Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/SXiy2k6puSinXEh0377cBqpup18.roa
File:                     SXiy2k6puSinXEh0377cBqpup18.roa (raw, json)
Hash identifier:          zaI3yHbXWRKQeAAOKXGw4SQg2hJ8SBUTGFNLq2n4tV8=
Subject key identifier:   49:78:B2:DA:4E:A9:B9:28:A7:5C:48:74:DF:BE:DC:06:AA:6E:A7:5F
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018DECE72755E2E98074B16174D82DE0E1FA
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/SXiy2k6puSinXEh0377cBqpup18.roa
Signing time:             Tue 27 Feb 2024 23:29:48 +0000
ROA not before:           Tue 27 Feb 2024 23:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        5.182.184.0/24 maxlen: 24
                          78.31.207.0/24 maxlen: 24
                          104.232.37.0/24 maxlen: 24
                          162.218.92.0/24 maxlen: 24
                          162.218.94.0/24 maxlen: 24
                          185.187.213.0/24 maxlen: 24
                          185.205.207.0/24 maxlen: 24
                          185.230.120.0/24 maxlen: 24
                          185.230.123.0/24 maxlen: 24
                          2a0a:8f40:31::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ec:e7:27:55:e2:e9:80:74:b1:61:74:d8:2d:e0:e1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Feb 27 23:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4978b2da4ea9b928a75c4874dfbedc06aa6ea75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:71:27:1d:e4:52:b6:2c:87:21:31:d7:ad:a2:
                    90:b3:c9:da:bc:2a:71:38:d5:4f:63:9e:00:1d:f9:
                    6d:cd:a9:d0:72:0e:f5:0f:89:26:ce:dd:fa:4e:5a:
                    cf:32:51:ec:08:43:25:39:29:0a:10:68:4a:84:27:
                    b2:28:46:7b:0d:39:15:82:7b:5b:5a:6b:c2:a0:3c:
                    98:4d:b3:b6:90:c9:66:a3:6f:73:35:d7:a9:5f:ff:
                    3d:4e:77:e2:9e:19:96:c5:65:2b:f0:aa:c0:b5:df:
                    73:2f:2d:cc:08:d2:05:b9:1f:92:f5:0a:55:f9:5f:
                    3f:98:41:1c:e8:b9:31:ae:75:26:88:52:87:d3:3a:
                    af:86:06:25:8f:e0:c0:dc:a7:0d:37:85:12:49:e5:
                    b6:97:fc:72:97:f2:fb:27:8d:0c:34:9e:48:c5:ee:
                    2d:d6:56:ac:8b:67:b8:a3:88:6e:5b:1c:d9:89:ea:
                    00:8a:04:8c:00:9e:6a:9f:52:c1:5f:93:9b:46:c9:
                    5b:39:e2:c6:e9:84:5f:a2:82:5a:8b:be:6e:73:ca:
                    dc:bf:3f:85:ff:1e:17:30:02:2d:0c:38:29:ed:87:
                    88:51:9f:4c:20:d2:8d:02:f0:0f:d1:b8:d1:f9:90:
                    c2:0b:9c:80:6b:40:d4:e2:ca:7d:25:55:e6:a2:24:
                    b2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:78:B2:DA:4E:A9:B9:28:A7:5C:48:74:DF:BE:DC:06:AA:6E:A7:5F
