Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/b3s1KCJ4GtotdANbHn2-t3_FLNc.roa
File:                     b3s1KCJ4GtotdANbHn2-t3_FLNc.roa (raw, json)
Hash identifier:          IxCNmN1sahg9WWp9EX35g8/STOY1e4LWcK7zF+9+XMY=
Subject key identifier:   6F:7B:35:28:22:78:1A:DA:2D:74:03:5B:1E:7D:BE:B7:7F:C5:2C:D7
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018A3B7CA708BF91695FCDD48AACBA1ADDD7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/b3s1KCJ4GtotdANbHn2-t3_FLNc.roa
Signing time:             Mon 28 Aug 2023 09:32:19 +0000
ROA not before:           Mon 28 Aug 2023 09:32:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207046
IP address blocks:        185.247.4.0/22 maxlen: 24
                          194.113.28.0/22 maxlen: 24
                          185.247.5.0/24 maxlen: 24
                          185.247.6.0/23 maxlen: 24
                          194.26.100.0/24 maxlen: 24
                          194.146.220.0/22 maxlen: 22
                          185.224.220.0/22 maxlen: 22
                          185.221.16.0/23 maxlen: 23
                          185.227.206.0/24 maxlen: 24
                          45.134.84.0/22 maxlen: 24
                          185.227.207.0/24 maxlen: 24
                          185.249.204.0/22 maxlen: 22
                          185.250.182.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 29 Sep 2023 11:33:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:3b:7c:a7:08:bf:91:69:5f:cd:d4:8a:ac:ba:1a:dd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 28 09:32:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f7b352822781ada2d74035b1e7dbeb77fc52cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:a7:03:d5:40:86:21:2a:44:65:59:af:e0:
                    9c:35:ff:32:64:ae:e6:b5:71:2c:a3:55:db:0e:a6:
                    98:80:83:ce:44:2d:d4:99:22:fe:16:8c:56:41:90:
                    48:fb:fa:b7:5e:60:e8:3e:31:55:67:4c:7f:c7:48:
                    e6:e7:ea:ed:2c:39:26:84:ee:87:35:23:7d:03:0a:
                    e9:67:24:e2:51:06:2e:95:c3:3a:4d:82:78:2e:4a:
                    73:e0:b1:a4:44:73:aa:cf:a9:71:3e:9f:a7:4c:55:
                    fc:82:e9:e6:d7:00:31:9a:af:7c:bc:1f:4b:de:b8:
                    d0:29:01:30:4a:5e:01:98:f4:3a:93:c0:c4:07:36:
                    02:69:b0:02:31:c6:ab:95:82:6f:d5:d3:98:7b:36:
                    e5:ac:81:1a:db:78:3a:ad:17:e2:70:78:65:fa:df:
                    bf:60:82:37:61:d3:0e:43:fb:41:79:5c:bf:2f:e3:
                    a5:47:5d:c7:41:df:9d:50:65:fe:b1:d7:58:f2:28:
                    de:30:67:d5:ef:8e:27:c8:9e:86:68:20:64:8f:cb:
                    f9:f7:93:a3:1e:f8:ed:de:3c:2c:c0:9e:d1:2b:00:
                    b6:02:55:8a:55:a0:62:4c:14:4e:b8:79:e2:d0:58:
                    21:38:c2:4e:c7:5a:e2:c0:f7:31:d8:12:75:3f:e8:
