Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_c1LhpSk5c9Xwre2nqcQnNZG3eA.roa
File:                     _c1LhpSk5c9Xwre2nqcQnNZG3eA.roa (raw, json)
Hash identifier:          mn67gySrOatT2crot31rku005VXnjtM3e5rxn5+TNOw=
Subject key identifier:   FD:CD:4B:86:94:A4:E5:CF:57:C2:B7:B6:9E:A7:10:9C:D6:46:DD:E0
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01944B155FB154583117E4083AA280ABA4C3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_c1LhpSk5c9Xwre2nqcQnNZG3eA.roa
Signing time:             Thu 09 Jan 2025 12:41:19 +0000
ROA not before:           Thu 09 Jan 2025 12:41:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.209.75.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          185.230.53.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Wed 15 Jan 2025 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:15:5f:b1:54:58:31:17:e4:08:3a:a2:80:ab:a4:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  9 12:41:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdcd4b8694a4e5cf57c2b7b69ea7109cd646dde0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6f:2e:bd:22:79:8f:19:56:96:b7:d3:33:bb:
                    46:78:76:75:ce:61:89:8b:aa:4a:17:54:ac:5d:8d:
                    b8:70:07:e3:4d:07:dc:0b:62:b2:84:16:03:7c:1f:
                    26:64:bb:94:6a:a6:51:00:58:ae:7d:c4:b3:1e:45:
                    8f:71:4c:96:cb:21:7f:46:ea:53:1d:ac:68:29:b5:
                    16:bf:63:f2:da:ff:a5:42:e6:b5:f4:2e:51:5c:2f:
                    45:e8:b4:dc:9c:37:69:5a:90:2e:f7:26:65:cc:2f:
                    61:96:9a:c3:6a:40:82:7f:23:00:47:2d:bb:62:f0:
                    33:ed:ba:fc:21:ff:60:17:24:c6:c3:36:1a:20:fe:
                    3c:ad:43:8f:1d:f4:1c:2b:aa:11:66:ec:92:38:a0:
                    a7:4c:cb:78:2b:7a:78:27:7e:77:57:89:9b:63:4c:
                    81:c9:79:6a:90:a0:2a:ce:78:ca:bf:74:e3:94:eb:
                    8e:f0:32:5e:bb:e8:74:d6:8e:f2:0e:65:cf:33:ee:
                    54:fa:02:26:bd:fb:10:42:c2:99:4f:4b:e0:c2:1a:
                    7a:78:27:95:83:51:85:ba:af:38:d7:87:00:2a:6c:
                    49:47:1e:37:bd:a5:fe:0e:9b:0a:1b:d4:7a:74:c2:
                    50:db:c8:60:ef:d9:0b:d5:c1:9d:07:58:08:a0:af:
                    18:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:CD:4B:86:94:A4:E5:CF:57:C2:B7:B6:9E:A7:10:9C:D6:46:DD:E0
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_c1LhpSk5c9Xwre2nqcQnNZG3eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.126.82.0/24
                  185.209.75.0/24
                  185.218.20.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.230.53.0/24
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:bf:30:4d:a3:11:2c:18:4e:4f:8e:5e:a6:39:90:9c:84:fe:
         2e:57:90:51:9c:c6:cb:31:a2:05:fc:ea:5e:75:8e:79:37:37:
         1e:91:ff:ce:3c:92:19:5f:12:83:9c:86:97:07:63:9f:1d:9b:
         35:8e:ab:f3:10:28:dd:19:52:e0:c7:d0:19:7a:08:d7:b9:3d:
         7b:ae:89:01:fc:38:a5:43:99:70:de:6e:4d:26:19:89:08:95:
         01:be:39:8e:9e:2f:31:ca:1a:19:b5:70:bf:62:90:b1:3e:90:
         38:e7:7e:d9:9b:94:80:0d:9d:83:26:de:9a:5e:33:cd:2c:56:
         30:d6:af:3a:f7:21:e7:d1:4e:24:9f:52:98:30:59:f8:ed:e0:
         98:a3:14:01:df:87:29:9b:3c:89:89:e7:84:2f:2f:10:1f:27:
         b7:99:2c:42:49:3a:44:ae:09:4d:69:88:66:e0:78:8c:66:0b:
         7a:a8:35:e7:13:1c:c7:51:03:4c:60:d6:10:5f:f7:26:bc:10:
         d5:29:45:1b:32:fd:fb:23:c5:60:38:de:29:c7:16:4a:15:51:
         20:82:2e:d0:ec:d8:15:79:48:5b:65:d5:d1:3d:bd:9f:00:51:
         a1:e2:83:cb:69:2d:03:07:47:97:d6:18:91:b7:aa:51:d3:04:
         90:3e:5e:7b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZRLFV+xVFgxF+QIOqKAq6TDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTA5MTI0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGNkNGI4Njk0YTRlNWNmNTdjMmI3YjY5ZWE3MTA5Y2Q2NDZkZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuG8uvSJ5jxlWlrfTM7tGeHZ1zmGJ
i6pKF1SsXY24cAfjTQfcC2KyhBYDfB8mZLuUaqZRAFiufcSzHkWPcUyWyyF/RupT
HaxoKbUWv2Py2v+lQua19C5RXC9F6LTcnDdpWpAu9yZlzC9hlprDakCCfyMARy27
YvAz7br8If9gFyTGwzYaIP48rUOPHfQcK6oRZuySOKCnTMt4K3p4J353V4mbY0yB
yXlqkKAqznjKv3TjlOuO8DJeu+h01o7yDmXPM+5U+gImvfsQQsKZT0vgwhp6eCeV
g1GFuq8414cAKmxJRx43vaX+DpsKG9R6dMJQ28hg79kL1cGdB1gIoK8YkQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFP3NS4aUpOXPV8K3tp6nEJzWRt3gMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX2MxTGhwU2s1YzlYd3JlMm5xY1FuTlpHM2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQgVAwQA
LZPgAwQAuX5SAwQAudFLAwQAudoUAwQBudz6AwQBueEAAwQBueOSAwQAueY1AwQB
wQhwAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQA6vzBNoxEsGE5Pjl6mOZCchP4u
V5BRnMbLMaIF/OpedY55Nzcekf/OPJIZXxKDnIaXB2OfHZs1jqvzECjdGVLgx9AZ
egjXuT17rokB/DilQ5lw3m5NJhmJCJUBvjmOni8xyhoZtXC/YpCxPpA4537Zm5SA
DZ2DJt6aXjPNLFYw1q869yHn0U4kn1KYMFn47eCYoxQB34cpmzyJieeELy8QHye3
mSxCSTpErglNaYhm4HiMZgt6qDXnExzHUQNMYNYQX/cmvBDVKUUbMv37I8VgON4p
xxZKFVEggi7Q7NgVeUhbZdXRPb2fAFGh4oPLaS0DB0eX1hiRt6pR0wSQPl57
-----END CERTIFICATE-----