Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/RldDOV-Yzi-jKt2uOyiIzHBfqnI.roa
File:                     RldDOV-Yzi-jKt2uOyiIzHBfqnI.roa (raw, json)
Hash identifier:          VRUFJw43AuAzRdO7orl12J8NfylxOGWuCPfzIPVD1MY=
Subject key identifier:   46:57:43:39:5F:98:CE:2F:A3:2A:DD:AE:3B:28:88:CC:70:5F:AA:72
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018AF4EA53284DD3643F40DA1DE4AAD40AAA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/RldDOV-Yzi-jKt2uOyiIzHBfqnI.roa
Signing time:             Tue 03 Oct 2023 09:41:51 +0000
ROA not before:           Tue 03 Oct 2023 09:41:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.222.28.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.223.80.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Oct 2023 11:23:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f4:ea:53:28:4d:d3:64:3f:40:da:1d:e4:aa:d4:0a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct  3 09:41:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=465743395f98ce2fa32addae3b2888cc705faa72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:77:f8:ac:5b:89:b9:f7:a4:b5:6e:f3:27:a8:
                    d1:50:c8:76:05:56:42:1c:49:dd:0a:fb:ef:68:79:
                    f1:11:ee:d9:1a:62:49:a1:a9:95:89:56:69:9c:26:
                    ff:d9:62:f0:89:9f:f0:37:0f:bb:1d:a0:1c:01:41:
                    d2:ee:2a:f9:ae:02:d7:8b:25:dc:ba:fe:2c:df:ac:
                    98:4d:7d:93:68:1e:69:97:ef:c5:f8:5d:99:4f:2b:
                    62:7e:c3:c6:68:88:9c:03:01:c0:13:f2:d9:22:fd:
                    da:ad:8f:7c:2d:cc:5b:a1:36:03:03:ef:90:9c:4a:
                    89:72:d2:3c:09:6a:39:0b:2e:78:f0:c5:4b:dc:a3:
                    3d:bb:97:5b:e5:66:02:f9:82:ba:cb:71:78:be:df:
                    f6:31:34:de:12:94:43:93:8f:5c:b6:42:93:da:6a:
                    8a:c3:fa:79:07:5a:d8:2d:85:92:00:91:04:26:ad:
                    2b:57:fa:ca:80:36:14:9d:03:ee:44:05:c9:5e:f1:
                    9c:a8:5f:15:ff:f2:c9:0a:2c:21:74:4f:88:0f:67:
                    1c:da:37:15:a4:1f:81:fd:8f:03:43:22:94:81:1e:
                    16:bf:f6:26:7e:d2:1e:c4:cc:ba:24:48:64:2c:51:
                    ca:1c:5a:b6:d2:c0:d2:a8:8d:d8:fb:ed:55:76:03:
                    09:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:57:43:39:5F:98:CE:2F:A3:2A:DD:AE:3B:28:88:CC:70:5F:AA:72
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/RldDOV-Yzi-jKt2uOyiIzHBfqnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.220.250.0/23
                  185.222.28.0/24
                  185.222.30.0/23
                  185.223.80.0/24
                  185.225.0.0/23
                  185.230.52.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:24:dc:85:2b:d4:db:35:b6:bf:91:74:7a:0a:27:83:72:20:
         1d:08:dc:a1:ff:de:e0:52:e4:22:70:87:00:a4:d6:7a:cf:2a:
         c3:1d:07:25:d9:5a:fb:35:33:e6:55:e9:41:05:96:15:cd:8b:
         fb:d5:16:0e:25:8e:03:23:13:35:85:e4:e7:39:63:96:f5:91:
         2e:81:99:91:24:fc:a4:58:24:19:8d:4c:7d:b5:17:ab:9f:cf:
         fe:32:68:fe:d6:12:8e:0f:9f:06:a1:00:21:a4:7e:44:32:97:
         8d:ea:56:60:09:48:55:19:93:a8:ef:c3:ec:05:f3:b3:7b:52:
         55:b4:f7:7e:80:68:0d:cf:cd:99:e6:3a:d9:01:ce:e7:f3:95:
         ea:64:85:7e:bb:84:85:50:69:28:3d:28:f7:9a:35:90:24:73:
         fb:12:aa:11:22:f0:22:f2:9b:67:56:b4:1f:5b:ae:14:26:9b:
         e2:b9:d4:e6:40:37:1f:a0:a3:ca:e6:40:9a:43:99:76:55:d1:
         8f:6c:9d:33:c8:54:7c:ca:e6:be:c1:1e:2d:5a:8b:80:0b:59:
         69:b6:81:ae:97:54:41:35:ba:ae:f2:a5:af:e6:72:6e:9f:f7:
         a4:e3:0c:31:a0:42:f4:73:9b:3f:94:f8:7c:9d:6b:0c:b8:26:
         2b:26:ff:4e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYr06lMoTdNkP0DaHeSq1AqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMDAzMDk0MTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjU3NDMzOTVmOThjZTJmYTMyYWRkYWUzYjI4ODhjYzcwNWZhYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3f4rFuJufektW7zJ6jRUMh2BVZC
HEndCvvvaHnxEe7ZGmJJoamViVZpnCb/2WLwiZ/wNw+7HaAcAUHS7ir5rgLXiyXc
uv4s36yYTX2TaB5pl+/F+F2ZTytifsPGaIicAwHAE/LZIv3arY98LcxboTYDA++Q
nEqJctI8CWo5Cy548MVL3KM9u5db5WYC+YK6y3F4vt/2MTTeEpRDk49ctkKT2mqK
w/p5B1rYLYWSAJEEJq0rV/rKgDYUnQPuRAXJXvGcqF8V//LJCiwhdE+ID2cc2jcV
pB+B/Y8DQyKUgR4Wv/YmftIexMy6JEhkLFHKHFq20sDSqI3Y++1VdgMJgwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEZXQzlfmM4voyrdrjsoiMxwX6pyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUmxkRE9WLVl6aS1qS3QydU95aUl6SEJmcW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQA
LZPgAwQBudz6AwQAud4cAwQBud4eAwQAud9QAwQBueEAAwQAueY0AwQAufvlAwQB
wTqSMA0GCSqGSIb3DQEBCwUAA4IBAQAuJNyFK9TbNba/kXR6CieDciAdCNyh/97g
UuQicIcApNZ6zyrDHQcl2Vr7NTPmVelBBZYVzYv71RYOJY4DIxM1heTnOWOW9ZEu
gZmRJPykWCQZjUx9tRern8/+Mmj+1hKOD58GoQAhpH5EMpeN6lZgCUhVGZOo78Ps
BfOze1JVtPd+gGgNz82Z5jrZAc7n85XqZIV+u4SFUGkoPSj3mjWQJHP7EqoRIvAi
8ptnVrQfW64UJpviudTmQDcfoKPK5kCaQ5l2VdGPbJ0zyFR8yua+wR4tWouAC1lp
toGul1RBNbqu8qWv5nJun/ek4wwxoEL0c5s/lPh8nWsMuCYrJv9O
-----END CERTIFICATE-----