Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qnvZB7Rvkr2NIPKHIPWVwZ9LqyA.roa
File:                     qnvZB7Rvkr2NIPKHIPWVwZ9LqyA.roa (raw, json)
Hash identifier:          TErbblF30DDZukGhipvYLBGOdvdmc02AgIS1ylw481E=
Subject key identifier:   AA:7B:D9:07:B4:6F:92:BD:8D:20:F2:87:20:F5:95:C1:9F:4B:AB:20
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018BC9A024B9F18479C0185AAE3A460B59C8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qnvZB7Rvkr2NIPKHIPWVwZ9LqyA.roa
Signing time:             Mon 13 Nov 2023 16:59:57 +0000
ROA not before:           Mon 13 Nov 2023 16:59:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.1.0/24 maxlen: 24
                          185.227.145.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          185.209.74.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 15 Nov 2023 10:20:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:c9:a0:24:b9:f1:84:79:c0:18:5a:ae:3a:46:0b:59:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 13 16:59:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa7bd907b46f92bd8d20f28720f595c19f4bab20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2a:47:87:fc:10:d5:18:f7:db:b8:36:44:c7:
                    bd:ca:6f:6f:e8:35:5f:8c:c8:0c:98:ce:b3:56:fa:
                    b5:4c:2d:02:7e:a6:ca:98:44:f2:49:d1:b6:03:00:
                    74:b7:61:a7:e9:fc:78:63:9e:a8:47:1f:94:f9:e8:
                    6e:ec:39:99:e8:33:b6:ad:a0:3e:10:22:51:dc:c0:
                    48:ab:da:f4:9a:7e:00:5e:6d:ce:39:a0:41:0c:f9:
                    71:4b:98:31:25:31:1c:a2:71:88:ac:74:7e:ae:91:
                    e4:77:28:91:20:a1:b1:36:5a:7b:4c:c0:45:57:22:
                    82:0c:ad:32:5f:0b:02:18:33:85:52:ce:05:eb:a2:
                    13:7a:5b:e1:74:6e:4a:07:c8:33:4e:bf:89:43:f1:
                    44:d8:d3:ff:08:f0:7b:c7:86:9d:30:a4:84:e1:86:
                    5d:b6:13:13:55:24:4f:79:bf:49:14:b6:04:99:00:
                    4b:61:ed:1e:b6:05:42:7c:90:bf:0b:57:18:cd:0b:
                    3c:4e:eb:06:99:bf:85:75:74:4c:21:10:ee:9c:fb:
                    dd:53:2c:32:23:b7:d4:74:fc:4a:fa:e4:74:18:28:
                    f8:57:92:20:ff:4c:f8:3c:d1:19:ab:6a:18:cc:b5:
                    78:f3:af:2a:27:97:92:57:c1:f5:d8:00:20:30:87:
                    c0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7B:D9:07:B4:6F:92:BD:8D:20:F2:87:20:F5:95:C1:9F:4B:AB:20
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qnvZB7Rvkr2NIPKHIPWVwZ9LqyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.206.250.0/24
                  185.209.38.0/24
                  185.209.74.0/24
                  185.220.250.0/23
                  185.222.30.0/23
                  185.223.80.0/24
                  185.223.82.0/24
                  185.225.0.0/23
                  185.227.145.0-185.227.147.255
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:a3:54:a0:12:d0:66:90:44:de:b5:03:44:ca:99:96:74:01:
         42:a9:65:c5:91:ec:f7:aa:3f:46:5f:15:85:46:e4:2f:22:4b:
         97:c8:98:b0:33:c3:11:3b:ca:14:73:67:e4:75:01:fe:c8:20:
         3d:ad:9d:dc:f8:2d:26:0e:83:a0:c6:f0:29:9d:aa:ff:0d:7c:
         bd:a6:6b:d6:8b:fb:fb:54:ab:b3:7f:2e:01:fc:9b:6c:d1:28:
         f9:05:84:66:e9:55:66:cb:c4:27:c9:41:6c:8e:09:06:4e:5c:
         3a:45:a9:5f:a9:80:c9:c2:f5:e1:3e:02:f5:3d:09:a9:a8:29:
         2d:36:63:4b:ee:2f:f6:bb:68:83:0b:4e:69:39:4b:c3:a8:ca:
         81:93:75:a6:de:4f:d3:34:f9:35:bf:1a:3d:21:ea:cc:18:7e:
         6f:b2:26:a2:ce:93:ed:e9:1a:a1:de:83:69:6b:cb:16:d8:15:
         c7:85:ee:12:bd:09:51:b5:74:95:17:53:44:d0:79:02:81:09:
         fc:29:5f:87:86:50:e5:66:81:ea:6c:2a:5f:b3:52:d5:91:7d:
         d7:e0:c2:89:b8:65:91:60:b2:b9:a7:c6:b6:77:1b:53:3d:8f:
         52:61:3c:08:1a:35:18:31:22:99:76:f5:34:07:81:80:c2:3e:
         d1:73:64:aa
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYvJoCS58YR5wBharjpGC1nIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTEzMTY1OTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTdiZDkwN2I0NmY5MmJkOGQyMGYyODcyMGY1OTVjMTlmNGJhYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjipHh/wQ1Rj327g2RMe9ym9v6DVf
jMgMmM6zVvq1TC0CfqbKmETySdG2AwB0t2Gn6fx4Y56oRx+U+ehu7DmZ6DO2raA+
ECJR3MBIq9r0mn4AXm3OOaBBDPlxS5gxJTEconGIrHR+rpHkdyiRIKGxNlp7TMBF
VyKCDK0yXwsCGDOFUs4F66ITelvhdG5KB8gzTr+JQ/FE2NP/CPB7x4adMKSE4YZd
thMTVSRPeb9JFLYEmQBLYe0etgVCfJC/C1cYzQs8TusGmb+FdXRMIRDunPvdUywy
I7fUdPxK+uR0GCj4V5Ig/0z4PNEZq2oYzLV4868qJ5eSV8H12AAgMIfA1QIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFKp72Qe0b5K9jSDyhyD1lcGfS6sgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcW52WkI3UnZrcjJOSVBLSElQV1Z3WjlMcXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALQgVAwQA
LZPgAwQAuc76AwQAudEmAwQAudFKAwQBudz6AwQBud4eAwQAud9QAwQAud9SAwQB
ueEAMAwDBAC545EDBAK545ADBAC5++UDBAHBOpIwDQYJKoZIhvcNAQELBQADggEB
AEWjVKAS0GaQRN61A0TKmZZ0AUKpZcWR7PeqP0ZfFYVG5C8iS5fImLAzwxE7yhRz
Z+R1Af7IID2tndz4LSYOg6DG8Cmdqv8NfL2ma9aL+/tUq7N/LgH8m2zRKPkFhGbp
VWbLxCfJQWyOCQZOXDpFqV+pgMnC9eE+AvU9CamoKS02Y0vuL/a7aIMLTmk5S8Oo
yoGTdabeT9M0+TW/Gj0h6swYfm+yJqLOk+3pGqHeg2lryxbYFceF7hK9CVG1dJUX
U0TQeQKBCfwpX4eGUOVmgepsKl+zUtWRfdfgwom4ZZFgsrmnxrZ3G1M9j1JhPAga
NRgxIpl29TQHgYDCPtFzZKo=
-----END CERTIFICATE-----