Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ONYShb-BE5LLVnyp18l0ac_qXls.roa
File:                     ONYShb-BE5LLVnyp18l0ac_qXls.roa (raw, json)
Hash identifier:          BcXEg6IpeUY/AhvBFMAUhjOXQXHpaKirAeeUwsEIj8c=
Subject key identifier:   38:D6:12:85:BF:81:13:92:CB:56:7C:A9:D7:C9:74:69:CF:EA:5E:5B
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01893F62DE904F323AAC174B09A0EF2CEBC9
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ONYShb-BE5LLVnyp18l0ac_qXls.roa
Signing time:             Mon 10 Jul 2023 10:39:51 +0000
ROA not before:           Mon 10 Jul 2023 10:39:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          79.98.246.0/24 maxlen: 24
                          185.221.24.0/23 maxlen: 23
                          79.98.247.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          185.226.181.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Jul 2023 19:25:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3f:62:de:90:4f:32:3a:ac:17:4b:09:a0:ef:2c:eb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 10 10:39:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38d61285bf811392cb567ca9d7c97469cfea5e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4c:5d:83:cc:a6:e7:32:e7:83:c1:23:23:41:
                    51:ca:1e:be:e3:26:38:4c:22:7b:3c:7a:b6:50:0c:
                    74:47:ef:da:7f:90:2a:d4:cd:ca:d7:70:f3:dd:2f:
                    35:04:b7:7c:f6:cd:49:14:6a:21:6d:b9:e7:13:62:
                    32:4d:f9:d2:8d:a8:55:78:98:a2:c3:16:0a:d8:9f:
                    37:67:0c:00:a6:eb:b3:43:4e:cf:6a:06:09:cb:fd:
                    3f:4d:e5:7a:62:ee:2c:c3:df:37:27:d9:50:77:07:
                    fd:57:81:72:8a:48:64:52:7c:0a:b9:05:11:a0:b5:
                    2e:54:8a:60:47:e5:3b:36:ce:05:f3:31:61:81:5d:
                    5a:2a:87:aa:a6:28:f3:7a:22:2d:1c:3e:29:eb:2c:
                    f5:9e:28:da:88:af:a9:a9:68:e0:35:16:fe:a1:06:
                    87:eb:fe:24:73:37:ba:12:21:19:d4:94:25:6f:38:
                    19:b9:5e:ac:8a:37:98:d2:e1:0f:c7:e5:6b:98:7e:
                    40:db:e2:2e:1c:cb:03:b5:60:77:41:e4:b7:6f:d4:
                    eb:77:76:35:5f:ba:6c:17:92:d6:96:09:2e:4e:3e:
                    8c:9e:de:2c:bc:37:ad:81:19:81:b5:f6:1b:99:af:
                    28:60:1a:e4:06:35:b4:fc:89:11:3f:75:e4:3d:14:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D6:12:85:BF:81:13:92:CB:56:7C:A9:D7:C9:74:69:CF:EA:5E:5B
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ONYShb-BE5LLVnyp18l0ac_qXls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  79.98.246.0/23
                  185.221.24.0/23
                  185.225.170.0/24
                  185.226.181.0/24
                  185.250.26.0/24
                  194.146.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ed:fd:68:fc:71:9a:0c:9c:c0:fb:a0:f2:1c:f5:f7:69:ca:
         1e:66:e6:8b:aa:fa:12:31:86:1b:a1:eb:0d:4c:34:38:0d:34:
         c4:41:72:d3:96:95:9b:0c:99:0b:63:29:b1:1f:5c:ba:5d:0e:
         95:1c:75:ed:b7:40:84:15:1d:1f:32:27:49:59:52:10:fc:13:
         bf:66:6b:6c:9d:e5:c3:ba:d4:2b:5a:c1:2b:6a:62:3b:4a:db:
         bf:ff:aa:29:30:58:96:72:01:12:21:2b:8a:47:e0:d0:cb:77:
         69:be:6c:80:26:aa:e4:27:c2:aa:c6:ca:61:5d:0a:8c:ef:41:
         d5:58:24:29:85:67:04:d4:a7:84:23:d3:d2:94:1d:df:30:5c:
         92:bf:8f:18:10:22:5e:c3:28:cf:72:6d:28:20:7f:df:ff:4c:
         f2:79:4b:ff:6e:c9:8e:7b:55:de:4c:6d:2d:c9:e0:ee:7c:4d:
         d2:a0:11:37:0e:40:0b:f9:47:6d:28:58:5e:ef:35:a2:cb:2c:
         b0:ba:04:77:ae:d0:93:01:4d:41:ca:bf:f5:5d:d3:49:7e:9d:
         11:b1:f2:04:ab:3d:39:fe:89:0f:57:b6:75:a5:f0:a4:78:fd:
         74:5f:d7:66:a7:96:99:68:61:ae:f6:54:46:4c:0f:c4:ff:77:
         79:77:05:f9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYk/Yt6QTzI6rBdLCaDvLOvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNzEwMTAzOTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ2MTI4NWJmODExMzkyY2I1NjdjYTlkN2M5NzQ2OWNmZWE1ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0xdg8ym5zLng8EjI0FRyh6+4yY4
TCJ7PHq2UAx0R+/af5Aq1M3K13Dz3S81BLd89s1JFGohbbnnE2IyTfnSjahVeJii
wxYK2J83ZwwApuuzQ07PagYJy/0/TeV6Yu4sw983J9lQdwf9V4FyikhkUnwKuQUR
oLUuVIpgR+U7Ns4F8zFhgV1aKoeqpijzeiItHD4p6yz1nijaiK+pqWjgNRb+oQaH
6/4kcze6EiEZ1JQlbzgZuV6sijeY0uEPx+VrmH5A2+IuHMsDtWB3QeS3b9Trd3Y1
X7psF5LWlgkuTj6Mnt4svDetgRmBtfYbma8oYBrkBjW0/IkRP3XkPRQ9FQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDjWEoW/gROSy1Z8qdfJdGnP6l5bMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvT05ZU2hiLUJFNUxMVm55cDE4bDBhY19xWGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALZv8AwQA
LZv/AwQALZ3RAwQBT2L2AwQBud0YAwQAueGqAwQAueK1AwQAufoaAwQAwpJdMA0G
CSqGSIb3DQEBCwUAA4IBAQA67f1o/HGaDJzA+6DyHPX3acoeZuaLqvoSMYYboesN
TDQ4DTTEQXLTlpWbDJkLYymxH1y6XQ6VHHXtt0CEFR0fMidJWVIQ/BO/ZmtsneXD
utQrWsEramI7Stu//6opMFiWcgESISuKR+DQy3dpvmyAJqrkJ8KqxsphXQqM70HV
WCQphWcE1KeEI9PSlB3fMFySv48YECJewyjPcm0oIH/f/0zyeUv/bsmOe1XeTG0t
yeDufE3SoBE3DkAL+UdtKFhe7zWiyyywugR3rtCTAU1Byr/1XdNJfp0RsfIEqz05
/okPV7Z1pfCkeP10X9dmp5aZaGGu9lRGTA/E/3d5dwX5
-----END CERTIFICATE-----