Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YxAz3oLQpJ9N6a2QSXCL69RbeKs.roa
File:                     YxAz3oLQpJ9N6a2QSXCL69RbeKs.roa (raw, json)
Hash identifier:          Up/S5f95vi+YVHsxzOS0eBf0/Txi9IQIEdr9UjpyTog=
Subject key identifier:   63:10:33:DE:82:D0:A4:9F:4D:E9:AD:90:49:70:8B:EB:D4:5B:78:AB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0191BD7BA586EC09ED2838E4002CE1A35EBA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YxAz3oLQpJ9N6a2QSXCL69RbeKs.roa
Signing time:             Wed 04 Sep 2024 14:41:22 +0000
ROA not before:           Wed 04 Sep 2024 14:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.8.113.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 09 Sep 2024 10:30:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:7b:a5:86:ec:09:ed:28:38:e4:00:2c:e1:a3:5e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Sep  4 14:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=631033de82d0a49f4de9ad9049708bebd45b78ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4e:34:c1:d3:18:16:ff:90:e0:7b:6b:3c:6b:
                    b6:91:af:06:22:34:fc:e5:75:08:e7:17:77:a7:9c:
                    2e:4d:01:33:e3:2c:d6:1a:cc:ec:3e:32:1f:3d:b8:
                    70:38:63:a4:89:4f:9c:ff:79:c8:50:e0:0e:fe:de:
                    d4:cf:35:2f:fe:88:01:2a:af:b7:b8:6b:5b:f8:70:
                    ac:fa:c7:8f:6e:a8:1b:f5:ea:69:fc:76:d5:6b:de:
                    81:8c:47:8e:78:32:53:de:e8:e8:f2:6c:50:05:90:
                    41:44:ec:73:d1:3d:03:e5:60:da:8a:ab:13:ff:3c:
                    37:f9:f0:e9:96:7b:2f:ef:8d:e0:b1:c3:22:22:29:
                    90:9f:0c:e3:e6:10:7c:07:d5:40:94:c3:62:58:11:
                    bc:97:c9:5a:98:58:48:0c:f7:2d:b6:5f:d7:8e:64:
                    bc:7a:18:d1:7a:01:18:1a:e1:2b:53:90:3e:50:ae:
                    69:54:38:e5:f7:63:5e:4f:8a:c8:c1:07:41:2f:01:
                    04:58:ad:61:11:78:6e:b6:02:9a:07:c0:19:b9:a4:
                    91:cf:b1:fc:b1:df:f0:06:8b:7b:42:6e:b6:b0:78:
                    5c:a5:56:f7:79:d8:55:b9:f6:1b:34:16:a4:82:e0:
                    3d:c6:b4:5a:cc:43:fe:8a:2b:f6:f0:9d:7c:96:f5:
                    1c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:10:33:DE:82:D0:A4:9F:4D:E9:AD:90:49:70:8B:EB:D4:5B:78:AB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YxAz3oLQpJ9N6a2QSXCL69RbeKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.218.20.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:ab:33:8d:be:6b:bb:73:8d:1a:a8:fa:fb:a3:7b:df:06:04:
         ea:63:e9:1f:e8:5f:d5:11:55:2a:0b:13:d4:29:76:6b:5b:b3:
         62:d6:ce:23:62:08:e0:76:85:69:42:c7:e0:d6:86:d2:02:61:
         73:f4:5d:ca:96:c4:0b:45:07:c4:0c:e2:64:8a:45:d0:44:c6:
         1d:29:14:1f:67:2c:30:91:68:aa:97:7d:7e:46:5b:38:e4:db:
         fe:a4:2d:96:99:5f:45:10:c2:ec:45:03:ce:62:ec:ae:23:ab:
         6d:bd:44:97:49:2f:43:e9:3b:c1:65:5b:64:58:17:ff:34:91:
         44:e8:d3:8f:95:91:ac:26:cc:dd:b1:f6:5f:b0:37:f8:51:db:
         65:f1:cd:00:46:37:47:20:08:42:a3:de:25:c0:ed:6a:a0:69:
         b6:b5:4b:eb:ea:d1:30:f0:1f:1c:f2:2d:2d:d0:81:94:06:0f:
         22:c0:47:88:b1:6c:3e:74:79:ed:6a:7b:9a:ad:ff:9f:38:71:
         b8:6a:9c:a8:a3:9f:f3:81:25:67:c9:bc:77:e2:cc:a7:06:df:
         8d:2a:d0:47:83:77:85:22:6f:f0:c8:da:b2:84:04:54:0c:c2:
         4d:a3:fc:e8:4e:90:03:ad:01:86:d6:e2:98:c7:69:ae:0a:ed:
         c7:77:01:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZG9e6WG7AntKDjkACzho166MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwOTA0MTQ0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzEwMzNkZTgyZDBhNDlmNGRlOWFkOTA0OTcwOGJlYmQ0NWI3OGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt040wdMYFv+Q4HtrPGu2ka8GIjT8
5XUI5xd3p5wuTQEz4yzWGszsPjIfPbhwOGOkiU+c/3nIUOAO/t7UzzUv/ogBKq+3
uGtb+HCs+sePbqgb9epp/HbVa96BjEeOeDJT3ujo8mxQBZBBROxz0T0D5WDaiqsT
/zw3+fDplnsv743gscMiIimQnwzj5hB8B9VAlMNiWBG8l8lamFhIDPcttl/XjmS8
ehjRegEYGuErU5A+UK5pVDjl92NeT4rIwQdBLwEEWK1hEXhutgKaB8AZuaSRz7H8
sd/wBot7Qm62sHhcpVb3edhVufYbNBakguA9xrRazEP+iiv28J18lvUcCwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGMQM96C0KSfTemtkElwi+vUW3irMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWXhBejNvTFFwSjlONmEyUVNYQ0w2OVJiZUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudoUAwQBudz6AwQBueEAAwQAueJoAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCSqzONvmu7c40aqPr7o3vfBgTqY+kf6F/VEVUqCxPU
KXZrW7Ni1s4jYgjgdoVpQsfg1obSAmFz9F3KlsQLRQfEDOJkikXQRMYdKRQfZyww
kWiql31+Rls45Nv+pC2WmV9FEMLsRQPOYuyuI6ttvUSXSS9D6TvBZVtkWBf/NJFE
6NOPlZGsJszdsfZfsDf4Udtl8c0ARjdHIAhCo94lwO1qoGm2tUvr6tEw8B8c8i0t
0IGUBg8iwEeIsWw+dHntanuarf+fOHG4apyoo5/zgSVnybx34synBt+NKtBHg3eF
Im/wyNqyhARUDMJNo/zoTpADrQGG1uKYx2muCu3HdwFl
-----END CERTIFICATE-----