Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8GhNk9p4PcTtiCd-A_aJ0u6SLOU.roa
File:                     8GhNk9p4PcTtiCd-A_aJ0u6SLOU.roa (raw, json)
Hash identifier:          BvK7p2k70v/DczIdZzezaOGWGY39v1CYF/dNzyAwWHA=
Subject key identifier:   F0:68:4D:93:DA:78:3D:C4:ED:88:27:7E:03:F6:89:D2:EE:92:2C:E5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01893EFE2A1EDD25E4CCADAC5E3242080A2F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8GhNk9p4PcTtiCd-A_aJ0u6SLOU.roa
Signing time:             Mon 10 Jul 2023 08:49:51 +0000
ROA not before:           Mon 10 Jul 2023 08:49:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.209.38.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.210.233.0/24 maxlen: 24
                          185.209.74.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.146.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.214.108.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Tue 11 Jul 2023 08:54:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3e:fe:2a:1e:dd:25:e4:cc:ad:ac:5e:32:42:08:0a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 10 08:49:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f0684d93da783dc4ed88277e03f689d2ee922ce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fa:5a:f1:b9:6a:e6:99:da:ba:d2:5e:4a:a1:
                    33:cd:2c:99:9a:e8:a8:e7:0b:46:5b:a6:39:06:d8:
                    be:8d:ac:d9:df:fd:34:f7:86:f6:b1:58:c2:6c:ef:
                    77:c6:e0:b1:d3:d8:0b:e4:64:da:6a:be:80:c9:d6:
                    9b:b6:29:96:80:18:5b:c1:a0:a3:35:b8:4a:bc:f3:
                    e8:3b:5f:28:4c:56:c3:31:c9:4e:19:bb:74:0d:f9:
                    3b:e7:a8:db:d7:78:37:57:c2:bf:81:eb:76:96:df:
                    a6:2f:0a:d8:3b:14:d9:fd:af:c8:de:24:92:d0:9f:
                    cf:e7:e3:7c:8f:2e:ff:6e:38:18:80:50:2d:c8:02:
                    14:23:de:89:b3:ca:23:c0:9c:c4:ca:05:6a:28:2e:
                    4a:c5:dd:40:21:de:28:00:1c:d7:79:26:6e:94:d7:
                    52:30:b0:b7:0b:13:62:ae:30:b5:42:de:b5:97:53:
                    f0:33:75:6a:22:af:c9:d5:12:94:f3:74:6f:b4:0a:
                    28:7f:77:4d:8f:64:56:53:f1:52:22:64:41:f8:f4:
                    59:5c:98:79:88:ab:42:09:6a:84:f4:ea:e7:cd:7a:
                    d9:d6:09:26:62:8a:df:f3:98:e8:a0:28:e2:24:cf:
                    0c:45:47:17:6a:58:d2:69:fd:99:30:3b:b7:ea:f2:
                    11:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:68:4D:93:DA:78:3D:C4:ED:88:27:7E:03:F6:89:D2:EE:92:2C:E5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8GhNk9p4PcTtiCd-A_aJ0u6SLOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.209.74.0/24
                  185.210.233.0/24
                  185.214.108.0/24
                  185.225.0.0/23
                  185.230.52.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:38:28:6c:7e:a6:41:ee:93:7d:96:d7:f4:40:eb:0c:25:1a:
         97:e7:d8:11:4e:cc:72:1e:db:be:ed:7d:3a:1c:78:4e:fa:11:
         ad:20:4a:8f:a8:a2:a5:f3:68:b4:7c:23:ab:ca:8f:f8:4c:08:
         c9:60:a8:98:8b:38:13:9e:a4:99:4a:c0:d3:40:3b:9c:00:c3:
         e3:5f:ef:4b:94:09:30:55:a3:b5:99:79:49:b4:9c:83:c7:86:
         5b:57:d7:a8:4e:46:e1:49:97:9c:b7:22:bf:c1:49:72:2a:2c:
         81:32:03:4f:8c:b2:68:68:67:be:d6:69:c0:24:b0:c9:98:a3:
         f5:66:6a:22:ec:f3:72:93:e1:bd:5a:ca:08:00:57:b2:6f:8a:
         1f:99:69:a3:28:4b:a7:3f:53:d5:e2:98:c0:82:82:8a:b0:df:
         66:01:f7:0f:e1:13:12:e1:bf:35:0f:35:a8:9c:f5:1a:e2:59:
         8f:7a:d2:34:9d:a6:f8:28:63:60:8d:69:99:45:82:0b:9c:6b:
         8c:a5:7a:9f:81:8d:fc:5e:fc:6a:49:e7:f4:4c:d5:08:f4:24:
         0d:51:94:92:34:d9:86:bb:34:ce:a8:f1:8d:24:10:0e:a5:f1:
         ea:a3:ec:d1:55:10:80:b8:2e:e4:d3:ee:29:2b:53:5c:3f:20:
         1c:c9:3c:10
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYk+/ioe3SXkzK2sXjJCCAovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNzEwMDg0OTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY4NGQ5M2RhNzgzZGM0ZWQ4ODI3N2UwM2Y2ODlkMmVlOTIyY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/pa8blq5pnautJeSqEzzSyZmuio
5wtGW6Y5Bti+jazZ3/0094b2sVjCbO93xuCx09gL5GTaar6AydabtimWgBhbwaCj
NbhKvPPoO18oTFbDMclOGbt0Dfk756jb13g3V8K/get2lt+mLwrYOxTZ/a/I3iSS
0J/P5+N8jy7/bjgYgFAtyAIUI96Js8ojwJzEygVqKC5Kxd1AId4oABzXeSZulNdS
MLC3CxNirjC1Qt61l1PwM3VqIq/J1RKU83RvtAoof3dNj2RWU/FSImRB+PRZXJh5
iKtCCWqE9OrnzXrZ1gkmYorf85jooCjiJM8MRUcXaljSaf2ZMDu36vIRUQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPBoTZPaeD3E7YgnfgP2idLukizlMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOEdoTms5cDRQY1R0aUNkLUFfYUowdTZTTE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQA
LZPgAwQAudEmAwQAudFKAwQAudLpAwQAudZsAwQBueEAAwQAueY0AwQAufvlAwQB
wTqSMA0GCSqGSIb3DQEBCwUAA4IBAQA8OChsfqZB7pN9ltf0QOsMJRqX59gRTsxy
Htu+7X06HHhO+hGtIEqPqKKl82i0fCOryo/4TAjJYKiYizgTnqSZSsDTQDucAMPj
X+9LlAkwVaO1mXlJtJyDx4ZbV9eoTkbhSZectyK/wUlyKiyBMgNPjLJoaGe+1mnA
JLDJmKP1Zmoi7PNyk+G9WsoIAFeyb4ofmWmjKEunP1PV4pjAgoKKsN9mAfcP4RMS
4b81DzWonPUa4lmPetI0nab4KGNgjWmZRYILnGuMpXqfgY38XvxqSef0TNUI9CQN
UZSSNNmGuzTOqPGNJBAOpfHqo+zRVRCAuC7k0+4pK1NcPyAcyTwQ
-----END CERTIFICATE-----