Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6FeqUoF-qxk4GnEmRibL80UpmVI.roa
File:                     6FeqUoF-qxk4GnEmRibL80UpmVI.roa (raw, json)
Hash identifier:          GRg9zWJ6NVJQ9n4frD1bXrnIDetme/WFJmqMi4e1Jdk=
Subject key identifier:   E8:57:AA:52:81:7E:AB:19:38:1A:71:26:46:26:CB:F3:45:29:99:52
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018D9D4FB1AA1DC35609B6AD20FBF378B365
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6FeqUoF-qxk4GnEmRibL80UpmVI.roa
Signing time:             Mon 12 Feb 2024 12:34:22 +0000
ROA not before:           Mon 12 Feb 2024 12:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.199.54.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.230.67.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          193.8.115.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          194.76.169.0/24 maxlen: 24
                          194.76.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 15 Feb 2024 09:49:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:4f:b1:aa:1d:c3:56:09:b6:ad:20:fb:f3:78:b3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 12 12:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e857aa52817eab19381a71264626cbf345299952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d8:8c:18:76:a7:f6:80:07:cd:50:85:d0:6b:
                    72:ba:e3:da:7f:98:52:43:a0:e8:ff:fe:db:e7:ef:
                    eb:c9:0d:1f:1b:0e:fb:97:eb:93:25:07:f6:47:db:
                    20:00:56:cb:c0:9c:04:55:94:09:c8:cf:ba:57:3e:
                    a3:1c:f5:54:87:b2:f0:78:42:df:e4:b6:85:5c:95:
                    58:64:9f:dc:a2:99:99:0a:a4:2d:fd:04:63:a3:96:
                    fd:36:9c:ca:fe:76:6e:5d:30:d2:91:a1:37:11:d1:
                    ba:7c:7f:45:0a:37:c1:1e:a5:e9:3a:df:ae:36:18:
                    40:a1:7b:7e:75:a7:50:6f:34:4f:66:22:6b:9c:a6:
                    0b:8f:96:76:22:c2:65:3c:54:93:e3:ed:7d:ab:fe:
                    f1:68:19:97:d0:ff:95:e1:84:cb:93:49:18:a4:e8:
                    b1:2f:23:ff:c7:a5:b8:99:e5:0b:45:57:40:3e:d3:
                    2e:51:bc:a4:47:41:f9:f1:ab:6c:55:19:bb:21:b7:
                    ee:78:2f:2b:f2:eb:cd:84:90:b3:d2:3b:66:60:4b:
                    39:fd:41:e4:b1:73:f2:1c:3b:2b:50:56:51:6d:fe:
                    2c:ce:32:c7:09:80:ea:82:5d:9b:a3:b3:5b:ec:0a:
                    02:37:74:8d:4e:0d:78:66:d4:ea:f6:92:8b:99:03:
                    21:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:57:AA:52:81:7E:AB:19:38:1A:71:26:46:26:CB:F3:45:29:99:52
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6FeqUoF-qxk4GnEmRibL80UpmVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.199.54.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.230.67.0/24
                  185.251.229.0/24
                  193.8.115.0/24
                  193.58.146.0/23
                  194.76.169.0/24
                  194.76.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:62:4d:36:0e:3a:2f:ad:7a:5b:a9:6e:a0:ab:91:2a:2c:d9:
         3b:c9:c4:69:73:36:6a:02:dc:2d:90:5c:89:a7:46:e0:14:f9:
         f0:9c:82:29:65:02:88:a8:5b:6b:b8:a2:cd:53:e4:0c:fb:4f:
         b3:35:5d:a8:8d:60:5f:61:4a:c7:99:2c:25:d3:85:06:0f:6e:
         3d:0e:fe:41:d8:3d:82:f5:05:4a:49:a6:e3:fc:fb:d5:02:cd:
         fe:96:00:8d:7f:bf:46:e6:3f:32:2d:e2:b9:77:b7:74:d7:4f:
         7d:01:e7:c7:3c:b5:2b:8a:66:51:6b:8e:52:48:22:cd:29:0c:
         0c:2f:67:d6:c8:10:78:06:1d:a3:0e:b2:4e:1a:5d:21:e0:f6:
         6d:9f:f3:3c:86:df:15:be:01:18:02:45:c9:eb:f3:73:e5:96:
         6e:2f:0f:67:e2:a9:c8:3c:53:e4:0e:6b:15:ac:d9:10:20:73:
         f0:15:42:0b:1a:06:e6:3a:68:86:4d:a5:4c:82:d0:2d:a0:0a:
         59:54:61:1c:97:63:0c:1d:c5:0d:60:fd:6e:f0:c3:2b:94:3e:
         5b:66:0d:75:8c:b5:d4:bb:b1:80:f5:81:35:11:cb:b5:2f:ac:
         3f:5b:af:ac:10:51:d4:7a:bc:ed:9e:5b:49:63:b3:3f:53:57:
         27:cb:98:be
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY2dT7GqHcNWCbatIPvzeLNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjEyMTIzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODU3YWE1MjgxN2VhYjE5MzgxYTcxMjY0NjI2Y2JmMzQ1Mjk5OTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdiMGHan9oAHzVCF0GtyuuPaf5hS
Q6Do//7b5+/ryQ0fGw77l+uTJQf2R9sgAFbLwJwEVZQJyM+6Vz6jHPVUh7LweELf
5LaFXJVYZJ/copmZCqQt/QRjo5b9NpzK/nZuXTDSkaE3EdG6fH9FCjfBHqXpOt+u
NhhAoXt+dadQbzRPZiJrnKYLj5Z2IsJlPFST4+19q/7xaBmX0P+V4YTLk0kYpOix
LyP/x6W4meULRVdAPtMuUbykR0H58atsVRm7IbfueC8r8uvNhJCz0jtmYEs5/UHk
sXPyHDsrUFZRbf4szjLHCYDqgl2bo7Nb7AoCN3SNTg14ZtTq9pKLmQMh/QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOhXqlKBfqsZOBpxJkYmy/NFKZlSMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNkZlcVVvRi1xeGs0R25FbVJpYkw4MFVwbVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQgVAwQA
ucc2AwQBudz6AwQAud9SAwQBueEAAwQBueOSAwQAueZDAwQAufvlAwQAwQhzAwQB
wTqSAwQAwkypAwQAwkysMA0GCSqGSIb3DQEBCwUAA4IBAQC2Yk02DjovrXpbqW6g
q5EqLNk7ycRpczZqAtwtkFyJp0bgFPnwnIIpZQKIqFtruKLNU+QM+0+zNV2ojWBf
YUrHmSwl04UGD249Dv5B2D2C9QVKSabj/PvVAs3+lgCNf79G5j8yLeK5d7d01099
AefHPLUrimZRa45SSCLNKQwML2fWyBB4Bh2jDrJOGl0h4PZtn/M8ht8VvgEYAkXJ
6/Nz5ZZuLw9n4qnIPFPkDmsVrNkQIHPwFUILGgbmOmiGTaVMgtAtoApZVGEcl2MM
HcUNYP1u8MMrlD5bZg11jLXUu7GA9YE1Ecu1L6w/W6+sEFHUerztnltJY7M/U1cn
y5i+
-----END CERTIFICATE-----