Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gliBp65U9DkvBDtvce4xedMG_J8.roa
File:                     gliBp65U9DkvBDtvce4xedMG_J8.roa (raw, json)
Hash identifier:          lxSNr0ehgd14JREwRQ7lvKti848SwTOy/kfWGxlO098=
Subject key identifier:   82:58:81:A7:AE:54:F4:39:2F:04:3B:6F:71:EE:31:79:D3:06:FC:9F
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01899C5B821517CB57B0D601C69E635ACA8B
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gliBp65U9DkvBDtvce4xedMG_J8.roa
Signing time:             Fri 28 Jul 2023 11:56:29 +0000
ROA not before:           Fri 28 Jul 2023 11:56:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          185.250.25.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.245.0/24 maxlen: 24
                          79.98.244.0/24 maxlen: 24
                          79.98.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 31 Jul 2023 07:21:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:9c:5b:82:15:17:cb:57:b0:d6:01:c6:9e:63:5a:ca:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 28 11:56:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=825881a7ae54f4392f043b6f71ee3179d306fc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:05:d5:46:9f:f3:c5:5c:e2:b1:fc:74:ff:72:
                    1f:aa:52:12:6a:53:b7:a1:63:ba:94:2e:1d:08:76:
                    7b:6e:78:18:46:05:07:fb:e3:16:55:b5:0a:4c:db:
                    82:c4:8a:af:0f:af:b1:8b:57:e3:39:2c:e7:e9:48:
                    e9:57:9d:6d:e9:7b:14:7f:f3:3e:0b:b9:ba:1d:29:
                    ac:a2:02:12:24:c3:59:9e:00:88:c7:80:ea:92:d7:
                    16:36:49:ad:e2:4b:80:86:ab:4c:a1:a3:d0:ce:7f:
                    82:01:8c:41:cf:d0:99:17:8c:95:96:c0:f1:f9:82:
                    2c:cd:9b:cf:47:65:f3:17:f6:a8:af:b6:fb:0a:05:
                    aa:7b:8b:2c:65:4e:67:8f:fd:f5:85:4d:2b:dc:5f:
                    1b:1c:e1:7b:1e:6d:ce:0b:b1:f9:28:c5:0d:75:d0:
                    a5:de:77:ef:e3:48:65:82:5a:58:b2:35:e2:c8:5d:
                    da:89:ad:9c:5d:12:b1:cf:62:7c:49:d9:a3:e6:25:
                    80:61:12:0d:ad:d9:6f:d3:c7:8e:7e:da:41:f3:74:
                    62:d0:84:2d:4f:f6:81:59:43:44:5e:19:54:f6:d9:
                    cf:56:c3:7b:6b:b0:69:c1:09:4a:d3:f3:29:63:f4:
                    e4:4f:d7:4e:e1:78:f5:f2:d4:d1:ae:d8:4a:f6:f9:
                    27:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:58:81:A7:AE:54:F4:39:2F:04:3B:6F:71:EE:31:79:D3:06:FC:9F
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gliBp65U9DkvBDtvce4xedMG_J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  79.98.244.0/23
                  79.98.247.0/24
                  185.199.151.0/24
                  185.199.212.0/23
                  185.225.168.0/22
                  185.250.25.0-185.250.26.255
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:dd:06:e8:fe:55:e7:20:ee:cf:42:c4:06:1c:28:41:7a:30:
         fd:5b:07:32:95:29:51:28:2c:5e:bc:9f:24:37:63:8d:0f:43:
         4f:0f:50:dc:88:a3:9d:ba:bc:86:49:8b:d0:ce:be:f3:3b:92:
         85:36:fd:49:82:fc:09:41:53:c9:69:1a:dd:2f:ea:25:35:4d:
         b3:ad:55:92:ba:8a:5f:53:21:d5:9f:ac:c7:67:8a:29:05:52:
         48:57:3d:5d:4e:6b:7f:8d:25:17:93:01:f1:9e:38:07:54:34:
         10:28:54:d2:3e:71:16:d0:25:f5:0c:17:d7:c4:c7:b0:bc:dd:
         a3:56:18:b3:7e:4e:9f:61:db:37:b1:92:63:2c:80:a4:97:ec:
         95:06:cb:a1:95:be:0b:cb:77:c4:17:c7:46:ff:f7:b1:56:a4:
         12:d6:11:eb:e0:46:40:87:1d:ac:ba:3c:10:89:50:e0:34:6a:
         56:67:b6:b1:16:29:af:bd:96:9c:23:60:c0:6a:0a:bb:b1:62:
         ac:0d:31:e5:ac:45:84:73:17:64:9c:25:f3:1d:e0:b0:f6:3c:
         eb:aa:84:75:f4:a8:c0:27:d0:48:eb:3b:79:06:63:a3:57:f8:
         6c:86:2b:35:d4:ff:a7:a8:c6:94:6e:ee:16:db:2f:7c:ef:5a:
         d6:73:56:cf
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYmcW4IVF8tXsNYBxp5jWsqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNzI4MTE1NjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjU4ODFhN2FlNTRmNDM5MmYwNDNiNmY3MWVlMzE3OWQzMDZmYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggXVRp/zxVzisfx0/3IfqlISalO3
oWO6lC4dCHZ7bngYRgUH++MWVbUKTNuCxIqvD6+xi1fjOSzn6UjpV51t6XsUf/M+
C7m6HSmsogISJMNZngCIx4DqktcWNkmt4kuAhqtMoaPQzn+CAYxBz9CZF4yVlsDx
+YIszZvPR2XzF/aor7b7CgWqe4ssZU5nj/31hU0r3F8bHOF7Hm3OC7H5KMUNddCl
3nfv40hlglpYsjXiyF3aia2cXRKxz2J8Sdmj5iWAYRINrdlv08eOftpB83Ri0IQt
T/aBWUNEXhlU9tnPVsN7a7BpwQlK0/MpY/TkT9dO4Xj18tTRrthK9vknXQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIJYgaeuVPQ5LwQ7b3HuMXnTBvyfMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZ2xpQnA2NVU5RGt2QkR0dmNlNHhlZE1HX0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALZv8AwQA
LZv/AwQALZ3RAwQBT2L0AwQAT2L3AwQAuceXAwQBucfUAwQCueGoMAwDBAC5+hkD
BAC5+hoDBAHCklwwDQYJKoZIhvcNAQELBQADggEBAHXdBuj+Vecg7s9CxAYcKEF6
MP1bBzKVKVEoLF68nyQ3Y40PQ08PUNyIo526vIZJi9DOvvM7koU2/UmC/AlBU8lp
Gt0v6iU1TbOtVZK6il9TIdWfrMdniikFUkhXPV1Oa3+NJReTAfGeOAdUNBAoVNI+
cRbQJfUMF9fEx7C83aNWGLN+Tp9h2zexkmMsgKSX7JUGy6GVvgvLd8QXx0b/97FW
pBLWEevgRkCHHay6PBCJUOA0alZntrEWKa+9lpwjYMBqCruxYqwNMeWsRYRzF2Sc
JfMd4LD2POuqhHX0qMAn0EjrO3kGY6NX+GyGKzXU/6eoxpRu7hbbL3zvWtZzVs8=
-----END CERTIFICATE-----