Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gpl0DHcLfoacosl0GPvHMauvXCI.roa
File:                     gpl0DHcLfoacosl0GPvHMauvXCI.roa (raw, json)
Hash identifier:          nl+FB6eEirnNEjSmhWjmQ+wNtcwy1i7R8QiWFxml3No=
Subject key identifier:   82:99:74:0C:77:0B:7E:86:9C:A2:C9:74:18:FB:C7:31:AB:AF:5C:22
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C43A8A635CE7E3BE44B3F34D9782878F8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gpl0DHcLfoacosl0GPvHMauvXCI.roa
Signing time:             Thu 07 Dec 2023 09:42:55 +0000
ROA not before:           Thu 07 Dec 2023 09:42:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.222.30.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Sat 09 Dec 2023 12:22:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:43:a8:a6:35:ce:7e:3b:e4:4b:3f:34:d9:78:28:78:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec  7 09:42:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8299740c770b7e869ca2c97418fbc731abaf5c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d6:6b:3a:5d:6c:a7:9d:85:83:f2:f4:10:c1:
                    11:3d:6a:da:2d:49:51:0a:55:41:76:52:04:92:d8:
                    cb:5a:61:ba:21:db:5f:5e:8f:cd:8d:33:9a:9d:8c:
                    2d:6a:d7:0a:f3:f3:1b:97:8d:dd:19:0b:95:f5:3f:
                    5f:a6:71:ba:e1:8f:b5:4a:89:ad:4d:8f:ba:95:c6:
                    bf:e9:06:5c:51:9c:10:00:a1:8e:d9:b6:28:f8:95:
                    f4:84:ad:f3:eb:cf:f2:af:0d:30:46:b4:b5:80:13:
                    3f:4a:8c:a3:87:97:b8:7e:c2:19:7d:a7:72:12:c7:
                    c6:54:e9:0c:15:f3:2a:b2:22:f7:c5:ea:6c:60:10:
                    1b:79:3b:c4:c2:cf:3e:e3:61:06:9e:84:44:a1:5a:
                    fd:ed:41:16:45:e5:e5:41:72:4a:c1:9c:cf:f9:54:
                    15:ad:35:7d:a7:82:7c:30:2b:bc:4d:60:46:74:e1:
                    a9:e1:8f:e1:94:f4:b0:05:47:45:47:b9:f7:e9:b1:
                    f2:71:7c:e3:46:d7:55:b2:01:82:e6:b9:cf:29:a4:
                    1f:a6:30:a0:8e:70:a4:d0:b5:19:05:fd:bb:0b:83:
                    84:48:51:d1:eb:9d:db:cc:ae:49:ef:95:2b:f8:03:
                    59:45:d6:ea:20:b6:6a:8d:7c:ee:fa:49:dc:9c:f1:
                    14:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:99:74:0C:77:0B:7E:86:9C:A2:C9:74:18:FB:C7:31:AB:AF:5C:22
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gpl0DHcLfoacosl0GPvHMauvXCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:2f:71:b7:4f:eb:3c:3c:70:34:1c:6b:d4:34:a7:96:35:35:
         13:02:31:25:75:c2:c4:8d:70:55:51:6c:dc:e5:ae:b4:94:b1:
         82:05:18:4d:b7:5e:83:17:91:fb:d7:93:2b:9a:06:83:fb:dc:
         e7:ce:72:d1:60:5e:9c:2c:f7:62:d3:a5:a7:a3:0c:f1:11:ca:
         40:53:b6:97:bb:05:a2:87:3a:d9:08:7c:65:5d:a1:9c:a5:bf:
         7d:bf:e5:1e:cb:6c:6c:7f:06:de:c8:f1:07:c6:1a:ec:4a:cd:
         a8:5b:7a:f8:dd:48:51:71:c4:fb:5f:98:b0:5f:0b:5b:de:4a:
         05:df:a3:a6:27:9e:5f:f5:23:06:f9:2a:e4:d5:da:5d:b4:96:
         a2:99:40:a1:c5:3e:9b:81:c0:cd:9e:14:54:3e:a7:0a:45:4c:
         b2:57:d2:10:ed:85:e0:68:0e:1d:e7:02:0c:82:13:4d:13:31:
         f4:c2:29:45:79:d1:22:69:2a:54:ae:18:96:40:d0:a9:a9:0d:
         c0:fa:30:12:e0:cc:97:6a:2d:6f:51:6a:77:3f:54:30:77:5f:
         34:dc:e2:21:83:b8:50:5a:a4:23:cf:d6:79:66:b2:3f:80:52:
         c1:ce:ef:cd:de:e3:e5:f2:e5:37:b4:9d:ce:70:26:07:b5:a5:
         81:3b:3d:e0
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYxDqKY1zn475Es/NNl4KHj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjA3MDk0MjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjk5NzQwYzc3MGI3ZTg2OWNhMmM5NzQxOGZiYzczMWFiYWY1YzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNZrOl1sp52Fg/L0EMERPWraLUlR
ClVBdlIEktjLWmG6IdtfXo/NjTOanYwtatcK8/Mbl43dGQuV9T9fpnG64Y+1Somt
TY+6lca/6QZcUZwQAKGO2bYo+JX0hK3z68/yrw0wRrS1gBM/Soyjh5e4fsIZfady
EsfGVOkMFfMqsiL3xepsYBAbeTvEws8+42EGnoREoVr97UEWReXlQXJKwZzP+VQV
rTV9p4J8MCu8TWBGdOGp4Y/hlPSwBUdFR7n36bHycXzjRtdVsgGC5rnPKaQfpjCg
jnCk0LUZBf27C4OESFHR653bzK5J75Ur+ANZRdbqILZqjXzu+kncnPEU5wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIKZdAx3C36GnKLJdBj7xzGrr1wiMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZ3BsMERIY0xmb2Fjb3NsMEdQdkhNYXV2WENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALQgVAwQA
LZPgAwQBuWzMMAwDBAC53PkDBAK53PgDBAG53h4DBAG54QADBAG545IDBAC5++UD
BAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBAFcvcbdP6zw8cDQca9Q0p5Y1
NRMCMSV1wsSNcFVRbNzlrrSUsYIFGE23XoMXkfvXkyuaBoP73OfOctFgXpws92LT
paejDPERykBTtpe7BaKHOtkIfGVdoZylv32/5R7LbGx/Bt7I8QfGGuxKzahbevjd
SFFxxPtfmLBfC1veSgXfo6Ynnl/1Iwb5KuTV2l20lqKZQKHFPpuBwM2eFFQ+pwpF
TLJX0hDtheBoDh3nAgyCE00TMfTCKUV50SJpKlSuGJZA0KmpDcD6MBLgzJdqLW9R
anc/VDB3XzTc4iGDuFBapCPP1nlmsj+AUsHO783e4+Xy5Te0nc5wJge1pYE7PeA=
-----END CERTIFICATE-----