Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3Iy2UAP-SK6JPbJQZghhrxmp0cI.roa
File:                     3Iy2UAP-SK6JPbJQZghhrxmp0cI.roa (raw, json)
Hash identifier:          RO32G3Cgm6uNVWmZnISZIeLH7RPBOxrfTVBJtQtHiSM=
Subject key identifier:   DC:8C:B6:50:03:FE:48:AE:89:3D:B2:50:66:08:61:AF:19:A9:D1:C2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018BA9318A64D3AEDF2A370EFA55D4B01758
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3Iy2UAP-SK6JPbJQZghhrxmp0cI.roa
Signing time:             Tue 07 Nov 2023 09:51:18 +0000
ROA not before:           Tue 07 Nov 2023 09:51:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.218.102.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.221.20.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Fri 10 Nov 2023 10:12:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a9:31:8a:64:d3:ae:df:2a:37:0e:fa:55:d4:b0:17:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  7 09:51:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc8cb65003fe48ae893db250660861af19a9d1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5c:6c:87:2a:79:ba:68:92:40:32:77:0a:38:
                    c7:5d:df:26:72:c7:31:5b:66:39:43:05:82:98:50:
                    88:df:f1:8a:d3:d2:40:dd:c9:4b:98:e8:b3:a6:63:
                    8c:ff:1e:7b:62:55:14:00:fb:11:82:e8:22:0d:e7:
                    da:71:cb:45:01:7d:b0:4d:da:30:dd:c7:1f:52:e8:
                    40:ee:15:5f:bc:91:b5:e2:69:b6:db:db:c3:01:6f:
                    9b:77:8b:61:61:23:32:92:52:f5:c2:81:08:05:84:
                    c8:14:e5:c2:ac:f9:ed:53:8b:cb:92:1a:31:72:f5:
                    c5:fb:96:0d:78:63:d3:b2:97:d2:e2:33:62:61:75:
                    50:34:6c:cf:76:84:3d:16:6d:73:38:96:6e:07:41:
                    fa:de:f6:1f:1d:ee:b9:5e:b1:ee:b2:98:b9:7e:32:
                    4d:73:db:e5:28:b7:9f:af:6d:af:25:37:6e:43:21:
                    d4:aa:6c:71:06:bd:d7:51:7a:9a:9b:d1:d0:54:ce:
                    15:79:27:eb:31:ae:c9:29:b0:26:52:80:cd:51:6e:
                    ba:ac:29:d6:97:c5:96:d4:8a:19:ec:0c:d1:70:18:
                    1f:c2:b6:89:f5:a0:a2:d0:6c:9f:50:64:ff:39:db:
                    1c:cc:1b:40:42:08:6d:13:30:62:a1:db:c0:63:c9:
                    e8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:8C:B6:50:03:FE:48:AE:89:3D:B2:50:66:08:61:AF:19:A9:D1:C2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3Iy2UAP-SK6JPbJQZghhrxmp0cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.218.102.0/24
                  185.220.250.0/23
                  185.221.20.0/24
                  185.222.30.0/23
                  185.223.80.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:b0:f9:0c:4e:52:bb:4d:92:09:df:f6:d3:25:7e:e7:17:44:
         e2:8e:4a:a4:1d:51:69:4d:b1:4b:34:36:17:c1:b4:45:3b:41:
         92:20:fb:3e:a7:ec:46:63:30:9d:8b:77:36:f9:a1:6a:36:62:
         b5:23:b6:cf:af:19:16:56:6f:c6:db:d2:ce:94:b6:37:22:20:
         a7:06:df:0d:82:32:1a:ed:1c:dd:b8:6a:fe:74:a8:41:bd:1a:
         f4:bd:cb:88:7c:ef:78:aa:b9:92:60:70:dc:70:ae:71:7b:6d:
         f1:3d:f5:d8:c8:a4:d7:94:e5:26:f7:62:9a:ce:e4:3c:f3:6d:
         36:f9:bf:21:e8:09:30:96:ef:58:23:10:73:d9:73:a6:b6:c9:
         9d:b5:07:58:56:a4:b5:3f:07:6e:00:50:57:05:2a:4b:e1:31:
         01:90:fa:f2:0f:de:4b:2e:e6:56:21:fb:e9:39:6e:61:54:1d:
         6a:e6:7e:e1:c3:24:04:b1:7b:bf:5c:8d:da:43:54:82:81:b1:
         f1:4a:26:f1:0c:e2:ff:08:2b:28:a7:bb:91:2c:a4:f8:e2:8a:
         43:0c:b2:48:e8:bc:14:83:42:0f:2b:36:4e:cd:0a:e9:dd:3b:
         ab:02:4d:1d:35:12:e6:04:db:47:90:c8:75:3a:01:90:cc:70:
         c4:c6:7c:a1
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYupMYpk067fKjcO+lXUsBdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTA3MDk1MTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzhjYjY1MDAzZmU0OGFlODkzZGIyNTA2NjA4NjFhZjE5YTlkMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVxshyp5umiSQDJ3CjjHXd8mcscx
W2Y5QwWCmFCI3/GK09JA3clLmOizpmOM/x57YlUUAPsRgugiDefacctFAX2wTdow
3ccfUuhA7hVfvJG14mm229vDAW+bd4thYSMyklL1woEIBYTIFOXCrPntU4vLkhox
cvXF+5YNeGPTspfS4jNiYXVQNGzPdoQ9Fm1zOJZuB0H63vYfHe65XrHuspi5fjJN
c9vlKLefr22vJTduQyHUqmxxBr3XUXqam9HQVM4VeSfrMa7JKbAmUoDNUW66rCnW
l8WW1IoZ7AzRcBgfwraJ9aCi0GyfUGT/OdsczBtAQghtEzBiodvAY8noSQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNyMtlAD/kiuiT2yUGYIYa8ZqdHCMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvM0l5MlVBUC1TSzZKUGJKUVpnaGhyeG1wMGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQgVAwQA
LZPgAwQAudEmAwQAudpmAwQBudz6AwQAud0UAwQBud4eAwQAud9QAwQBueEAAwQB
ueOSAwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQCdsPkMTlK7TZIJ3/bT
JX7nF0TijkqkHVFpTbFLNDYXwbRFO0GSIPs+p+xGYzCdi3c2+aFqNmK1I7bPrxkW
Vm/G29LOlLY3IiCnBt8NgjIa7RzduGr+dKhBvRr0vcuIfO94qrmSYHDccK5xe23x
PfXYyKTXlOUm92KazuQ88202+b8h6Akwlu9YIxBz2XOmtsmdtQdYVqS1PwduAFBX
BSpL4TEBkPryD95LLuZWIfvpOW5hVB1q5n7hwyQEsXu/XI3aQ1SCgbHxSibxDOL/
CCsop7uRLKT44opDDLJI6LwUg0IPKzZOzQrp3TurAk0dNRLmBNtHkMh1OgGQzHDE
xnyh
-----END CERTIFICATE-----