Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/keovv_QOrJoPNAzvz-LmfoxBVQ0.roa
File:                     keovv_QOrJoPNAzvz-LmfoxBVQ0.roa (raw, json)
Hash identifier:          fLUliQIgOHW0nzLVEOW0WUQEMwoqwQDn0pxiDpT+l9s=
Subject key identifier:   91:EA:2F:BF:F4:0E:AC:9A:0F:34:0C:EF:CF:E2:E6:7E:8C:41:55:0D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019469A0B25F70093611A29A4EA24AA6FDE6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/keovv_QOrJoPNAzvz-LmfoxBVQ0.roa
Signing time:             Wed 15 Jan 2025 11:02:06 +0000
ROA not before:           Wed 15 Jan 2025 11:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.209.75.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Sun 26 Jan 2025 12:29:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:69:a0:b2:5f:70:09:36:11:a2:9a:4e:a2:4a:a6:fd:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan 15 11:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91ea2fbff40eac9a0f340cefcfe2e67e8c41550d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:24:ac:ab:3d:ad:2e:1b:b9:31:e6:a1:15:90:
                    9d:97:c4:24:02:89:4c:5d:77:a8:c3:16:0d:04:40:
                    13:d2:8e:f4:05:56:47:ce:32:b5:de:58:bb:6e:ac:
                    78:6f:cd:34:7c:53:50:a6:6a:03:55:29:82:c2:a3:
                    14:80:2d:86:7d:d1:4a:de:2b:18:84:74:a0:71:d2:
                    3d:e6:5d:5f:5e:01:d8:8e:9c:d6:9f:77:35:4d:0e:
                    de:9d:9a:fc:2f:91:8e:3a:2b:a8:4d:bd:62:45:83:
                    0c:60:3b:e1:8f:e9:d7:a3:4d:a5:d7:ee:8a:7a:a7:
                    22:13:18:8d:18:32:16:b0:93:77:d7:2a:8c:cd:79:
                    65:f6:97:e6:da:26:66:0a:ae:e9:84:fc:e4:2b:00:
                    75:0d:4d:4e:f8:78:33:43:99:03:c8:69:f2:38:b6:
                    c3:08:54:f7:f0:bc:21:cc:6c:5b:f2:9b:af:3f:68:
                    d2:49:9f:d9:90:d4:f9:b0:f0:f1:df:db:6f:f6:35:
                    ef:7c:dd:24:25:3b:b7:2e:e6:79:93:f4:f2:bf:87:
                    df:53:65:e9:a2:a4:75:7d:d4:c8:1a:b5:04:3b:29:
                    5d:12:51:be:c8:11:58:36:11:4d:3a:8c:87:d4:83:
                    bc:68:73:4f:ad:5d:cb:4a:1d:01:dc:52:b0:d0:02:
                    9b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EA:2F:BF:F4:0E:AC:9A:0F:34:0C:EF:CF:E2:E6:7E:8C:41:55:0D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/keovv_QOrJoPNAzvz-LmfoxBVQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.209.75.0/24
                  185.218.20.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:e8:03:9c:49:c2:7e:e2:59:1d:19:57:8b:13:31:b0:38:1b:
         0f:bc:4a:11:a3:8e:19:e1:5c:08:eb:25:cf:3c:51:8c:83:48:
         1b:e6:a6:1c:01:45:74:1b:56:f9:9d:e1:15:a0:9c:97:88:41:
         59:77:5c:54:fa:af:fa:08:13:43:13:e9:91:80:b0:22:7d:cb:
         67:05:35:35:6d:b5:53:7b:b6:c1:d4:cd:bb:d6:16:39:70:36:
         8c:38:dc:56:75:90:74:29:35:63:bc:59:6e:dc:14:54:2e:7d:
         1f:44:d8:7a:02:38:c2:2c:74:92:25:f5:c7:7c:13:62:08:4e:
         90:ad:ae:2f:64:e7:89:46:e8:ba:39:8e:5c:36:30:7c:dc:36:
         ea:8f:b2:aa:62:50:47:41:22:46:df:af:93:4d:7e:2e:04:ad:
         7c:76:97:4d:1a:af:5a:ad:49:7d:ec:c3:34:9b:6a:9c:c8:2b:
         f5:96:25:1e:81:34:20:69:30:25:cb:70:6c:18:d0:3c:cc:0a:
         07:e3:b1:22:42:2b:3e:38:db:24:d5:0f:8d:8f:ef:86:f2:1e:
         24:58:71:95:da:5a:87:01:ee:66:a2:32:19:1e:15:6a:34:22:
         84:cf:26:50:be:fb:20:f9:35:85:82:9e:74:62:51:b0:ac:b9:
         dc:0d:19:0e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZRpoLJfcAk2EaKaTqJKpv3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTE1MTEwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWVhMmZiZmY0MGVhYzlhMGYzNDBjZWZjZmUyZTY3ZThjNDE1NTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySSsqz2tLhu5MeahFZCdl8QkAolM
XXeowxYNBEAT0o70BVZHzjK13li7bqx4b800fFNQpmoDVSmCwqMUgC2GfdFK3isY
hHSgcdI95l1fXgHYjpzWn3c1TQ7enZr8L5GOOiuoTb1iRYMMYDvhj+nXo02l1+6K
eqciExiNGDIWsJN31yqMzXll9pfm2iZmCq7phPzkKwB1DU1O+HgzQ5kDyGnyOLbD
CFT38LwhzGxb8puvP2jSSZ/ZkNT5sPDx39tv9jXvfN0kJTu3LuZ5k/Tyv4ffU2Xp
oqR1fdTIGrUEOyldElG+yBFYNhFNOoyH1IO8aHNPrV3LSh0B3FKw0AKbtwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJHqL7/0DqyaDzQM78/i5n6MQVUNMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEva2VvdnZfUU9ySm9QTkF6dnotTG1mb3hCVlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudFLAwQAudoUAwQBudz6AwQBueEAAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6AOcScJ+4lkdGVeLEzGwOBsPvEoRo44Z4VwI6yXP
PFGMg0gb5qYcAUV0G1b5neEVoJyXiEFZd1xU+q/6CBNDE+mRgLAifctnBTU1bbVT
e7bB1M271hY5cDaMONxWdZB0KTVjvFlu3BRULn0fRNh6AjjCLHSSJfXHfBNiCE6Q
ra4vZOeJRui6OY5cNjB83Dbqj7KqYlBHQSJG36+TTX4uBK18dpdNGq9arUl97MM0
m2qcyCv1liUegTQgaTAly3BsGNA8zAoH47EiQis+ONsk1Q+Nj++G8h4kWHGV2lqH
Ae5mojIZHhVqNCKEzyZQvvsg+TWFgp50YlGwrLncDRkO
-----END CERTIFICATE-----