Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6HxS3RBXmwkffbFYWi4DlEFbrXk.roa
File:                     6HxS3RBXmwkffbFYWi4DlEFbrXk.roa (raw, json)
Hash identifier:          pVJxb7hhLsJfLjsLy1qfZ43aB822MtYBar5o/sWOQ7Q=
Subject key identifier:   E8:7C:52:DD:10:57:9B:09:1F:7D:B1:58:5A:2E:03:94:41:5B:AD:79
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01885D7A6EE4BF99D9D082988B2925F5A1D2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6HxS3RBXmwkffbFYWi4DlEFbrXk.roa
Signing time:             Sat 27 May 2023 13:51:24 +0000
ROA not before:           Sat 27 May 2023 13:51:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.229.0/24 maxlen: 24
                          88.209.245.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.168.0/22 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 28 May 2023 08:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5d:7a:6e:e4:bf:99:d9:d0:82:98:8b:29:25:f5:a1:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 27 13:51:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e87c52dd10579b091f7db1585a2e0394415bad79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d2:a0:9c:0a:69:da:ab:f5:e0:66:66:d1:90:
                    97:8e:5f:da:60:2b:fa:ea:14:ae:14:3c:2a:a0:05:
                    67:14:e8:29:0e:7c:09:8b:41:46:33:73:92:fd:9d:
                    40:06:f6:d2:c9:f4:7a:84:32:63:13:38:fc:36:02:
                    aa:9f:64:11:be:6b:3e:e5:16:40:11:92:6d:ce:45:
                    1a:35:d0:c6:ef:52:08:d0:ed:13:30:c2:0a:0f:1d:
                    04:43:88:5b:bc:4d:76:49:d9:04:8d:11:01:50:95:
                    8d:d6:21:ea:fe:af:d6:15:45:ad:6f:fb:d9:88:5b:
                    82:87:cb:d4:51:49:3d:d4:ac:3d:33:a7:5d:e6:d5:
                    b3:98:a1:6d:f4:0c:4b:81:bb:3c:56:66:a5:b9:1a:
                    c8:88:20:60:eb:95:8b:cf:3e:0c:af:a0:38:3a:49:
                    15:19:d4:ea:d3:5c:37:8e:f7:4f:be:02:10:ca:75:
                    4e:d0:fc:6c:db:ea:f1:16:15:cc:92:96:57:e6:01:
                    2c:9a:c3:15:f1:38:66:e5:85:7d:d1:6a:d7:9d:9b:
                    a1:62:ed:52:f4:4f:ac:31:c2:b1:d8:5e:b9:fb:82:
                    8c:bf:43:00:06:7e:70:c3:98:27:74:ad:ea:3d:62:
                    ae:2b:7f:25:e4:a5:80:01:60:a1:98:71:27:e6:d8:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7C:52:DD:10:57:9B:09:1F:7D:B1:58:5A:2E:03:94:41:5B:AD:79
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6HxS3RBXmwkffbFYWi4DlEFbrXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/22
                  5.182.113.0/24
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.195.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23
                  88.209.229.0/24
                  88.209.245.0/24
                  88.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:3c:63:db:ef:b6:21:a6:c4:f5:a7:98:57:db:0b:07:4e:74:
         e3:ec:97:7c:f6:06:99:54:3b:54:9d:de:08:21:e0:9f:80:95:
         0e:1c:c8:99:30:b7:3b:5d:ea:77:2e:a5:5d:a7:30:d3:74:d0:
         78:37:60:14:dd:8e:b4:2e:45:1c:fd:64:05:f8:98:09:54:39:
         40:fa:59:8f:99:0f:f4:07:88:45:81:6d:9b:2e:6f:57:99:8f:
         97:91:c1:f0:e4:02:9b:50:52:54:ff:2a:e9:a8:05:f5:9c:5f:
         eb:cb:69:a0:98:36:77:62:19:44:47:a9:1a:cf:ea:39:e8:6f:
         f4:d9:24:82:f7:ac:aa:84:fe:28:94:e4:b1:ad:ea:a8:39:61:
         08:84:9a:5d:1a:40:f5:8a:58:64:34:4a:7e:75:f8:00:30:93:
         18:5b:83:98:eb:84:42:d1:8c:99:f3:f4:ea:d0:88:57:a7:62:
         5a:a7:b6:3a:ce:da:24:4e:7d:59:57:bf:93:0f:cc:97:fe:0d:
         a9:77:05:14:96:fd:54:d5:4b:8f:c0:c8:3d:0b:77:60:e4:65:
         15:95:be:03:17:73:4b:94:da:70:2e:fe:5c:c0:72:f6:05:3f:
         8c:20:69:0c:3b:ca:2c:98:14:aa:06:3d:d0:66:6a:3e:10:98:
         8b:4e:12:bb
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYhdem7kv5nZ0IKYiykl9aHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTI3MTM1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODdjNTJkZDEwNTc5YjA5MWY3ZGIxNTg1YTJlMDM5NDQxNWJhZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9KgnApp2qv14GZm0ZCXjl/aYCv6
6hSuFDwqoAVnFOgpDnwJi0FGM3OS/Z1ABvbSyfR6hDJjEzj8NgKqn2QRvms+5RZA
EZJtzkUaNdDG71II0O0TMMIKDx0EQ4hbvE12SdkEjREBUJWN1iHq/q/WFUWtb/vZ
iFuCh8vUUUk91Kw9M6dd5tWzmKFt9AxLgbs8VmaluRrIiCBg65WLzz4Mr6A4OkkV
GdTq01w3jvdPvgIQynVO0Pxs2+rxFhXMkpZX5gEsmsMV8Thm5YV90WrXnZuhYu1S
9E+sMcKx2F65+4KMv0MABn5ww5gndK3qPWKuK38l5KWAAWChmHEn5thl4wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFOh8Ut0QV5sJH32xWFouA5RBW615MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNkh4UzNSQlhtd2tmZmJGWVdpNERsRUZiclhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQCAjqoAwQA
BbZxAwQAWJc6AwQAWJc9AwQAWNHDAwQAWNHRAwQAWNHTMAwDBABY0d0DBABY0d4D
BAFY0eADBABY0eUDBABY0fUDBAFY0fgwDQYJKoZIhvcNAQELBQADggEBAJ08Y9vv
tiGmxPWnmFfbCwdOdOPsl3z2BplUO1Sd3ggh4J+AlQ4cyJkwtztd6ncupV2nMNN0
0Hg3YBTdjrQuRRz9ZAX4mAlUOUD6WY+ZD/QHiEWBbZsub1eZj5eRwfDkAptQUlT/
KumoBfWcX+vLaaCYNndiGURHqRrP6jnob/TZJIL3rKqE/iiU5LGt6qg5YQiEml0a
QPWKWGQ0Sn51+AAwkxhbg5jrhELRjJnz9OrQiFenYlqntjrO2iROfVlXv5MPzJf+
Dal3BRSW/VTVS4/AyD0Ld2DkZRWVvgMXc0uU2nAu/lzAcvYFP4wgaQw7yiyYFKoG
PdBmaj4QmItOErs=
-----END CERTIFICATE-----