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/SXiy2k6puSinXEh0377cBqpup18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.184.0/24
                  78.31.207.0/24
                  104.232.37.0/24
                  162.218.92.0/24
                  162.218.94.0/24
                  185.187.213.0/24
                  185.205.207.0/24
                  185.230.120.0/24
                  185.230.123.0/24
                IPv6:
                  2a0a:8f40:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:0c:4b:f0:25:29:8d:83:60:88:a9:34:ee:39:46:18:58:fc:
         9a:43:90:bc:8a:9e:ed:6e:6d:a1:30:bd:d5:8a:6f:a1:7a:f3:
         0c:fb:12:f9:e8:a2:d7:b5:b3:35:3e:09:18:85:3c:ea:79:89:
         9d:27:a2:4e:9a:ec:2b:43:e4:c4:16:ef:9e:b7:c8:b3:04:04:
         ca:e8:c6:2d:ca:ae:9a:a6:95:1e:df:87:c9:dc:b4:34:ac:e4:
         13:f8:4a:b0:41:c6:79:83:ff:4e:1c:2b:8a:da:88:db:85:74:
         a0:88:c9:c0:56:24:af:9b:f4:a6:06:6c:64:67:ee:39:7c:71:
         c9:40:1e:5f:7b:9a:1d:d3:02:1b:f0:3e:c1:ee:dc:b5:d5:9b:
         e3:e4:51:89:63:ea:d7:dd:8f:eb:60:e4:c6:6f:7d:e9:60:36:
         6c:22:ea:da:ef:0e:8e:20:fa:b0:e7:14:d0:9d:3b:1c:20:c4:
         1f:a2:0e:f2:1c:63:54:43:9f:8f:bc:41:09:52:ed:6f:b0:fa:
         0c:d5:1d:39:be:78:a9:b5:b5:d4:17:8a:0e:4b:4f:40:d6:6b:
         8f:12:98:5f:91:42:68:1a:a9:26:6c:41:0e:bc:b8:5d:52:f5:
         e8:b9:c8:9b:4c:0d:c4:47:61:a4:42:54:f4:b1:2c:5b:24:f5:
         90:72:23:ac
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAY3s5ydV4umAdLFhdNgt4OH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMjI3MjMyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc4YjJkYTRlYTliOTI4YTc1YzQ4NzRkZmJlZGMwNmFhNmVhNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XEnHeRStiyHITHXraKQs8navCpx
ONVPY54AHfltzanQcg71D4kmzt36TlrPMlHsCEMlOSkKEGhKhCeyKEZ7DTkVgntb
WmvCoDyYTbO2kMlmo29zNdepX/89TnfinhmWxWUr8KrAtd9zLy3MCNIFuR+S9QpV
+V8/mEEc6LkxrnUmiFKH0zqvhgYlj+DA3KcNN4USSeW2l/xyl/L7J40MNJ5Ixe4t
1lasi2e4o4huWxzZieoAigSMAJ5qn1LBX5ObRslbOeLG6YRfooJai75uc8rcvz+F
/x4XMAItDDgp7YeIUZ9MINKNAvAP0bjR+ZDCC5yAa0DU4sp9JVXmoiSyWQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEl4stpOqbkop1xIdN++3AaqbqdfMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvU1hpeTJrNnB1U2luWEVoMDM3N2NCcXB1cDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQABba4AwQA
Th/PAwQAaOglAwQAotpcAwQAotpeAwQAubvVAwQAuc3PAwQAueZ4AwQAueZ7MA8E
AgACMAkDBwAqCo9AADEwDQYJKoZIhvcNAQELBQADggEBAFoMS/AlKY2DYIipNO45
RhhY/JpDkLyKnu1ubaEwvdWKb6F68wz7Evnoote1szU+CRiFPOp5iZ0nok6a7CtD
5MQW7563yLMEBMroxi3KrpqmlR7fh8nctDSs5BP4SrBBxnmD/04cK4raiNuFdKCI
ycBWJK+b9KYGbGRn7jl8cclAHl97mh3TAhvwPsHu3LXVm+PkUYlj6tfdj+tg5MZv
felgNmwi6trvDo4g+rDnFNCdOxwgxB+iDvIcY1RDn4+8QQlS7W+w+gzVHTm+eKm1
tdQXig5LT0DWa48SmF+RQmgaqSZsQQ68uF1S9ei5yJtMDcRHYaRCVPSxLFsk9ZBy
I6w=
-----END CERTIFICATE-----