Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8ucbt_P7wVW23E1-VBmcEfEG8hY.roa
File:                     8ucbt_P7wVW23E1-VBmcEfEG8hY.roa (raw, json)
Hash identifier:          qT9ucoB6jq8qyMDz+k9oYN2cR1xgo/H02S4Yp/CSEOw=
Subject key identifier:   F2:E7:1B:B7:F3:FB:C1:55:B6:DC:4D:7E:54:19:9C:11:F1:06:F2:16
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C1B07BEC58FAE6643992DD2E5B3B1D30C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8ucbt_P7wVW23E1-VBmcEfEG8hY.roa
Signing time:             Wed 29 Nov 2023 12:22:21 +0000
ROA not before:           Wed 29 Nov 2023 12:22:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 30 Nov 2023 12:16:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1b:07:be:c5:8f:ae:66:43:99:2d:d2:e5:b3:b1:d3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 29 12:22:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2e71bb7f3fbc155b6dc4d7e54199c11f106f216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ce:1a:fb:ed:5b:17:e1:0b:67:bc:31:0e:f0:
                    b9:0a:10:d9:db:49:2b:c9:e4:5b:f0:21:82:bd:97:
                    50:f5:29:fc:94:26:c9:ae:1a:5b:93:34:a7:8a:80:
                    00:6b:99:e1:84:15:44:6e:57:0b:b6:17:75:95:97:
                    6e:61:41:9e:4c:3f:18:05:2e:c0:73:dd:9d:4a:59:
                    ac:ec:5b:83:a9:d2:cd:02:60:76:4e:47:e2:4b:3c:
                    de:e0:b5:3d:85:7e:42:8f:2c:f8:90:68:e6:8a:25:
                    3b:88:62:30:11:81:06:17:6a:81:3e:af:d7:28:5d:
                    e9:10:4f:85:7d:8a:6a:c6:c5:af:d0:bf:62:87:d1:
                    3a:1c:bb:45:59:46:38:e5:f2:a2:e0:92:7b:2b:ca:
                    31:f3:dc:c9:d4:4c:77:ad:de:84:be:f9:f2:d2:a6:
                    91:54:9d:a5:4b:0f:17:6d:71:81:ea:b5:d3:ec:10:
                    06:ff:b9:66:fa:a3:04:77:eb:2e:a5:c7:67:c2:e4:
                    c9:40:b9:cf:18:3f:0a:61:16:86:f7:87:90:4a:a8:
                    0e:c8:30:db:65:d8:3b:54:d7:5d:27:2b:47:a2:1b:
                    37:db:75:5f:1d:44:c8:4c:fd:14:5c:2a:25:af:58:
                    a8:a6:b0:13:fb:8f:ea:da:27:d2:52:56:e0:58:74:
                    14:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E7:1B:B7:F3:FB:C1:55:B6:DC:4D:7E:54:19:9C:11:F1:06:F2:16
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8ucbt_P7wVW23E1-VBmcEfEG8hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.206.250.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:47:93:d5:8b:de:8e:05:3a:1f:72:b3:7a:13:18:ea:f4:34:
         02:d3:92:22:d6:ba:42:b9:d3:67:5f:7f:26:90:1f:a6:05:0a:
         7b:0f:e7:f4:68:f5:e9:46:9c:4e:d4:9d:0a:89:49:c8:af:ba:
         9d:c9:55:13:c9:bd:ae:d3:18:8e:7d:31:28:ea:d9:e3:4e:7f:
         03:c6:e8:21:0b:64:17:74:19:11:3c:6d:42:83:59:68:da:4a:
         a2:ff:b7:bf:0e:16:26:fc:3b:fc:43:97:18:b2:0e:c1:6d:2f:
         71:76:3e:99:30:58:43:d9:82:6b:46:52:89:ad:14:a6:be:0d:
         96:10:2d:36:57:33:63:39:2c:2e:ab:0b:ea:36:52:0d:13:15:
         2a:dc:15:2f:f9:11:c7:27:34:50:c2:86:5f:d6:5e:53:c7:44:
         07:22:c5:1b:5e:cc:01:d7:ba:5b:64:37:57:d5:bc:1a:73:50:
         53:d7:8e:4c:af:c4:4b:29:f8:9c:e1:10:c0:a2:2b:7b:32:f6:
         12:c2:a8:15:31:7c:c4:78:5e:91:90:f3:84:ec:ac:e1:b1:69:
         f6:58:7b:37:00:c7:d1:23:fa:ec:18:a2:21:0d:f2:44:dd:9e:
         01:25:b2:4e:c4:48:bf:94:55:71:ae:d2:1d:d3:ab:d6:88:77:
         7f:31:a6:fa
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYwbB77Fj65mQ5kt0uWzsdMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTI5MTIyMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmU3MWJiN2YzZmJjMTU1YjZkYzRkN2U1NDE5OWMxMWYxMDZmMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl84a++1bF+ELZ7wxDvC5ChDZ20kr
yeRb8CGCvZdQ9Sn8lCbJrhpbkzSnioAAa5nhhBVEblcLthd1lZduYUGeTD8YBS7A
c92dSlms7FuDqdLNAmB2TkfiSzze4LU9hX5Cjyz4kGjmiiU7iGIwEYEGF2qBPq/X
KF3pEE+FfYpqxsWv0L9ih9E6HLtFWUY45fKi4JJ7K8ox89zJ1Ex3rd6Evvny0qaR
VJ2lSw8XbXGB6rXT7BAG/7lm+qMEd+supcdnwuTJQLnPGD8KYRaG94eQSqgOyDDb
Zdg7VNddJytHohs323VfHUTITP0UXColr1ioprAT+4/q2ifSUlbgWHQULQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFPLnG7fz+8FVttxNflQZnBHxBvIWMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOHVjYnRfUDd3VlcyM0UxLVZCbWNFZkVHOGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALQgVAwQA
LZPgAwQBuWzMAwQAuc76MAwDBAC53PkDBAK53PgDBAG53h4DBAG54QADBAG545ID
BAC5++UDBAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBALxHk9WL3o4FOh9y
s3oTGOr0NALTkiLWukK502dffyaQH6YFCnsP5/Ro9elGnE7UnQqJScivup3JVRPJ
va7TGI59MSjq2eNOfwPG6CELZBd0GRE8bUKDWWjaSqL/t78OFib8O/xDlxiyDsFt
L3F2PpkwWEPZgmtGUomtFKa+DZYQLTZXM2M5LC6rC+o2Ug0TFSrcFS/5EccnNFDC
hl/WXlPHRAcixRtezAHXultkN1fVvBpzUFPXjkyvxEsp+JzhEMCiK3sy9hLCqBUx
fMR4XpGQ84TsrOGxafZYezcAx9Ej+uwYoiEN8kTdngElsk7ESL+UVXGu0h3Tq9aI
d38xpvo=
-----END CERTIFICATE-----