Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/B-wuD4igi88JyMEZX_oLtxHnxvo.roa
File:                     B-wuD4igi88JyMEZX_oLtxHnxvo.roa (raw, json)
Hash identifier:          5DNP80GGEqNJZSl+nCsO43Di8qs6QW7nszArZdt4eCI=
Subject key identifier:   07:EC:2E:0F:88:A0:8B:CF:09:C8:C1:19:5F:FA:0B:B7:11:E7:C6:FA
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       018D3D2B6933B39E72B5EA0D9491CC2A48C4
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/B-wuD4igi88JyMEZX_oLtxHnxvo.roa
Signing time:             Wed 24 Jan 2024 20:31:11 +0000
ROA not before:           Wed 24 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1897
IP address blocks:        88.157.0.0/16 maxlen: 16
                          88.157.0.0/17 maxlen: 17
                          88.157.0.0/18 maxlen: 18
                          88.157.64.0/18 maxlen: 18
                          88.157.128.0/17 maxlen: 17
                          88.157.128.0/18 maxlen: 18
                          88.157.192.0/18 maxlen: 18
                          193.126.0.0/16 maxlen: 16
                          194.79.64.0/19 maxlen: 19
                          195.23.0.0/16 maxlen: 16
                          212.0.160.0/19 maxlen: 19
                          212.0.160.0/21 maxlen: 21
                          213.205.64.0/19 maxlen: 19

Validation:               Failed, certificate revoked on Wed 14 Feb 2024 16:55:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3d:2b:69:33:b3:9e:72:b5:ea:0d:94:91:cc:2a:48:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan 24 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07ec2e0f88a08bcf09c8c1195ffa0bb711e7c6fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:77:05:9d:2a:d4:52:fd:ce:ae:e8:d0:b1:98:
                    1f:76:c1:52:77:e7:e2:4b:40:d8:90:15:f9:11:ae:
                    fe:48:ea:f7:ef:70:cd:6c:42:72:05:31:b0:06:1b:
                    f1:f6:53:e4:96:ad:a2:a2:13:d4:00:db:0e:28:0e:
                    9c:c7:c0:9d:b0:bc:2d:e9:97:ce:eb:7c:df:55:0d:
                    4e:a1:1d:a6:cc:43:cd:c6:d6:9e:f0:d4:62:b2:5f:
                    2f:69:dd:97:b4:01:9c:72:63:d5:5c:c4:ba:f5:90:
                    a1:00:12:b6:f8:5f:85:c1:20:15:fc:ac:07:d7:79:
                    15:ba:b4:56:d2:be:bf:c4:69:ce:7b:77:61:a4:27:
                    66:5a:1f:76:ca:b6:9e:be:a1:26:42:de:5f:5a:01:
                    4e:ed:0a:69:c7:16:38:d9:5b:0d:de:98:d2:4f:34:
                    40:a2:98:c0:93:d0:ec:c1:cc:0b:ca:d8:60:f5:f9:
                    63:0a:cd:92:ce:74:17:50:1d:1e:5f:bc:c4:a7:c1:
                    9b:5b:aa:8c:80:7f:c6:89:3f:5c:a0:64:bf:b2:a5:
                    ae:d6:20:94:81:19:41:d6:db:8e:3f:83:3a:28:03:
                    29:7c:62:cb:0a:5c:99:05:56:a8:8d:52:b7:1c:ea:
