Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IqCkFVZDCpAB0Jmk1bIF1Xwy-qo.roa
File:                     IqCkFVZDCpAB0Jmk1bIF1Xwy-qo.roa (raw, json)
Hash identifier:          xzu2aUS4EiS6vBRBynTqvp7cw5jC71+KK1EhRYbeJwQ=
Subject key identifier:   22:A0:A4:15:56:43:0A:90:01:D0:99:A4:D5:B2:05:D5:7C:32:FA:AA
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018BF40D6977C35736D3BCFFFF9198988604
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IqCkFVZDCpAB0Jmk1bIF1Xwy-qo.roa
Signing time:             Tue 21 Nov 2023 22:43:21 +0000
ROA not before:           Tue 21 Nov 2023 22:43:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/23 maxlen: 24
                          45.157.211.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          185.226.181.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          79.98.246.0/23 maxlen: 24
                          176.125.250.0/24 maxlen: 24
                          176.125.251.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 24 Nov 2023 16:18:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f4:0d:69:77:c3:57:36:d3:bc:ff:ff:91:98:98:86:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Nov 21 22:43:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22a0a41556430a9001d099a4d5b205d57c32faaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:36:a3:19:8e:c6:d3:70:f8:55:37:5a:ed:e2:
                    21:67:ff:1d:eb:65:c6:84:5c:86:d9:9f:1d:c8:ee:
                    4f:bf:a4:4e:c0:32:9c:27:ac:54:1c:56:dd:13:68:
                    62:4e:54:56:21:ed:37:3e:86:e4:af:e5:63:be:91:
                    bb:8d:ba:ec:0e:c3:a7:2f:39:25:50:be:3c:0a:0e:
                    05:c2:cf:bf:a9:1d:3c:f0:23:c7:cd:ae:31:5a:8d:
                    eb:d8:36:ab:a5:f7:ad:70:7b:80:ad:7f:ed:c7:af:
                    30:b3:f5:27:e9:e5:cd:0f:bd:85:34:de:59:4c:26:
                    f5:55:72:4d:66:30:82:67:e3:0f:02:79:2f:6f:ab:
                    39:d3:59:32:e8:84:97:ec:32:a3:d0:8d:85:6d:25:
                    07:5c:2c:da:94:21:34:ed:9b:ee:6c:51:4a:f0:83:
                    99:ea:fd:91:1d:4c:94:f2:3e:6a:52:fe:f9:b5:cd:
                    d1:c8:d3:26:97:b4:ed:23:b0:a0:10:3a:eb:e6:78:
                    82:4c:24:fc:eb:52:6f:e1:ea:3a:1c:c4:b2:d1:d6:
                    cd:33:c6:8c:9d:41:5d:5a:fc:67:69:a2:b9:46:d8:
                    e8:58:01:79:a4:c1:aa:aa:25:a1:6c:99:79:5c:fa:
                    52:b6:18:c8:60:1b:1d:26:57:4b:89:bd:78:55:2a:
                    0b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A0:A4:15:56:43:0A:90:01:D0:99:A4:D5:B2:05:D5:7C:32:FA:AA
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IqCkFVZDCpAB0Jmk1bIF1Xwy-qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  45.157.211.0/24
                  79.98.246.0/23
                  176.125.250.0/23
                  185.199.151.0/24
                  185.199.212.0/23
                  185.226.181.0/24
                  185.250.26.0/24
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:4a:8e:98:99:ee:1a:59:4f:a0:6b:bd:79:8f:6e:c8:dc:08:
         bf:cd:f2:b4:f2:91:fc:bf:d3:ea:ae:73:96:5c:6b:b9:8c:f7:
         a7:1f:5d:e6:5f:29:e8:81:34:55:6a:30:91:55:ad:a6:88:1b:
         f9:35:c5:f8:9f:06:0c:dc:a3:3e:8f:a1:20:11:aa:f9:79:53:
         80:15:74:9f:76:ac:31:10:5e:fb:43:40:3b:e5:8d:2e:08:da:
         07:1f:59:8d:8e:43:e9:ec:13:f4:e0:91:52:09:c4:a9:c4:d7:
         21:97:f0:c9:22:01:da:02:ee:58:b8:05:74:5f:f5:1f:49:d3:
         90:ac:a7:d7:f4:4f:af:b1:82:73:94:ef:12:7c:d7:33:8d:1e:
         e0:d4:2c:aa:ce:71:04:86:96:fc:28:a0:25:de:f4:cb:6f:59:
         b0:b5:4b:9e:9c:d4:d0:38:ad:75:09:37:ef:b6:2d:10:b0:0c:
         15:fc:34:ff:c3:70:55:63:25:cb:a0:2e:47:05:a4:7d:4c:42:
         e7:34:e8:61:ce:d4:04:4b:80:7d:a8:fa:4d:b2:db:f4:17:ca:
         12:d4:58:d3:87:4b:5f:16:df:09:96:b3:30:18:88:f6:89:73:
         24:1a:e5:d4:67:49:c7:d6:b3:03:f4:01:58:29:8b:74:46:00:
         6a:2c:2b:e3
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYv0DWl3w1c207z//5GYmIYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMxMTIxMjI0MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmEwYTQxNTU2NDMwYTkwMDFkMDk5YTRkNWIyMDVkNTdjMzJmYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDajGY7G03D4VTda7eIhZ/8d62XG
hFyG2Z8dyO5Pv6ROwDKcJ6xUHFbdE2hiTlRWIe03Pobkr+VjvpG7jbrsDsOnLzkl
UL48Cg4Fws+/qR088CPHza4xWo3r2DarpfetcHuArX/tx68ws/Un6eXND72FNN5Z
TCb1VXJNZjCCZ+MPAnkvb6s501ky6ISX7DKj0I2FbSUHXCzalCE07ZvubFFK8IOZ
6v2RHUyU8j5qUv75tc3RyNMml7TtI7CgEDrr5niCTCT861Jv4eo6HMSy0dbNM8aM
nUFdWvxnaaK5RtjoWAF5pMGqqiWhbJl5XPpSthjIYBsdJldLib14VSoLeQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCKgpBVWQwqQAdCZpNWyBdV8MvqqMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvSXFDa0ZWWkRDcEFCMEptazFiSUYxWHd5LXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALZv8AwQA
LZv/AwQALZ3RAwQALZ3TAwQBT2L2AwQBsH36AwQAuceXAwQBucfUAwQAueK1AwQA
ufoaAwQBwpJcMA0GCSqGSIb3DQEBCwUAA4IBAQARSo6Yme4aWU+ga715j27I3Ai/
zfK08pH8v9PqrnOWXGu5jPenH13mXynogTRVajCRVa2miBv5NcX4nwYM3KM+j6Eg
Ear5eVOAFXSfdqwxEF77Q0A75Y0uCNoHH1mNjkPp7BP04JFSCcSpxNchl/DJIgHa
Au5YuAV0X/UfSdOQrKfX9E+vsYJzlO8SfNczjR7g1CyqznEEhpb8KKAl3vTLb1mw
tUuenNTQOK11CTfvti0QsAwV/DT/w3BVYyXLoC5HBaR9TELnNOhhztQES4B9qPpN
stv0F8oS1FjTh0tfFt8JlrMwGIj2iXMkGuXUZ0nH1rMD9AFYKYt0RgBqLCvj
-----END CERTIFICATE-----