                    e1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:7B:35:28:22:78:1A:DA:2D:74:03:5B:1E:7D:BE:B7:7F:C5:2C:D7
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/b3s1KCJ4GtotdANbHn2-t3_FLNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  185.221.16.0/23
                  185.224.220.0/22
                  185.227.206.0/23
                  185.247.4.0/22
                  185.249.204.0/22
                  185.250.182.0/23
                  194.26.100.0/24
                  194.113.28.0/22
                  194.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:37:a9:b6:12:bd:54:ef:9c:72:90:8a:c0:9d:44:e6:1a:3c:
         4f:f8:a6:fb:c0:5a:fc:fe:3d:92:39:bb:47:9f:53:67:9a:46:
         e6:71:04:5a:a1:50:23:83:4d:16:4f:c6:10:33:06:b5:2b:a8:
         99:b0:a5:15:71:6d:06:96:44:5c:cd:b8:1c:d8:e5:5f:f1:ae:
         f2:c4:49:12:1d:a6:ee:62:e6:6b:25:9e:7c:95:ff:d8:e2:86:
         b8:a2:52:1a:5e:f7:86:cf:cb:ab:3f:c3:e2:65:0d:70:97:c3:
         78:26:6f:10:fb:e2:34:e4:5b:07:11:93:cc:53:a8:e8:3e:6e:
         ad:dd:c6:b6:2a:51:02:37:ee:50:f0:92:16:65:1b:93:59:dc:
         43:07:0a:ff:74:8b:d7:01:da:dd:2e:97:de:ce:f1:6d:12:25:
         00:da:eb:61:be:9d:c3:9d:88:90:e7:96:3c:78:0d:ee:f1:1c:
         ed:ec:11:96:eb:15:6f:d5:31:d8:7e:d4:02:b0:a2:ef:b1:57:
         1b:3d:29:59:a8:e4:60:be:3d:a3:cf:37:10:eb:56:f7:7a:14:
         cb:3f:41:c1:de:17:b1:15:ec:7f:89:bb:7f:42:2d:51:97:02:
         20:c7:40:03:15:85:db:8b:da:a4:4b:6d:9b:84:5c:3e:3c:82:
         10:05:89:37
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYo7fKcIv5FpX83Uiqy6Gt3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwODI4MDkzMjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjdiMzUyODIyNzgxYWRhMmQ3NDAzNWIxZTdkYmViNzdmYzUyY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYKnA9VAhiEqRGVZr+CcNf8yZK7m
tXEso1XbDqaYgIPORC3UmSL+FoxWQZBI+/q3XmDoPjFVZ0x/x0jm5+rtLDkmhO6H
NSN9AwrpZyTiUQYulcM6TYJ4Lkpz4LGkRHOqz6lxPp+nTFX8gunm1wAxmq98vB9L
3rjQKQEwSl4BmPQ6k8DEBzYCabACMcarlYJv1dOYezblrIEa23g6rRficHhl+t+/
YII3YdMOQ/tBeVy/L+OlR13HQd+dUGX+sddY8ijeMGfV744nyJ6GaCBkj8v595Oj
Hvjt3jwswJ7RKwC2AlWKVaBiTBROuHni0FghOMJOx1riwPcx2BJ1P+jhewIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFG97NSgieBraLXQDWx59vrd/xSzXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvYjNzMUtDSjRHdG90ZEFOYkhuMi10M19GTE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLYZUAwQB
ud0QAwQCueDcAwQBuePOAwQCufcEAwQCufnMAwQBufq2AwQAwhpkAwQCwnEcAwQC
wpLcMA0GCSqGSIb3DQEBCwUAA4IBAQBQN6m2Er1U75xykIrAnUTmGjxP+Kb7wFr8
/j2SObtHn1NnmkbmcQRaoVAjg00WT8YQMwa1K6iZsKUVcW0GlkRczbgc2OVf8a7y
xEkSHabuYuZrJZ58lf/Y4oa4olIaXveGz8urP8PiZQ1wl8N4Jm8Q++I05FsHEZPM
U6joPm6t3ca2KlECN+5Q8JIWZRuTWdxDBwr/dIvXAdrdLpfezvFtEiUA2uthvp3D
nYiQ55Y8eA3u8Rzt7BGW6xVv1THYftQCsKLvsVcbPSlZqORgvj2jzzcQ61b3ehTL
P0HB3hexFex/ibt/Qi1RlwIgx0ADFYXbi9qkS22bhFw+PIIQBYk3
-----END CERTIFICATE-----