Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Z1GkCemaEW9qL-R4GRJip25BjMg.roa
File:                     Z1GkCemaEW9qL-R4GRJip25BjMg.roa (raw, json)
Hash identifier:          PT8JEIlV7CBP1MnBRpAen8vBekk71FMf9eCmXIcujDA=
Subject key identifier:   67:51:A4:09:E9:9A:11:6F:6A:2F:E4:78:19:12:62:A7:6E:41:8C:C8
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018886ED33E058C467A904CC4A8C03AC1DAE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Z1GkCemaEW9qL-R4GRJip25BjMg.roa
Signing time:             Sun 04 Jun 2023 15:01:12 +0000
ROA not before:           Sun 04 Jun 2023 15:01:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207046
IP address blocks:        185.247.4.0/22 maxlen: 24
                          194.113.28.0/22 maxlen: 24
                          185.247.5.0/24 maxlen: 24
                          185.247.6.0/23 maxlen: 24
                          194.146.220.0/22 maxlen: 22
                          185.224.220.0/22 maxlen: 22
                          185.221.16.0/23 maxlen: 23
                          185.227.206.0/24 maxlen: 24
                          45.134.84.0/22 maxlen: 24
                          185.221.22.0/23 maxlen: 23
                          185.227.207.0/24 maxlen: 24
                          185.249.204.0/22 maxlen: 22
                          185.250.182.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 19 Jun 2023 08:31:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:86:ed:33:e0:58:c4:67:a9:04:cc:4a:8c:03:ac:1d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun  4 15:01:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6751a409e99a116f6a2fe478191262a76e418cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a4:89:a8:8c:8b:62:c6:05:90:7b:45:9a:f1:
                    ec:c3:68:83:67:eb:c0:cc:50:2e:83:51:df:5a:cb:
                    03:b5:14:90:33:b7:fa:5a:41:2c:52:1b:2e:7a:5c:
                    5b:04:fd:f7:f5:55:fe:48:75:c8:18:2c:6d:b6:8a:
                    fe:bb:d0:e1:4f:d7:a0:bb:f9:a9:5a:f6:df:f3:67:
                    49:b6:ba:64:d1:7d:b6:7e:9f:9a:40:d8:66:35:ef:
                    f4:42:6e:c0:a6:be:dd:0c:ed:30:47:ed:5f:97:6f:
                    34:50:a4:3d:c1:e5:a3:93:12:31:89:04:64:41:98:
                    4a:46:7a:50:e1:c6:29:6b:0d:e1:d5:d5:de:39:9f:
                    cf:75:67:f6:4d:2d:54:c6:5a:d7:f7:a2:4c:ad:ac:
                    79:62:60:81:94:6f:bd:64:45:48:ce:d5:78:dc:81:
                    bc:18:fb:c6:de:35:2f:cb:00:8c:3b:ac:b6:c0:66:
                    e6:97:a2:65:0a:a5:41:ba:b2:4b:a3:b9:e2:4b:be:
                    e7:2a:4d:49:d6:5d:a6:97:38:96:3d:1b:39:f0:e4:
                    1d:93:98:99:c0:a5:84:23:f4:02:ef:65:1c:13:4e:
                    fe:c6:24:21:f3:70:50:1a:61:4b:c2:92:4e:fe:2f:
                    0c:a5:9f:d5:c7:2c:ba:05:89:91:61:8e:87:f3:5f:
