Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVkvvap4BXPrKTIAoeyvmOo8G7I.roa
File:                     yVkvvap4BXPrKTIAoeyvmOo8G7I.roa (raw, json)
Hash identifier:          wMjKkPFGNtWZJUGv+7H46bxG2BinRi7MJb88koHsPhc=
Subject key identifier:   C9:59:2F:BD:AA:78:05:73:EB:29:32:00:A1:EC:AF:98:EA:3C:1B:B2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018ABC6C6ECB043ED0EDD61E1B741FAB01B2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVkvvap4BXPrKTIAoeyvmOo8G7I.roa
Signing time:             Fri 22 Sep 2023 10:25:37 +0000
ROA not before:           Fri 22 Sep 2023 10:25:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.222.29.0/24 maxlen: 24
                          185.225.22.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.146.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          176.125.248.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.223.80.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 18:15:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:bc:6c:6e:cb:04:3e:d0:ed:d6:1e:1b:74:1f:ab:01:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Sep 22 10:25:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9592fbdaa780573eb293200a1ecaf98ea3c1bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d0:c6:fe:d2:9e:b7:9c:d3:09:70:71:98:8c:
                    cb:47:73:d4:48:0a:ec:44:bc:00:8c:ef:71:43:4c:
                    dc:2b:11:87:9d:63:4e:15:37:30:2d:75:fb:5d:38:
                    e7:d4:be:d4:8a:58:e3:3f:29:be:3b:db:27:74:0d:
                    76:7d:0c:dd:2b:df:6c:08:ac:5a:f0:ef:dd:a4:9b:
                    6e:fe:3b:83:76:6c:f3:39:94:54:9a:2d:5a:b2:97:
                    9d:34:b7:80:19:f1:4e:51:01:18:cb:11:17:31:2f:
                    ec:88:96:98:56:05:28:5e:01:0a:2a:4a:fd:da:fd:
                    d5:17:b2:5e:c6:50:04:26:42:e2:53:b0:d9:84:d2:
                    de:4d:86:3e:60:22:ff:4c:f1:d5:09:d6:04:db:40:
                    22:7e:5b:07:32:61:b0:65:38:6a:e7:e1:50:4d:af:
                    aa:cd:78:0a:a5:8a:0f:57:6f:ef:9c:36:8b:55:0e:
                    1d:34:cb:92:82:50:28:af:cb:23:83:32:9b:3a:8b:
                    55:9d:3d:cc:32:7e:96:2f:b6:e7:d1:16:05:4b:40:
                    70:ee:66:2c:2a:1b:1c:f7:ab:39:84:42:ab:16:9b:
                    92:60:fa:9f:22:56:0b:57:48:5e:cf:26:43:a5:62:
                    67:92:95:51:70:72:99:51:e5:00:04:69:7c:a5:a2:
                    e4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:59:2F:BD:AA:78:05:73:EB:29:32:00:A1:EC:AF:98:EA:3C:1B:B2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yVkvvap4BXPrKTIAoeyvmOo8G7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  176.125.248.0/24
                  185.126.82.0/24
                  185.222.29.0/24
                  185.223.80.0/24
                  185.225.0.0/23
                  185.225.22.0/24
                  185.246.112.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:b1:ed:a0:68:de:b9:0e:0b:d5:a8:85:c5:d2:49:d2:40:1e:
         19:43:90:bf:90:97:27:db:fd:38:ee:e4:d1:44:19:c9:f6:86:
         0e:76:be:b4:20:78:ab:c8:03:30:cf:ed:88:8f:95:1a:ad:6b:
         1c:80:cc:2e:77:98:fb:c0:aa:0b:08:e5:78:57:87:d7:fe:1c:
         5a:b4:3b:bb:9c:35:b0:ef:e1:19:7b:f0:c8:e2:c4:4c:d4:0c:
         b0:80:76:22:4e:43:63:23:b8:ea:2d:c2:3c:7d:d7:97:6c:66:
         ca:d3:d5:0b:e8:d3:78:fe:e5:b4:6b:c9:45:7a:86:d4:78:2b:
         74:0f:9c:64:18:87:bd:85:c3:db:b5:5b:51:05:f5:86:e1:81:
         95:77:f0:00:e0:18:61:c4:94:c3:1f:de:fe:34:6b:f6:af:63:
         19:a9:8e:c5:21:9c:af:d0:c9:3e:ac:b2:c0:6c:ad:bc:b7:f8:
         1b:9b:77:7a:bd:f4:a4:21:50:e1:58:aa:32:81:d0:7d:0e:bc:
         4c:d5:9d:1b:9c:07:f5:a6:22:d7:11:b5:e2:3b:76:d8:8a:82:
         31:0e:26:f8:c3:d2:e0:54:e9:e2:c5:1b:cd:f8:f2:08:40:fe:
         6e:c8:b1:c1:d5:f5:ea:84:02:31:f8:9e:50:70:87:83:0a:05:
         45:1a:44:46
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYq8bG7LBD7Q7dYeG3QfqwGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwOTIyMTAyNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTU5MmZiZGFhNzgwNTczZWIyOTMyMDBhMWVjYWY5OGVhM2MxYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdDG/tKet5zTCXBxmIzLR3PUSArs
RLwAjO9xQ0zcKxGHnWNOFTcwLXX7XTjn1L7UiljjPym+O9sndA12fQzdK99sCKxa
8O/dpJtu/juDdmzzOZRUmi1aspedNLeAGfFOUQEYyxEXMS/siJaYVgUoXgEKKkr9
2v3VF7JexlAEJkLiU7DZhNLeTYY+YCL/TPHVCdYE20AiflsHMmGwZThq5+FQTa+q
zXgKpYoPV2/vnDaLVQ4dNMuSglAor8sjgzKbOotVnT3MMn6WL7bn0RYFS0Bw7mYs
Khsc96s5hEKrFpuSYPqfIlYLV0hezyZDpWJnkpVRcHKZUeUABGl8paLkSwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFMlZL72qeAVz6ykyAKHsr5jqPBuyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveVZrdnZhcDRCWFByS1RJQW9leXZtT284RzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQgVAwQA
LZPgAwQAsH34AwQAuX5SAwQAud4dAwQAud9QAwQBueEAAwQAueEWAwQAufZwAwQA
ufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQAase2gaN65DgvVqIXF0knSQB4Z
Q5C/kJcn2/047uTRRBnJ9oYOdr60IHiryAMwz+2Ij5UarWscgMwud5j7wKoLCOV4
V4fX/hxatDu7nDWw7+EZe/DI4sRM1AywgHYiTkNjI7jqLcI8fdeXbGbK09UL6NN4
/uW0a8lFeobUeCt0D5xkGIe9hcPbtVtRBfWG4YGVd/AA4BhhxJTDH97+NGv2r2MZ
qY7FIZyv0Mk+rLLAbK28t/gbm3d6vfSkIVDhWKoygdB9DrxM1Z0bnAf1piLXEbXi
O3bYioIxDib4w9LgVOnixRvN+PIIQP5uyLHB1fXqhAIx+J5QcIeDCgVFGkRG
-----END CERTIFICATE-----