Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/m0033uuQ2UqyHiFo--TAqJufzhY.roa
File:                     m0033uuQ2UqyHiFo--TAqJufzhY.roa (raw, json)
Hash identifier:          eLmsBn8uOXe4ChhN51APPer/80BcL+vAuUZGMm+iHa4=
Subject key identifier:   9B:4D:37:DE:EB:90:D9:4A:B2:1E:21:68:FB:E4:C0:A8:9B:9F:CE:16
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018F299A34AEADE0022BD6D8A2511DF1D57E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/m0033uuQ2UqyHiFo--TAqJufzhY.roa
Signing time:             Mon 29 Apr 2024 11:25:22 +0000
ROA not before:           Mon 29 Apr 2024 11:25:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          185.251.230.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 11:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:9a:34:ae:ad:e0:02:2b:d6:d8:a2:51:1d:f1:d5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 29 11:25:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b4d37deeb90d94ab21e2168fbe4c0a89b9fce16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cc:02:a3:e3:59:d2:9d:d7:cc:49:62:d7:43:
                    d1:63:14:85:b6:84:8a:81:54:2c:11:6e:64:91:d0:
                    34:36:71:d8:97:7c:74:80:e2:13:63:1a:ab:a5:d9:
                    b6:f5:3c:5c:52:a3:a4:79:c1:08:c4:74:31:a7:b5:
                    80:7f:15:79:b5:ac:68:de:01:c8:ec:16:eb:4c:ab:
                    39:89:87:a3:15:b1:84:ce:ae:e1:b7:f8:eb:2f:86:
                    34:fb:74:8d:d6:3f:d1:5b:a3:02:d4:0c:ef:0c:eb:
                    8d:6e:3d:8e:a3:51:6f:df:7b:0f:4c:8c:bd:7e:69:
                    a9:a6:74:21:93:68:c3:04:12:46:9c:9b:94:5f:69:
                    cd:53:52:d5:d7:3c:3b:2c:22:03:80:5d:f6:71:c4:
                    99:ad:c5:fe:68:2e:4b:44:68:6b:56:7a:91:6e:d5:
                    c5:74:0a:65:c7:0c:18:c7:ba:78:e6:2e:5d:86:a7:
                    67:5a:6e:ef:d1:55:55:9c:54:5a:81:43:8e:fa:ee:
                    fb:de:a5:6d:60:27:92:20:bb:6b:76:8e:e6:d0:2e:
                    5c:75:27:27:6e:c4:69:51:5b:6b:3c:99:7e:fc:ec:
                    b6:98:07:d7:4e:9f:80:7f:64:00:51:99:ca:95:6d:
                    6e:80:ed:84:ce:34:66:a7:3f:fc:ec:e3:5e:76:24:
                    e3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:4D:37:DE:EB:90:D9:4A:B2:1E:21:68:FB:E4:C0:A8:9B:9F:CE:16
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/m0033uuQ2UqyHiFo--TAqJufzhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.209.38.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.251.230.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:2b:8e:95:cb:ca:19:62:9f:de:4a:3a:e7:71:91:1f:2f:1a:
         76:87:9f:e8:66:bf:93:6a:ee:9c:03:79:8e:63:ec:26:2c:6b:
         35:a3:d7:89:8a:7b:46:87:5e:97:67:d4:ac:15:ba:6c:47:9b:
         48:d5:86:03:57:a6:42:70:34:9b:95:b8:79:e1:2d:4d:9d:92:
         4a:91:0d:a7:d5:a1:89:d3:67:d7:e9:21:4b:96:00:bc:24:76:
         5a:46:bf:da:fd:e7:1d:28:e3:c2:54:6b:d6:45:8e:76:ab:f2:
         3a:4e:66:1b:88:1b:3b:72:45:32:d6:30:e3:95:23:6c:20:97:
         43:3e:4c:1d:c8:2c:8a:7e:1e:2a:80:6a:6f:8e:07:61:08:64:
         fe:d4:10:c1:33:87:d8:fb:23:9d:8d:36:84:5a:54:44:62:a2:
         7c:13:71:27:b6:70:c8:94:5a:08:f8:51:44:f7:c2:40:ca:fb:
         9c:8b:23:5d:52:33:e4:95:47:68:be:66:74:c3:de:ae:1d:b7:
         d5:e7:f3:9a:f6:60:41:6e:bc:15:77:d9:94:50:bd:46:d3:c4:
         8f:f2:c9:94:56:64:c4:13:ec:59:1d:81:fd:03:43:2a:22:60:
         29:f8:f7:7d:00:6a:ef:e4:c1:bf:74:af:cb:9d:d1:ce:be:60:
         6d:15:a7:95
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY8pmjSureACK9bYolEd8dV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDI5MTEyNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjRkMzdkZWViOTBkOTRhYjIxZTIxNjhmYmU0YzBhODliOWZjZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMwCo+NZ0p3XzEli10PRYxSFtoSK
gVQsEW5kkdA0NnHYl3x0gOITYxqrpdm29TxcUqOkecEIxHQxp7WAfxV5taxo3gHI
7BbrTKs5iYejFbGEzq7ht/jrL4Y0+3SN1j/RW6MC1AzvDOuNbj2Oo1Fv33sPTIy9
fmmppnQhk2jDBBJGnJuUX2nNU1LV1zw7LCIDgF32ccSZrcX+aC5LRGhrVnqRbtXF
dAplxwwYx7p45i5dhqdnWm7v0VVVnFRagUOO+u773qVtYCeSILtrdo7m0C5cdScn
bsRpUVtrPJl+/Oy2mAfXTp+Af2QAUZnKlW1ugO2EzjRmpz/87ONediTjHwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJtNN97rkNlKsh4haPvkwKibn84WMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbTAwMzN1dVEyVXF5SGlGby0tVEFxSnVmemhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
udEmAwQBudz6AwQAud9SAwQBueEAAwQAueJoAwQBueOSAwQAufvmAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQC2K46Vy8oZYp/eSjrncZEfLxp2h5/oZr+Tau6cA3mO
Y+wmLGs1o9eJintGh16XZ9SsFbpsR5tI1YYDV6ZCcDSblbh54S1NnZJKkQ2n1aGJ
02fX6SFLlgC8JHZaRr/a/ecdKOPCVGvWRY52q/I6TmYbiBs7ckUy1jDjlSNsIJdD
PkwdyCyKfh4qgGpvjgdhCGT+1BDBM4fY+yOdjTaEWlREYqJ8E3EntnDIlFoI+FFE
98JAyvuciyNdUjPklUdovmZ0w96uHbfV5/Oa9mBBbrwVd9mUUL1G08SP8smUVmTE
E+xZHYH9A0MqImAp+Pd9AGrv5MG/dK/LndHOvmBtFaeV
-----END CERTIFICATE-----