Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/waYlrUKomF3BY8YnHTo_p3mBjlA.roa
File:                     waYlrUKomF3BY8YnHTo_p3mBjlA.roa (raw, json)
Hash identifier:          Qr9eLUI9QdoSdeg2eInhTWJXbHNVqM8nJ0wxG/vSjV0=
Subject key identifier:   C1:A6:25:AD:42:A8:98:5D:C1:63:C6:27:1D:3A:3F:A7:79:81:8E:50
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019280D36BDB4FBC9AA1F8B34DC9FACC2949
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/waYlrUKomF3BY8YnHTo_p3mBjlA.roa
Signing time:             Sat 12 Oct 2024 13:03:12 +0000
ROA not before:           Sat 12 Oct 2024 13:03:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.8.112.0/24 maxlen: 24
                          193.8.113.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 14 Oct 2024 11:55:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:80:d3:6b:db:4f:bc:9a:a1:f8:b3:4d:c9:fa:cc:29:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 12 13:03:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1a625ad42a8985dc163c6271d3a3fa779818e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b1:0f:4d:14:b7:79:7b:dc:97:29:9c:0a:bf:
                    42:fc:64:28:18:aa:17:f1:94:40:84:cf:31:74:85:
                    d1:09:ac:da:94:43:13:e8:87:bd:7a:71:f7:39:10:
                    d5:bb:8b:cc:27:84:5e:37:12:30:af:d8:72:ed:77:
                    c8:4b:8c:20:8b:39:b5:6a:dd:99:5b:d2:80:aa:7f:
                    d2:84:03:ad:ab:45:1c:aa:57:57:8e:9c:6e:cc:cc:
                    90:2a:87:7a:64:1c:07:a9:44:c6:41:6e:b2:f8:da:
                    d5:42:3d:4a:d0:5c:8c:94:5d:d2:f9:ac:7e:66:46:
                    ef:95:3f:14:6c:46:f0:c5:88:84:9d:0d:fc:a6:19:
                    91:63:d5:40:7d:71:54:b5:21:49:a1:19:be:78:4a:
                    cc:61:fe:83:5a:80:f6:c4:1f:dc:ee:8c:e7:ba:01:
                    c3:52:3f:ae:21:2f:28:49:90:65:3f:32:12:64:8e:
                    82:03:eb:ae:c8:53:b5:37:af:dc:06:22:99:36:a3:
                    b1:79:85:aa:8c:1e:71:da:df:a7:05:58:bf:d6:dc:
                    17:2f:aa:ab:da:9a:69:b0:5c:86:b3:eb:64:06:01:
                    18:5f:59:86:2c:13:00:b4:91:7f:0d:c6:7a:1b:3c:
                    e7:16:07:94:61:76:6f:5c:56:5f:3a:a9:3d:19:7b:
                    85:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A6:25:AD:42:A8:98:5D:C1:63:C6:27:1D:3A:3F:A7:79:81:8E:50
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/waYlrUKomF3BY8YnHTo_p3mBjlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.218.101.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:79:a7:d3:9d:a7:34:47:61:b5:79:72:1d:04:54:b4:b4:fc:
         b4:51:ed:57:a9:0f:18:59:31:ed:30:46:54:bd:04:7a:c7:9f:
         8a:dc:ab:b4:ed:51:24:91:b0:3a:f1:9d:2c:19:a1:6c:1d:60:
         9f:c1:75:f2:83:00:73:3b:ec:28:e2:b8:f6:4f:f5:b6:4e:dc:
         31:4f:02:29:7d:f4:37:a5:d0:2b:20:01:5d:74:f2:51:ba:85:
         d3:28:c0:44:83:5e:19:01:4d:74:aa:d1:45:e2:f2:73:c1:f6:
         68:c8:4d:7d:85:52:83:75:c0:b4:8e:72:7e:11:41:2e:ff:c4:
         91:6f:93:a3:f9:46:1f:e6:d2:ad:b2:4f:6f:67:e0:ae:bc:3f:
         a4:0e:00:83:12:c1:e2:46:6b:31:de:9f:9e:4c:d8:18:38:7b:
         4b:c3:c9:cb:22:4a:40:78:a2:9b:f1:1a:5c:11:aa:0f:c1:82:
         f2:ae:d7:a9:2e:e6:c9:18:08:df:50:b5:6c:06:2c:20:fc:8b:
         bb:28:bc:99:25:37:08:7e:33:99:f2:c3:bd:42:ab:54:c0:f1:
         2d:87:e1:ed:c4:01:5c:4d:08:f4:78:4f:db:af:b5:93:8a:10:
         92:fc:8d:46:c9:fc:fe:e4:2c:4e:4a:09:11:c4:b1:ee:64:50:
         6b:bb:06:37
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZKA02vbT7yaofizTcn6zClJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMDEyMTMwMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWE2MjVhZDQyYTg5ODVkYzE2M2M2MjcxZDNhM2ZhNzc5ODE4ZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7EPTRS3eXvclymcCr9C/GQoGKoX
8ZRAhM8xdIXRCazalEMT6Ie9enH3ORDVu4vMJ4ReNxIwr9hy7XfIS4wgizm1at2Z
W9KAqn/ShAOtq0UcqldXjpxuzMyQKod6ZBwHqUTGQW6y+NrVQj1K0FyMlF3S+ax+
ZkbvlT8UbEbwxYiEnQ38phmRY9VAfXFUtSFJoRm+eErMYf6DWoD2xB/c7oznugHD
Uj+uIS8oSZBlPzISZI6CA+uuyFO1N6/cBiKZNqOxeYWqjB5x2t+nBVi/1twXL6qr
2pppsFyGs+tkBgEYX1mGLBMAtJF/DcZ6GzznFgeUYXZvXFZfOqk9GXuF3QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMGmJa1CqJhdwWPGJx06P6d5gY5QMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvd2FZbHJVS29tRjNCWThZbkhUb19wM21CamxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudplAwQBudz6AwQBueEAAwQAueJoAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQB8eafTnac0R2G1eXIdBFS0tPy0Ue1XqQ8YWTHtMEZU
vQR6x5+K3Ku07VEkkbA68Z0sGaFsHWCfwXXygwBzO+wo4rj2T/W2TtwxTwIpffQ3
pdArIAFddPJRuoXTKMBEg14ZAU10qtFF4vJzwfZoyE19hVKDdcC0jnJ+EUEu/8SR
b5Oj+UYf5tKtsk9vZ+CuvD+kDgCDEsHiRmsx3p+eTNgYOHtLw8nLIkpAeKKb8Rpc
EaoPwYLyrtepLubJGAjfULVsBiwg/Iu7KLyZJTcIfjOZ8sO9QqtUwPEth+HtxAFc
TQj0eE/br7WTihCS/I1Gyfz+5CxOSgkRxLHuZFBruwY3
-----END CERTIFICATE-----