Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/grmpMC3DuMiTHiHz7TXt8j0GVEY.roa
File:                     grmpMC3DuMiTHiHz7TXt8j0GVEY.roa (raw, json)
Hash identifier:          pNT2sbtEuO84vfGebkJ9Xf34Gb5O2x519Y0Ub/EsFpY=
Subject key identifier:   82:B9:A9:30:2D:C3:B8:C8:93:1E:21:F3:ED:35:ED:F2:3D:06:54:46
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018A473DC36BBF377B3C253388C4E70626C6
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/grmpMC3DuMiTHiHz7TXt8j0GVEY.roa
Signing time:             Wed 30 Aug 2023 16:19:04 +0000
ROA not before:           Wed 30 Aug 2023 16:19:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.246.0/23 maxlen: 24
                          185.221.24.0/24 maxlen: 24
                          185.221.26.0/23 maxlen: 24
                          185.221.25.0/24 maxlen: 24
                          176.125.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 31 Aug 2023 07:29:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:47:3d:c3:6b:bf:37:7b:3c:25:33:88:c4:e7:06:26:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Aug 30 16:19:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=82b9a9302dc3b8c8931e21f3ed35edf23d065446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:03:66:29:17:33:a0:82:3d:63:df:04:62:fb:
                    4b:dc:28:bf:69:2b:47:46:98:1c:06:7a:6a:ad:50:
                    8b:28:53:c8:1d:51:f3:e9:10:ac:a6:bb:ad:f1:e2:
                    49:d4:88:da:8e:d6:0d:ab:1a:79:fc:e0:af:79:f1:
                    c7:30:21:9c:8d:d6:1e:63:47:3c:79:ec:43:03:07:
                    1d:13:82:25:61:f0:ad:c4:2a:c2:90:b0:1b:10:01:
                    74:fc:ea:c4:09:bf:02:07:c4:6d:a4:5e:9b:4e:e0:
                    12:2d:e7:05:84:ad:e8:44:fc:1c:9f:83:4c:33:b1:
                    cc:f0:08:6d:08:31:44:d0:a1:66:f0:5a:a8:b3:17:
                    4b:cd:70:c0:35:a8:c4:93:63:8a:2d:4f:49:7e:15:
                    07:78:9e:a9:68:2d:1e:84:23:f6:98:e5:36:d9:f0:
                    e3:5f:de:91:e5:5b:ec:51:85:94:ee:4a:d1:30:f2:
                    00:07:df:21:dd:97:16:80:da:0d:62:8d:ac:56:57:
                    5e:6e:7f:52:b6:21:61:80:7e:be:51:c3:6c:de:fb:
                    48:14:f9:5f:83:16:eb:29:fa:26:60:60:14:1f:8c:
                    23:57:fa:ca:f7:f8:c3:17:f7:9b:cd:b6:ef:56:15:
                    8a:cd:af:4e:1b:a8:81:73:39:e9:79:87:30:26:f1:
                    8c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:B9:A9:30:2D:C3:B8:C8:93:1E:21:F3:ED:35:ED:F2:3D:06:54:46
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/grmpMC3DuMiTHiHz7TXt8j0GVEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  79.98.246.0/23
                  176.125.250.0/24
                  185.199.151.0/24
                  185.199.212.0/23
                  185.221.24.0/22
                  185.225.168.0-185.225.170.255
                  185.250.26.0/24
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:44:2a:06:46:39:02:ce:8b:1e:96:5d:3c:5a:46:35:f4:5a:
         8a:29:4c:4b:01:14:5a:da:ff:68:74:02:47:b3:e7:be:34:44:
         c3:50:89:c7:7c:92:af:a6:05:33:92:c2:31:28:93:9b:0a:38:
         52:94:2b:c3:05:84:11:57:83:ea:bd:2f:68:4f:95:d5:8c:4f:
         32:ac:7c:fe:e7:6d:c6:8d:2e:d3:91:71:55:e8:b5:3a:f1:63:
         f7:e7:fe:20:46:69:1a:f5:7d:66:ee:8f:81:75:f7:51:24:73:
         ca:11:0c:85:5d:9c:8a:d0:67:6c:fa:51:77:4f:21:15:88:a3:
         9b:e1:85:df:66:a5:41:d3:2e:45:24:97:c0:81:3b:3a:32:29:
         08:ff:90:9c:bb:81:46:f4:90:f9:e0:c2:a1:c4:93:a3:50:45:
         36:7b:c9:ab:68:aa:9d:f1:9d:99:e4:38:92:9b:1a:7c:d7:f3:
         97:b8:63:ce:a4:c9:ed:a1:fb:e1:11:de:83:78:fb:ad:fc:76:
         1d:42:7b:6e:8e:d1:e4:af:d0:66:fb:0a:f6:fc:ba:d5:05:21:
         9a:0f:ac:bd:60:93:70:03:e6:98:99:6f:c0:08:85:a0:33:3b:
         99:58:7f:21:2b:b5:85:f9:ff:0e:07:da:d3:0b:11:e3:99:16:
         a2:3a:ed:2c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYpHPcNrvzd7PCUziMTnBibGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwODMwMTYxOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmI5YTkzMDJkYzNiOGM4OTMxZTIxZjNlZDM1ZWRmMjNkMDY1NDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwNmKRczoII9Y98EYvtL3Ci/aStH
RpgcBnpqrVCLKFPIHVHz6RCsprut8eJJ1IjajtYNqxp5/OCvefHHMCGcjdYeY0c8
eexDAwcdE4IlYfCtxCrCkLAbEAF0/OrECb8CB8RtpF6bTuASLecFhK3oRPwcn4NM
M7HM8AhtCDFE0KFm8FqosxdLzXDANajEk2OKLU9JfhUHeJ6paC0ehCP2mOU22fDj
X96R5VvsUYWU7krRMPIAB98h3ZcWgNoNYo2sVldebn9StiFhgH6+UcNs3vtIFPlf
gxbrKfomYGAUH4wjV/rK9/jDF/ebzbbvVhWKza9OG6iBcznpeYcwJvGMsQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIK5qTAtw7jIkx4h8+017fI9BlRGMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZ3JtcE1DM0R1TWlUSGlIejdUWHQ4ajBHVkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALZv8AwQA
LZv/AwQBT2L2AwQAsH36AwQAuceXAwQBucfUAwQCud0YMAwDBAO54agDBAC54aoD
BAC5+hoDBAHCklwwDQYJKoZIhvcNAQELBQADggEBAAlEKgZGOQLOix6WXTxaRjX0
WoopTEsBFFra/2h0Akez5740RMNQicd8kq+mBTOSwjEok5sKOFKUK8MFhBFXg+q9
L2hPldWMTzKsfP7nbcaNLtORcVXotTrxY/fn/iBGaRr1fWbuj4F191Ekc8oRDIVd
nIrQZ2z6UXdPIRWIo5vhhd9mpUHTLkUkl8CBOzoyKQj/kJy7gUb0kPngwqHEk6NQ
RTZ7yatoqp3xnZnkOJKbGnzX85e4Y86kye2h++ER3oN4+638dh1Ce26O0eSv0Gb7
Cvb8utUFIZoPrL1gk3AD5piZb8AIhaAzO5lYfyErtYX5/w4H2tMLEeOZFqI67Sw=
-----END CERTIFICATE-----