Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BnRvfDw3w0_pNR_L47G3fyJlkf0.roa
File:                     BnRvfDw3w0_pNR_L47G3fyJlkf0.roa (raw, json)
Hash identifier:          AydXILUuQV5H1OwQhtq7TNreDDM5HqjB23HwONOKdkQ=
Subject key identifier:   06:74:6F:7C:3C:37:C3:4F:E9:35:1F:CB:E3:B1:B7:7F:22:65:91:FD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018B1E2EF505B6932E0F243612F5486BDF3B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BnRvfDw3w0_pNR_L47G3fyJlkf0.roa
Signing time:             Wed 11 Oct 2023 10:01:15 +0000
ROA not before:           Wed 11 Oct 2023 10:01:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.209.38.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.1.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          185.240.122.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.246.114.0/24 maxlen: 24
                          185.238.229.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Oct 2023 11:15:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:2e:f5:05:b6:93:2e:0f:24:36:12:f5:48:6b:df:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 11 10:01:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06746f7c3c37c34fe9351fcbe3b1b77f226591fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1b:ca:dc:9c:1d:eb:dd:a5:d5:75:57:8e:ee:
                    5d:28:5d:e7:c7:e8:ad:25:33:0f:2e:ca:b9:84:28:
                    d1:de:3d:33:c6:db:dc:0e:d1:56:f4:3c:39:0f:cf:
                    45:53:9f:82:b7:76:a3:dd:6c:58:9b:21:a1:b9:e9:
                    21:db:23:4b:0b:d2:26:f1:b3:ed:79:8f:58:6f:4f:
                    ce:67:94:0c:19:38:11:c4:09:ad:06:a9:1b:2c:05:
                    39:64:75:48:88:ed:40:ec:8a:89:02:5d:fb:ae:f5:
                    3f:49:d5:3e:6e:08:14:4e:a1:09:91:31:bc:b2:24:
                    02:9f:94:02:7b:a7:7a:15:44:d3:29:96:e5:66:b9:
                    d3:de:69:b7:dc:f5:13:7e:bb:85:68:b5:62:5f:0b:
                    7a:0c:3e:aa:23:22:17:8a:4c:be:c6:29:85:c2:34:
                    70:3d:8f:75:bb:ec:28:35:4d:a2:3b:2b:3c:fa:c0:
                    78:71:cc:ed:0e:a4:16:95:3f:90:04:02:01:67:b6:
                    96:55:12:74:07:74:40:8d:9a:31:c2:ee:25:1b:68:
                    44:a3:6b:09:fa:01:bd:64:66:fe:7d:0d:b6:44:ef:
                    34:d0:61:50:03:65:c1:0c:0f:ed:ba:e4:2f:f0:a1:
                    2d:3d:bb:b5:29:af:84:4e:5e:46:f1:53:07:a5:62:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:74:6F:7C:3C:37:C3:4F:E9:35:1F:CB:E3:B1:B7:7F:22:65:91:FD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BnRvfDw3w0_pNR_L47G3fyJlkf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.220.250.0/23
                  185.222.30.0/23
                  185.223.80.0/24
                  185.223.82.0/24
                  185.225.0.0/23
                  185.238.229.0/24
                  185.240.122.0/24
                  185.246.114.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:f0:9f:32:e5:4a:af:9e:5c:4f:f3:a6:90:63:63:3c:55:05:
         8d:f3:6e:c8:a5:98:36:a1:bf:e3:0e:60:d1:52:2e:f6:f8:ac:
         a6:6c:5a:ef:90:0f:56:fd:fc:da:50:97:b9:aa:b4:5e:c9:de:
         94:f5:3f:80:79:bb:b7:cb:f1:c3:90:8e:94:af:c8:20:db:1b:
         2a:f4:86:96:af:4d:33:39:33:b8:86:5b:d0:14:7c:ed:82:7f:
         d5:5b:71:ea:4a:21:56:72:71:36:62:ab:67:6d:82:d4:e3:7a:
         79:51:cd:5a:c0:1f:31:9c:fa:bf:06:7f:92:08:56:0a:37:ab:
         2e:fd:1e:5a:ee:35:ed:43:e0:bb:62:fa:a6:16:a5:bf:35:36:
         b1:af:3e:f6:66:27:08:5d:0d:e6:31:07:83:81:d9:63:db:20:
         ba:3d:6f:32:d7:59:20:c6:05:d8:19:7a:ad:99:ff:03:08:be:
         28:e5:e8:1e:07:ef:53:4e:1a:c7:66:ca:61:00:bf:09:bf:f8:
         ed:56:60:40:ae:f0:2e:c9:6b:3f:b0:20:89:e3:25:72:ee:e9:
         bc:01:dd:34:45:3d:1b:d7:20:b3:c4:b7:73:0b:b4:1c:dc:89:
         20:3f:c6:5f:b9:c6:d0:2b:f6:9b:7c:59:94:4a:01:14:a2:8c:
         8f:a7:be:74
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYseLvUFtpMuDyQ2EvVIa987MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMDExMTAwMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjc0NmY3YzNjMzdjMzRmZTkzNTFmY2JlM2IxYjc3ZjIyNjU5MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBvK3Jwd692l1XVXju5dKF3nx+it
JTMPLsq5hCjR3j0zxtvcDtFW9Dw5D89FU5+Ct3aj3WxYmyGhuekh2yNLC9Im8bPt
eY9Yb0/OZ5QMGTgRxAmtBqkbLAU5ZHVIiO1A7IqJAl37rvU/SdU+bggUTqEJkTG8
siQCn5QCe6d6FUTTKZblZrnT3mm33PUTfruFaLViXwt6DD6qIyIXiky+ximFwjRw
PY91u+woNU2iOys8+sB4ccztDqQWlT+QBAIBZ7aWVRJ0B3RAjZoxwu4lG2hEo2sJ
+gG9ZGb+fQ22RO800GFQA2XBDA/tuuQv8KEtPbu1Ka+ETl5G8VMHpWLv2QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFAZ0b3w8N8NP6TUfy+Oxt38iZZH9MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQm5SdmZEdzN3MF9wTlJfTDQ3RzNmeUpsa2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQgVAwQA
LZPgAwQAudEmAwQBudz6AwQBud4eAwQAud9QAwQAud9SAwQBueEAAwQAue7lAwQA
ufB6AwQAufZyAwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQBe8J8y5Uqv
nlxP86aQY2M8VQWN827IpZg2ob/jDmDRUi72+KymbFrvkA9W/fzaUJe5qrReyd6U
9T+Aebu3y/HDkI6Ur8gg2xsq9IaWr00zOTO4hlvQFHztgn/VW3HqSiFWcnE2Yqtn
bYLU43p5Uc1awB8xnPq/Bn+SCFYKN6su/R5a7jXtQ+C7YvqmFqW/NTaxrz72ZicI
XQ3mMQeDgdlj2yC6PW8y11kgxgXYGXqtmf8DCL4o5egeB+9TThrHZsphAL8Jv/jt
VmBArvAuyWs/sCCJ4yVy7um8Ad00RT0b1yCzxLdzC7Qc3IkgP8ZfucbQK/abfFmU
SgEUooyPp750
-----END CERTIFICATE-----