Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/ndXs8BtQydROVFeABvi9rhurF1Q.roa
File:                     ndXs8BtQydROVFeABvi9rhurF1Q.roa (raw, json)
Hash identifier:          NMJct1IxRj4ukm+4zEVEJRRSuftA1DskAZVDpBKKQCY=
Subject key identifier:   9D:D5:EC:F0:1B:50:C9:D4:4E:54:57:80:06:F8:BD:AE:1B:AB:17:54
Certificate issuer:       /CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
Certificate serial:       018E6A5E8CF935B200686F8CBA5291689D39
Authority key identifier: 03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/ndXs8BtQydROVFeABvi9rhurF1Q.roa
Signing time:             Sat 23 Mar 2024 08:12:45 +0000
ROA not before:           Sat 23 Mar 2024 08:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212341
IP address blocks:        77.87.185.0/24 maxlen: 24
                          185.66.176.0/22 maxlen: 22
                          185.66.178.0/24 maxlen: 24
                          2a05:900::/32 maxlen: 32
                          2a05:901::/32 maxlen: 32
                          2a05:902::/32 maxlen: 32
                          2a05:903::/32 maxlen: 32
                          2a05:904::/32 maxlen: 32
                          2a05:905::/32 maxlen: 32
                          2a05:907::/32 maxlen: 32
                          2a05:907:2001::/48 maxlen: 48
                          2a05:907:2002::/48 maxlen: 48
Validation:               Failed, certificate revoked on Sat 23 Mar 2024 08:13:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6a:5e:8c:f9:35:b2:00:68:6f:8c:ba:52:91:68:9d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
        Validity
            Not Before: Mar 23 08:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd5ecf01b50c9d44e54578006f8bdae1bab1754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:41:5f:cb:29:03:7b:f8:ef:fe:91:95:0f:a6:
                    19:85:6a:4f:b6:ec:70:88:09:d1:ff:a3:59:9d:9b:
                    a7:91:0d:71:ff:10:d6:dd:42:a0:8a:68:ca:23:eb:
                    53:63:f1:09:f7:0e:b8:3c:d7:f6:0d:44:38:ed:ab:
                    98:da:f5:f1:a9:db:2c:33:56:6b:3e:2f:86:36:ab:
                    20:a4:bf:98:22:ef:3a:53:34:32:e2:26:ae:b7:72:
                    68:68:7e:f7:05:d8:78:35:87:6a:0f:37:1a:fc:63:
                    a4:52:01:12:72:33:f6:49:c6:81:38:3b:ec:fb:64:
                    ad:2a:f5:78:64:6d:1b:71:49:37:07:76:ac:33:1c:
                    3e:c0:09:a9:08:b8:d2:b5:86:7d:c9:95:ec:d6:bc:
                    32:1f:b1:38:2c:09:4f:27:4c:0e:4a:df:1e:e3:a4:
                    b0:b4:1e:96:39:2c:7f:f0:65:6a:5f:11:9e:b0:4e:
                    c0:f0:9a:4c:08:7f:3d:c7:f7:d5:aa:65:6b:66:e9:
                    19:d2:fe:ee:70:c9:7e:6e:2c:0c:d9:e5:90:79:c8:
                    82:43:e8:3e:11:05:41:48:c2:4f:cc:15:4e:b2:f6:
                    11:94:44:0e:ab:55:43:e1:52:88:ba:bb:32:14:a1:
                    1d:1d:c7:f0:a0:0d:1a:c0:ea:98:0e:14:73:11:26:
