Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vtp3WsiG2eRlRWt4ikwRgClmhoo.roa
File:                     vtp3WsiG2eRlRWt4ikwRgClmhoo.roa (raw, json)
Hash identifier:          pjnPu1OtIWWymiBEZsdbaBnrYLDYr4JcsWobeSwyBJE=
Subject key identifier:   BE:DA:77:5A:C8:86:D9:E4:65:45:6B:78:8A:4C:11:80:29:66:86:8A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018B8A64FFEF22A284454CFF3A1B772290AD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vtp3WsiG2eRlRWt4ikwRgClmhoo.roa
Signing time:             Wed 01 Nov 2023 10:19:16 +0000
ROA not before:           Wed 01 Nov 2023 10:19:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.209.38.0/24 maxlen: 24
                          185.218.103.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.223.80.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.226.107.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.246.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 04 Nov 2023 21:29:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8a:64:ff:ef:22:a2:84:45:4c:ff:3a:1b:77:22:90:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  1 10:19:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=beda775ac886d9e465456b788a4c11802966868a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:81:65:d8:82:af:f7:74:76:37:97:96:20:8e:
                    76:69:b0:40:2c:00:c2:20:4e:78:92:b1:80:cc:72:
                    98:5d:20:b4:e3:e9:0a:06:97:fd:f7:de:dc:7a:ab:
                    ec:a2:e7:1b:a3:bd:06:90:ae:9b:e8:00:22:a2:a9:
                    b7:1c:a3:43:e4:32:b0:69:55:b5:fd:a8:51:92:22:
                    d8:8f:90:89:bc:15:77:98:a3:bd:51:f2:cf:61:3a:
                    3a:0e:05:66:00:bc:10:1e:53:a7:cd:ff:b6:d9:fc:
                    89:25:1f:8b:1d:ae:63:98:b0:8d:2d:3c:88:98:54:
                    99:a3:f6:15:71:8e:a9:2a:d1:b2:a2:2b:07:5f:f5:
                    93:8a:f9:b3:36:49:b2:bb:2f:0b:ae:8b:3b:61:af:
                    59:dc:2f:e7:d5:dc:62:bb:1b:e0:87:a9:1d:71:eb:
                    cd:91:a3:d4:0c:d7:eb:5b:73:c2:68:19:35:c1:02:
                    f4:7e:3c:1f:16:ed:33:d1:71:85:57:5b:f7:c8:ca:
                    7d:88:ad:b8:d6:2b:4f:b3:ab:8c:bc:11:17:49:c0:
                    24:66:f9:fa:1c:6e:c6:ba:bf:48:24:1f:9b:42:0b:
                    a3:b2:72:d1:2f:44:37:3d:de:a8:51:04:d4:67:58:
                    e1:71:43:70:c7:37:4e:66:b9:1e:d3:91:f6:5e:35:
                    84:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:DA:77:5A:C8:86:D9:E4:65:45:6B:78:8A:4C:11:80:29:66:86:8A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vtp3WsiG2eRlRWt4ikwRgClmhoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.218.101.0/24
                  185.218.103.0/24
                  185.220.250.0/23
                  185.222.30.0/23
                  185.223.80.0/24
                  185.225.0.0/23
                  185.226.107.0/24
                  185.246.114.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:44:0c:87:af:b3:ec:c6:e2:ac:11:ba:5b:36:87:a8:18:31:
         83:55:a3:33:e6:d1:71:cd:81:af:6b:c7:75:01:76:84:e7:ed:
         70:0c:6e:db:64:fb:0c:5b:66:70:b7:9f:a7:bf:f8:b1:55:75:
         65:be:12:30:6d:f1:cc:b0:05:0b:5e:65:04:cb:e9:0e:43:31:
         ca:bb:f8:50:fc:a1:06:c0:dd:e1:23:3c:66:8a:54:62:71:d3:
         53:1e:0c:b8:02:88:70:65:53:9c:8c:97:70:6f:18:5a:58:1c:
         71:59:51:f1:28:d6:3c:f5:c5:50:84:c3:c5:cc:1c:56:a7:fd:
         e4:ff:73:68:11:b9:41:cb:e4:11:31:1a:2c:6b:d4:e5:78:90:
         3a:db:e8:b6:fb:ee:30:a7:88:61:8f:47:6a:21:8f:c2:f2:0e:
         87:39:f9:df:11:e3:a6:b2:d6:76:c0:01:96:48:30:a8:f0:d7:
         ba:49:c3:cc:d9:d6:9c:db:ac:ea:63:3c:54:72:1d:22:63:f7:
         1a:ab:23:66:41:65:4a:53:c5:83:5c:dc:71:8c:cd:e2:6f:93:
         11:8c:ec:8f:e4:a4:4b:da:4d:b3:cc:5e:3a:cd:f4:ca:49:6e:
         5e:42:5b:bb:b0:61:a2:60:b8:fb:c5:bd:f3:be:7a:59:f6:98:
         56:8b:f5:63
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYuKZP/vIqKERUz/Oht3IpCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTAxMTAxOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWRhNzc1YWM4ODZkOWU0NjU0NTZiNzg4YTRjMTE4MDI5NjY4NjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYFl2IKv93R2N5eWII52abBALADC
IE54krGAzHKYXSC04+kKBpf9997ceqvsoucbo70GkK6b6AAioqm3HKND5DKwaVW1
/ahRkiLYj5CJvBV3mKO9UfLPYTo6DgVmALwQHlOnzf+22fyJJR+LHa5jmLCNLTyI
mFSZo/YVcY6pKtGyoisHX/WTivmzNkmyuy8Lros7Ya9Z3C/n1dxiuxvgh6kdcevN
kaPUDNfrW3PCaBk1wQL0fjwfFu0z0XGFV1v3yMp9iK241itPs6uMvBEXScAkZvn6
HG7Gur9IJB+bQgujsnLRL0Q3Pd6oUQTUZ1jhcUNwxzdOZrke05H2XjWEyQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFL7ad1rIhtnkZUVreIpMEYApZoaKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdnRwM1dzaUcyZVJsUld0NGlrd1JnQ2xtaG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQgVAwQA
LZPgAwQAudEmAwQAudplAwQAudpnAwQBudz6AwQBud4eAwQAud9QAwQBueEAAwQA
ueJrAwQAufZyAwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQCqRAyHr7Ps
xuKsEbpbNoeoGDGDVaMz5tFxzYGva8d1AXaE5+1wDG7bZPsMW2Zwt5+nv/ixVXVl
vhIwbfHMsAULXmUEy+kOQzHKu/hQ/KEGwN3hIzxmilRicdNTHgy4AohwZVOcjJdw
bxhaWBxxWVHxKNY89cVQhMPFzBxWp/3k/3NoEblBy+QRMRosa9TleJA62+i2++4w
p4hhj0dqIY/C8g6HOfnfEeOmstZ2wAGWSDCo8Ne6ScPM2dac26zqYzxUch0iY/ca
qyNmQWVKU8WDXNxxjM3ib5MRjOyP5KRL2k2zzF46zfTKSW5eQlu7sGGiYLj7xb3z
vnpZ9phWi/Vj
-----END CERTIFICATE-----