Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Umf2qzGSY1vxrDHOd9fR9nxFdw4.roa
File:                     Umf2qzGSY1vxrDHOd9fR9nxFdw4.roa (raw, json)
Hash identifier:          cKn4V/+zybSwAeniMtQyuBj1hKJsqYepWicIEIJ20oQ=
Subject key identifier:   52:67:F6:AB:31:92:63:5B:F1:AC:31:CE:77:D7:D1:F6:7C:45:77:0E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0192D2AD2B3868473628436FD385DF65EB1C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Umf2qzGSY1vxrDHOd9fR9nxFdw4.roa
Signing time:             Mon 28 Oct 2024 10:30:17 +0000
ROA not before:           Mon 28 Oct 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.78.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 10:54:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:ad:2b:38:68:47:36:28:43:6f:d3:85:df:65:eb:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 28 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5267f6ab3192635bf1ac31ce77d7d1f67c45770e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d9:c4:06:6f:8a:72:58:bf:b2:07:8e:5f:2f:
                    2b:f4:4c:43:73:90:62:71:91:1d:40:3b:ea:0c:65:
                    9c:d2:9a:12:de:3a:b9:55:a5:6e:ae:6e:2f:87:ef:
                    71:68:33:c0:4d:99:59:ce:04:d6:9b:53:94:8e:cc:
                    a9:e8:ab:74:4a:76:93:0f:58:14:e6:69:00:92:95:
                    63:02:13:7d:d7:50:34:00:3b:c1:e8:01:ae:dd:61:
                    b4:6e:f9:d3:94:21:32:2c:c9:a9:db:55:b0:2c:9f:
                    15:53:20:e6:29:34:4c:ba:ff:23:38:ba:ad:65:02:
                    66:d5:cf:cf:3d:e1:c9:8d:7c:83:ad:1d:41:b3:d4:
                    29:93:4a:a1:5f:9d:fe:3f:19:d0:dd:fe:ed:86:c3:
                    49:82:68:c6:8d:46:fc:cd:7b:51:d3:e8:37:db:3e:
                    ff:0b:2d:4d:ca:ed:54:0a:44:3a:1e:65:25:04:d9:
                    2d:cb:fa:52:69:7c:96:42:4a:67:81:85:83:ee:65:
                    89:b0:9d:a7:98:a8:c3:b6:76:0e:f8:1b:17:bb:84:
                    58:a2:ba:aa:7e:bf:e0:c2:68:3a:01:54:d5:77:ec:
                    b9:35:51:f1:fe:92:61:6e:d2:ad:8e:e8:4d:83:82:
                    b4:5c:a1:48:6b:84:ed:8b:44:3f:ce:18:85:94:de:
                    36:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:67:F6:AB:31:92:63:5B:F1:AC:31:CE:77:D7:D1:F6:7C:45:77:0E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Umf2qzGSY1vxrDHOd9fR9nxFdw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.218.101.0/24
                  185.220.250.0/23
                  185.223.78.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:62:88:db:41:dc:f5:ba:53:f0:e2:0b:bf:63:9e:d6:a4:91:
         e5:0b:5e:7f:e7:b2:ff:54:d2:33:5f:8d:d3:c6:f8:b8:8d:8b:
         f1:d6:02:81:81:03:f0:5b:15:83:f3:7b:3b:c7:0d:21:ba:0a:
         fc:30:aa:24:90:80:43:c7:37:f4:20:8f:21:6e:d5:12:dc:2a:
         a6:a3:65:0a:3f:7b:10:98:0a:33:3d:9a:8b:49:c1:14:d4:5d:
         f1:da:36:0b:64:b5:fa:23:68:e8:ee:16:11:f4:2d:c7:08:fa:
         5b:16:49:66:5a:53:97:2e:6c:36:a1:79:80:ed:0b:ab:0f:5d:
         2a:d1:2f:57:2b:74:69:4b:13:05:42:02:a5:1c:bc:32:5e:de:
         9f:39:53:6a:50:e4:d1:4a:56:3f:dd:61:1b:34:7b:7a:bc:bf:
         f6:3c:83:af:83:f2:77:22:22:b0:fb:ba:85:3d:7d:d5:3f:e6:
         dc:73:be:ff:b1:5c:21:1c:23:ab:84:92:6d:52:35:22:25:1a:
         40:5b:9d:ca:e5:fd:8a:bb:20:e7:68:69:da:01:9d:0e:d2:5b:
         4d:19:1c:a4:35:ee:46:75:25:08:cc:9e:19:27:6b:33:74:a9:
         6e:42:aa:44:11:0d:ef:11:49:24:d9:4a:e1:40:4a:54:a3:45:
         94:c1:44:ca
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZLSrSs4aEc2KENv04XfZescMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMDI4MTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY3ZjZhYjMxOTI2MzViZjFhYzMxY2U3N2Q3ZDFmNjdjNDU3NzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtnEBm+Kcli/sgeOXy8r9ExDc5Bi
cZEdQDvqDGWc0poS3jq5VaVurm4vh+9xaDPATZlZzgTWm1OUjsyp6Kt0SnaTD1gU
5mkAkpVjAhN911A0ADvB6AGu3WG0bvnTlCEyLMmp21WwLJ8VUyDmKTRMuv8jOLqt
ZQJm1c/PPeHJjXyDrR1Bs9Qpk0qhX53+PxnQ3f7thsNJgmjGjUb8zXtR0+g32z7/
Cy1Nyu1UCkQ6HmUlBNkty/pSaXyWQkpngYWD7mWJsJ2nmKjDtnYO+BsXu4RYorqq
fr/gwmg6AVTVd+y5NVHx/pJhbtKtjuhNg4K0XKFIa4Tti0Q/zhiFlN426QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFJn9qsxkmNb8awxznfX0fZ8RXcOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVW1mMnF6R1NZMXZ4ckRIT2Q5ZlI5bnhGZHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudplAwQBudz6AwQAud9OAwQBueEAAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCJYojbQdz1ulPw4gu/Y57WpJHlC15/57L/VNIzX43T
xvi4jYvx1gKBgQPwWxWD83s7xw0hugr8MKokkIBDxzf0II8hbtUS3Cqmo2UKP3sQ
mAozPZqLScEU1F3x2jYLZLX6I2jo7hYR9C3HCPpbFklmWlOXLmw2oXmA7QurD10q
0S9XK3RpSxMFQgKlHLwyXt6fOVNqUOTRSlY/3WEbNHt6vL/2PIOvg/J3IiKw+7qF
PX3VP+bcc77/sVwhHCOrhJJtUjUiJRpAW53K5f2KuyDnaGnaAZ0O0ltNGRykNe5G
dSUIzJ4ZJ2szdKluQqpEEQ3vEUkk2UrhQEpUo0WUwUTK
-----END CERTIFICATE-----