Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/JWxreKud2y18mWcGnpFPSPfs_sE.roa
File:                     JWxreKud2y18mWcGnpFPSPfs_sE.roa (raw, json)
Hash identifier:          9wVNWSCrPgBYgWN0K/5Z9T9gFqXKXSap8YYENiCNLmg=
Subject key identifier:   25:6C:6B:78:AB:9D:DB:2D:7C:99:67:06:9E:91:4F:48:F7:EC:FE:C1
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       0188DD98C38712EA7320D6DAE7B2E3FE925E
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/JWxreKud2y18mWcGnpFPSPfs_sE.roa
Signing time:             Wed 21 Jun 2023 10:55:56 +0000
ROA not before:           Wed 21 Jun 2023 10:55:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48314
IP address blocks:        185.240.242.0/24 maxlen: 24
                          185.240.243.0/24 maxlen: 24
                          185.240.241.0/24 maxlen: 24
                          84.252.122.0/24 maxlen: 24
                          84.252.123.0/24 maxlen: 24
                          84.252.120.0/24 maxlen: 24
                          84.252.121.0/24 maxlen: 24
                          185.230.160.0/24 maxlen: 24
                          185.230.163.0/24 maxlen: 24
                          185.230.161.0/24 maxlen: 24
                          185.230.162.0/24 maxlen: 24
                          2a0c:2500::/32 maxlen: 32
                          2a09:6302::/32 maxlen: 32
                          2a09:6301::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 28 Jul 2023 21:32:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:dd:98:c3:87:12:ea:73:20:d6:da:e7:b2:e3:fe:92:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jun 21 10:55:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=256c6b78ab9ddb2d7c9967069e914f48f7ecfec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:64:0e:ec:ea:dd:d9:9c:4b:05:ee:29:f8:
                    1b:59:9f:03:41:f9:94:72:63:72:3a:08:27:be:f8:
                    94:da:06:c6:5b:d0:9d:cd:0b:57:33:44:d3:f8:93:
                    a9:5f:63:e1:5d:7d:83:20:88:d8:2c:a0:82:67:f3:
                    00:d4:86:f9:9c:64:bd:4d:94:14:8e:25:e7:70:54:
                    80:8f:b9:24:fe:18:74:a4:a3:c1:6b:63:04:32:4e:
                    cc:53:2d:80:53:2a:fa:8f:a0:95:02:36:d5:e9:40:
                    69:39:ab:a4:f1:34:cc:9c:a2:c3:9a:3c:a1:f3:62:
                    17:48:82:1b:84:cf:9c:18:b4:40:40:73:41:ba:78:
                    99:aa:e3:5e:de:97:32:1f:c2:bb:ac:fc:86:27:b4:
                    30:d3:f0:c7:40:c3:22:2a:ac:1f:cc:82:f0:b9:c8:
                    6d:35:55:f0:c7:56:30:f2:cb:9b:97:68:0d:43:95:
                    7f:f3:2b:11:72:a6:61:4c:8a:91:61:87:5b:35:aa:
                    da:73:53:8b:75:8c:0f:41:16:13:f8:59:48:b5:d6:
                    f1:1e:69:27:82:59:3a:d6:82:cc:f1:9d:3b:25:62:
                    f7:3c:49:40:70:91:c5:40:df:25:a4:3a:78:82:13:
