Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5lAKN1VGLaRmv_SN1R3RPwuI7Y.roa
File:                     D5lAKN1VGLaRmv_SN1R3RPwuI7Y.roa (raw, json)
Hash identifier:          f/fa2DnzNS8Uj8quz244u/XfwSeM75XhVKbNNr55S8I=
Subject key identifier:   0F:99:40:28:DD:55:18:B6:91:9A:FF:D2:37:54:77:44:FC:2E:23:B6
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018D2B921A3EA6FC553ECCD4CD6C1C824892
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5lAKN1VGLaRmv_SN1R3RPwuI7Y.roa
Signing time:             Sun 21 Jan 2024 10:30:11 +0000
ROA not before:           Sun 21 Jan 2024 10:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.22.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.230.65.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          193.8.114.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 11:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2b:92:1a:3e:a6:fc:55:3e:cc:d4:cd:6c:1c:82:48:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan 21 10:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f994028dd5518b6919affd237547744fc2e23b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:af:21:90:08:94:b8:13:02:d0:27:3d:32:0d:
                    58:28:42:b5:95:13:9b:15:24:8d:2e:48:6d:cd:22:
                    6b:c8:32:c3:e8:ac:66:ee:bc:1e:c8:e2:52:6f:76:
                    55:a7:81:b5:a9:24:59:6c:42:95:7e:e6:a6:7a:85:
                    4c:4c:b1:0b:8a:c8:ec:01:56:50:ae:1e:6c:bd:f7:
                    c1:00:0c:ca:7b:34:eb:eb:28:bb:c0:3c:88:8a:ee:
                    57:16:21:98:88:89:2f:96:44:9c:eb:8e:68:69:bc:
                    49:bb:10:33:d2:23:ad:2c:9b:f4:7e:88:d3:44:25:
                    ba:33:9d:0b:83:5e:67:8d:27:49:06:8b:e3:c1:1b:
                    e6:ff:88:66:cd:86:45:de:07:95:a2:eb:99:dd:91:
                    a8:90:c8:d8:41:23:56:a7:d3:df:82:30:ae:a7:4c:
                    6d:3e:5c:75:69:12:55:fd:a1:7a:36:64:10:33:22:
                    8a:87:6b:ed:0f:c0:01:29:ba:be:40:23:2b:40:cc:
                    e7:b8:e1:1d:91:17:10:ed:5c:4e:19:25:25:f1:7e:
                    8d:12:43:ee:6b:2c:b9:ca:a5:ae:6b:28:11:b8:f4:
                    f2:30:7f:aa:da:4f:91:d3:ad:cb:2d:a0:dc:75:95:
                    da:e7:04:ec:c3:97:2a:59:a3:f1:29:c4:98:e7:86:
                    3a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:99:40:28:DD:55:18:B6:91:9A:FF:D2:37:54:77:44:FC:2E:23:B6
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/D5lAKN1VGLaRmv_SN1R3RPwuI7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.225.22.0/24
                  185.227.146.0/23
                  185.230.65.0/24
                  185.251.229.0/24
                  193.8.114.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:9d:dd:29:42:0b:d0:1d:45:51:b2:57:65:4c:32:1c:28:a8:
         17:44:df:0a:50:8e:d0:1e:70:a0:fb:2a:55:ad:bb:c1:39:9c:
         bc:94:38:84:a3:f7:cb:6a:ab:53:90:52:28:9c:9a:d0:e9:61:
         4a:60:47:a9:d8:bc:f9:3d:83:ee:dd:9c:a0:04:d6:be:64:90:
         7e:db:7c:43:8a:9b:ec:36:0d:5d:3e:ef:bc:32:80:69:d2:cf:
         40:a2:91:da:53:8b:e1:8d:2f:3e:81:ca:8d:45:ce:69:f7:a6:
         d8:c4:c3:23:03:32:be:6e:09:11:06:b5:08:36:96:0d:3f:66:
         c2:5f:a8:4f:35:01:02:2a:f0:00:c8:fc:af:65:b9:9e:a5:58:
         ec:ad:52:0b:77:1b:cb:97:6b:aa:7f:ae:35:1f:8f:f8:5b:e1:
         4a:d9:41:60:34:04:98:0d:a5:9e:c9:e1:70:f6:43:8c:7f:0b:
         7a:4a:0f:86:65:9c:a1:5c:48:2b:7c:1f:0b:94:b1:66:9f:9e:
         bc:26:f5:0a:e3:1b:ff:a7:29:14:53:83:b4:14:cd:ab:02:3b:
         f2:09:0f:d3:68:9a:eb:a8:5f:a6:4a:4e:39:16:df:e6:36:13:
         c5:f0:f6:7f:44:20:e3:6c:6f:90:91:8a:9a:28:b8:25:be:11:
         22:3e:37:bb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY0rkho+pvxVPszUzWwcgkiSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTIxMTAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjk5NDAyOGRkNTUxOGI2OTE5YWZmZDIzNzU0Nzc0NGZjMmUyM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApa8hkAiUuBMC0Cc9Mg1YKEK1lROb
FSSNLkhtzSJryDLD6Kxm7rweyOJSb3ZVp4G1qSRZbEKVfuameoVMTLELisjsAVZQ
rh5svffBAAzKezTr6yi7wDyIiu5XFiGYiIkvlkSc645oabxJuxAz0iOtLJv0fojT
RCW6M50Lg15njSdJBovjwRvm/4hmzYZF3geVouuZ3ZGokMjYQSNWp9PfgjCup0xt
Plx1aRJV/aF6NmQQMyKKh2vtD8ABKbq+QCMrQMznuOEdkRcQ7VxOGSUl8X6NEkPu
ayy5yqWuaygRuPTyMH+q2k+R063LLaDcdZXa5wTsw5cqWaPxKcSY54Y60wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFA+ZQCjdVRi2kZr/0jdUd0T8LiO2MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRDVsQUtOMVZHTGFSbXZfU04xUjNSUHd1STdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQB
udz6AwQAud9SAwQBueEAAwQAueEWAwQBueOSAwQAueZBAwQAufvlAwQAwQhyAwQB
wTqSMA0GCSqGSIb3DQEBCwUAA4IBAQDDnd0pQgvQHUVRsldlTDIcKKgXRN8KUI7Q
HnCg+ypVrbvBOZy8lDiEo/fLaqtTkFIonJrQ6WFKYEep2Lz5PYPu3ZygBNa+ZJB+
23xDipvsNg1dPu+8MoBp0s9AopHaU4vhjS8+gcqNRc5p96bYxMMjAzK+bgkRBrUI
NpYNP2bCX6hPNQECKvAAyPyvZbmepVjsrVILdxvLl2uqf641H4/4W+FK2UFgNASY
DaWeyeFw9kOMfwt6Sg+GZZyhXEgrfB8LlLFmn568JvUK4xv/pykUU4O0FM2rAjvy
CQ/TaJrrqF+mSk45Ft/mNhPF8PZ/RCDjbG+QkYqaKLglvhEiPje7
-----END CERTIFICATE-----