Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lpQVcLvhrAHk9yEXZ4IauMNGads.roa
File:                     lpQVcLvhrAHk9yEXZ4IauMNGads.roa (raw, json)
Hash identifier:          eyqADb2jxcUV9gg+9hzvl//PzeR9/aRhNswtSYdkRs8=
Subject key identifier:   96:94:15:70:BB:E1:AC:01:E4:F7:21:17:67:82:1A:B8:C3:46:69:DB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018BF18A410A5BEED14AACEE5536CE125B1A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lpQVcLvhrAHk9yEXZ4IauMNGads.roa
Signing time:             Tue 21 Nov 2023 11:00:51 +0000
ROA not before:           Tue 21 Nov 2023 11:00:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.1.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          45.90.16.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.23.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 Nov 2023 09:43:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f1:8a:41:0a:5b:ee:d1:4a:ac:ee:55:36:ce:12:5b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 21 11:00:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96941570bbe1ac01e4f7211767821ab8c34669db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:84:b5:e9:e5:fe:3e:3f:2a:29:45:2b:26:
                    24:49:1f:6f:15:6a:70:55:67:56:c2:55:e1:49:27:
                    07:d1:3a:4f:c1:88:a0:a5:fb:32:7a:df:60:cf:d1:
                    ac:05:07:ca:52:4a:bf:e5:0c:8a:0c:46:a2:29:96:
                    e8:ca:f4:d0:98:c3:52:c7:01:0e:5d:76:82:32:01:
                    01:5e:e5:9f:96:26:97:12:24:30:59:0b:54:c7:af:
                    fb:27:2c:66:fa:0e:61:b4:09:70:39:0e:dd:53:c8:
                    cf:fd:33:14:5f:78:0e:76:ff:b8:ca:5f:33:0b:e9:
                    c4:82:b0:26:c9:3d:bc:bb:c2:b1:d5:18:94:c4:36:
                    24:4e:ba:3f:61:3e:7f:2b:af:2b:74:7e:7b:a4:8a:
                    88:28:d8:2e:c0:65:80:e6:22:bc:b5:c5:95:64:80:
                    90:f5:a9:2a:d1:e1:9e:9f:47:07:3d:dc:53:bf:c1:
                    81:0e:0a:97:43:16:56:9b:93:e4:da:85:88:c9:86:
                    ae:41:de:1c:72:5e:f6:1e:d1:a1:36:43:1f:67:52:
                    ec:c9:65:bb:3c:64:20:3e:d7:fe:56:f1:8c:93:30:
                    dc:4e:65:22:c2:d2:7f:6d:3d:f1:fd:3f:3d:21:89:
                    01:5f:ca:da:1c:88:83:cf:a1:91:53:e8:3b:7c:de:
                    60:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:94:15:70:BB:E1:AC:01:E4:F7:21:17:67:82:1A:B8:C3:46:69:DB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lpQVcLvhrAHk9yEXZ4IauMNGads.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.8.23.0/24
                  45.90.16.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.209.38.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.223.80.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:c5:af:0b:1a:ec:bd:db:46:a5:ef:93:69:eb:e4:52:71:68:
         e6:31:dd:f1:55:43:d1:b4:f8:80:ad:8f:ec:52:54:dd:88:33:
         24:20:94:71:90:c8:74:33:d7:ad:a2:4a:d6:be:fa:5b:6b:e1:
         b4:fd:ab:b1:16:c2:8b:cd:31:01:7c:54:9b:d7:d0:d8:50:4d:
         29:71:ad:fd:16:ab:00:1f:01:81:b1:67:9b:15:4a:d1:e2:bf:
         e7:2e:ee:00:9e:fa:09:e6:91:bf:54:31:ca:40:69:f4:a1:a5:
         ed:cb:ed:dd:44:d1:2d:94:6b:2f:2f:1f:bc:51:5b:54:cf:39:
         2a:52:72:ab:eb:7c:ff:7a:db:fa:58:60:f0:c4:64:57:0e:ae:
         58:0e:17:5d:9a:e7:b9:0c:b8:0f:eb:33:fa:a9:45:ae:28:b5:
         46:49:ec:c3:46:ab:0d:f6:88:ae:4c:07:68:f5:bd:8b:74:db:
         eb:6a:76:1f:2c:68:d1:f2:64:6b:70:64:0b:91:bb:3b:67:a1:
         9b:54:88:59:0c:7b:cb:bb:54:62:4c:0e:8f:ab:3a:6e:bf:87:
         1a:e2:30:19:80:95:d1:d7:f2:58:47:be:52:54:c9:78:c8:16:
         a8:9c:69:97:f2:25:00:48:67:e2:48:9c:1e:26:15:c8:b5:a6:
         51:8c:3b:bc
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYvxikEKW+7RSqzuVTbOElsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTIxMTEwMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk0MTU3MGJiZTFhYzAxZTRmNzIxMTc2NzgyMWFiOGMzNDY2OWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdyEtenl/j4/KilFKyYkSR9vFWpw
VWdWwlXhSScH0TpPwYigpfsyet9gz9GsBQfKUkq/5QyKDEaiKZboyvTQmMNSxwEO
XXaCMgEBXuWfliaXEiQwWQtUx6/7Jyxm+g5htAlwOQ7dU8jP/TMUX3gOdv+4yl8z
C+nEgrAmyT28u8Kx1RiUxDYkTro/YT5/K68rdH57pIqIKNguwGWA5iK8tcWVZICQ
9akq0eGen0cHPdxTv8GBDgqXQxZWm5Pk2oWIyYauQd4ccl72HtGhNkMfZ1LsyWW7
PGQgPtf+VvGMkzDcTmUiwtJ/bT3x/T89IYkBX8raHIiDz6GRU+g7fN5gTwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJaUFXC74awB5PchF2eCGrjDRmnbMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbHBRVmNMdmhyQUhrOXlFWFo0SWF1TU5HYWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALQgVAwQA
LQgXAwQALVoQAwQALZPgAwQBuWzMAwQAudEmMAwDBAC53PkDBAK53PgDBAG53h4D
BAC531ADBAG54QADBAG545IDBAC5++UDBAHBOpIwDQYJKoZIhvcNAQELBQADggEB
AFbFrwsa7L3bRqXvk2nr5FJxaOYx3fFVQ9G0+ICtj+xSVN2IMyQglHGQyHQz162i
Sta++ltr4bT9q7EWwovNMQF8VJvX0NhQTSlxrf0WqwAfAYGxZ5sVStHiv+cu7gCe
+gnmkb9UMcpAafShpe3L7d1E0S2Uay8vH7xRW1TPOSpScqvrfP962/pYYPDEZFcO
rlgOF12a57kMuA/rM/qpRa4otUZJ7MNGqw32iK5MB2j1vYt02+tqdh8saNHyZGtw
ZAuRuztnoZtUiFkMe8u7VGJMDo+rOm6/hxriMBmAldHX8lhHvlJUyXjIFqicaZfy
JQBIZ+JInB4mFci1plGMO7w=
-----END CERTIFICATE-----