                    10:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:51:A4:09:E9:9A:11:6F:6A:2F:E4:78:19:12:62:A7:6E:41:8C:C8
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Z1GkCemaEW9qL-R4GRJip25BjMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  185.221.16.0/23
                  185.221.22.0/23
                  185.224.220.0/22
                  185.227.206.0/23
                  185.247.4.0/22
                  185.249.204.0/22
                  185.250.182.0/23
                  194.113.28.0/22
                  194.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:f1:48:e8:5e:ca:0d:15:57:21:58:be:be:f9:23:74:e0:a6:
         46:f7:16:57:3e:71:1c:11:6c:d6:87:c9:dd:43:7d:bc:28:f0:
         11:54:c6:9b:56:da:85:92:25:19:5f:32:a1:15:1e:18:81:31:
         a1:7e:2a:89:f5:92:1e:47:4e:3a:9f:64:e0:95:a2:cd:27:0d:
         c8:6b:f6:21:ee:56:27:41:01:78:55:0b:ed:14:b8:57:31:32:
         ed:5f:9a:0d:29:dc:29:ed:a0:d2:20:d1:1c:1a:56:59:06:81:
         40:6d:ab:91:c6:4b:14:10:bd:ab:34:ab:5a:1c:08:f7:82:d2:
         21:e4:70:b9:31:9a:e1:04:5b:b2:aa:4f:c5:3e:7c:35:2c:f6:
         06:46:f4:b3:ac:65:ed:e6:f5:5a:97:b1:e0:46:bb:0b:23:c4:
         23:98:40:27:7a:6b:bf:86:02:75:1a:95:86:0a:fc:63:b5:8a:
         18:f6:70:45:2e:ff:59:73:d6:56:df:83:3d:a8:94:76:04:b3:
         7f:76:8a:2c:46:48:34:be:a1:cd:01:0d:f5:34:ca:92:71:0d:
         cb:c0:70:12:e9:bc:05:4d:de:c8:21:17:4f:6d:5d:1b:46:21:
         0b:90:9b:97:97:01:30:ce:56:f1:81:aa:eb:01:fd:b6:45:7f:
         df:ca:a0:8f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYiG7TPgWMRnqQTMSowDrB2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNjA0MTUwMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzUxYTQwOWU5OWExMTZmNmEyZmU0NzgxOTEyNjJhNzZlNDE4Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqSJqIyLYsYFkHtFmvHsw2iDZ+vA
zFAug1HfWssDtRSQM7f6WkEsUhsuelxbBP339VX+SHXIGCxttor+u9DhT9egu/mp
Wvbf82dJtrpk0X22fp+aQNhmNe/0Qm7Apr7dDO0wR+1fl280UKQ9weWjkxIxiQRk
QZhKRnpQ4cYpaw3h1dXeOZ/PdWf2TS1UxlrX96JMrax5YmCBlG+9ZEVIztV43IG8
GPvG3jUvywCMO6y2wGbml6JlCqVBurJLo7niS77nKk1J1l2mlziWPRs58OQdk5iZ
wKWEI/QC72UcE07+xiQh83BQGmFLwpJO/i8MpZ/Vxyy6BYmRYY6H818QiwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGdRpAnpmhFvai/keBkSYqduQYzIMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWjFHa0NlbWFFVzlxTC1SNEdSSmlwMjVCak1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLYZUAwQB
ud0QAwQBud0WAwQCueDcAwQBuePOAwQCufcEAwQCufnMAwQBufq2AwQCwnEcAwQC
wpLcMA0GCSqGSIb3DQEBCwUAA4IBAQDE8UjoXsoNFVchWL6++SN04KZG9xZXPnEc
EWzWh8ndQ328KPARVMabVtqFkiUZXzKhFR4YgTGhfiqJ9ZIeR046n2TglaLNJw3I
a/Yh7lYnQQF4VQvtFLhXMTLtX5oNKdwp7aDSINEcGlZZBoFAbauRxksUEL2rNKta
HAj3gtIh5HC5MZrhBFuyqk/FPnw1LPYGRvSzrGXt5vVal7HgRrsLI8QjmEAnemu/
hgJ1GpWGCvxjtYoY9nBFLv9Zc9ZW34M9qJR2BLN/doosRkg0vqHNAQ31NMqScQ3L
wHAS6bwFTd7IIRdPbV0bRiELkJuXlwEwzlbxgarrAf22RX/fyqCP
-----END CERTIFICATE-----