Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tRQa2jgNzAogsETj95_-pCnCdus.roa
File:                     tRQa2jgNzAogsETj95_-pCnCdus.roa (raw, json)
Hash identifier:          G8V+GMDr+jmdJqoia9QIH6EweazcwLpMnVqwckTw+z4=
Subject key identifier:   B5:14:1A:DA:38:0D:CC:0A:20:B0:44:E3:F7:9F:FE:A4:29:C2:76:EB
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01898E06F3912DE2EDA7FA0EF3AF182B5C50
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tRQa2jgNzAogsETj95_-pCnCdus.roa
Signing time:             Tue 25 Jul 2023 17:09:27 +0000
ROA not before:           Tue 25 Jul 2023 17:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          185.250.25.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.245.0/24 maxlen: 24
                          79.98.246.0/24 maxlen: 24
                          79.98.244.0/24 maxlen: 24
                          79.98.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8e:06:f3:91:2d:e2:ed:a7:fa:0e:f3:af:18:2b:5c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 25 17:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5141ada380dcc0a20b044e3f79ffea429c276eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:04:d4:6a:ce:b3:d1:6e:9d:91:21:34:68:a9:
                    6f:eb:36:95:7e:7e:c5:3c:55:52:66:78:56:3c:a6:
                    01:80:a9:d0:31:ec:b3:dd:e0:9a:6e:be:fa:c1:fa:
                    0a:c6:2d:6c:66:68:c2:a5:1d:56:c9:62:d7:4d:bd:
                    31:1f:12:8a:08:67:b7:94:6d:13:34:b4:6b:6c:44:
                    8d:5a:32:c4:1b:5f:7a:fd:0b:90:5f:ee:eb:30:0c:
                    5d:bc:c5:b2:54:f9:96:00:bb:ec:30:50:d1:45:04:
                    20:92:e3:9e:85:a6:0c:df:2c:d0:8d:08:4b:69:5d:
                    0f:6e:58:e5:ff:0e:5c:c2:c0:9f:3d:dd:71:7d:db:
                    ea:a4:2e:85:65:45:77:89:70:29:bd:52:93:40:bf:
                    c8:fe:f0:00:00:b2:5b:e8:37:14:a9:cb:9e:e5:a2:
                    82:d2:14:be:a8:c1:f0:9e:2f:41:df:c8:d2:24:b9:
                    cc:87:56:bc:6e:64:84:a0:63:3d:72:f2:9e:48:41:
                    71:26:7d:ca:c3:e6:3d:f7:22:1d:cf:c7:fb:ba:77:
                    34:c5:8b:bd:1f:f0:77:b2:1d:b7:86:36:c3:ec:90:
                    39:e9:01:21:0b:d1:42:72:4f:3d:8d:31:92:8b:58:
                    96:07:51:53:6a:d9:e7:d9:e9:67:5c:10:b9:56:2c:
                    4b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:14:1A:DA:38:0D:CC:0A:20:B0:44:E3:F7:9F:FE:A4:29:C2:76:EB
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tRQa2jgNzAogsETj95_-pCnCdus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  79.98.244.0/22
                  185.199.151.0/24
                  185.199.212.0/23
                  185.225.168.0/22
                  185.250.25.0-185.250.26.255
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cd:65:d2:21:cf:78:43:c9:2b:18:c8:f6:88:ed:38:36:eb:2e:
         46:5c:c4:70:93:a5:bc:f1:4e:84:9c:3a:d4:a6:c5:2a:07:74:
         ff:51:b3:63:53:89:61:c8:fe:6b:bf:f7:6a:ab:32:7b:c3:ed:
         e2:8f:6c:bc:cd:e2:97:20:ff:66:31:09:7f:be:8f:ba:68:98:
         3c:7b:89:7e:3a:99:16:85:17:ab:85:1b:b3:98:2b:fa:9b:e9:
         bb:c8:ee:fc:00:9f:64:d3:02:99:ae:a0:cb:08:c3:a1:6d:1b:
         0a:18:f9:de:5d:9d:bb:f2:ca:a7:ba:a1:4a:75:06:a7:b9:47:
         e0:d3:64:3e:75:9b:b8:ce:91:2a:97:46:49:51:6d:6e:32:3a:
         a8:e4:60:ad:be:9d:40:cc:93:c2:5e:a8:cc:97:f7:f3:3d:b0:
         b0:7d:cb:87:e6:49:a0:b4:5e:f8:fb:77:bd:52:73:9d:23:c0:
         92:7a:65:de:11:e6:75:c4:c6:44:a5:25:56:1e:8f:af:97:a3:
         42:35:4b:57:cc:87:09:50:44:af:66:3f:db:aa:0a:75:14:19:
         36:23:9d:54:ca:40:03:bf:02:20:6c:75:60:b2:a1:d2:dd:44:
         f2:c3:5e:6c:97:34:b1:c2:c2:f7:85:c5:c4:e8:0c:43:66:11:
         6c:eb:84:e5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYmOBvORLeLtp/oO868YK1xQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNzI1MTcwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE0MWFkYTM4MGRjYzBhMjBiMDQ0ZTNmNzlmZmVhNDI5YzI3NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugTUas6z0W6dkSE0aKlv6zaVfn7F
PFVSZnhWPKYBgKnQMeyz3eCabr76wfoKxi1sZmjCpR1WyWLXTb0xHxKKCGe3lG0T
NLRrbESNWjLEG196/QuQX+7rMAxdvMWyVPmWALvsMFDRRQQgkuOehaYM3yzQjQhL
aV0Pbljl/w5cwsCfPd1xfdvqpC6FZUV3iXApvVKTQL/I/vAAALJb6DcUqcue5aKC
0hS+qMHwni9B38jSJLnMh1a8bmSEoGM9cvKeSEFxJn3Kw+Y99yIdz8f7unc0xYu9
H/B3sh23hjbD7JA56QEhC9FCck89jTGSi1iWB1FTatnn2elnXBC5VixLEQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFLUUGto4DcwKILBE4/ef/qQpwnbrMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvdFJRYTJqZ056QW9nc0VUajk1Xy1wQ25DZHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALZv8AwQA
LZv/AwQALZ3RAwQCT2L0AwQAuceXAwQBucfUAwQCueGoMAwDBAC5+hkDBAC5+hoD
BAHCklwwDQYJKoZIhvcNAQELBQADggEBAM1l0iHPeEPJKxjI9ojtODbrLkZcxHCT
pbzxToScOtSmxSoHdP9Rs2NTiWHI/mu/92qrMnvD7eKPbLzN4pcg/2YxCX++j7po
mDx7iX46mRaFF6uFG7OYK/qb6bvI7vwAn2TTApmuoMsIw6FtGwoY+d5dnbvyyqe6
oUp1Bqe5R+DTZD51m7jOkSqXRklRbW4yOqjkYK2+nUDMk8JeqMyX9/M9sLB9y4fm
SaC0Xvj7d71Sc50jwJJ6Zd4R5nXExkSlJVYej6+Xo0I1S1fMhwlQRK9mP9uqCnUU
GTYjnVTKQAO/AiBsdWCyodLdRPLDXmyXNLHCwveFxcToDENmEWzrhOU=
-----END CERTIFICATE-----