Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fCkqr9wsP5Bzh6dVMxm4HTBhuus.roa
File:                     fCkqr9wsP5Bzh6dVMxm4HTBhuus.roa (raw, json)
Hash identifier:          UrjsVLIMvExW4ZyMIfiY3xlK5KcmXDOZnmKWxaXQyb8=
Subject key identifier:   7C:29:2A:AF:DC:2C:3F:90:73:87:A7:55:33:19:B8:1D:30:61:BA:EB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01896A4BE89F2B9D5D9A82B4E77EF1926526
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fCkqr9wsP5Bzh6dVMxm4HTBhuus.roa
Signing time:             Tue 18 Jul 2023 18:38:26 +0000
ROA not before:           Tue 18 Jul 2023 18:38:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.218.103.0/24 maxlen: 24
                          185.209.39.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.223.78.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.218.21.0/24 maxlen: 24
                          185.209.72.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.147.0/24 maxlen: 24
                          185.214.100.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.214.102.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 19 Jul 2023 12:10:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6a:4b:e8:9f:2b:9d:5d:9a:82:b4:e7:7e:f1:92:65:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 18 18:38:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7c292aafdc2c3f907387a7553319b81d3061baeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a8:ec:4a:36:31:2f:27:af:8d:63:e9:09:b6:
                    10:06:bd:17:c2:1c:e6:a8:77:0d:fe:a1:d8:9b:90:
                    c1:f5:2a:06:9d:c6:03:1b:23:2e:7a:a8:83:a7:96:
                    6d:a8:43:57:b5:fd:4b:97:f3:4a:73:4e:01:3c:07:
                    19:2a:06:fe:16:8f:56:1e:22:17:da:34:f9:8c:f4:
                    29:7c:42:67:9a:1d:fa:bc:0c:d4:9f:eb:53:75:17:
                    4b:52:74:9f:ff:9e:ce:0a:77:60:6a:e4:d0:85:8e:
                    99:8b:f8:60:cf:7e:aa:da:71:ec:88:4a:a6:7e:42:
                    f7:94:be:85:55:bb:c0:73:ed:11:25:8a:be:10:59:
                    d1:ef:52:99:b6:bd:a8:79:ff:ff:6b:70:f3:cd:35:
                    c6:a1:2c:d3:48:cc:00:d1:e3:7d:39:43:cd:36:d0:
                    54:a2:78:e1:22:39:39:0f:6e:52:b0:41:0f:f2:0b:
                    b0:c2:de:75:c8:84:cf:11:40:e6:f8:00:2a:80:99:
                    ab:bc:16:60:56:93:76:13:ea:01:4b:75:6b:46:36:
                    c2:44:f0:7a:d8:fb:91:f1:d2:eb:2b:53:c4:43:96:
                    b1:93:de:91:3a:d6:8b:a2:3f:92:fc:c6:b3:0e:6e:
                    ca:21:13:7c:16:50:ee:05:59:2b:72:8d:89:16:36:
                    27:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:2A:AF:DC:2C:3F:90:73:87:A7:55:33:19:B8:1D:30:61:BA:EB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fCkqr9wsP5Bzh6dVMxm4HTBhuus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.39.0/24
                  185.209.72.0/24
                  185.214.100.0/24
                  185.214.102.0/24
                  185.218.21.0/24
                  185.218.103.0/24
                  185.223.78.0/24
                  185.225.0.0/23
                  185.230.52.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:92:4b:49:74:fb:a8:44:1b:4b:92:78:d6:2e:8c:65:70:2e:
         ed:06:d4:0e:64:21:b6:d3:49:31:67:9b:bb:49:34:bc:e5:fc:
         23:9c:de:30:f1:23:a5:3a:92:af:3a:d2:8d:29:56:59:30:49:
         d3:2b:bd:98:f5:9f:ee:3b:7f:b6:f4:9b:90:de:4a:e0:61:bc:
         dc:bf:94:7c:98:77:38:6b:c5:bc:f1:75:11:cf:c5:6c:6a:b3:
         cc:68:26:84:08:88:46:24:fd:19:a6:70:a9:a7:4d:5c:0d:1f:
         39:0c:a6:cc:9a:48:4e:33:32:d7:12:60:dd:e7:13:4c:8d:35:
         e2:f4:c1:60:a5:fc:66:b0:49:c9:68:d2:dc:b7:a0:1a:1d:6e:
         66:c3:8c:99:c9:bb:f9:4b:60:d7:0b:8f:da:98:ee:dc:08:9c:
         74:ce:fa:ee:44:14:c5:90:cc:44:84:bc:72:7e:1a:c0:ad:86:
         6b:b9:83:2b:5f:71:a2:49:e8:ff:54:ad:28:6a:43:09:21:96:
         6b:16:84:d8:82:1c:1e:95:18:06:ca:28:f6:67:b1:59:99:21:
         67:7f:3e:7d:f4:56:ed:c3:1e:4b:f1:8f:8a:e4:60:4e:d2:a6:
         28:eb:5d:3d:8f:23:07:42:eb:94:21:8b:ee:f3:4a:34:30:1b:
         74:ee:bf:1c
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYlqS+ifK51dmoK0537xkmUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNzE4MTgzODI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5MmFhZmRjMmMzZjkwNzM4N2E3NTUzMzE5YjgxZDMwNjFiYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqjsSjYxLyevjWPpCbYQBr0Xwhzm
qHcN/qHYm5DB9SoGncYDGyMueqiDp5ZtqENXtf1Ll/NKc04BPAcZKgb+Fo9WHiIX
2jT5jPQpfEJnmh36vAzUn+tTdRdLUnSf/57OCndgauTQhY6Zi/hgz36q2nHsiEqm
fkL3lL6FVbvAc+0RJYq+EFnR71KZtr2oef//a3DzzTXGoSzTSMwA0eN9OUPNNtBU
onjhIjk5D25SsEEP8guwwt51yITPEUDm+AAqgJmrvBZgVpN2E+oBS3VrRjbCRPB6
2PuR8dLrK1PEQ5axk96ROtaLoj+S/MazDm7KIRN8FlDuBVkrco2JFjYnIQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFHwpKq/cLD+Qc4enVTMZuB0wYbrrMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZkNrcXI5d3NQNUJ6aDZkVk14bTRIVEJodXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQgVAwQA
LZPgAwQAudEnAwQAudFIAwQAudZkAwQAudZmAwQAudoVAwQAudpnAwQAud9OAwQB
ueEAAwQAueY0AwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQC2kktJdPuo
RBtLknjWLoxlcC7tBtQOZCG200kxZ5u7STS85fwjnN4w8SOlOpKvOtKNKVZZMEnT
K72Y9Z/uO3+29JuQ3krgYbzcv5R8mHc4a8W88XURz8VsarPMaCaECIhGJP0ZpnCp
p01cDR85DKbMmkhOMzLXEmDd5xNMjTXi9MFgpfxmsEnJaNLct6AaHW5mw4yZybv5
S2DXC4/amO7cCJx0zvruRBTFkMxEhLxyfhrArYZruYMrX3GiSej/VK0oakMJIZZr
FoTYghwelRgGyij2Z7FZmSFnfz599Fbtwx5L8Y+K5GBO0qYo6109jyMHQuuUIYvu
80o0MBt07r8c
-----END CERTIFICATE-----