Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vcz5w4zu3ense6eOWaqfBS6drNA.roa
File:                     vcz5w4zu3ense6eOWaqfBS6drNA.roa (raw, json)
Hash identifier:          6tLkmEwADiqpCDQkrUlPUgWGz2WQGnGbTc5MixosR/k=
Subject key identifier:   BD:CC:F9:C3:8C:EE:DD:E9:EC:7B:A7:8E:59:AA:9F:05:2E:9D:AC:D0
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01893763BF2541D15D416993E854BA968CB6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vcz5w4zu3ense6eOWaqfBS6drNA.roa
Signing time:             Sat 08 Jul 2023 21:23:51 +0000
ROA not before:           Sat 08 Jul 2023 21:23:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.209.38.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.210.233.0/24 maxlen: 24
                          185.209.74.0/24 maxlen: 24
                          193.58.145.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.214.108.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.223.80.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 09 Jul 2023 15:51:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:37:63:bf:25:41:d1:5d:41:69:93:e8:54:ba:96:8c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul  8 21:23:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bdccf9c38ceedde9ec7ba78e59aa9f052e9dacd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:bb:4d:3f:91:b8:1e:10:26:4e:20:84:f6:
                    01:d0:32:cf:f5:9f:60:f7:9d:89:b1:d0:ac:51:26:
                    57:48:79:9d:b0:03:75:47:10:bf:0f:e0:bd:1d:95:
                    37:bc:4a:35:9b:cf:3d:95:c8:22:9c:3e:e7:56:fc:
                    88:5c:05:4f:2d:2e:e8:b6:24:d0:d8:ef:a7:4c:a7:
                    32:ab:15:27:c2:b1:89:a3:1b:ad:80:c8:30:dd:26:
                    4e:89:4b:d3:fe:70:6a:df:b9:96:c9:ba:fb:68:6a:
                    3f:80:04:c5:f4:cb:0e:cc:6c:d2:cb:5a:c5:ea:51:
                    bc:bf:15:cf:d3:c8:28:11:b7:39:75:1d:15:24:f8:
                    de:79:b4:96:81:56:70:93:31:93:ee:73:eb:03:7a:
                    b5:76:de:bf:aa:d1:4f:82:08:51:5c:3d:88:46:19:
                    65:31:ce:79:3d:74:96:51:3c:c5:6a:4d:2d:17:e2:
                    1b:f0:87:a9:e6:63:3c:6e:c5:af:30:23:de:74:42:
                    f4:9a:30:4f:eb:f6:ec:37:f3:97:fa:0f:53:d2:dd:
                    8c:61:31:1f:7c:ed:1c:f2:e0:eb:c8:70:db:21:ad:
                    da:96:83:59:51:05:83:6e:ba:41:21:f2:3f:51:19:
                    5e:5e:4b:4a:53:9e:8e:65:7c:1d:15:42:f0:78:16:
                    f8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:CC:F9:C3:8C:EE:DD:E9:EC:7B:A7:8E:59:AA:9F:05:2E:9D:AC:D0
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vcz5w4zu3ense6eOWaqfBS6drNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.209.74.0/24
                  185.210.233.0/24
                  185.214.108.0/24
                  185.223.80.0/24
                  185.225.0.0/23
                  185.230.52.0/24
                  193.58.145.0-193.58.147.255

    Signature Algorithm: sha256WithRSAEncryption
         67:9c:80:97:9b:d0:b0:6f:07:44:c6:49:f4:93:b9:c3:2b:61:
         70:29:29:2e:1a:91:61:3a:6b:8f:67:81:0c:08:48:a3:f9:bb:
         e3:c7:6f:34:df:b1:ce:e4:f4:54:87:cb:68:af:91:88:38:2d:
         a8:f9:df:b0:5f:7c:61:fd:46:81:da:6f:b2:54:5f:e0:84:2f:
         ae:93:0d:e7:e9:1d:db:2b:82:83:28:ef:2a:a1:5b:c3:7a:a7:
         f4:c4:76:89:92:c6:65:e5:17:35:3e:98:19:af:b7:dc:92:06:
         59:4b:05:e7:a4:ad:2b:8f:cf:27:b7:66:9e:c3:64:8f:29:43:
         f4:30:f2:80:41:aa:2f:3c:9c:f3:8c:95:b7:79:2e:5b:ea:7f:
         08:2d:19:f2:c8:d4:8f:9a:a3:ef:f7:11:55:a2:5b:7d:85:95:
         da:e8:4e:ce:92:ef:61:27:7c:0a:09:d1:22:aa:b7:0e:63:2f:
         23:0d:b6:14:ca:62:9c:5d:cc:53:ce:38:9e:a3:bf:89:cf:71:
         ba:ab:6c:89:36:2a:73:7a:c3:d1:f1:b8:8f:e0:c6:75:fd:6c:
         6e:a2:3d:7c:e1:19:32:7f:e2:d2:cd:db:10:bc:99:61:35:fd:
         05:7f:cf:57:a3:35:5b:84:13:1f:36:de:26:34:85:89:20:50:
         dc:81:a6:5f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYk3Y78lQdFdQWmT6FS6loy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNzA4MjEyMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGNjZjljMzhjZWVkZGU5ZWM3YmE3OGU1OWFhOWYwNTJlOWRhY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD27TT+RuB4QJk4ghPYB0DLP9Z9g
952JsdCsUSZXSHmdsAN1RxC/D+C9HZU3vEo1m889lcginD7nVvyIXAVPLS7otiTQ
2O+nTKcyqxUnwrGJoxutgMgw3SZOiUvT/nBq37mWybr7aGo/gATF9MsOzGzSy1rF
6lG8vxXP08goEbc5dR0VJPjeebSWgVZwkzGT7nPrA3q1dt6/qtFPgghRXD2IRhll
Mc55PXSWUTzFak0tF+Ib8Iep5mM8bsWvMCPedEL0mjBP6/bsN/OX+g9T0t2MYTEf
fO0c8uDryHDbIa3aloNZUQWDbrpBIfI/URleXktKU56OZXwdFULweBb4UQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFL3M+cOM7t3p7HunjlmqnwUunazQMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdmN6NXc0enUzZW5zZTZlT1dhcWZCUzZkck5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALQgVAwQA
LZPgAwQAudEmAwQAudFKAwQAudLpAwQAudZsAwQAud9QAwQBueEAAwQAueY0MAwD
BADBOpEDBALBOpAwDQYJKoZIhvcNAQELBQADggEBAGecgJeb0LBvB0TGSfSTucMr
YXApKS4akWE6a49ngQwISKP5u+PHbzTfsc7k9FSHy2ivkYg4Laj537BffGH9RoHa
b7JUX+CEL66TDefpHdsrgoMo7yqhW8N6p/TEdomSxmXlFzU+mBmvt9ySBllLBeek
rSuPzye3Zp7DZI8pQ/Qw8oBBqi88nPOMlbd5LlvqfwgtGfLI1I+ao+/3EVWiW32F
ldroTs6S72EnfAoJ0SKqtw5jLyMNthTKYpxdzFPOOJ6jv4nPcbqrbIk2KnN6w9Hx
uI/gxnX9bG6iPXzhGTJ/4tLN2xC8mWE1/QV/z1ejNVuEEx823iY0hYkgUNyBpl8=
-----END CERTIFICATE-----