Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/eN63v4RlWkRat24cBlr9VMNvfxc.roa
File:                     eN63v4RlWkRat24cBlr9VMNvfxc.roa (raw, json)
Hash identifier:          BI1gVN1FmwdYKT/+OLiaLYB9HvEH2vRCiG+avXGz6cQ=
Subject key identifier:   78:DE:B7:BF:84:65:5A:44:5A:B7:6E:1C:06:5A:FD:54:C3:6F:7F:17
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194A3BBADAFF7AAF307BA34857433879A56
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/eN63v4RlWkRat24cBlr9VMNvfxc.roa
Signing time:             Sun 26 Jan 2025 17:49:33 +0000
ROA not before:           Sun 26 Jan 2025 17:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.209.75.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Wed 29 Jan 2025 12:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a3:bb:ad:af:f7:aa:f3:07:ba:34:85:74:33:87:9a:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan 26 17:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78deb7bf84655a445ab76e1c065afd54c36f7f17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:79:b6:8d:7f:0a:1d:96:44:df:e3:fd:3b:e3:
                    2e:cc:07:64:60:5c:ff:3b:f1:1b:fe:89:8f:f4:c3:
                    ec:46:16:ca:45:bb:c5:94:e1:0d:9c:d9:67:7f:14:
                    c4:3a:35:c7:c1:5a:71:3e:4e:1f:66:6b:a0:4a:d7:
                    21:09:b4:33:81:c3:c0:80:35:f5:14:27:44:d4:c7:
                    fe:ea:f4:a3:6f:52:f0:76:36:2a:77:5e:4a:16:ca:
                    e9:69:66:c8:77:77:6d:fb:81:9f:c1:90:69:c3:a4:
                    42:d9:46:72:3f:61:66:4b:6a:a6:29:6f:f3:c8:6c:
                    d0:80:7f:72:74:8b:af:f4:15:35:87:1d:08:18:dd:
                    79:9f:c4:2f:a4:de:da:2f:7b:54:e2:9c:95:4d:d2:
                    36:bc:ed:c0:eb:51:ac:30:52:64:30:67:70:77:de:
                    2f:70:62:5f:3a:64:6a:00:d0:13:c5:10:89:dd:a8:
                    2a:83:6d:d4:28:22:3e:7d:c3:b0:b0:7b:14:29:6e:
                    95:93:14:00:a2:74:c5:53:8e:8c:b0:cb:b3:43:3a:
                    88:d8:94:e4:ac:26:9d:59:42:0f:22:36:1b:44:f2:
                    d2:f2:c4:63:4b:63:fe:7e:7b:5a:fb:9c:f9:bd:e0:
                    3c:4b:e8:7c:7b:9e:c9:36:d3:47:70:96:96:e7:e6:
                    be:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DE:B7:BF:84:65:5A:44:5A:B7:6E:1C:06:5A:FD:54:C3:6F:7F:17
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/eN63v4RlWkRat24cBlr9VMNvfxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.209.75.0/24
                  185.218.20.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:f3:74:0d:e8:57:d6:bb:3b:b4:cc:43:e0:c0:ef:46:0f:b1:
         ac:e9:09:e2:3e:c7:87:44:da:8d:b3:91:86:a1:72:d3:0b:fa:
         cd:9e:f2:8b:04:10:83:43:41:19:95:55:a6:3a:1f:ab:ee:16:
         de:18:01:f4:45:ef:d4:bd:e8:1c:16:3c:d7:7c:28:84:e7:28:
         e6:9e:ba:26:0f:d8:b7:81:20:68:3c:15:ce:e9:59:e2:0f:8e:
         f4:95:87:76:1c:84:f9:1b:6a:04:6a:c9:d9:71:96:a5:3a:14:
         74:05:85:12:9f:9b:a6:7d:fa:dd:55:3c:88:a9:a6:2f:45:a3:
         dc:8d:f9:25:3f:ce:4f:7d:b7:9e:12:41:62:a9:db:b0:08:df:
         eb:b7:1d:6b:53:9c:cd:c5:2c:d8:66:b3:17:22:e9:a2:5f:63:
         86:4f:5d:7d:d8:5c:6e:b7:64:1f:1f:ca:ec:c4:94:49:b9:c2:
         4e:b3:cc:fc:8e:ce:ba:0b:b6:89:15:6e:1e:88:f9:e6:33:10:
         7e:22:db:6d:fd:9a:8c:c0:2b:8a:d2:96:85:23:ab:74:20:9c:
         4a:a8:d9:50:82:05:39:61:41:55:61:bf:c0:49:f6:eb:66:d0:
         8b:82:c0:a4:54:40:a9:46:18:78:12:1e:da:21:4c:13:44:f8:
         ba:5d:a9:1f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZSju62v96rzB7o0hXQzh5pWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTI2MTc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRlYjdiZjg0NjU1YTQ0NWFiNzZlMWMwNjVhZmQ1NGMzNmY3ZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Xm2jX8KHZZE3+P9O+MuzAdkYFz/
O/Eb/omP9MPsRhbKRbvFlOENnNlnfxTEOjXHwVpxPk4fZmugStchCbQzgcPAgDX1
FCdE1Mf+6vSjb1LwdjYqd15KFsrpaWbId3dt+4GfwZBpw6RC2UZyP2FmS2qmKW/z
yGzQgH9ydIuv9BU1hx0IGN15n8QvpN7aL3tU4pyVTdI2vO3A61GsMFJkMGdwd94v
cGJfOmRqANATxRCJ3agqg23UKCI+fcOwsHsUKW6VkxQAonTFU46MsMuzQzqI2JTk
rCadWUIPIjYbRPLS8sRjS2P+fnta+5z5veA8S+h8e57JNtNHcJaW5+a+BwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHjet7+EZVpEWrduHAZa/VTDb38XMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZU42M3Y0UmxXa1JhdDI0Y0JscjlWTU52ZnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudFLAwQAudoUAwQBudz6AwQBueEAAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQBt83QN6FfWuzu0zEPgwO9GD7Gs6QniPseHRNqNs5GG
oXLTC/rNnvKLBBCDQ0EZlVWmOh+r7hbeGAH0Re/UvegcFjzXfCiE5yjmnromD9i3
gSBoPBXO6VniD470lYd2HIT5G2oEasnZcZalOhR0BYUSn5umffrdVTyIqaYvRaPc
jfklP85PfbeeEkFiqduwCN/rtx1rU5zNxSzYZrMXIumiX2OGT1192Fxut2QfH8rs
xJRJucJOs8z8js66C7aJFW4eiPnmMxB+Ittt/ZqMwCuK0paFI6t0IJxKqNlQggU5
YUFVYb/ASfbrZtCLgsCkVECpRhh4Eh7aIUwTRPi6Xakf
-----END CERTIFICATE-----