Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/koE9LpndUR-9naU3ZziC4CWPOgQ.roa
File:                     koE9LpndUR-9naU3ZziC4CWPOgQ.roa (raw, json)
Hash identifier:          PVY/FsIr7nNf75Lyqf0weqPnNHUjGmewppA8TRvngDs=
Subject key identifier:   92:81:3D:2E:99:DD:51:1F:BD:9D:A5:37:67:38:82:E0:25:8F:3A:04
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C628B50CC412B8D7B0D9EA3819B51C629
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/koE9LpndUR-9naU3ZziC4CWPOgQ.roa
Signing time:             Wed 13 Dec 2023 09:39:06 +0000
ROA not before:           Wed 13 Dec 2023 09:39:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.222.31.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.246.114.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 14 Dec 2023 08:57:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:62:8b:50:cc:41:2b:8d:7b:0d:9e:a3:81:9b:51:c6:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec 13 09:39:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=92813d2e99dd511fbd9da537673882e0258f3a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9a:c5:32:91:ae:2b:c5:5a:d7:8d:45:90:ba:
                    09:68:f9:f8:25:15:66:57:e6:b7:92:9f:a8:90:95:
                    73:eb:ca:52:b6:d3:62:b1:8f:08:30:e7:33:1b:45:
                    f8:77:16:ed:f9:9a:25:f9:4f:c6:a0:dc:ad:dd:9f:
                    18:4c:88:ea:f3:b5:7a:8a:75:9b:b1:16:5e:82:f2:
                    56:73:2d:93:2c:0a:1f:a8:75:14:44:57:6d:b5:0a:
                    5a:a0:c3:3f:e7:d4:c7:46:71:a2:01:1d:36:03:cb:
                    01:7e:6c:f9:eb:e2:82:e4:20:f3:74:3d:00:35:33:
                    29:e7:27:35:b0:8c:d6:90:52:e4:ab:1f:23:57:5a:
                    5e:40:2a:41:4c:ca:ca:b3:f9:10:e7:59:a0:d1:a6:
                    ef:d1:5e:96:d1:72:db:8c:2d:10:8c:2b:3e:3f:2e:
                    73:55:6e:f4:88:d0:56:c8:5e:3a:b4:bd:a9:64:90:
                    b1:4d:ab:d0:38:96:41:94:af:a3:55:12:4f:b5:24:
                    a7:a6:c0:2e:9d:eb:6c:52:42:59:eb:cd:47:d8:a6:
                    dc:83:61:33:2f:3a:04:4f:f7:8b:f3:eb:9e:1f:1a:
                    99:df:85:c2:de:08:07:92:3b:92:b6:1f:52:c0:fd:
                    e0:9e:10:4d:5c:8d:40:58:e7:c0:9c:ae:1a:b4:44:
                    d0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:81:3D:2E:99:DD:51:1F:BD:9D:A5:37:67:38:82:E0:25:8F:3A:04
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/koE9LpndUR-9naU3ZziC4CWPOgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.108.204.0/23
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.246.114.0/24
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:54:0a:2d:6a:83:48:ff:b6:2b:60:11:d1:c0:01:c9:3a:c8:
         f0:b5:8d:fd:8a:fc:8a:37:e1:02:f1:ce:b6:5c:38:7d:8d:a2:
         e0:03:0b:78:f8:62:4c:ae:c7:09:bf:02:38:c5:59:77:fd:48:
         3e:33:ab:1e:16:9f:14:6f:96:50:f7:ee:0e:21:86:d7:db:e2:
         b2:fc:99:66:15:cf:08:c5:52:83:22:c0:42:e0:5a:a2:7e:90:
         34:36:2d:b7:73:bd:20:61:c7:2d:89:18:d8:b5:84:1a:df:54:
         6a:34:3f:d0:68:b1:45:44:81:27:d2:ec:fd:bb:37:97:0b:d9:
         a5:51:8c:9c:4d:be:07:58:21:81:6b:a1:ac:1a:7c:53:17:01:
         54:5f:47:c7:72:c1:63:55:a5:ee:2f:40:7f:02:62:8a:1f:82:
         b5:14:e8:1e:a6:01:ca:b4:ce:f2:2e:49:1e:db:89:d2:71:62:
         ac:6a:72:c4:6f:f5:a0:2e:26:d5:ba:e8:0b:55:21:0e:8e:3f:
         db:95:73:89:d1:04:3e:23:53:e2:23:2e:71:36:6a:82:69:d0:
         26:30:7f:bd:e0:8b:2a:9f:92:ac:c8:d7:8c:f5:30:ad:0e:ed:
         e1:04:ac:80:06:71:fb:24:9f:91:fc:12:79:83:1b:05:c7:c4:
         6e:8c:09:46
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYxii1DMQSuNew2eo4GbUcYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjEzMDkzOTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjgxM2QyZTk5ZGQ1MTFmYmQ5ZGE1Mzc2NzM4ODJlMDI1OGYzYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5rFMpGuK8Va141FkLoJaPn4JRVm
V+a3kp+okJVz68pSttNisY8IMOczG0X4dxbt+Zol+U/GoNyt3Z8YTIjq87V6inWb
sRZegvJWcy2TLAofqHUURFdttQpaoMM/59THRnGiAR02A8sBfmz56+KC5CDzdD0A
NTMp5yc1sIzWkFLkqx8jV1peQCpBTMrKs/kQ51mg0abv0V6W0XLbjC0QjCs+Py5z
VW70iNBWyF46tL2pZJCxTavQOJZBlK+jVRJPtSSnpsAunetsUkJZ681H2Kbcg2Ez
LzoET/eL8+ueHxqZ34XC3ggHkjuSth9SwP3gnhBNXI1AWOfAnK4atETQGwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJKBPS6Z3VEfvZ2lN2c4guAljzoEMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEva29FOUxwbmRVUi05bmFVM1p6aUM0Q1dQT2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALQgVAwQB
uWzMMAwDBAC53PkDBAK53PgDBAG53h4DBAG54QADBAG545IDBAC59nIDBAC5++UD
BAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBADhUCi1qg0j/titgEdHAAck6
yPC1jf2K/Io34QLxzrZcOH2NouADC3j4Ykyuxwm/AjjFWXf9SD4zqx4WnxRvllD3
7g4hhtfb4rL8mWYVzwjFUoMiwELgWqJ+kDQ2LbdzvSBhxy2JGNi1hBrfVGo0P9Bo
sUVEgSfS7P27N5cL2aVRjJxNvgdYIYFroawafFMXAVRfR8dywWNVpe4vQH8CYoof
grUU6B6mAcq0zvIuSR7bidJxYqxqcsRv9aAuJtW66AtVIQ6OP9uVc4nRBD4jU+Ij
LnE2aoJp0CYwf73giyqfkqzI14z1MK0O7eEErIAGcfskn5H8EnmDGwXHxG6MCUY=
-----END CERTIFICATE-----