Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/aN4eHfxO5XGNVIa8dqHFejo9brg.roa
File:                     aN4eHfxO5XGNVIa8dqHFejo9brg.roa (raw, json)
Hash identifier:          2OPil9TeuZ0577tYMQcuJ/jegEZENGbeHfNFSnxwq2w=
Subject key identifier:   68:DE:1E:1D:FC:4E:E5:71:8D:54:86:BC:76:A1:C5:7A:3A:3D:6E:B8
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018823B5AF5F2F9614E6596FF35FDE053028
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/aN4eHfxO5XGNVIa8dqHFejo9brg.roa
Signing time:             Tue 16 May 2023 08:38:09 +0000
ROA not before:           Tue 16 May 2023 08:38:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.199.213.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          79.98.246.0/24 maxlen: 24
                          185.199.148.0/24 maxlen: 24
                          185.199.149.0/24 maxlen: 24
                          185.250.25.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 May 2023 07:21:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:23:b5:af:5f:2f:96:14:e6:59:6f:f3:5f:de:05:30:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: May 16 08:38:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68de1e1dfc4ee5718d5486bc76a1c57a3a3d6eb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:50:d7:6f:4d:59:1e:bb:bd:2b:a9:b0:72:cf:
                    5d:6a:26:f8:47:f6:d3:d5:0a:61:af:65:c6:ea:6a:
                    e8:b3:9e:a4:dc:44:14:da:14:8a:31:eb:55:4c:41:
                    da:85:45:c7:64:31:78:35:ea:16:65:16:29:e4:10:
                    62:de:8e:41:0a:5a:35:1e:d6:d3:c1:23:44:d1:69:
                    36:dd:cb:79:17:60:b9:64:40:9b:6e:24:e2:b1:a4:
                    42:5b:ce:96:35:ed:24:e2:cd:cf:d2:e2:21:48:84:
                    50:b5:53:29:e5:bf:0e:a5:c1:52:59:1d:16:6e:01:
                    64:1a:df:d3:d5:38:c1:ca:fe:eb:ee:6b:49:ac:55:
                    3b:2c:c7:f0:d2:4f:bb:81:ba:ce:ae:f0:57:b4:c8:
                    ab:ba:85:31:1e:83:ff:b5:1d:7a:fa:5b:c5:e9:ab:
                    80:a4:03:d6:af:8f:78:1b:b7:fc:c7:78:c8:45:4f:
                    91:42:7e:a2:fa:73:10:33:db:28:b9:73:46:73:b9:
                    93:65:85:35:0a:8f:7d:4d:ed:be:84:eb:ec:76:a7:
                    c3:2a:f3:d7:bd:2d:32:1b:52:a8:d0:5a:92:4e:70:
                    d6:f6:54:56:bc:d0:b4:ab:9f:66:ba:54:e5:ed:0e:
                    f8:d7:b7:6b:80:c8:b1:8f:2e:89:f5:11:35:f6:d9:
                    ce:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DE:1E:1D:FC:4E:E5:71:8D:54:86:BC:76:A1:C5:7A:3A:3D:6E:B8
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/aN4eHfxO5XGNVIa8dqHFejo9brg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.157.209.0/24
                  79.98.246.0/24
                  185.199.148.0/23
                  185.199.213.0/24
                  185.225.170.0/23
                  185.250.25.0-185.250.26.255

    Signature Algorithm: sha256WithRSAEncryption
         66:4f:0f:56:ce:b4:d8:df:86:f3:8b:5c:0b:8f:2e:b8:52:7a:
         fa:d3:93:ec:b6:69:74:b4:c2:76:b5:5c:36:59:fd:eb:35:5a:
         96:2c:67:28:b6:90:c2:2b:c2:9a:db:6e:10:c5:d2:20:ac:77:
         53:fe:b0:4f:1c:ec:20:a0:53:a1:93:79:ff:b2:3f:fd:c7:9b:
         c3:84:e8:6a:b3:78:11:03:ae:66:af:b2:9f:0f:68:89:b0:b5:
         a5:c4:40:df:91:b8:0d:18:24:0f:0e:66:da:76:3c:44:ed:81:
         34:c7:f9:cd:70:62:60:8c:44:2f:bf:cc:7e:92:88:f3:39:3c:
         72:84:36:a1:26:e4:40:d5:28:61:ab:a7:f9:f3:29:f2:89:cb:
         f7:46:06:ab:c2:13:c0:37:48:2a:4e:10:f0:ea:3c:64:cc:71:
         17:ba:26:d4:95:95:89:0b:f7:b3:09:e2:13:da:89:b3:2a:cf:
         fd:84:db:06:c4:3a:66:97:e1:b1:fd:8c:09:d9:08:61:ae:bc:
         09:7f:cd:1f:41:52:09:2b:e4:a3:72:ee:63:ee:59:05:1e:59:
         20:fd:7b:d4:85:7d:3b:27:7a:fe:bf:21:98:03:88:2e:b9:fe:
         41:ba:c0:3c:0d:8f:02:1b:a1:8d:97:24:bc:33:a0:ec:aa:29:
         80:ba:8e:39
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYgjta9fL5YU5llv81/eBTAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNTE2MDgzODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRlMWUxZGZjNGVlNTcxOGQ1NDg2YmM3NmExYzU3YTNhM2Q2ZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1DXb01ZHru9K6mwcs9daib4R/bT
1Qphr2XG6mros56k3EQU2hSKMetVTEHahUXHZDF4NeoWZRYp5BBi3o5BClo1HtbT
wSNE0Wk23ct5F2C5ZECbbiTisaRCW86WNe0k4s3P0uIhSIRQtVMp5b8OpcFSWR0W
bgFkGt/T1TjByv7r7mtJrFU7LMfw0k+7gbrOrvBXtMiruoUxHoP/tR16+lvF6auA
pAPWr494G7f8x3jIRU+RQn6i+nMQM9souXNGc7mTZYU1Co99Te2+hOvsdqfDKvPX
vS0yG1Ko0FqSTnDW9lRWvNC0q59mulTl7Q7417drgMixjy6J9RE19tnONQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGjeHh38TuVxjVSGvHahxXo6PW64MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvYU40ZUhmeE81WEdOVklhOGRxSEZlam85YnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALZv8AwQA
LZ3RAwQAT2L2AwQBuceUAwQAucfVAwQBueGqMAwDBAC5+hkDBAC5+howDQYJKoZI
hvcNAQELBQADggEBAGZPD1bOtNjfhvOLXAuPLrhSevrTk+y2aXS0wna1XDZZ/es1
WpYsZyi2kMIrwprbbhDF0iCsd1P+sE8c7CCgU6GTef+yP/3Hm8OE6GqzeBEDrmav
sp8PaImwtaXEQN+RuA0YJA8OZtp2PETtgTTH+c1wYmCMRC+/zH6SiPM5PHKENqEm
5EDVKGGrp/nzKfKJy/dGBqvCE8A3SCpOEPDqPGTMcRe6JtSVlYkL97MJ4hPaibMq
z/2E2wbEOmaX4bH9jAnZCGGuvAl/zR9BUgkr5KNy7mPuWQUeWSD9e9SFfTsnev6/
IZgDiC65/kG6wDwNjwIboY2XJLwzoOyqKYC6jjk=
-----END CERTIFICATE-----