Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6b6OoP_U9VZo2lt5z2sQlE3mxg0.roa
File:                     6b6OoP_U9VZo2lt5z2sQlE3mxg0.roa (raw, json)
Hash identifier:          mDGEkoya7uPirgsGM+Z+Xowm+Vpolr/tWI5rUlKUbR4=
Subject key identifier:   E9:BE:8E:A0:FF:D4:F5:56:68:DA:5B:79:CF:6B:10:94:4D:E6:C6:0D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CAC2162DF8C107B37C227ABBEE7965F4C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6b6OoP_U9VZo2lt5z2sQlE3mxg0.roa
Signing time:             Wed 27 Dec 2023 16:35:17 +0000
ROA not before:           Wed 27 Dec 2023 16:35:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.210.235.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.108.205.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 31 Dec 2023 07:58:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ac:21:62:df:8c:10:7b:37:c2:27:ab:be:e7:96:5f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec 27 16:35:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9be8ea0ffd4f55668da5b79cf6b10944de6c60d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ef:4f:dd:0c:51:1d:7c:c7:a3:23:08:b2:f5:
                    56:5a:41:79:e2:52:0d:72:d4:07:4f:a2:f2:9f:26:
                    a9:0a:24:2b:b0:ab:f8:d7:35:e7:e2:10:b5:de:66:
                    eb:c5:40:df:a8:1d:dc:36:e3:8c:09:3c:76:ed:01:
                    e4:d6:99:d3:45:51:c1:5b:a1:c6:59:65:79:3f:e6:
                    37:23:d8:05:5a:57:17:8a:10:fd:be:ec:35:b9:2f:
                    1c:e7:b8:82:a6:11:17:69:84:23:78:d4:77:d4:38:
                    62:5c:71:17:73:78:6d:e5:28:af:34:02:aa:62:1b:
                    6f:14:d6:be:06:b8:ad:49:41:6b:3e:fa:0a:2b:93:
                    ce:7e:98:5f:a8:5c:b3:33:93:b5:70:67:77:3f:72:
                    06:66:f2:a3:b8:de:71:06:eb:7a:2f:77:63:6a:23:
                    db:37:7a:9d:a3:cf:56:4f:18:a3:5e:65:60:eb:db:
                    e0:4b:e1:96:76:54:b8:8d:31:64:c1:9c:8b:17:c4:
                    fb:23:6e:31:c1:70:7b:88:ae:ca:4e:d4:6e:dd:ee:
                    60:d4:1d:c5:e8:af:64:93:51:cf:66:fa:3f:1e:c9:
                    ea:b7:0e:54:e6:94:1e:ed:a3:a3:39:af:17:c8:5f:
                    5f:86:82:43:50:c6:0a:4d:57:b8:0d:08:10:73:57:
                    82:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BE:8E:A0:FF:D4:F5:56:68:DA:5B:79:CF:6B:10:94:4D:E6:C6:0D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6b6OoP_U9VZo2lt5z2sQlE3mxg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.108.205.0/24
                  185.126.82.0/24
                  185.209.38.0/24
                  185.210.235.0/24
                  185.220.249.0-185.220.251.255
                  185.223.82.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:00:bf:7e:01:cc:68:1b:f9:8a:89:43:e8:b3:26:30:d3:53:
         b2:8d:46:eb:67:01:34:6f:59:6e:89:c5:4a:e7:03:6f:c5:b5:
         ed:38:d7:1e:7f:8e:08:3e:fb:b8:7f:fa:06:3e:0d:70:41:f7:
         07:98:f9:6a:f7:c8:e8:71:e4:36:f1:11:42:be:7b:24:5a:3c:
         86:68:8e:7c:2b:af:1b:ec:07:fd:22:0f:91:7a:25:cf:cf:b6:
         c0:a2:56:d8:c0:af:dc:45:8f:ca:15:a1:20:67:71:de:45:80:
         22:59:4f:21:ad:1a:95:48:ad:a9:f1:e1:29:57:2b:5d:c6:0b:
         fe:23:f5:c3:49:35:7b:a4:24:e9:14:20:d4:0b:48:0d:93:ad:
         61:3f:bb:11:b4:16:08:7f:f6:29:b7:8a:5e:68:ce:49:bc:16:
         55:5c:30:f6:08:37:20:1b:00:8b:84:dd:e2:43:be:98:a8:1a:
         af:64:a5:5a:3b:d0:fc:de:84:cb:62:be:0f:02:43:be:3f:d2:
         12:5e:6b:aa:db:e9:f2:36:76:ee:d0:ab:f4:41:60:57:ce:f3:
         6f:b5:82:95:ec:96:02:24:28:2b:78:5c:3e:ac:d3:dc:7a:1b:
         76:26:d3:84:24:64:e0:43:39:8d:1e:42:80:d5:1f:57:50:d0:
         5e:a3:00:1f
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYysIWLfjBB7N8Inq77nll9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjI3MTYzNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWJlOGVhMGZmZDRmNTU2NjhkYTViNzljZjZiMTA5NDRkZTZjNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu9P3QxRHXzHoyMIsvVWWkF54lIN
ctQHT6LynyapCiQrsKv41zXn4hC13mbrxUDfqB3cNuOMCTx27QHk1pnTRVHBW6HG
WWV5P+Y3I9gFWlcXihD9vuw1uS8c57iCphEXaYQjeNR31DhiXHEXc3ht5SivNAKq
YhtvFNa+BritSUFrPvoKK5POfphfqFyzM5O1cGd3P3IGZvKjuN5xBut6L3djaiPb
N3qdo89WTxijXmVg69vgS+GWdlS4jTFkwZyLF8T7I24xwXB7iK7KTtRu3e5g1B3F
6K9kk1HPZvo/Hsnqtw5U5pQe7aOjOa8XyF9fhoJDUMYKTVe4DQgQc1eC1wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFOm+jqD/1PVWaNpbec9rEJRN5sYNMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNmI2T29QX1U5VlpvMmx0NXoyc1FsRTNteGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALQgVAwQA
uWzNAwQAuX5SAwQAudEmAwQAudLrMAwDBAC53PkDBAK53PgDBAC531IDBAG54QAD
BAG545IDBAC5++UDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBACMAv34BzGgb+YqJ
Q+izJjDTU7KNRutnATRvWW6JxUrnA2/Fte041x5/jgg++7h/+gY+DXBB9weY+Wr3
yOhx5DbxEUK+eyRaPIZojnwrrxvsB/0iD5F6Jc/PtsCiVtjAr9xFj8oVoSBncd5F
gCJZTyGtGpVIranx4SlXK13GC/4j9cNJNXukJOkUINQLSA2TrWE/uxG0Fgh/9im3
il5ozkm8FlVcMPYINyAbAIuE3eJDvpioGq9kpVo70PzehMtivg8CQ74/0hJea6rb
6fI2du7Qq/RBYFfO82+1gpXslgIkKCt4XD6s09x6G3Ym04QkZOBDOY0eQoDVH1dQ
0F6jAB8=
-----END CERTIFICATE-----