:b8:d5:30:2e:d7:02:47:f3:c2:9c:a1:90:2b:8f:
                    ec:7e:2c:c2:cb:7d:ad:97:b9:91:97:41:b1:ef:21:
                    3c:e0:aa:40:4b:5f:d4:25:79:98:15:3a:dd:23:08:
                    09:b4:33:cc:82:5b:0a:d4:9c:3c:0f:6f:56:c4:a1:
                    2b:b6:58:59:02:eb:10:6b:39:ca:71:37:ca:6f:34:
                    52:77:b8:f3:08:ad:af:dc:51:0c:00:ba:62:d7:d5:
                    e7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:78:B2:40:A6:1C:D9:CD:FD:59:A2:11:6A:37:70:B8:0E:87:47:4A
            X509v3 Authority Key Identifier:
                keyid:49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/OniyQKYc2c39WaIRajdwuA6HR0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/SeRO7qJladDdvQ6GN_Es9QWk7ek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.64.0/21
                  185.16.252.0/22
                  193.105.186.0/24
                  194.5.88.0/23
                  195.234.36.0/24
                IPv6:
                  2a03:6f80::-2a03:6f82:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         44:9c:24:4a:5b:21:1f:3d:e7:95:08:52:84:4f:82:e2:19:74:
         e3:a7:99:7c:1c:85:bc:37:67:8d:16:a1:0b:a9:b3:b9:2b:78:
         07:9b:ac:ac:61:af:8e:62:2a:66:98:b3:12:33:31:e0:7d:e6:
         09:ad:81:86:17:77:51:d6:b3:93:07:e3:44:8c:ca:b8:d6:4d:
         43:c9:2a:b7:14:d1:95:7d:ac:e6:9e:eb:d5:84:01:82:2e:95:
         17:c6:fa:5b:3b:48:c2:0c:50:b5:c9:de:83:2e:d6:cb:0f:56:
         8b:1e:44:53:8d:97:70:ac:f6:4a:bb:74:95:7b:ec:e3:1e:e9:
         59:4d:5b:55:a7:c1:3d:f4:3d:84:cb:59:c2:cf:a6:36:17:90:
         25:cc:6d:64:a7:d3:ed:7f:95:01:75:ec:31:f9:94:6c:f5:e1:
         ae:c2:41:a5:f4:3b:ea:e4:b9:e4:c3:d7:dc:68:0f:61:ad:23:
         df:8f:90:95:4d:26:1d:07:da:7d:3a:8c:72:5e:61:bf:ba:9e:
         1e:91:78:93:01:b8:30:70:88:cb:4b:dd:09:20:ae:ed:93:ab:
         9e:ec:3d:08:e5:1e:85:cc:c0:93:1d:e8:3d:9e:b6:30:8a:46:
         9d:e3:49:6f:b5:24:ac:2f:51:5a:c0:ba:45:a1:ec:24:42:fb:
         39:8c:7f:e6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYpRdlbsBBgiRYUQjaBg2G50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTQ0ZWVlYTI2NTY5ZDBkZGJkMGU4NjM3ZjEyY2Y1MDVh
NGVkZTkwHhcNMjMwOTAxMTU1NzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc4YjI0MGE2MWNkOWNkZmQ1OWEyMTE2YTM3NzBiODBlODc0NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmNQDV5Gv+Y27vr9++CywTekFi0r
eOgBIQKQ6QnIz0QZ2POT+secGewrN5WDsDPnuuv430UumpmCn7Qb0NRgAEK1Htmd
WkchJwHgZTXIgqtLl/W3rFmfsPHWK/VpghAbLb/hOcfzawjUVl+3IW+skqEh85rt
OzKUwnhZu3qt/cwaAbtMC0pPIsoKB+H94HTmrUEn1BcuBEkheEKGGzgkl8BLVi9/
uNUwLtcCR/PCnKGQK4/sfizCy32tl7mRl0Gx7yE84KpAS1/UJXmYFTrdIwgJtDPM
glsK1Jw8D29WxKErtlhZAusQaznKcTfKbzRSd7jzCK2v3FEMALpi19Xn1wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDp4skCmHNnN/VmiEWo3cLgOh0dKMB8GA1UdIwQY
MBaAFEnkTu6iZWnQ3b0OhjfxLPUFpO3pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEt
ZjBjNGJlOGUyNDBhLzEvT25peVFLWWMyYzM5V2FJUmFqZHd1QTZIUjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEtZjBjNGJlOGUyNDBh
LzEvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQDstVAAwQC
uRD8AwQAwWm6AwQBwgVYAwQAw+okMBYEAgACMBAwDgMFByoDb4ADBQAqA2+CMA0G
CSqGSIb3DQEBCwUAA4IBAQBEnCRKWyEfPeeVCFKET4LiGXTjp5l8HIW8N2eNFqEL
qbO5K3gHm6ysYa+OYipmmLMSMzHgfeYJrYGGF3dR1rOTB+NEjMq41k1DySq3FNGV
fazmnuvVhAGCLpUXxvpbO0jCDFC1yd6DLtbLD1aLHkRTjZdwrPZKu3SVe+zjHulZ
TVtVp8E99D2Ey1nCz6Y2F5AlzG1kp9Ptf5UBdewx+ZRs9eGuwkGl9Dvq5Lnkw9fc
aA9hrSPfj5CVTSYdB9p9OoxyXmG/up4ekXiTAbgwcIjLS90JIK7tk6ue7D0I5R6F
zMCTHeg9nrYwikad40lvtSSsL1FawLpFoewkQvs5jH/m
-----END CERTIFICATE-----