Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tKX-0jDThj5kbBOmyWO_M7xT6Fc.roa
File:                     tKX-0jDThj5kbBOmyWO_M7xT6Fc.roa (raw, json)
Hash identifier:          zL0EoRCHn49DRrPP4mzq5FiwMAfdtGONNV9IMbPuu4Y=
Subject key identifier:   B4:A5:FE:D2:30:D3:86:3E:64:6C:13:A6:C9:63:BF:33:BC:53:E8:57
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E9E9ABE343DB3E66D202A7667AA08F5C8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tKX-0jDThj5kbBOmyWO_M7xT6Fc.roa
Signing time:             Tue 02 Apr 2024 11:38:45 +0000
ROA not before:           Tue 02 Apr 2024 11:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.81.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.234.20.0/24 maxlen: 24
                          185.246.113.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 21:36:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:9a:be:34:3d:b3:e6:6d:20:2a:76:67:aa:08:f5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr  2 11:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4a5fed230d3863e646c13a6c963bf33bc53e857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f1:75:a0:25:a7:f7:c7:40:ec:72:19:62:63:
                    52:b5:54:ad:2e:72:bf:0c:bf:3b:28:ca:36:6d:17:
                    65:f1:2c:21:72:40:cf:22:36:71:ec:c6:d8:d4:f6:
                    32:e5:f8:0c:27:91:5c:30:29:26:66:40:51:1c:ac:
                    1c:aa:a3:15:91:eb:03:48:95:47:0f:cf:ea:7a:02:
                    28:e8:4b:f6:93:45:ba:ff:d5:e8:f8:79:31:2e:15:
                    85:c0:7e:1c:55:92:47:80:66:36:ab:c1:06:08:8b:
                    ce:b8:9f:f8:4a:73:71:11:0a:aa:ed:40:4e:0a:ac:
                    bf:4f:fb:16:70:ad:9a:05:99:e5:0e:0a:cb:fd:e4:
                    7a:da:59:b1:68:54:0e:7d:97:ce:2a:f0:49:40:e7:
                    ed:5c:e0:17:a0:9d:04:18:64:02:b7:23:41:18:58:
                    bf:89:b7:00:b3:32:e0:42:46:04:44:bf:b0:13:2d:
                    53:e2:7e:a7:0d:fd:4f:22:6d:45:07:93:d8:23:1f:
                    6e:65:44:af:d9:cb:54:aa:69:30:d9:e2:23:e2:81:
                    b8:1c:9b:e7:3e:6a:c5:f5:58:78:f2:7a:30:31:3e:
                    f4:65:62:e9:1c:43:fd:0a:0e:5a:66:7c:2e:7f:9c:
                    01:21:07:3f:f3:68:6f:e5:6d:ee:15:22:ac:13:89:
                    8f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A5:FE:D2:30:D3:86:3E:64:6C:13:A6:C9:63:BF:33:BC:53:E8:57
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tKX-0jDThj5kbBOmyWO_M7xT6Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.81.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.234.20.0/24
                  185.246.113.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:7a:81:95:36:cb:63:bb:94:3e:b7:af:84:81:59:1b:6a:a4:
         14:6f:65:d0:bf:eb:ce:d2:ef:ad:d9:2f:05:50:33:03:1b:9b:
         b2:50:66:be:5a:3a:db:58:18:75:56:f3:ae:25:8d:31:68:06:
         ed:0b:48:f0:59:77:2d:99:e9:d1:9a:91:dd:f8:90:23:df:a6:
         23:03:71:22:cb:99:82:90:8a:3d:05:e6:b5:f6:50:28:0d:1a:
         35:73:14:8c:8f:f9:d3:97:a0:81:e4:c6:ea:78:ab:12:67:f0:
         15:37:89:94:12:4a:85:0b:1e:cb:34:8a:ef:88:c3:5d:2d:ee:
         30:4c:56:e9:0a:35:b4:71:b9:c5:1e:af:c6:9a:f0:49:80:2f:
         64:d7:85:ce:55:dd:81:dd:06:2e:c7:87:88:58:11:c0:c4:54:
         8f:ba:fd:22:33:04:8a:27:47:2d:72:f1:5f:dd:eb:f1:a5:04:
         cb:e7:a0:8d:59:20:f5:a5:c6:cb:e6:e7:83:13:9a:51:12:e8:
         05:6f:97:d2:8f:9c:ed:b8:a0:6e:77:91:e8:7d:18:aa:84:78:
         5c:40:c9:94:f0:32:ac:73:d2:49:9e:56:5b:6f:1d:24:0d:27:
         9c:99:bd:96:7e:2b:68:a9:a9:89:05:91:f0:cf:1f:29:8c:64:
         9b:94:36:8a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY6emr40PbPmbSAqdmeqCPXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDAyMTEzODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE1ZmVkMjMwZDM4NjNlNjQ2YzEzYTZjOTYzYmYzM2JjNTNlODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/F1oCWn98dA7HIZYmNStVStLnK/
DL87KMo2bRdl8SwhckDPIjZx7MbY1PYy5fgMJ5FcMCkmZkBRHKwcqqMVkesDSJVH
D8/qegIo6Ev2k0W6/9Xo+HkxLhWFwH4cVZJHgGY2q8EGCIvOuJ/4SnNxEQqq7UBO
Cqy/T/sWcK2aBZnlDgrL/eR62lmxaFQOfZfOKvBJQOftXOAXoJ0EGGQCtyNBGFi/
ibcAszLgQkYERL+wEy1T4n6nDf1PIm1FB5PYIx9uZUSv2ctUqmkw2eIj4oG4HJvn
PmrF9Vh48nowMT70ZWLpHEP9Cg5aZnwuf5wBIQc/82hv5W3uFSKsE4mPdwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLSl/tIw04Y+ZGwTpsljvzO8U+hXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdEtYLTBqRFRoajVrYkJPbXlXT19NN3hUNkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQA
uX5RAwQBudz6AwQAud9SAwQBueEAAwQAueJoAwQBueOSAwQAueoUAwQAufZxAwQB
wTqSMA0GCSqGSIb3DQEBCwUAA4IBAQASeoGVNstju5Q+t6+EgVkbaqQUb2XQv+vO
0u+t2S8FUDMDG5uyUGa+WjrbWBh1VvOuJY0xaAbtC0jwWXctmenRmpHd+JAj36Yj
A3Eiy5mCkIo9Bea19lAoDRo1cxSMj/nTl6CB5MbqeKsSZ/AVN4mUEkqFCx7LNIrv
iMNdLe4wTFbpCjW0cbnFHq/GmvBJgC9k14XOVd2B3QYux4eIWBHAxFSPuv0iMwSK
J0ctcvFf3evxpQTL56CNWSD1pcbL5ueDE5pREugFb5fSj5ztuKBud5HofRiqhHhc
QMmU8DKsc9JJnlZbbx0kDSecmb2WfitoqamJBZHwzx8pjGSblDaK
-----END CERTIFICATE-----