Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gOl4fTy0ox_60ZETGm3gfQ3rwsM.roa
File:                     gOl4fTy0ox_60ZETGm3gfQ3rwsM.roa (raw, json)
Hash identifier:          pjvSStFBD12ze/7ouH6Dcx2DhpiAs5n+EJKddTEssyw=
Subject key identifier:   80:E9:78:7D:3C:B4:A3:1F:FA:D1:91:13:1A:6D:E0:7D:0D:EB:C2:C3
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018C7A8501B0035E89542D781B4D4B2FAAFF
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gOl4fTy0ox_60ZETGm3gfQ3rwsM.roa
Signing time:             Mon 18 Dec 2023 01:23:06 +0000
ROA not before:           Mon 18 Dec 2023 01:23:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/23 maxlen: 24
                          45.157.210.0/24 maxlen: 24
                          45.157.211.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          185.199.149.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          79.98.246.0/23 maxlen: 24
                          79.98.247.0/24 maxlen: 24
                          176.125.251.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 18:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7a:85:01:b0:03:5e:89:54:2d:78:1b:4d:4b:2f:aa:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Dec 18 01:23:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80e9787d3cb4a31ffad191131a6de07d0debc2c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a1:cf:35:de:0d:ce:0e:9f:11:4e:6c:05:d0:
                    80:8e:1a:41:35:7f:09:44:91:05:37:9e:e7:2a:f4:
                    3b:75:2e:bb:a7:4d:55:fc:1a:6b:49:65:a6:56:fd:
                    70:33:0c:12:59:fc:e4:2c:2f:fc:1f:d8:d8:5a:f1:
                    dd:34:85:09:af:c0:e8:11:1c:64:a4:9e:4b:75:63:
                    6a:31:69:88:8a:c1:0c:df:90:0b:b4:cf:e0:a8:26:
                    ea:6c:82:09:8e:7f:56:3e:ab:46:fc:e5:ce:73:32:
                    24:fa:7f:84:53:20:fd:6e:3d:14:59:e7:1f:5b:8c:
                    32:4b:aa:52:db:61:a4:de:6e:ed:b1:51:20:42:78:
                    67:4a:8b:13:17:80:8e:fb:b0:b4:28:3e:88:db:5d:
                    45:b7:00:cc:33:6e:3d:dc:d9:d3:0b:bb:23:3c:c9:
                    e0:94:17:dc:4d:ca:10:cd:db:74:70:75:ef:07:5c:
                    13:65:d4:b0:81:fe:79:56:2d:90:a2:10:13:80:83:
                    04:3f:45:44:96:df:c3:87:8e:57:1c:ab:ce:1e:96:
                    90:74:0a:79:c5:74:03:95:f3:6e:3a:8f:6c:7e:dc:
                    55:4c:09:82:89:9d:fb:90:1d:4f:5a:5c:21:92:81:
                    95:75:a9:79:ef:96:11:ec:35:2e:54:47:09:05:da:
                    77:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E9:78:7D:3C:B4:A3:1F:FA:D1:91:13:1A:6D:E0:7D:0D:EB:C2:C3
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gOl4fTy0ox_60ZETGm3gfQ3rwsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.210.0/23
                  79.98.246.0/23
                  176.125.251.0/24
                  185.199.149.0/24
                  185.199.151.0/24
                  185.199.212.0/23
                  185.250.26.0/24
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:67:2c:1e:32:56:79:0e:ff:5d:02:83:5f:ff:bf:3f:c0:b5:
         36:b5:f9:e4:0f:a3:ec:5d:80:e9:d6:58:4b:9c:8c:d3:a1:a3:
         dd:5c:c9:90:7f:02:2a:13:47:09:7d:72:e4:4b:ef:f9:2a:2c:
         20:c4:74:97:3c:5d:dd:84:76:25:e4:09:12:41:1c:d2:e4:4d:
         2b:7b:fa:39:b3:68:e1:9b:78:2f:99:9f:67:13:51:24:54:47:
         33:90:ab:4d:ef:36:e6:21:36:7a:65:51:21:0e:fb:31:97:d0:
         7c:98:8c:01:9b:64:2e:16:d6:cd:28:dc:c7:e9:a4:e8:29:93:
         9f:46:48:e5:1e:be:d5:7e:ae:ca:72:04:b3:c5:fb:07:1b:a4:
         1e:90:5b:9d:cb:e8:cb:c9:e0:3c:c0:cf:21:5f:3f:65:63:b3:
         b5:3c:3d:b0:90:89:2b:b5:2e:c9:45:64:31:c1:89:21:ff:fb:
         68:2a:39:d2:14:32:cd:4c:ed:50:37:c3:2c:72:dd:5e:6c:c3:
         a2:05:29:9c:2e:15:a5:53:1d:f2:b3:27:3a:3c:0e:f6:9b:2a:
         b3:90:c1:68:bb:04:bb:f2:a1:5c:7a:19:dc:bf:e2:69:82:a6:
         79:3e:13:00:93:57:af:ee:d0:f5:44:9e:52:0a:c2:90:64:ed:
         71:59:ed:30
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYx6hQGwA16JVC14G01LL6r/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMxMjE4MDEyMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGU5Nzg3ZDNjYjRhMzFmZmFkMTkxMTMxYTZkZTA3ZDBkZWJjMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKHPNd4Nzg6fEU5sBdCAjhpBNX8J
RJEFN57nKvQ7dS67p01V/BprSWWmVv1wMwwSWfzkLC/8H9jYWvHdNIUJr8DoERxk
pJ5LdWNqMWmIisEM35ALtM/gqCbqbIIJjn9WPqtG/OXOczIk+n+EUyD9bj0UWecf
W4wyS6pS22Gk3m7tsVEgQnhnSosTF4CO+7C0KD6I211FtwDMM2493NnTC7sjPMng
lBfcTcoQzdt0cHXvB1wTZdSwgf55Vi2QohATgIMEP0VElt/Dh45XHKvOHpaQdAp5
xXQDlfNuOo9sftxVTAmCiZ37kB1PWlwhkoGVdal575YR7DUuVEcJBdp3yQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIDpeH08tKMf+tGRExpt4H0N68LDMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZ09sNGZUeTBveF82MFpFVEdtM2dmUTNyd3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALZv8AwQA
LZv/AwQBLZ3SAwQBT2L2AwQAsH37AwQAuceVAwQAuceXAwQBucfUAwQAufoaAwQB
wpJcMA0GCSqGSIb3DQEBCwUAA4IBAQB4ZyweMlZ5Dv9dAoNf/78/wLU2tfnkD6Ps
XYDp1lhLnIzToaPdXMmQfwIqE0cJfXLkS+/5KiwgxHSXPF3dhHYl5AkSQRzS5E0r
e/o5s2jhm3gvmZ9nE1EkVEczkKtN7zbmITZ6ZVEhDvsxl9B8mIwBm2QuFtbNKNzH
6aToKZOfRkjlHr7Vfq7KcgSzxfsHG6QekFudy+jLyeA8wM8hXz9lY7O1PD2wkIkr
tS7JRWQxwYkh//toKjnSFDLNTO1QN8Msct1ebMOiBSmcLhWlUx3ysyc6PA72myqz
kMFouwS78qFcehncv+JpgqZ5PhMAk1ev7tD1RJ5SCsKQZO1xWe0w
-----END CERTIFICATE-----