Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vA4mResU--5ap5a4py2wcl2OCzU.roa
File:                     vA4mResU--5ap5a4py2wcl2OCzU.roa (raw, json)
Hash identifier:          009UkBWyZbjXSU34LPSubD8f84lNCLb3RnxA9AIk1i8=
Subject key identifier:   BC:0E:26:45:EB:14:FB:EE:5A:A7:96:B8:A7:2D:B0:72:5D:8E:0B:35
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E1505BD0BA678213A33CA4C6BE427BF99
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vA4mResU--5ap5a4py2wcl2OCzU.roa
Signing time:             Wed 06 Mar 2024 18:28:01 +0000
ROA not before:           Wed 06 Mar 2024 18:28:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.81.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.222.28.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 11:06:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:05:bd:0b:a6:78:21:3a:33:ca:4c:6b:e4:27:bf:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  6 18:28:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc0e2645eb14fbee5aa796b8a72db0725d8e0b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:66:38:7f:ff:8c:35:33:f8:58:ca:5d:e3:c9:
                    11:63:4e:4b:b4:1d:02:14:6c:b8:62:17:1d:99:22:
                    21:32:89:87:18:0b:f3:8a:72:be:18:b8:cb:b7:0f:
                    40:9f:cc:ce:cd:7e:58:6c:30:eb:02:2a:97:bf:12:
                    e8:be:df:0e:81:72:db:52:c0:6d:e0:29:9d:44:01:
                    7d:88:fc:b1:ae:60:b0:41:9f:c5:10:43:6a:20:f3:
                    f3:ac:5a:33:f5:af:a4:2f:e1:46:7f:72:9f:08:aa:
                    67:79:96:fc:2c:1a:c1:31:26:b6:6a:16:83:1a:d3:
                    12:81:af:39:b7:30:02:c8:c7:ba:09:21:3a:4c:b8:
                    04:f8:4f:60:a8:14:32:ce:3f:f3:3f:f0:af:4b:91:
                    61:32:78:49:87:71:47:6c:51:31:a1:24:7b:75:d4:
                    4a:57:a7:e8:f3:6d:c4:cd:59:38:29:04:f7:4d:53:
                    9c:18:b1:86:45:f4:74:ed:0f:21:89:6f:f7:86:7b:
                    0f:51:66:96:f1:bb:4c:7b:bd:cd:3b:3a:08:82:f6:
                    5d:ff:6e:d9:84:0d:dd:29:7e:3a:67:e7:f0:eb:75:
                    ea:f2:b7:a6:da:9c:ad:ab:d8:4a:88:a0:6e:c5:da:
                    2b:f6:f5:0e:92:1b:7d:05:33:31:a0:6b:de:ab:e1:
                    e3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0E:26:45:EB:14:FB:EE:5A:A7:96:B8:A7:2D:B0:72:5D:8E:0B:35
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vA4mResU--5ap5a4py2wcl2OCzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.81.0/24
                  185.220.250.0/23
                  185.222.28.0/24
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:9b:d0:18:1f:8d:31:f2:9e:d1:23:2b:b7:8f:b2:8b:69:7a:
         cd:cb:d9:80:1c:f9:ad:b6:73:be:e2:50:49:d3:e8:6f:82:7c:
         07:ec:67:3f:cf:16:74:29:42:bb:38:ca:2e:fb:87:fa:67:87:
         14:52:26:6c:9a:25:4e:9e:ce:05:52:6d:6b:62:f0:51:3a:e2:
         30:40:48:53:07:66:e3:c9:03:83:22:eb:46:0c:f9:9f:e1:a8:
         47:3c:81:a8:87:95:61:d3:6e:bf:92:24:40:f0:27:69:e0:e1:
         b2:ca:64:d7:55:6c:79:50:0a:21:71:64:de:e7:44:cd:eb:50:
         6e:9f:25:c4:03:b2:eb:f6:10:0b:00:4c:85:12:ad:89:08:96:
         d6:7a:d1:26:61:30:db:97:b4:c2:e2:ce:c3:10:48:cc:7b:0a:
         ed:6a:1a:40:dc:27:5c:bc:d0:10:61:dd:88:c7:69:13:e3:da:
         1c:d8:ad:a4:30:88:40:de:78:d5:ce:39:98:3f:c6:b3:f6:52:
         49:8b:b9:5b:91:b6:14:d1:a9:09:f5:42:ba:a1:2a:2c:ec:79:
         9c:e3:98:08:50:cb:40:24:af:bc:32:13:70:04:b3:9a:0b:57:
         59:de:da:ec:fc:12:45:cb:5c:f1:50:98:16:07:7f:65:9b:b0:
         08:de:2d:56
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY4VBb0LpnghOjPKTGvkJ7+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzA2MTgyODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzBlMjY0NWViMTRmYmVlNWFhNzk2YjhhNzJkYjA3MjVkOGUwYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWY4f/+MNTP4WMpd48kRY05LtB0C
FGy4YhcdmSIhMomHGAvzinK+GLjLtw9An8zOzX5YbDDrAiqXvxLovt8OgXLbUsBt
4CmdRAF9iPyxrmCwQZ/FEENqIPPzrFoz9a+kL+FGf3KfCKpneZb8LBrBMSa2ahaD
GtMSga85tzACyMe6CSE6TLgE+E9gqBQyzj/zP/CvS5FhMnhJh3FHbFExoSR7ddRK
V6fo823EzVk4KQT3TVOcGLGGRfR07Q8hiW/3hnsPUWaW8btMe73NOzoIgvZd/27Z
hA3dKX46Z+fw63Xq8rem2pytq9hKiKBuxdor9vUOkht9BTMxoGveq+HjZQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLwOJkXrFPvuWqeWuKctsHJdjgs1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdkE0bVJlc1UtLTVhcDVhNHB5MndjbDJPQ3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQgVAwQA
uX5RAwQBudz6AwQAud4cAwQAud9SAwQBueEAAwQAueJoAwQBueOSAwQAufvlAwQB
wTqSMA0GCSqGSIb3DQEBCwUAA4IBAQABm9AYH40x8p7RIyu3j7KLaXrNy9mAHPmt
tnO+4lBJ0+hvgnwH7Gc/zxZ0KUK7OMou+4f6Z4cUUiZsmiVOns4FUm1rYvBROuIw
QEhTB2bjyQODIutGDPmf4ahHPIGoh5Vh026/kiRA8Cdp4OGyymTXVWx5UAohcWTe
50TN61BunyXEA7Lr9hALAEyFEq2JCJbWetEmYTDbl7TC4s7DEEjMewrtahpA3Cdc
vNAQYd2Ix2kT49oc2K2kMIhA3njVzjmYP8az9lJJi7lbkbYU0akJ9UK6oSos7Hmc
45gIUMtAJK+8MhNwBLOaC1dZ3trs/BJFy1zxUJgWB39lm7AI3i1W
-----END CERTIFICATE-----