Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9KmH3ednWO9BtiMyPgcXdNhCtQ0.roa
File:                     9KmH3ednWO9BtiMyPgcXdNhCtQ0.roa (raw, json)
Hash identifier:          ix/jFChNzZg+0AP1BwygR33aMIzTYlDKP2e3YODtTSw=
Subject key identifier:   F4:A9:87:DD:E7:67:58:EF:41:B6:23:32:3E:07:17:74:D8:42:B5:0D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0189BAD723E36EB5CE0F515EAEDE44B985CE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9KmH3ednWO9BtiMyPgcXdNhCtQ0.roa
Signing time:             Thu 03 Aug 2023 10:00:08 +0000
ROA not before:           Thu 03 Aug 2023 10:00:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.230.52.0/24 maxlen: 24
                          185.226.106.0/24 maxlen: 24
                          185.220.248.0/24 maxlen: 24
                          45.90.19.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.147.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
                          194.147.16.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 03 Aug 2023 10:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ba:d7:23:e3:6e:b5:ce:0f:51:5e:ae:de:44:b9:85:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug  3 10:00:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4a987dde76758ef41b623323e071774d842b50d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7c:9e:9b:5c:86:6a:29:2e:f6:95:af:eb:ee:
                    91:74:a0:77:72:a3:96:4e:30:d4:e7:ff:d9:19:45:
                    a7:71:7d:bb:67:61:4b:a5:15:0d:83:55:30:c2:63:
                    60:15:bd:5e:13:3f:58:2e:4c:79:1a:34:64:d3:26:
                    73:9b:b1:53:24:cc:f6:97:bb:22:6c:a0:dc:12:a1:
                    ae:5a:38:44:f7:50:4e:b5:5c:92:cf:6d:8a:77:c5:
                    37:9d:bd:2b:0f:3a:98:f3:19:cd:c5:1d:dd:8a:9a:
                    8d:e0:b4:2f:04:b0:5e:ec:74:71:52:d9:af:37:aa:
                    4b:e4:45:35:bd:36:7d:2b:29:bd:d6:c1:d5:67:de:
                    70:f8:cd:98:19:c8:e4:1d:a1:94:c0:21:1f:e4:a4:
                    b4:3c:31:d3:5f:24:c6:06:a8:5e:ef:54:46:0d:f3:
                    e3:11:91:9f:a6:e3:49:68:a8:c7:58:9e:03:ca:66:
                    39:f0:82:1c:3b:81:93:7e:19:82:ee:43:63:b0:20:
                    54:1c:9f:7a:c7:1e:03:1d:35:8b:e2:80:bd:e6:73:
                    51:27:8d:6f:da:be:3a:fd:fe:e4:3e:0e:71:fd:c4:
                    3c:85:b9:19:bf:63:0f:76:c3:99:12:5b:3f:7c:62:
                    64:b9:73:76:6e:a9:7f:ad:20:12:74:fe:1e:91:37:
                    f0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A9:87:DD:E7:67:58:EF:41:B6:23:32:3E:07:17:74:D8:42:B5:0D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9KmH3ednWO9BtiMyPgcXdNhCtQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.90.19.0/24
                  45.147.224.0/24
                  185.220.248.0/24
                  185.225.0.0/23
                  185.226.106.0/24
                  185.230.52.0/24
                  185.246.112.0/24
                  185.251.229.0/24
                  193.58.146.0/23
                  194.147.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:2b:ab:2a:64:7d:6f:fb:fd:7b:e9:ba:73:f8:4f:21:93:
         e8:9c:4a:87:dc:9a:25:d4:96:9c:4c:f3:72:08:4f:11:86:f0:
         bc:bc:98:ba:2b:82:bc:76:e2:96:27:1d:58:cf:e3:9e:21:b1:
         91:ce:30:2d:cd:2c:d4:ce:f6:60:f0:4e:cf:00:1d:41:64:c4:
         f7:63:b4:77:39:a4:07:14:85:b9:30:39:21:3c:8d:4b:a5:a5:
         21:95:2e:9e:bc:64:f7:c9:b0:6b:bd:18:86:54:9a:6a:2e:0e:
         16:98:f9:31:0d:ee:a5:89:61:1f:42:5f:78:c7:9f:d0:38:3f:
         96:9c:9a:3d:25:b9:54:a6:91:5e:d5:e1:60:8f:43:40:78:9e:
         2c:de:2a:e2:47:34:c9:55:07:d7:38:d3:4a:77:61:25:6b:4e:
         45:46:e1:13:df:0c:6b:b6:32:35:61:bc:62:ed:93:45:5c:58:
         f9:26:b0:74:aa:77:86:ff:b3:71:37:7f:74:92:45:c4:75:c2:
         30:05:35:35:84:a7:2c:36:e5:12:c5:19:50:bc:f3:64:db:f7:
         08:df:bf:8d:29:c0:dc:c6:97:e2:a6:cc:bc:f5:98:fe:ff:30:
         5c:dc:d9:ff:7c:7c:1a:c6:b3:73:81:5b:ec:f9:fd:0b:42:11:
         c3:78:91:c5
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYm61yPjbrXOD1Fert5EuYXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwODAzMTAwMDA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGE5ODdkZGU3Njc1OGVmNDFiNjIzMzIzZTA3MTc3NGQ4NDJiNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXyem1yGaiku9pWv6+6RdKB3cqOW
TjDU5//ZGUWncX27Z2FLpRUNg1UwwmNgFb1eEz9YLkx5GjRk0yZzm7FTJMz2l7si
bKDcEqGuWjhE91BOtVySz22Kd8U3nb0rDzqY8xnNxR3dipqN4LQvBLBe7HRxUtmv
N6pL5EU1vTZ9Kym91sHVZ95w+M2YGcjkHaGUwCEf5KS0PDHTXyTGBqhe71RGDfPj
EZGfpuNJaKjHWJ4DymY58IIcO4GTfhmC7kNjsCBUHJ96xx4DHTWL4oC95nNRJ41v
2r46/f7kPg5x/cQ8hbkZv2MPdsOZEls/fGJkuXN2bql/rSASdP4ekTfwXwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPSph93nZ1jvQbYjMj4HF3TYQrUNMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOUttSDNlZG5XTzlCdGlNeVBnY1hkTmhDdFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQgVAwQA
LVoTAwQALZPgAwQAudz4AwQBueEAAwQAueJqAwQAueY0AwQAufZwAwQAufvlAwQB
wTqSAwQAwpMQMA0GCSqGSIb3DQEBCwUAA4IBAQBn4CurKmR9b/v9e+m6c/hPIZPo
nEqH3Jol1JacTPNyCE8RhvC8vJi6K4K8duKWJx1Yz+OeIbGRzjAtzSzUzvZg8E7P
AB1BZMT3Y7R3OaQHFIW5MDkhPI1LpaUhlS6evGT3ybBrvRiGVJpqLg4WmPkxDe6l
iWEfQl94x5/QOD+WnJo9JblUppFe1eFgj0NAeJ4s3iriRzTJVQfXONNKd2Ela05F
RuET3wxrtjI1Ybxi7ZNFXFj5JrB0qneG/7NxN390kkXEdcIwBTU1hKcsNuUSxRlQ
vPNk2/cI37+NKcDcxpfipsy89Zj+/zBc3Nn/fHwaxrNzgVvs+f0LQhHDeJHF
-----END CERTIFICATE-----