Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/pKkUcmJGm5sLr-Wbgkjy6TxwolE.roa
File:                     pKkUcmJGm5sLr-Wbgkjy6TxwolE.roa (raw, json)
Hash identifier:          twElpgeQ+irch4GLH9iDabDzPnbxHzJWDqoW5piGtqI=
Subject key identifier:   A4:A9:14:72:62:46:9B:9B:0B:AF:E5:9B:82:48:F2:E9:3C:70:A2:51
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01898927165C7410AA855E6A724748F37F50
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/pKkUcmJGm5sLr-Wbgkjy6TxwolE.roa
Signing time:             Mon 24 Jul 2023 18:26:27 +0000
ROA not before:           Mon 24 Jul 2023 18:26:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          45.157.211.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          185.250.25.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.245.0/24 maxlen: 24
                          79.98.246.0/24 maxlen: 24
                          79.98.244.0/24 maxlen: 24
                          79.98.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 25 Jul 2023 17:09:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:89:27:16:5c:74:10:aa:85:5e:6a:72:47:48:f3:7f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 24 18:26:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4a9147262469b9b0bafe59b8248f2e93c70a251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:1a:bd:86:a1:ec:7e:e9:ef:04:7d:54:8b:17:
                    8e:74:aa:7e:1b:fb:e2:47:81:d6:19:93:48:ec:bc:
                    c7:b1:14:88:ef:dc:dc:90:0d:37:32:7a:2b:6f:56:
                    02:00:a5:1c:0a:45:95:1c:18:77:c8:6c:b2:42:c7:
                    9c:00:e9:cc:6e:b6:0f:9d:4c:aa:18:ba:c1:23:d2:
                    2c:11:d5:69:23:22:30:e7:89:ca:ff:e9:36:86:63:
                    33:26:60:15:03:45:52:a6:15:00:76:3f:7e:b1:fd:
                    7f:d2:21:06:61:84:3d:4b:ca:a2:68:33:d1:72:de:
                    9b:9d:91:b8:4c:32:37:62:24:87:b5:85:7d:d6:59:
                    8d:75:70:a7:23:21:2c:0e:2f:5c:4d:9a:40:1e:51:
                    d9:28:ce:42:f5:5e:c9:ef:52:e9:09:31:7c:4a:0a:
                    46:9e:af:4c:93:b4:58:8f:6a:68:77:80:a0:a5:82:
                    88:ff:ad:06:82:08:b6:a3:f7:5e:d9:3d:9b:7f:dd:
                    e0:7c:61:c7:bf:38:a0:73:f1:ee:0e:0a:bc:d4:18:
                    d0:1d:95:0b:ee:ca:33:76:35:8f:1a:3b:db:87:19:
                    f4:f9:2f:18:1d:34:21:48:3d:a4:3d:2e:99:00:6f:
                    d4:40:14:23:ad:47:fc:9c:e6:b7:59:d2:81:3f:fa:
                    33:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A9:14:72:62:46:9B:9B:0B:AF:E5:9B:82:48:F2:E9:3C:70:A2:51
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/pKkUcmJGm5sLr-Wbgkjy6TxwolE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  45.157.211.0/24
                  79.98.244.0/22
                  185.199.151.0/24
                  185.199.212.0/23
                  185.225.168.0/22
                  185.250.25.0-185.250.26.255
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:50:5b:e3:a8:7c:34:54:46:ff:3f:54:de:67:b8:ea:75:d6:
         e0:f3:81:d9:29:d6:2f:61:82:ec:49:04:ac:21:d9:e2:b6:98:
         cc:ab:31:b0:1b:a8:dd:e3:e1:8c:46:b4:da:c6:5c:73:5d:e0:
         97:0d:6e:26:f5:37:79:d6:8b:45:95:04:db:2f:25:fa:43:94:
         8a:a8:a0:9d:af:56:7d:fe:dd:8d:a4:14:e2:37:bd:fc:c6:fa:
         00:dd:a1:b5:fb:1e:b7:b0:fb:6d:b7:13:07:4e:90:4a:ff:59:
         55:09:8b:ee:ea:3b:48:96:49:1e:3b:e8:a0:0e:d8:e1:9a:fb:
         44:ba:68:2f:26:84:08:79:c4:e7:ec:87:0f:4b:51:d0:dd:b0:
         49:d8:ec:65:8b:b2:53:ac:15:18:9f:94:86:6e:b9:9d:19:d7:
         dc:da:9f:1d:bd:79:70:b5:63:13:ab:62:fa:2d:b4:ef:b3:ab:
         3f:85:e0:59:0d:e3:50:e3:36:54:e7:cc:df:04:27:84:a8:e4:
         48:a4:1e:57:8c:09:48:70:21:a1:a4:69:a2:cb:c5:67:81:3f:
         6b:ed:ff:a8:87:13:37:c4:29:b5:18:aa:74:0b:01:8f:99:d5:
         78:5a:fc:e2:ed:57:f0:d3:cb:a4:60:0e:f7:be:7b:f2:a4:af:
         65:de:41:e2
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYmJJxZcdBCqhV5qckdI839QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNzI0MTgyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE5MTQ3MjYyNDY5YjliMGJhZmU1OWI4MjQ4ZjJlOTNjNzBhMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxq9hqHsfunvBH1UixeOdKp+G/vi
R4HWGZNI7LzHsRSI79zckA03Mnorb1YCAKUcCkWVHBh3yGyyQsecAOnMbrYPnUyq
GLrBI9IsEdVpIyIw54nK/+k2hmMzJmAVA0VSphUAdj9+sf1/0iEGYYQ9S8qiaDPR
ct6bnZG4TDI3YiSHtYV91lmNdXCnIyEsDi9cTZpAHlHZKM5C9V7J71LpCTF8SgpG
nq9Mk7RYj2pod4CgpYKI/60Gggi2o/de2T2bf93gfGHHvzigc/HuDgq81BjQHZUL
7sozdjWPGjvbhxn0+S8YHTQhSD2kPS6ZAG/UQBQjrUf8nOa3WdKBP/ozAwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKSpFHJiRpubC6/lm4JI8uk8cKJRMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvcEtrVWNtSkdtNXNMci1XYmdrank2VHh3b2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALZv8AwQA
LZv/AwQALZ3RAwQALZ3TAwQCT2L0AwQAuceXAwQBucfUAwQCueGoMAwDBAC5+hkD
BAC5+hoDBAHCklwwDQYJKoZIhvcNAQELBQADggEBAFxQW+OofDRURv8/VN5nuOp1
1uDzgdkp1i9hguxJBKwh2eK2mMyrMbAbqN3j4YxGtNrGXHNd4JcNbib1N3nWi0WV
BNsvJfpDlIqooJ2vVn3+3Y2kFOI3vfzG+gDdobX7Hrew+223EwdOkEr/WVUJi+7q
O0iWSR476KAO2OGa+0S6aC8mhAh5xOfshw9LUdDdsEnY7GWLslOsFRiflIZuuZ0Z
19zanx29eXC1YxOrYvottO+zqz+F4FkN41DjNlTnzN8EJ4So5EikHleMCUhwIaGk
aaLLxWeBP2vt/6iHEzfEKbUYqnQLAY+Z1Xha/OLtV/DTy6RgDve+e/Kkr2XeQeI=
-----END CERTIFICATE-----