Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9m8m3JtKrPls0DQY8XaAaqZQ1LM.roa
File:                     9m8m3JtKrPls0DQY8XaAaqZQ1LM.roa (raw, json)
Hash identifier:          2hFdLwrz7nj/wbf2u/M2Jo9AdfdIefnYnbv2LmMjLMY=
Subject key identifier:   F6:6F:26:DC:9B:4A:AC:F9:6C:D0:34:18:F1:76:80:6A:A6:50:D4:B3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0189873D4825E93906E7B2C14FF5FD8CBF6F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9m8m3JtKrPls0DQY8XaAaqZQ1LM.roa
Signing time:             Mon 24 Jul 2023 09:31:27 +0000
ROA not before:           Mon 24 Jul 2023 09:31:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.218.103.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.220.248.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.222.28.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.147.0/24 maxlen: 24
                          185.214.100.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.214.102.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 28 Jul 2023 09:56:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:87:3d:48:25:e9:39:06:e7:b2:c1:4f:f5:fd:8c:bf:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 24 09:31:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f66f26dc9b4aacf96cd03418f176806aa650d4b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3d:0b:db:2c:b3:d6:67:95:fd:6e:c9:e6:d7:
                    22:da:c7:65:ad:fb:ef:5b:65:ff:a1:38:a2:78:4c:
                    06:9d:2a:90:75:f3:23:6a:47:30:74:44:0d:c8:9a:
                    79:e9:70:48:bc:bb:a2:38:5d:aa:8f:6c:80:9f:3b:
                    9e:dd:2f:85:d1:06:94:4b:65:ff:3d:7b:73:85:08:
                    9e:37:c2:c0:e6:8a:9e:9c:a8:f1:09:55:09:88:e5:
                    00:7a:ef:13:5f:a6:e7:72:50:c1:43:e0:b8:de:e6:
                    d5:71:85:2b:69:bd:04:11:3b:5b:49:6c:d6:e7:f0:
                    13:94:42:b2:d6:2d:9e:32:71:09:1f:4d:b2:48:ad:
                    ff:a3:e5:f5:8f:90:ca:0a:a2:ff:89:b5:23:07:45:
                    9a:ae:14:d4:fe:c7:f0:3f:4e:d1:6a:52:61:23:36:
                    53:61:8b:b3:a0:81:0e:72:1d:4c:b5:60:6a:64:5f:
                    59:3d:df:e3:f5:5d:82:51:99:7a:89:69:65:4d:26:
                    89:f2:96:d4:23:21:5a:2e:06:82:d0:f4:c3:ce:37:
                    3b:4a:7c:6e:15:3e:e7:9e:c8:d6:52:86:be:55:d0:
                    ed:49:41:81:1e:fb:0b:ca:53:ae:58:a2:3c:c4:b5:
                    6b:87:9d:c6:c6:df:4c:d5:62:18:53:77:31:93:c9:
                    e8:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:6F:26:DC:9B:4A:AC:F9:6C:D0:34:18:F1:76:80:6A:A6:50:D4:B3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9m8m3JtKrPls0DQY8XaAaqZQ1LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.214.100.0/24
                  185.214.102.0/24
                  185.218.103.0/24
                  185.220.248.0/24
                  185.222.28.0/24
                  185.225.0.0/23
                  185.230.52.0/24
                  185.246.112.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:4f:e2:bd:1b:58:38:97:86:8b:7c:00:0d:29:e8:f1:ae:30:
         82:00:fe:75:c3:0c:72:cd:e6:e4:13:b4:6c:20:0d:a6:b2:6a:
         59:65:f9:48:7b:cf:93:9c:0a:b2:e5:c1:c0:93:e8:84:86:97:
         f3:e0:93:e7:8a:33:96:b0:50:0e:bd:5c:fb:08:05:d3:e1:d0:
         0b:e0:2f:33:2e:d6:8a:5f:02:ca:c9:5d:6e:0a:1f:58:82:55:
         0a:38:d4:e7:c7:31:05:a3:26:17:c4:2e:37:30:89:c7:1e:33:
         c4:23:05:ae:6b:be:a3:0b:c0:fa:03:97:02:57:93:c0:70:ab:
         96:70:98:d3:24:0a:c0:93:1c:79:e4:e7:3b:e0:2d:2d:b9:f2:
         fd:b4:4b:cf:f8:ce:96:62:dc:15:43:39:b8:9b:fd:71:b3:ea:
         0d:61:f9:e3:a1:59:ba:a5:7a:7e:1f:90:b1:d5:fb:b0:d6:63:
         64:8a:81:ae:41:c0:1f:61:e1:08:f1:20:7a:60:20:1e:af:d9:
         ad:11:51:6a:82:5b:c3:62:e3:9d:ff:71:b0:e5:34:60:8c:12:
         55:db:4b:35:30:a6:da:20:40:5b:d1:33:6b:3e:38:3c:d7:9e:
         fe:c8:2e:4e:46:49:a9:92:46:d3:28:18:cd:7e:a4:27:42:71:
         b6:d7:17:5c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYmHPUgl6TkG57LBT/X9jL9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNzI0MDkzMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjZmMjZkYzliNGFhY2Y5NmNkMDM0MThmMTc2ODA2YWE2NTBkNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD0L2yyz1meV/W7J5tci2sdlrfvv
W2X/oTiieEwGnSqQdfMjakcwdEQNyJp56XBIvLuiOF2qj2yAnzue3S+F0QaUS2X/
PXtzhQieN8LA5oqenKjxCVUJiOUAeu8TX6bnclDBQ+C43ubVcYUrab0EETtbSWzW
5/ATlEKy1i2eMnEJH02ySK3/o+X1j5DKCqL/ibUjB0WarhTU/sfwP07RalJhIzZT
YYuzoIEOch1MtWBqZF9ZPd/j9V2CUZl6iWllTSaJ8pbUIyFaLgaC0PTDzjc7Snxu
FT7nnsjWUoa+VdDtSUGBHvsLylOuWKI8xLVrh53Gxt9M1WIYU3cxk8no1QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPZvJtybSqz5bNA0GPF2gGqmUNSzMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOW04bTNKdEtyUGxzMERRWThYYUFhcVpRMUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQgVAwQA
LZPgAwQAudZkAwQAudZmAwQAudpnAwQAudz4AwQAud4cAwQBueEAAwQAueY0AwQA
ufZwAwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQCoT+K9G1g4l4aLfAAN
KejxrjCCAP51wwxyzebkE7RsIA2msmpZZflIe8+TnAqy5cHAk+iEhpfz4JPnijOW
sFAOvVz7CAXT4dAL4C8zLtaKXwLKyV1uCh9YglUKONTnxzEFoyYXxC43MInHHjPE
IwWua76jC8D6A5cCV5PAcKuWcJjTJArAkxx55Oc74C0tufL9tEvP+M6WYtwVQzm4
m/1xs+oNYfnjoVm6pXp+H5Cx1fuw1mNkioGuQcAfYeEI8SB6YCAer9mtEVFqglvD
YuOd/3Gw5TRgjBJV20s1MKbaIEBb0TNrPjg8157+yC5ORkmpkkbTKBjNfqQnQnG2
1xdc
-----END CERTIFICATE-----