Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FGLozHOOz1A7zrLvABsbnf495vo.roa
File:                     FGLozHOOz1A7zrLvABsbnf495vo.roa (raw, json)
Hash identifier:          Gt8AHSM0MKoAsTVIUxc6a2skXsn3zLN+uVCoe5fku9E=
Subject key identifier:   14:62:E8:CC:73:8E:CF:50:3B:CE:B2:EF:00:1B:1B:9D:FE:3D:E6:FA
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C31C595B2C0F42B570DA578A4F7D01AF1
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FGLozHOOz1A7zrLvABsbnf495vo.roa
Signing time:             Sun 03 Dec 2023 22:21:21 +0000
ROA not before:           Sun 03 Dec 2023 22:21:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.220.251.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.194.176.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.222.30.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 07 Dec 2023 09:32:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:31:c5:95:b2:c0:f4:2b:57:0d:a5:78:a4:f7:d0:1a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec  3 22:21:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1462e8cc738ecf503bceb2ef001b1b9dfe3de6fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:43:bb:50:e7:f0:40:95:9b:53:9b:cc:0d:
                    2d:23:6a:c4:1c:3b:1b:77:55:54:51:40:f3:97:9d:
                    52:bc:9e:72:9d:fd:39:52:83:20:bd:6f:da:f7:c6:
                    a4:ba:d1:63:8a:aa:56:0d:fe:97:41:e8:6b:37:d5:
                    0e:28:fe:09:df:5e:8a:38:89:c4:84:c1:1f:c9:31:
                    e0:3f:50:da:4a:2a:e8:63:54:93:0c:17:cb:2c:29:
                    63:24:a2:2e:e4:54:c9:8e:b9:4b:de:0a:02:ba:62:
                    19:38:92:c2:27:5d:29:44:c4:c6:c7:dc:2d:d2:0b:
                    44:52:60:78:9e:43:b0:09:d4:fc:6a:c5:8e:c6:b9:
                    e4:4f:a5:29:57:e7:6f:b3:7d:92:2e:87:29:e6:c4:
                    dc:b0:9a:19:b7:ba:40:bf:6d:e1:9d:21:93:29:19:
                    1b:1f:91:f1:c0:56:53:31:f3:5b:fa:d1:78:a4:cc:
                    48:e4:c1:0d:23:e3:53:a1:ea:94:db:a0:ed:f2:80:
                    52:dd:58:31:99:75:b5:bf:35:a1:d7:e9:1f:d6:06:
                    54:4e:27:1e:09:09:d7:c2:2b:1a:b2:c9:e8:24:ae:
                    54:38:49:b4:32:af:79:06:fc:f6:fc:42:a7:29:a3:
                    19:54:05:e4:2b:5d:34:23:8c:0b:d5:ed:e2:c1:cc:
                    f6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:62:E8:CC:73:8E:CF:50:3B:CE:B2:EF:00:1B:1B:9D:FE:3D:E6:FA
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FGLozHOOz1A7zrLvABsbnf495vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.194.176.0/24
                  185.206.250.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:75:1b:3d:39:8b:93:d5:69:55:e4:67:1b:86:6a:af:b7:53:
         8c:b6:81:0a:36:08:c8:53:51:d3:70:51:79:b3:86:8c:50:e4:
         f4:8c:8d:38:d3:9a:a4:63:6c:db:4b:d7:e7:ff:ec:f0:e6:fb:
         3f:63:3a:a8:e9:a4:23:de:40:96:38:f0:c7:6c:62:71:a4:f0:
         69:38:28:e0:70:6c:bb:aa:44:7d:cd:76:7a:a6:ff:be:31:fd:
         f2:21:ff:70:e0:81:f6:69:d9:66:75:bb:b4:f5:df:6a:4f:1e:
         e8:cb:0d:d5:c1:c1:e7:dc:22:d0:f7:fc:a7:98:72:c5:5f:4b:
         31:f6:39:89:3b:64:ba:4b:a8:71:00:2c:25:65:8d:79:4c:63:
         b6:5e:9e:b9:53:75:b5:49:54:58:4a:52:aa:70:e1:e7:5a:aa:
         88:74:0a:08:d2:1a:8e:5d:af:45:b5:a0:e5:e5:e7:1d:a8:59:
         de:37:2f:bf:d6:87:d0:7e:09:bc:92:68:a3:70:8c:65:db:96:
         80:33:03:5b:1f:11:76:a8:8c:ab:17:a6:83:91:17:89:1f:7b:
         e1:90:3d:ef:0b:02:9e:a6:fe:af:15:71:59:bb:d0:ae:aa:94:
         2a:b8:4e:85:ac:17:e5:be:bd:d3:18:e6:0a:ee:5f:ce:c9:65:
         c0:1a:c5:b0
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYwxxZWywPQrVw2leKT30BrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjAzMjIyMTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDYyZThjYzczOGVjZjUwM2JjZWIyZWYwMDFiMWI5ZGZlM2RlNmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS5Du1Dn8ECVm1ObzA0tI2rEHDsb
d1VUUUDzl51SvJ5ynf05UoMgvW/a98akutFjiqpWDf6XQehrN9UOKP4J316KOInE
hMEfyTHgP1DaSiroY1STDBfLLCljJKIu5FTJjrlL3goCumIZOJLCJ10pRMTGx9wt
0gtEUmB4nkOwCdT8asWOxrnkT6UpV+dvs32SLocp5sTcsJoZt7pAv23hnSGTKRkb
H5HxwFZTMfNb+tF4pMxI5MENI+NToeqU26Dt8oBS3VgxmXW1vzWh1+kf1gZUTice
CQnXwisassnoJK5UOEm0Mq95Bvz2/EKnKaMZVAXkK100I4wL1e3iwcz29QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFBRi6Mxzjs9QO86y7wAbG53+Peb6MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRkdMb3pIT096MUE3enJMdkFCc2JuZjQ5NXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALQgVAwQA
LZPgAwQBuWzMAwQAucKwAwQAuc76MAwDBAC53PkDBAK53PgDBAG53h4DBAG54QAD
BAG545IDBAC5++UDBAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBAFR1Gz05
i5PVaVXkZxuGaq+3U4y2gQo2CMhTUdNwUXmzhoxQ5PSMjTjTmqRjbNtL1+f/7PDm
+z9jOqjppCPeQJY48MdsYnGk8Gk4KOBwbLuqRH3Ndnqm/74x/fIh/3DggfZp2WZ1
u7T132pPHujLDdXBwefcItD3/KeYcsVfSzH2OYk7ZLpLqHEALCVljXlMY7ZenrlT
dbVJVFhKUqpw4edaqoh0CgjSGo5dr0W1oOXl5x2oWd43L7/Wh9B+CbySaKNwjGXb
loAzA1sfEXaojKsXpoORF4kfe+GQPe8LAp6m/q8VcVm70K6qlCq4ToWsF+W+vdMY
5gruX87JZcAaxbA=
-----END CERTIFICATE-----