                    6e:8d:0d:d4:81:ac:bd:27:d4:dd:7e:e5:3e:47:24:
                    5b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:EC:2E:0F:88:A0:8B:CF:09:C8:C1:19:5F:FA:0B:B7:11:E7:C6:FA
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/B-wuD4igi88JyMEZX_oLtxHnxvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.157.0.0/16
                  193.126.0.0/16
                  194.79.64.0/19
                  195.23.0.0/16
                  212.0.160.0/19
                  213.205.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:b3:db:53:a3:a7:76:6a:77:c0:ea:73:41:05:f7:8e:ac:c1:
         75:51:9d:c4:47:e3:c3:cc:2d:48:96:1e:57:9d:29:95:2d:7a:
         90:7e:33:3a:ca:4a:d0:f2:97:38:91:ec:fb:7d:60:cf:57:4a:
         89:4b:93:3c:6d:12:ce:2b:81:07:fc:26:b8:cd:70:72:d1:3e:
         c8:d6:eb:5f:26:37:c7:d4:b6:1d:86:c9:f4:60:a5:96:10:58:
         06:8f:eb:be:09:34:16:6b:09:48:04:fa:84:eb:19:9e:4a:60:
         45:64:86:af:1e:ea:8e:ca:4d:56:78:be:ec:bd:c2:3a:88:37:
         07:24:bf:f3:28:fc:13:15:4e:a5:b9:22:b0:e1:d3:0d:41:d4:
         65:fd:1e:a3:e0:00:51:6a:6b:5a:4c:83:3c:71:2a:6f:2a:ae:
         47:80:c3:e2:c0:fc:c7:39:8d:09:77:9d:52:e9:89:c3:2c:69:
         db:f1:a9:a3:0b:58:d8:c2:01:fd:94:42:df:0f:d6:ed:25:42:
         63:84:83:70:ae:ae:d4:3b:79:e7:ec:7b:21:3d:8b:cd:fa:34:
         85:b8:b2:a9:e1:53:a4:ce:ab:27:03:0e:49:38:03:68:1f:fa:
         e4:7f:86:d8:28:b5:b8:78:0e:f3:46:9a:f3:c4:44:c7:00:76:
         d1:79:59:3e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY09K2kzs55yteoNlJHMKkjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjQwMTI0MjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2VjMmUwZjg4YTA4YmNmMDljOGMxMTk1ZmZhMGJiNzExZTdjNmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHcFnSrUUv3OrujQsZgfdsFSd+fi
S0DYkBX5Ea7+SOr373DNbEJyBTGwBhvx9lPklq2iohPUANsOKA6cx8CdsLwt6ZfO
63zfVQ1OoR2mzEPNxtae8NRisl8vad2XtAGccmPVXMS69ZChABK2+F+FwSAV/KwH
13kVurRW0r6/xGnOe3dhpCdmWh92yraevqEmQt5fWgFO7QppxxY42VsN3pjSTzRA
opjAk9DswcwLythg9fljCs2SznQXUB0eX7zEp8GbW6qMgH/GiT9coGS/sqWu1iCU
gRlB1tuOP4M6KAMpfGLLClyZBVaojVK3HOpujQ3Ugay9J9TdfuU+RyRbPwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAfsLg+IoIvPCcjBGV/6C7cR58b6MB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvQi13dUQ0aWdpODhKeU1FWlhfb0x0eEhueHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAATAhAwMAWJ0DAwDB
fgMEBcJPQAMDAMMXAwQF1ACgAwQF1c1AMA0GCSqGSIb3DQEBCwUAA4IBAQBQs9tT
o6d2anfA6nNBBfeOrMF1UZ3ER+PDzC1Ilh5XnSmVLXqQfjM6ykrQ8pc4kez7fWDP
V0qJS5M8bRLOK4EH/Ca4zXBy0T7I1utfJjfH1LYdhsn0YKWWEFgGj+u+CTQWawlI
BPqE6xmeSmBFZIavHuqOyk1WeL7svcI6iDcHJL/zKPwTFU6luSKw4dMNQdRl/R6j
4ABRamtaTIM8cSpvKq5HgMPiwPzHOY0Jd51S6YnDLGnb8amjC1jYwgH9lELfD9bt
JUJjhINwrq7UO3nn7HshPYvN+jSFuLKp4VOkzqsnAw5JOANoH/rkf4bYKLW4eA7z
RprzxETHAHbReVk+
-----END CERTIFICATE-----