Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uaBacFki7CvZJjOvp-6bj6fvoBw.roa
File:                     uaBacFki7CvZJjOvp-6bj6fvoBw.roa (raw, json)
Hash identifier:          ORD0SB7qsGxyY01wHOqq74awaYa/7uQEffPCXoQ4W4Y=
Subject key identifier:   B9:A0:5A:70:59:22:EC:2B:D9:26:33:AF:A7:EE:9B:8F:A7:EF:A0:1C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E3756AEFCC2A0617F5C5720219C224543
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uaBacFki7CvZJjOvp-6bj6fvoBw.roa
Signing time:             Wed 13 Mar 2024 10:23:31 +0000
ROA not before:           Wed 13 Mar 2024 10:23:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.81.0/24 maxlen: 24
                          185.194.29.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.230.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 13:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:56:ae:fc:c2:a0:61:7f:5c:57:20:21:9c:22:45:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 13 10:23:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a05a705922ec2bd92633afa7ee9b8fa7efa01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6c:db:dc:4b:8c:0a:00:cb:57:bb:c3:d7:57:
                    6f:74:9f:31:99:93:8d:7f:b2:06:f8:07:2d:89:11:
                    58:f1:e9:ac:b7:a2:76:a5:95:10:18:c8:c6:e3:38:
                    90:30:c6:2b:47:ca:69:4f:98:ed:78:6f:37:e6:aa:
                    15:fa:e6:3f:bc:a8:42:de:96:ab:2b:49:d7:88:42:
                    32:be:df:2d:b7:23:61:d4:d2:4f:f0:5a:8a:e2:ef:
                    cf:a8:73:bf:ed:05:51:78:e8:07:8e:5e:5d:b8:76:
                    4e:40:ec:f8:26:85:fd:65:ba:1f:a7:55:74:44:73:
                    64:4f:ca:c3:a1:00:86:f1:e2:c7:63:ff:4b:c6:b1:
                    a0:ca:c5:8f:1d:c9:0f:53:86:14:6c:b6:01:7f:d4:
                    90:33:c0:91:10:91:0f:86:48:87:2b:82:66:c5:22:
                    37:db:b6:a5:4a:35:3b:f6:ea:a7:1a:aa:0c:b1:98:
                    ba:fb:01:fc:03:d5:08:f6:1e:49:d4:87:61:fc:60:
                    2a:eb:3b:8e:01:74:fd:33:d1:c2:77:71:e0:f6:e9:
                    df:2b:b4:7f:26:38:c9:bf:39:be:99:9d:b9:c0:b1:
                    41:b2:07:3a:57:1d:49:d9:2e:70:4c:f8:7d:4d:64:
                    33:62:b1:82:f5:38:66:b0:b9:55:87:2d:c4:e5:58:
                    05:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A0:5A:70:59:22:EC:2B:D9:26:33:AF:A7:EE:9B:8F:A7:EF:A0:1C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uaBacFki7CvZJjOvp-6bj6fvoBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.81.0/24
                  185.194.29.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.251.229.0-185.251.230.255
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:6f:d3:67:4f:98:4c:f9:1f:6b:76:27:c3:b1:88:50:eb:88:
         e2:9e:45:1f:50:42:44:71:ef:ce:5b:05:50:e9:12:1b:6c:db:
         1c:f5:b0:0f:28:77:a7:fd:15:78:9e:51:e2:78:5c:c9:06:69:
         71:75:19:c0:e3:6b:9a:bc:13:45:45:cd:36:b8:a1:40:68:7b:
         d4:49:4a:ff:44:1d:f1:3f:eb:ce:31:28:e7:10:fc:db:bb:ad:
         20:73:b6:00:22:4e:4f:ca:c8:54:10:62:71:67:9c:d2:63:cf:
         70:7a:32:02:86:4d:6b:9b:46:de:91:5d:36:10:15:8b:09:fd:
         da:c8:95:5e:ed:f2:83:a0:48:35:e1:71:83:ea:b5:9f:f2:90:
         02:60:7b:68:b9:03:27:30:b0:49:cd:46:3e:c6:46:d6:47:be:
         73:1a:ab:41:27:db:e5:ce:95:05:5f:f5:16:2f:bb:45:53:cb:
         7e:44:06:0c:a8:d7:d2:30:b3:f7:b9:1c:dd:da:5e:3f:0b:e9:
         ff:f0:0e:93:dd:a9:9c:c4:bf:8a:0a:eb:6b:19:fa:ad:72:0e:
         01:94:fe:28:14:55:2a:2f:06:8a:33:40:34:06:8a:8b:9d:e2:
         5e:cd:4f:eb:6c:af:cc:db:83:41:56:05:05:4c:df:24:83:46:
         1d:00:f0:ae
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY43Vq78wqBhf1xXICGcIkVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzEzMTAyMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWEwNWE3MDU5MjJlYzJiZDkyNjMzYWZhN2VlOWI4ZmE3ZWZhMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmzb3EuMCgDLV7vD11dvdJ8xmZON
f7IG+ActiRFY8emst6J2pZUQGMjG4ziQMMYrR8ppT5jteG835qoV+uY/vKhC3par
K0nXiEIyvt8ttyNh1NJP8FqK4u/PqHO/7QVReOgHjl5duHZOQOz4JoX9Zbofp1V0
RHNkT8rDoQCG8eLHY/9LxrGgysWPHckPU4YUbLYBf9SQM8CREJEPhkiHK4JmxSI3
27alSjU79uqnGqoMsZi6+wH8A9UI9h5J1Idh/GAq6zuOAXT9M9HCd3Hg9unfK7R/
JjjJvzm+mZ25wLFBsgc6Vx1J2S5wTPh9TWQzYrGC9ThmsLlVhy3E5VgFYQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLmgWnBZIuwr2SYzr6fum4+n76AcMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdWFCYWNGa2k3Q3ZaSmpPdnAtNmJqNmZ2b0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALQgVAwQA
uX5RAwQAucIdAwQBudz6AwQAud9SAwQBueEAAwQAueJoAwQBueOSMAwDBAC5++UD
BAC5++YDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBAMRv02dPmEz5H2t2J8OxiFDr
iOKeRR9QQkRx785bBVDpEhts2xz1sA8od6f9FXieUeJ4XMkGaXF1GcDja5q8E0VF
zTa4oUBoe9RJSv9EHfE/684xKOcQ/Nu7rSBztgAiTk/KyFQQYnFnnNJjz3B6MgKG
TWubRt6RXTYQFYsJ/drIlV7t8oOgSDXhcYPqtZ/ykAJge2i5AycwsEnNRj7GRtZH
vnMaq0En2+XOlQVf9RYvu0VTy35EBgyo19Iws/e5HN3aXj8L6f/wDpPdqZzEv4oK
62sZ+q1yDgGU/igUVSovBoozQDQGioud4l7NT+tsr8zbg0FWBQVM3ySDRh0A8K4=
-----END CERTIFICATE-----