Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQhuEHK838qG0t4lh4SSrXCqlEM.roa
File:                     LQhuEHK838qG0t4lh4SSrXCqlEM.roa (raw, json)
Hash identifier:          eFrPeaF8LD2/tENZWojpEZZ9bbnxhZw2m25a0xMA5xU=
Subject key identifier:   2D:08:6E:10:72:BC:DF:CA:86:D2:DE:25:87:84:92:AD:70:AA:94:43
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C1AA6B3F97A80D15CA1A455B25ACCCD3F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQhuEHK838qG0t4lh4SSrXCqlEM.roa
Signing time:             Wed 29 Nov 2023 10:36:21 +0000
ROA not before:           Wed 29 Nov 2023 10:36:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.222.30.0/23 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          45.90.16.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 29 Nov 2023 12:22:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1a:a6:b3:f9:7a:80:d1:5c:a1:a4:55:b2:5a:cc:cd:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 29 10:36:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d086e1072bcdfca86d2de25878492ad70aa9443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bc:75:35:06:e3:cb:1c:e9:67:d5:e1:d4:09:
                    dd:1e:19:bb:2b:00:86:f7:a7:c3:25:0f:d1:67:57:
                    a3:db:1b:b6:1e:37:78:2b:ec:14:b6:6d:d4:77:ea:
                    30:54:a9:55:96:5f:58:46:cf:1e:a1:91:7d:6a:cf:
                    14:fb:61:71:22:5f:2d:2c:23:f5:f4:5f:ed:fb:15:
                    9c:be:08:18:31:90:4d:6d:00:7f:68:f9:29:84:0a:
                    29:53:26:4b:1e:4d:d1:e9:af:ab:e0:86:ae:4f:09:
                    8a:b7:07:f8:79:c1:b1:c8:7e:5c:54:b6:2a:5a:17:
                    34:97:ab:ab:4c:ee:3c:00:1a:74:dc:fd:74:ab:34:
                    96:13:40:fd:e2:44:df:ed:33:2d:45:5f:b3:6c:a0:
                    b3:b6:9c:54:85:ee:c0:2e:a2:24:ad:f3:82:36:bf:
                    dd:05:73:96:d5:98:73:08:1e:e3:f9:0e:5e:f3:d4:
                    8e:44:58:86:b1:ce:df:14:7a:bd:60:78:8e:0e:fd:
                    5f:43:cd:12:8b:67:f3:ce:47:b5:61:2d:99:34:0b:
                    9e:cd:67:f3:dc:2c:31:13:95:30:b9:5c:c0:92:66:
                    ae:7c:b6:90:71:d4:62:29:4b:3f:c3:96:ff:f3:b1:
                    e8:20:e1:be:ee:20:c5:27:bf:40:df:db:44:ab:4a:
                    fc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:08:6E:10:72:BC:DF:CA:86:D2:DE:25:87:84:92:AD:70:AA:94:43
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQhuEHK838qG0t4lh4SSrXCqlEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.90.16.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.206.250.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:9a:a6:de:15:b7:a6:14:76:27:a4:36:6e:18:f0:77:fd:d3:
         56:3f:3e:0a:6c:8f:94:77:28:7c:54:af:57:1a:a8:3c:70:1d:
         90:94:52:da:ec:f4:bb:38:86:be:51:f1:8d:4c:f4:f4:71:76:
         8a:f4:d8:af:6e:99:b8:62:91:ae:20:05:90:10:6f:fb:2b:dd:
         77:d0:8f:98:c9:16:e7:91:fa:12:e5:4d:da:28:ca:f8:45:cf:
         de:f4:18:5e:57:cd:28:4e:3c:14:c1:9b:17:ea:e9:48:b3:1d:
         40:1d:5c:42:ad:b0:a5:1e:1d:f4:52:7f:c5:a5:eb:9f:a1:9c:
         03:99:a4:41:5d:1b:6b:e6:97:ad:3e:29:09:6f:3b:bb:56:19:
         51:fb:18:63:e7:2c:bb:e1:31:24:81:77:af:a2:56:c1:fb:dc:
         37:09:94:b7:51:42:82:b0:a6:c7:88:1e:06:34:98:68:b8:cf:
         42:91:8d:9e:01:28:64:66:f4:85:97:f5:2b:96:3f:a7:54:e1:
         c5:2c:61:51:d9:63:76:ad:8d:49:46:5d:f9:88:3e:ea:69:6d:
         c8:31:26:de:83:30:3c:23:e6:79:c1:86:86:64:a5:8a:a2:16:
         6b:10:ba:fb:78:79:7e:d5:c2:5b:8f:32:29:78:e3:3c:11:db:
         69:88:92:59
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYwaprP5eoDRXKGkVbJazM0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTI5MTAzNjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDA4NmUxMDcyYmNkZmNhODZkMmRlMjU4Nzg0OTJhZDcwYWE5NDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7x1NQbjyxzpZ9Xh1AndHhm7KwCG
96fDJQ/RZ1ej2xu2Hjd4K+wUtm3Ud+owVKlVll9YRs8eoZF9as8U+2FxIl8tLCP1
9F/t+xWcvggYMZBNbQB/aPkphAopUyZLHk3R6a+r4IauTwmKtwf4ecGxyH5cVLYq
Whc0l6urTO48ABp03P10qzSWE0D94kTf7TMtRV+zbKCztpxUhe7ALqIkrfOCNr/d
BXOW1ZhzCB7j+Q5e89SORFiGsc7fFHq9YHiODv1fQ80Si2fzzke1YS2ZNAuezWfz
3CwxE5UwuVzAkmaufLaQcdRiKUs/w5b/87HoIOG+7iDFJ79A39tEq0r8jwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFC0IbhByvN/KhtLeJYeEkq1wqpRDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTFFodUVISzgzOHFHMHQ0bGg0U1NyWENxbEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALQgVAwQA
LVoQAwQALZPgAwQBuWzMAwQAuc76MAwDBAC53PkDBAK53PgDBAG53h4DBAG54QAD
BAG545IDBAC5++UDBAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBAJCapt4V
t6YUdiekNm4Y8Hf901Y/Pgpsj5R3KHxUr1caqDxwHZCUUtrs9Ls4hr5R8Y1M9PRx
dor02K9umbhika4gBZAQb/sr3XfQj5jJFueR+hLlTdooyvhFz970GF5XzShOPBTB
mxfq6UizHUAdXEKtsKUeHfRSf8Wl65+hnAOZpEFdG2vml60+KQlvO7tWGVH7GGPn
LLvhMSSBd6+iVsH73DcJlLdRQoKwpseIHgY0mGi4z0KRjZ4BKGRm9IWX9SuWP6dU
4cUsYVHZY3atjUlGXfmIPuppbcgxJt6DMDwj5nnBhoZkpYqiFmsQuvt4eX7VwluP
Mil44zwR22mIklk=
-----END CERTIFICATE-----