                    e2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D5:EC:F0:1B:50:C9:D4:4E:54:57:80:06:F8:BD:AE:1B:AB:17:54
            X509v3 Authority Key Identifier:
                keyid:03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/ndXs8BtQydROVFeABvi9rhurF1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.185.0/24
                  185.66.176.0/22
                IPv6:
                  2a05:900::-2a05:905:ffff:ffff:ffff:ffff:ffff:ffff
                  2a05:907::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:e0:e3:d3:50:3e:ed:02:7e:67:f0:a9:b2:41:ce:66:96:20:
         11:6e:c2:f3:0a:7b:58:36:a7:86:29:75:a5:df:61:5a:74:4c:
         09:40:24:97:0c:fe:78:40:6e:00:a8:da:ed:0d:22:01:c9:aa:
         47:77:d4:7e:8b:d1:4a:5f:e2:52:9e:e6:89:95:45:4e:b1:bd:
         b5:d5:1c:89:93:10:ae:f5:4c:a6:2e:44:a1:44:fb:cd:bb:08:
         eb:b7:af:35:9a:27:75:d7:a5:d1:52:25:d6:31:fc:0d:15:6f:
         1c:d0:ce:b8:46:a2:c4:52:5c:f9:96:cf:6c:58:f6:d7:9a:82:
         56:e1:e0:57:cd:1c:2a:62:10:4a:5a:b7:b7:92:55:7c:48:e4:
         92:08:05:d8:74:1e:36:c9:f8:5a:39:14:2f:87:87:1a:7a:cf:
         1e:f8:01:4a:a3:a3:95:07:5b:83:ff:5f:53:42:1c:87:2f:47:
         86:c4:38:d3:d2:fb:8d:9c:0a:11:2a:bd:79:1a:b5:e5:fa:43:
         54:04:b2:ca:4b:70:2d:9f:75:07:9f:0e:9d:ec:87:1b:e2:96:
         21:9b:da:9c:a1:4e:5d:e9:7f:2b:8c:54:4a:b0:af:f3:b6:78:
         d0:b1:19:b5:c5:06:51:5a:47:f3:48:32:14:2d:48:e7:82:e9:
         22:6f:b9:5d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY5qXoz5NbIAaG+MulKRaJ05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYzMzZTQzZWY1NjUyN2ExNjlkNmFjNmQ3ZTYyYzYzZDE5
NzMwNTEwHhcNMjQwMzIzMDgxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ1ZWNmMDFiNTBjOWQ0NGU1NDU3ODAwNmY4YmRhZTFiYWIxNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUFfyykDe/jv/pGVD6YZhWpPtuxw
iAnR/6NZnZunkQ1x/xDW3UKgimjKI+tTY/EJ9w64PNf2DUQ47auY2vXxqdssM1Zr
Pi+GNqsgpL+YIu86UzQy4iaut3JoaH73Bdh4NYdqDzca/GOkUgEScjP2ScaBODvs
+2StKvV4ZG0bcUk3B3asMxw+wAmpCLjStYZ9yZXs1rwyH7E4LAlPJ0wOSt8e46Sw
tB6WOSx/8GVqXxGesE7A8JpMCH89x/fVqmVrZukZ0v7ucMl+biwM2eWQeciCQ+g+
EQVBSMJPzBVOsvYRlEQOq1VD4VKIursyFKEdHcfwoA0awOqYDhRzESbiqQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJ3V7PAbUMnUTlRXgAb4va4bqxdUMB8GA1UdIwQY
MBaAFAPDPkPvVlJ6Fp1qxtfmLGPRlzBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUt
YTNhM2ViODc5ZjJiLzEvbmRYczhCdFF5ZFJPVkZlQUJ2aTlyaHVyRjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUtYTNhM2ViODc5ZjJi
LzEvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjASBAIAATAMAwQATVe5AwQC
uUKwMBwEAgACMBYwDQMEACoFCQMFASoFCQQDBQAqBQkHMA0GCSqGSIb3DQEBCwUA
A4IBAQAO4OPTUD7tAn5n8KmyQc5mliARbsLzCntYNqeGKXWl32FadEwJQCSXDP54
QG4AqNrtDSIByapHd9R+i9FKX+JSnuaJlUVOsb211RyJkxCu9UymLkShRPvNuwjr
t681mid116XRUiXWMfwNFW8c0M64RqLEUlz5ls9sWPbXmoJW4eBXzRwqYhBKWre3
klV8SOSSCAXYdB42yfhaORQvh4caes8e+AFKo6OVB1uD/19TQhyHL0eGxDjT0vuN
nAoRKr15GrXl+kNUBLLKS3Atn3UHnw6d7Icb4pYhm9qcoU5d6X8rjFRKsK/ztnjQ
sRm1xQZRWkfzSDIULUjngukib7ld
-----END CERTIFICATE-----