Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0OKIjuROI_1bfV6tp0CfqjcH6W8.roa
File:                     0OKIjuROI_1bfV6tp0CfqjcH6W8.roa (raw, json)
Hash identifier:          gVdvwuxqgWmoZS3b/qxZROJxudB5Tk8OfTQZFXRx8+o=
Subject key identifier:   D0:E2:88:8E:E4:4E:23:FD:5B:7D:5E:AD:A7:40:9F:AA:37:07:E9:6F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018DF46C82B53A676771C6A7F6E5C5E90B18
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0OKIjuROI_1bfV6tp0CfqjcH6W8.roa
Signing time:             Thu 29 Feb 2024 10:32:48 +0000
ROA not before:           Thu 29 Feb 2024 10:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.210.235.0/24 maxlen: 24
                          185.214.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 01 Mar 2024 10:14:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:6c:82:b5:3a:67:67:71:c6:a7:f6:e5:c5:e9:0b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 29 10:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e2888ee44e23fd5b7d5eada7409faa3707e96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2c:72:2a:74:e4:30:b7:e8:58:99:5d:ce:48:
                    a3:2f:33:14:cf:32:24:bc:c6:94:d3:36:61:8d:fd:
                    eb:72:ba:80:a3:e5:ba:6d:79:ce:89:e0:92:11:47:
                    48:22:e7:b6:2b:1e:47:8c:3a:14:5f:12:c5:d3:96:
                    ab:0f:eb:c9:00:f2:07:00:75:9c:a3:fe:e2:79:a7:
                    59:9f:45:6a:63:4c:4f:45:3e:de:bc:0d:09:8c:54:
                    27:ae:91:1e:1b:32:ec:ce:83:63:10:d2:d7:8e:2d:
                    71:07:bc:56:c2:cc:b3:d8:4e:f9:ea:fd:5e:f1:03:
                    f2:4a:28:1b:3a:e4:e9:9e:98:d3:36:a4:cd:13:82:
                    95:e9:ae:5b:dc:08:2f:ce:e3:cd:3b:30:7f:3e:bb:
                    f8:09:30:76:8f:b4:c0:00:c3:43:ae:c8:31:05:3d:
                    9d:32:3b:9b:cc:b8:b1:be:1f:b8:38:1c:6c:89:3b:
                    f2:60:62:ad:2b:f1:44:37:b0:be:66:21:6b:12:65:
                    f7:d4:14:b7:45:02:7b:28:a1:1b:46:5e:fe:58:bb:
                    66:b0:1c:d1:82:10:db:27:d6:42:b8:76:80:e7:b2:
                    c8:a7:75:6f:34:16:bc:96:64:34:23:d1:3e:0b:95:
                    49:6b:50:3f:fa:8f:2f:d3:71:1d:8f:5f:54:26:de:
                    7a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E2:88:8E:E4:4E:23:FD:5B:7D:5E:AD:A7:40:9F:AA:37:07:E9:6F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0OKIjuROI_1bfV6tp0CfqjcH6W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.210.235.0/24
                  185.214.101.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:62:4f:18:eb:12:b0:5a:a5:41:20:a4:ad:85:b9:42:3d:92:
         e3:65:55:31:ff:78:05:d1:15:97:da:90:c2:57:52:10:a6:72:
         0c:7d:79:f5:4b:84:f5:ad:1b:0a:3f:1b:67:d1:2c:20:cf:46:
         bd:ea:f2:bc:93:f0:91:37:8c:91:b2:95:a1:44:ef:57:db:e9:
         8c:eb:d9:d8:79:74:69:4a:df:ea:de:21:81:7a:3b:65:5a:3f:
         e6:81:c8:e7:cc:2f:20:33:ac:37:25:7d:d2:d1:46:25:44:38:
         b6:e4:db:50:b8:1e:e2:c2:3f:e6:59:05:a0:94:9c:c5:63:15:
         ad:35:41:b8:a4:6c:18:af:e9:b9:42:0f:54:ac:ee:d0:58:51:
         7f:e3:07:36:e3:7d:dc:51:13:64:42:df:c7:15:1c:f7:69:99:
         b6:61:54:fd:c2:d5:14:a6:da:2e:00:9a:11:c9:65:5e:83:19:
         ed:25:85:9a:64:e5:bb:c7:34:bb:59:74:d7:d0:a2:3e:7d:db:
         b3:9f:39:c8:a0:13:5a:9d:bd:67:d0:1b:79:a0:27:44:88:3a:
         ae:80:42:78:92:1c:75:34:b4:97:74:02:df:1b:22:7b:6f:28:
         cb:15:7c:b3:81:55:53:ad:fa:07:b7:8d:31:3d:e6:ae:c6:7f:
         52:55:a2:ad
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY30bIK1Omdnccan9uXF6QsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjI5MTAzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGUyODg4ZWU0NGUyM2ZkNWI3ZDVlYWRhNzQwOWZhYTM3MDdlOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyxyKnTkMLfoWJldzkijLzMUzzIk
vMaU0zZhjf3rcrqAo+W6bXnOieCSEUdIIue2Kx5HjDoUXxLF05arD+vJAPIHAHWc
o/7ieadZn0VqY0xPRT7evA0JjFQnrpEeGzLszoNjENLXji1xB7xWwsyz2E756v1e
8QPySigbOuTpnpjTNqTNE4KV6a5b3AgvzuPNOzB/Prv4CTB2j7TAAMNDrsgxBT2d
MjubzLixvh+4OBxsiTvyYGKtK/FEN7C+ZiFrEmX31BS3RQJ7KKEbRl7+WLtmsBzR
ghDbJ9ZCuHaA57LIp3VvNBa8lmQ0I9E+C5VJa1A/+o8v03Edj19UJt56XQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNDiiI7kTiP9W31eradAn6o3B+lvMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvME9LSWp1Uk9JXzFiZlY2dHAwQ2ZxamNINlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
udLrAwQAudZlAwQBudz6AwQAud9SAwQBueEAAwQBueOSAwQAufvlAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQAYYk8Y6xKwWqVBIKSthblCPZLjZVUx/3gF0RWX2pDC
V1IQpnIMfXn1S4T1rRsKPxtn0Swgz0a96vK8k/CRN4yRspWhRO9X2+mM69nYeXRp
St/q3iGBejtlWj/mgcjnzC8gM6w3JX3S0UYlRDi25NtQuB7iwj/mWQWglJzFYxWt
NUG4pGwYr+m5Qg9UrO7QWFF/4wc2433cURNkQt/HFRz3aZm2YVT9wtUUptouAJoR
yWVegxntJYWaZOW7xzS7WXTX0KI+fduznznIoBNanb1n0Bt5oCdEiDqugEJ4khx1
NLSXdALfGyJ7byjLFXyzgVVTrfoHt40xPeauxn9SVaKt
-----END CERTIFICATE-----