Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rKwurWECbWSSvs-Vioe77tzVrn8.roa
File:                     rKwurWECbWSSvs-Vioe77tzVrn8.roa (raw, json)
Hash identifier:          JKC211Q8MXn2xj7JUrjYmn2m1hWl3PtjiNRbYQdtE18=
Subject key identifier:   AC:AC:2E:AD:61:02:6D:64:92:BE:CF:95:8A:87:BB:EE:DC:D5:AE:7F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018DAC2C9FC0CCB315F8638B798F766F1077
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rKwurWECbWSSvs-Vioe77tzVrn8.roa
Signing time:             Thu 15 Feb 2024 09:50:22 +0000
ROA not before:           Thu 15 Feb 2024 09:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.199.54.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.230.67.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          194.76.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 18 Feb 2024 11:18:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:2c:9f:c0:cc:b3:15:f8:63:8b:79:8f:76:6f:10:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 15 09:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acac2ead61026d6492becf958a87bbeedcd5ae7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:87:e7:99:18:3d:a8:48:6b:ef:ef:50:75:3f:
                    dd:e0:d4:a8:a7:62:6d:08:1d:d1:06:cd:d2:b7:56:
                    af:15:17:94:08:af:e7:f2:38:ea:98:8d:4e:e1:de:
                    93:ac:03:b4:b9:be:8e:92:df:64:2b:f0:2d:f8:a7:
                    52:41:02:a5:42:45:58:1d:d2:96:ba:90:a6:45:ea:
                    ef:d2:36:f4:c2:d1:e0:af:f9:fb:73:04:72:de:e7:
                    7c:4d:29:e8:a2:17:af:53:5b:03:cb:f5:16:d6:07:
                    a7:7f:4f:1b:b6:08:fd:be:64:52:9f:9f:e9:24:2e:
                    df:a4:88:37:82:f7:07:c4:22:46:64:25:d7:90:14:
                    52:28:2f:cc:9f:80:b0:bd:f1:ed:78:25:8c:05:d4:
                    10:4d:72:87:c2:19:f5:46:47:ca:b5:e2:99:05:6a:
                    94:b2:88:51:89:93:d7:9e:32:3a:c1:0f:d3:24:be:
                    de:0f:bf:9f:d2:c8:33:76:83:43:9f:c5:37:54:8e:
                    61:f3:55:18:82:af:f0:a0:fc:42:e9:b2:7c:60:47:
                    c7:5c:59:a3:b0:48:f9:e3:ca:07:91:db:bf:86:66:
                    00:2b:6c:d3:9b:fd:5c:23:12:3d:95:51:0b:3a:64:
                    19:58:43:ef:f4:8e:6e:b8:ff:ae:15:55:b5:56:d8:
                    72:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AC:2E:AD:61:02:6D:64:92:BE:CF:95:8A:87:BB:EE:DC:D5:AE:7F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rKwurWECbWSSvs-Vioe77tzVrn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.199.54.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.227.146.0/23
                  185.230.67.0/24
                  185.251.229.0/24
                  193.58.146.0/23
                  194.76.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:d1:ab:3c:9a:cf:b9:54:28:16:11:3b:9b:da:0a:02:d2:4d:
         e3:fd:90:78:ae:55:70:d0:b5:bf:b0:94:0a:95:9b:80:78:23:
         8e:e3:43:93:1a:38:6a:56:76:73:d0:d3:40:be:a4:a0:3e:aa:
         27:19:7a:fc:5d:ff:2f:6d:fb:09:9d:07:9d:25:50:0e:fd:41:
         b7:e3:25:5a:84:52:2a:80:65:1c:1e:66:0f:b4:c0:75:ad:9d:
         47:fc:10:f3:aa:fd:e3:99:46:31:aa:75:44:1b:c2:ef:99:4e:
         6f:47:84:43:b5:19:d3:0b:13:09:d4:a4:cc:1a:da:41:2b:47:
         7b:00:ec:ee:0d:c4:51:37:3d:32:1a:ca:57:c6:d7:0d:ad:bf:
         31:92:ea:d1:99:85:dd:09:06:ab:61:11:5d:77:e3:14:a2:a8:
         10:87:0a:2c:b1:de:a1:e1:10:c8:02:7b:3c:fb:3b:88:59:98:
         ef:87:28:8a:f4:d2:12:93:23:89:a8:6b:c2:42:29:dd:d7:f0:
         c2:53:50:8d:6c:bc:d9:d0:d4:41:68:da:87:1d:0b:f8:15:1c:
         26:a4:f1:4e:dd:6d:52:73:3c:23:52:47:72:d6:a6:79:07:80:
         6c:96:d7:47:79:a6:5a:9f:08:b9:95:15:37:2d:ac:f0:78:20:
         ec:42:8c:08
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY2sLJ/AzLMV+GOLeY92bxB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjE1MDk1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FjMmVhZDYxMDI2ZDY0OTJiZWNmOTU4YTg3YmJlZWRjZDVhZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4fnmRg9qEhr7+9QdT/d4NSop2Jt
CB3RBs3St1avFReUCK/n8jjqmI1O4d6TrAO0ub6Okt9kK/At+KdSQQKlQkVYHdKW
upCmRerv0jb0wtHgr/n7cwRy3ud8TSnoohevU1sDy/UW1genf08btgj9vmRSn5/p
JC7fpIg3gvcHxCJGZCXXkBRSKC/Mn4CwvfHteCWMBdQQTXKHwhn1RkfKteKZBWqU
sohRiZPXnjI6wQ/TJL7eD7+f0sgzdoNDn8U3VI5h81UYgq/woPxC6bJ8YEfHXFmj
sEj548oHkdu/hmYAK2zTm/1cIxI9lVELOmQZWEPv9I5uuP+uFVW1VthyQQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKysLq1hAm1kkr7PlYqHu+7c1a5/MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvckt3dXJXRUNiV1NTdnMtVmlvZTc3dHpWcm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQA
ucc2AwQBudz6AwQAud9SAwQBueEAAwQBueOSAwQAueZDAwQAufvlAwQBwTqSAwQA
wkypMA0GCSqGSIb3DQEBCwUAA4IBAQAU0as8ms+5VCgWETub2goC0k3j/ZB4rlVw
0LW/sJQKlZuAeCOO40OTGjhqVnZz0NNAvqSgPqonGXr8Xf8vbfsJnQedJVAO/UG3
4yVahFIqgGUcHmYPtMB1rZ1H/BDzqv3jmUYxqnVEG8LvmU5vR4RDtRnTCxMJ1KTM
GtpBK0d7AOzuDcRRNz0yGspXxtcNrb8xkurRmYXdCQarYRFdd+MUoqgQhwossd6h
4RDIAns8+zuIWZjvhyiK9NISkyOJqGvCQind1/DCU1CNbLzZ0NRBaNqHHQv4FRwm
pPFO3W1SczwjUkdy1qZ5B4BsltdHeaZanwi5lRU3LazweCDsQowI
-----END CERTIFICATE-----