Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS3356.roa
File:                     AS3356.roa (raw, json)
Hash identifier:          qheUwJ/A4FRoJ1EVGhMqqAHkOQEPle+ltMjQxFosmyU=
Subject key identifier:   42:C4:78:20:89:42:A0:A1:B0:3C:E7:40:63:CC:9C:24:A2:89:AA:68
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       536F75ED82DD66D3F0D2F90CDA1E1AF8A7008B20
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS3356.roa
Signing time:             Thu 28 Sep 2023 20:01:19 +0000
ROA not before:           Thu 28 Sep 2023 19:56:19 +0000
ROA not after:            Thu 26 Sep 2024 20:01:19 +0000
asID:                     3356
IP address blocks:        141.11.132.0/23 maxlen: 24
                          141.11.168.0/23 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:6f:75:ed:82:dd:66:d3:f0:d2:f9:0c:da:1e:1a:f8:a7:00:8b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 28 19:56:19 2023 GMT
            Not After : Sep 26 20:01:19 2024 GMT
        Subject: CN=42C478208942A0A1B03CE74063CC9C24A289AA68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:dd:b3:78:da:18:80:d1:67:5f:f1:a7:e1:
                    5d:57:77:3b:c6:69:d4:1b:b1:d7:95:30:f5:e6:16:
                    2a:e9:1c:0d:87:85:d8:e2:e2:d4:0a:d8:64:84:68:
                    20:f7:9a:be:4b:25:3f:7b:a8:a5:ce:40:0b:6c:c9:
                    47:1b:22:dd:94:e4:9f:86:a6:3e:43:44:5c:db:0f:
                    53:e8:62:94:b0:0f:69:0c:50:75:53:f6:d6:52:b7:
                    92:61:ba:97:b7:6a:5c:f8:c9:cc:5f:f4:0e:0c:10:
                    c5:a3:57:38:29:6d:f7:d0:6c:10:88:2e:f4:87:f2:
                    09:af:3a:38:cb:a5:72:a3:c3:a0:cc:9e:49:bd:b9:
                    e3:e6:d2:80:0a:01:3a:e5:87:8b:cf:76:3d:0d:af:
                    45:16:de:1a:d6:2d:9f:b7:bd:1c:54:c9:95:61:24:
                    7c:fc:a6:4b:fe:fb:a5:49:da:47:8f:23:11:6f:4e:
                    f9:0a:39:0b:e5:28:12:26:d1:69:38:ed:3d:9c:ac:
                    9d:ed:bd:04:e7:ca:b6:6b:05:89:dc:24:c0:73:58:
                    99:0d:83:81:ba:73:89:09:f4:ee:79:67:80:8e:43:
                    20:9a:4e:91:4a:0e:1f:ed:75:6d:a0:ac:63:5c:94:
                    f9:08:6b:3e:09:2b:2b:92:80:7c:ec:37:90:0d:26:
                    dd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C4:78:20:89:42:A0:A1:B0:3C:E7:40:63:CC:9C:24:A2:89:AA:68
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS3356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.132.0/23
                  141.11.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:35:4f:b2:86:b3:47:2d:fa:b8:e8:4c:05:3b:cb:8b:88:b3:
         61:b2:9a:4a:a3:88:f2:60:91:de:81:d9:3e:00:c8:57:dd:9e:
         0e:f1:e2:f2:91:34:90:dc:2e:64:e3:42:31:01:b6:34:0c:d9:
         69:c0:79:a1:55:89:c2:8b:a1:65:ad:35:3d:ef:d9:52:c5:f9:
         a6:67:12:24:e1:30:e8:04:d2:07:72:7a:a6:71:ee:5f:11:8c:
         03:43:ea:30:c9:cc:71:e7:04:3f:90:d1:c6:37:4a:55:6c:2d:
         08:cf:65:e2:91:50:ca:bf:3a:c2:2a:08:32:23:8e:68:07:62:
         e5:5e:a8:fe:6a:c0:15:a6:2f:ec:11:dd:e3:7c:ef:22:8a:5b:
         60:e7:9d:37:14:df:71:64:4f:8a:93:1a:08:b1:52:81:12:92:
         60:4b:f4:32:9f:c8:29:f8:42:87:85:27:93:bc:61:7c:65:d5:
         05:d2:22:b0:1b:ce:5d:7f:d1:b6:a3:6a:2c:3e:51:ba:35:ca:
         38:e1:19:64:7f:2d:f8:bd:d9:c9:74:b8:92:c9:0c:f5:1a:61:
         1e:0b:c0:cd:9c:8b:6e:0b:ea:43:e7:7c:0e:ce:d0:3f:7f:df:
         3a:f3:d6:7c:d8:5f:d7:97:7e:28:7f:39:6e:2e:1d:61:c6:79:
         f8:a7:0e:b6
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUU2917YLdZtPw0vkM2h4a+KcAiyAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzA5MjgxOTU2MTlaFw0yNDA5MjYyMDAxMTlaMDMxMTAvBgNV
BAMTKDQyQzQ3ODIwODk0MkEwQTFCMDNDRTc0MDYzQ0M5QzI0QTI4OUFBNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvj92zeNoYgNFnX/Gn4V1XdzvG
adQbsdeVMPXmFirpHA2Hhdji4tQK2GSEaCD3mr5LJT97qKXOQAtsyUcbIt2U5J+G
pj5DRFzbD1PoYpSwD2kMUHVT9tZSt5Jhupe3alz4ycxf9A4MEMWjVzgpbffQbBCI
LvSH8gmvOjjLpXKjw6DMnkm9uePm0oAKATrlh4vPdj0Nr0UW3hrWLZ+3vRxUyZVh
JHz8pkv++6VJ2kePIxFvTvkKOQvlKBIm0Wk47T2crJ3tvQTnyrZrBYncJMBzWJkN
g4G6c4kJ9O55Z4COQyCaTpFKDh/tdW2grGNclPkIaz4JKyuSgHzsN5ANJt2pAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUQsR4IIlCoKGwPOdAY8ycJKKJqmgwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzM1Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAY0LhAME
AY0LqDANBgkqhkiG9w0BAQsFAAOCAQEAlTVPsoazRy36uOhMBTvLi4izYbKaSqOI
8mCR3oHZPgDIV92eDvHi8pE0kNwuZONCMQG2NAzZacB5oVWJwouhZa01Pe/ZUsX5
pmcSJOEw6ATSB3J6pnHuXxGMA0PqMMnMcecEP5DRxjdKVWwtCM9l4pFQyr86wioI
MiOOaAdi5V6o/mrAFaYv7BHd43zvIopbYOedNxTfcWRPipMaCLFSgRKSYEv0Mp/I
KfhCh4Unk7xhfGXVBdIisBvOXX/RtqNqLD5RujXKOOEZZH8t+L3ZyXS4kskM9Rph
HgvAzZyLbgvqQ+d8Ds7QP3/fOvPWfNhf15d+KH85bi4dYcZ5+KcOtg==
Generated at Fri Dec 15 00:29:26 2023 by rpki-client on console-ams.rpki-client.org