                    d0:18:89:bd:7a:44:16:90:c9:92:d0:c9:f7:ef:a6:
                    5b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:6C:6B:78:AB:9D:DB:2D:7C:99:67:06:9E:91:4F:48:F7:EC:FE:C1
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/JWxreKud2y18mWcGnpFPSPfs_sE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.120.0/22
                  185.230.160.0/22
                  185.240.241.0-185.240.243.255
                IPv6:
                  2a09:6301::-2a09:6302:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:48:0c:58:55:7f:80:d3:4e:b4:2e:d5:a8:7a:0b:17:17:34:
         c6:d0:d2:41:38:70:33:e2:b2:0f:25:11:04:29:8a:9d:bc:9f:
         6e:ad:3b:83:b1:f0:e0:80:36:46:3c:f8:9b:cf:ee:65:f5:9a:
         ef:8b:8e:18:d7:ae:70:25:7d:f0:a9:a5:0e:cc:5a:69:50:b3:
         d8:b3:1d:78:93:a1:d9:db:d2:76:d0:d9:0b:e6:1a:89:43:58:
         16:b3:41:15:fd:40:ec:c6:ba:2b:f7:62:de:9b:7e:87:2a:12:
         f7:fa:d0:93:31:6a:e2:fb:72:b6:9f:49:25:49:27:55:7a:bb:
         f8:3f:d3:3f:24:95:0a:3f:d4:f9:25:00:4f:02:e8:e9:d4:b7:
         a9:0d:55:de:77:56:f8:12:2e:1f:60:96:5b:28:1d:92:06:36:
         66:88:bd:f7:b6:b7:be:b4:2c:f1:93:bd:f3:be:1e:fc:cd:a0:
         cd:8e:b4:d5:a9:b2:12:7b:4d:85:b0:16:ca:a1:80:61:77:05:
         98:da:35:18:32:4c:32:1f:da:1a:04:9f:39:eb:48:bc:ae:2f:
         11:24:37:3c:bc:1f:3e:f0:ac:dc:66:e1:2d:74:e8:17:87:22:
         41:b9:8e:dc:4e:7b:11:ba:a4:ad:83:a2:be:4f:e4:b1:8b:8e:
         f9:97:7b:af
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYjdmMOHEupzINba57Lj/pJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjMwNjIxMTA1NTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTZjNmI3OGFiOWRkYjJkN2M5OTY3MDY5ZTkxNGY0OGY3ZWNmZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusdkDuzq3dmcSwXuKfgbWZ8DQfmU
cmNyOggnvviU2gbGW9CdzQtXM0TT+JOpX2PhXX2DIIjYLKCCZ/MA1Ib5nGS9TZQU
jiXncFSAj7kk/hh0pKPBa2MEMk7MUy2AUyr6j6CVAjbV6UBpOauk8TTMnKLDmjyh
82IXSIIbhM+cGLRAQHNBuniZquNe3pcyH8K7rPyGJ7Qw0/DHQMMiKqwfzILwucht
NVXwx1Yw8subl2gNQ5V/8ysRcqZhTIqRYYdbNarac1OLdYwPQRYT+FlItdbxHmkn
glk61oLM8Z07JWL3PElAcJHFQN8lpDp4ghPQGIm9ekQWkMmS0Mn376ZbfQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFCVsa3irndstfJlnBp6RT0j37P7BMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvSld4cmVLdWQyeTE4bVdjR25wRlBTUGZzX3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAgBAIAATAaAwQCVPx4AwQC
ueagMAwDBAC58PEDBAK58PAwHQQCAAIwFzAOAwUAKgljAQMFACoJYwIDBQAqDCUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCISAxYVX+A0060LtWoegsXFzTG0NJBOHAz4rIP
JREEKYqdvJ9urTuDsfDggDZGPPibz+5l9Zrvi44Y165wJX3wqaUOzFppULPYsx14
k6HZ29J20NkL5hqJQ1gWs0EV/UDsxror92Lem36HKhL3+tCTMWri+3K2n0klSSdV
erv4P9M/JJUKP9T5JQBPAujp1LepDVXed1b4Ei4fYJZbKB2SBjZmiL33tre+tCzx
k73zvh78zaDNjrTVqbISe02FsBbKoYBhdwWY2jUYMkwyH9oaBJ8560i8ri8RJDc8
vB8+8KzcZuEtdOgXhyJBuY7cTnsRuqStg6K+T+Sxi475l3uv
-----END CERTIFICATE-----