Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BmWqb2Jk1KALCbDcJ_ahmPxEtW4.roa
File:                     BmWqb2Jk1KALCbDcJ_ahmPxEtW4.roa (raw, json)
Hash identifier:          y0V+K8BBIBtnPSlgi+PnuI9hC6LWaFs/B8/+OlWSO/w=
Subject key identifier:   06:65:AA:6F:62:64:D4:A0:0B:09:B0:DC:27:F6:A1:98:FC:44:B5:6E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E6591EB26EA0CC03B71D5B06401325999
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BmWqb2Jk1KALCbDcJ_ahmPxEtW4.roa
Signing time:             Fri 22 Mar 2024 09:50:45 +0000
ROA not before:           Fri 22 Mar 2024 09:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.80.0/24 maxlen: 24
                          185.126.81.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.234.20.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 15:12:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:91:eb:26:ea:0c:c0:3b:71:d5:b0:64:01:32:59:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 22 09:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0665aa6f6264d4a00b09b0dc27f6a198fc44b56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9f:bd:cd:ee:19:76:bb:9b:e3:7e:4b:06:0e:
                    eb:35:1c:43:3f:e4:97:e4:3f:81:e7:fb:68:5d:66:
                    d1:61:3f:b3:cd:19:2f:de:a8:42:e0:e6:f0:26:6b:
                    43:ad:2b:f5:93:5d:cd:a9:8b:5c:fb:bf:14:b7:17:
                    5b:54:ef:fc:72:83:8d:27:f8:06:fe:e7:83:b0:70:
                    b9:0e:72:3e:3a:23:36:f2:5a:c8:ba:1d:6e:63:17:
                    65:1d:7a:ed:8f:da:98:b9:99:f9:91:29:42:79:84:
                    6e:e5:39:df:19:76:e4:53:1f:4f:8c:a9:9d:85:4a:
                    7b:0c:22:e5:75:53:22:a5:fa:11:cf:03:52:ac:ea:
                    40:66:03:81:46:7a:8f:26:d4:94:a9:98:d3:d9:b8:
                    93:a6:fe:be:22:c6:8b:b1:cf:13:66:6d:92:ce:b7:
                    ac:bd:48:d4:e9:18:8a:fb:30:e2:58:c4:05:a3:6a:
                    1d:f1:31:53:09:d3:7c:7f:33:e9:fd:23:9e:23:96:
                    20:4f:2f:4c:b6:38:1f:50:71:a3:8f:d7:4d:86:ba:
                    68:e1:3b:b7:2e:91:e8:9a:a1:7f:ea:e8:b6:35:de:
                    2e:5d:50:bd:fd:50:e8:c7:00:1d:49:d1:4f:0b:47:
                    5f:ba:0d:b0:77:c3:59:04:c1:8f:e1:8f:b5:31:7b:
                    16:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:65:AA:6F:62:64:D4:A0:0B:09:B0:DC:27:F6:A1:98:FC:44:B5:6E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BmWqb2Jk1KALCbDcJ_ahmPxEtW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.80.0/23
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.234.20.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:cf:09:c2:44:22:ee:a3:84:7a:76:07:2d:8c:6f:1a:38:c8:
         5c:0c:29:61:70:01:4b:af:27:e5:70:61:c0:66:d7:a9:06:ae:
         34:bb:80:e0:a9:91:7c:82:95:7d:8a:33:54:74:33:85:70:4f:
         cd:e5:4c:77:dc:3b:84:3c:5f:f5:64:04:0e:f9:59:04:3c:45:
         d4:bd:d8:7d:db:75:86:56:c1:28:33:19:1e:d3:b4:e6:36:83:
         52:bd:ed:57:78:6f:70:2f:ec:ec:a5:2c:29:f0:3f:8a:81:f0:
         3c:29:a6:74:55:1d:89:f7:1b:c7:5c:3f:db:52:c0:bf:6b:9e:
         1c:d2:d1:8f:42:1e:b1:dc:ec:7d:c2:d4:b1:a8:c6:04:e0:65:
         71:e9:df:1a:c9:36:bd:24:36:3b:72:9a:35:44:59:8b:27:d9:
         24:5e:5c:74:4a:ff:c4:b1:ab:12:6d:7f:06:e7:82:cd:c2:d3:
         10:b5:b7:83:bf:e4:c4:50:96:48:7a:3a:54:c8:1b:2d:1e:67:
         18:76:62:a1:33:a4:66:1b:d9:a5:5d:56:39:48:94:a8:be:4d:
         83:b6:9d:e6:6a:a6:fb:35:c0:64:6c:c3:75:63:05:51:77:91:
         d8:36:f2:6a:46:25:0f:3d:03:4b:91:22:bc:be:9e:56:c8:e5:
         ae:de:93:8e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY5lkesm6gzAO3HVsGQBMlmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzIyMDk1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjY1YWE2ZjYyNjRkNGEwMGIwOWIwZGMyN2Y2YTE5OGZjNDRiNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5+9ze4Zdrub435LBg7rNRxDP+SX
5D+B5/toXWbRYT+zzRkv3qhC4ObwJmtDrSv1k13NqYtc+78UtxdbVO/8coONJ/gG
/ueDsHC5DnI+OiM28lrIuh1uYxdlHXrtj9qYuZn5kSlCeYRu5TnfGXbkUx9PjKmd
hUp7DCLldVMipfoRzwNSrOpAZgOBRnqPJtSUqZjT2biTpv6+IsaLsc8TZm2Szres
vUjU6RiK+zDiWMQFo2od8TFTCdN8fzPp/SOeI5YgTy9MtjgfUHGjj9dNhrpo4Tu3
LpHomqF/6ui2Nd4uXVC9/VDoxwAdSdFPC0dfug2wd8NZBMGP4Y+1MXsW6wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAZlqm9iZNSgCwmw3Cf2oZj8RLVuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQm1XcWIySmsxS0FMQ2JEY0pfYWhtUHhFdFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQB
uX5QAwQBudz6AwQAud9SAwQBueEAAwQAueJoAwQBueOSAwQAueoUAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQAczwnCRCLuo4R6dgctjG8aOMhcDClhcAFLryflcGHA
ZtepBq40u4DgqZF8gpV9ijNUdDOFcE/N5Ux33DuEPF/1ZAQO+VkEPEXUvdh923WG
VsEoMxke07TmNoNSve1XeG9wL+zspSwp8D+KgfA8KaZ0VR2J9xvHXD/bUsC/a54c
0tGPQh6x3Ox9wtSxqMYE4GVx6d8ayTa9JDY7cpo1RFmLJ9kkXlx0Sv/EsasSbX8G
54LNwtMQtbeDv+TEUJZIejpUyBstHmcYdmKhM6RmG9mlXVY5SJSovk2Dtp3maqb7
NcBkbMN1YwVRd5HYNvJqRiUPPQNLkSK8vp5WyOWu3pOO
-----END CERTIFICATE-----