Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZS0QnFKb_9ZIQUIG1c3fG6PE1MM.roa
File:                     ZS0QnFKb_9ZIQUIG1c3fG6PE1MM.roa (raw, json)
Hash identifier:          jhMkWPaIL7rSWKbPF4NK9beeknsGcgoHIM4FFR+FDtk=
Subject key identifier:   65:2D:10:9C:52:9B:FF:D6:48:41:42:06:D5:CD:DF:1B:A3:C4:D4:C3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01932BBC70DA35AAFDB894DCAB6F68DDE633
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZS0QnFKb_9ZIQUIG1c3fG6PE1MM.roa
Signing time:             Thu 14 Nov 2024 17:33:10 +0000
ROA not before:           Thu 14 Nov 2024 17:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.106.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          185.228.74.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Nov 2024 12:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:bc:70:da:35:aa:fd:b8:94:dc:ab:6f:68:dd:e6:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 14 17:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652d109c529bffd648414206d5cddf1ba3c4d4c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fd:1f:bc:b8:c7:d8:16:f3:9e:4f:b7:a5:4b:
                    aa:7b:a4:f7:16:db:fe:f7:bc:b2:68:f8:18:c0:ad:
                    74:b6:4d:c1:06:a5:15:9a:b9:0a:6b:20:ef:9c:c5:
                    54:d6:3f:3c:5a:f3:00:d3:b7:3d:fa:18:60:3e:e2:
                    21:03:16:26:e7:27:3c:28:80:40:14:22:55:a3:65:
                    96:73:a9:08:2b:61:7e:05:bf:1f:a8:f7:4e:9a:e7:
                    00:5a:3c:7c:ac:d1:f3:a6:75:79:ea:cc:86:40:69:
                    7a:c7:bc:b2:75:87:1b:16:72:a7:e0:e2:b5:b7:9b:
                    10:3a:e3:3d:55:99:db:6d:18:9c:cb:25:1e:dd:bc:
                    55:98:22:f8:69:6b:df:9b:de:67:3b:fd:af:3f:8a:
                    e8:67:1b:5b:61:17:d4:3d:4a:e0:36:94:d7:1c:a4:
                    10:91:9f:33:9f:fc:b2:54:b2:2f:14:c2:21:a9:3b:
                    e0:8b:69:9e:18:26:3e:3f:88:44:1a:d7:6a:6e:61:
                    5f:aa:b0:d5:32:22:d8:13:f1:02:9a:bf:27:64:8c:
                    37:df:80:ab:21:27:ff:87:23:e6:fc:bb:58:20:54:
                    3a:07:ed:19:85:16:0e:0e:ac:ed:e8:68:76:87:32:
                    a1:52:83:73:f7:ee:45:e8:22:5b:08:51:96:ed:ff:
                    19:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2D:10:9C:52:9B:FF:D6:48:41:42:06:D5:CD:DF:1B:A3:C4:D4:C3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZS0QnFKb_9ZIQUIG1c3fG6PE1MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.226.106.0/24
                  185.227.146.0/23
                  185.228.74.0/24
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:20:fe:05:5d:00:2f:02:99:01:42:be:e8:7c:f3:b0:85:35:
         c3:bb:58:5f:b4:0d:c8:65:be:8b:38:68:92:1e:0f:80:28:a4:
         45:58:0c:c6:cd:50:c1:f4:7c:ca:75:f4:1c:31:75:b9:48:ca:
         df:21:cb:c7:15:29:25:37:6b:d8:7a:38:af:83:60:06:d3:b2:
         13:46:24:5f:7b:1f:b9:e0:45:bc:92:44:5f:b4:0c:57:79:ac:
         ae:bb:db:a3:92:87:0c:84:a0:80:9a:fd:ce:52:c9:f8:64:0d:
         cf:67:81:80:72:62:c2:e8:ee:ba:da:cf:cb:e7:2f:1c:95:5d:
         7f:ec:88:7d:da:56:2f:71:fc:67:38:13:2c:a5:98:04:b4:31:
         55:ac:d7:03:1e:fb:f9:1b:2a:86:1e:00:5c:d2:8f:b9:d7:2b:
         54:7c:aa:90:4d:aa:e5:bf:21:0f:ff:45:aa:eb:0a:e7:6d:f6:
         fb:9c:54:c3:1c:74:b8:af:c2:ba:14:18:d7:0c:fd:6f:35:64:
         79:fb:d9:9b:ca:3c:dc:17:dd:e2:a6:d6:9f:b6:52:d7:e8:ec:
         c4:e8:7c:48:76:ea:b3:41:d6:b1:83:f8:39:9d:b3:0f:bb:bf:
         e5:cc:b0:a8:c4:03:8f:50:08:23:01:32:ef:0c:34:4b:b6:74:
         23:d4:d2:d1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZMrvHDaNar9uJTcq29o3eYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTE0MTczMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJkMTA5YzUyOWJmZmQ2NDg0MTQyMDZkNWNkZGYxYmEzYzRkNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf0fvLjH2Bbznk+3pUuqe6T3Ftv+
97yyaPgYwK10tk3BBqUVmrkKayDvnMVU1j88WvMA07c9+hhgPuIhAxYm5yc8KIBA
FCJVo2WWc6kIK2F+Bb8fqPdOmucAWjx8rNHzpnV56syGQGl6x7yydYcbFnKn4OK1
t5sQOuM9VZnbbRicyyUe3bxVmCL4aWvfm95nO/2vP4roZxtbYRfUPUrgNpTXHKQQ
kZ8zn/yyVLIvFMIhqTvgi2meGCY+P4hEGtdqbmFfqrDVMiLYE/ECmr8nZIw334Cr
ISf/hyPm/LtYIFQ6B+0ZhRYODqzt6Gh2hzKhUoNz9+5F6CJbCFGW7f8Z0wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGUtEJxSm//WSEFCBtXN3xujxNTDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWlMwUW5GS2JfOVpJUVVJRzFjM2ZHNlBFMU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQBudz6AwQBueEAAwQAueJqAwQBueOSAwQAueRKAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCIIP4FXQAvApkBQr7ofPOwhTXDu1hftA3IZb6LOGiS
Hg+AKKRFWAzGzVDB9HzKdfQcMXW5SMrfIcvHFSklN2vYejivg2AG07ITRiRfex+5
4EW8kkRftAxXeayuu9ujkocMhKCAmv3OUsn4ZA3PZ4GAcmLC6O662s/L5y8clV1/
7Ih92lYvcfxnOBMspZgEtDFVrNcDHvv5GyqGHgBc0o+51ytUfKqQTarlvyEP/0Wq
6wrnbfb7nFTDHHS4r8K6FBjXDP1vNWR5+9mbyjzcF93iptaftlLX6OzE6HxIduqz
Qdaxg/g5nbMPu7/lzLCoxAOPUAgjATLvDDRLtnQj1NLR
-----END CERTIFICATE-----