Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A1_uxRoeptqgMKMqNWAOHFJAyAg.roa
File:                     A1_uxRoeptqgMKMqNWAOHFJAyAg.roa (raw, json)
Hash identifier:          buUpQfIN7Aizj+ZZEfqN/PN2ZWSws1cHe03KiQ6E9jI=
Subject key identifier:   03:5F:EE:C5:1A:1E:A6:DA:A0:30:A3:2A:35:60:0E:1C:52:40:C8:08
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01914636F6EEE8069DE8247C4F105769B103
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A1_uxRoeptqgMKMqNWAOHFJAyAg.roa
Signing time:             Mon 12 Aug 2024 10:51:32 +0000
ROA not before:           Mon 12 Aug 2024 10:51:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        5.182.114.0/24 maxlen: 24
                          77.242.146.0/23 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          88.209.203.0/24 maxlen: 24
                          88.209.229.0/24 maxlen: 24
                          88.209.230.0/24 maxlen: 24
                          88.209.232.0/24 maxlen: 24
                          88.209.233.0/24 maxlen: 24
                          88.209.234.0/24 maxlen: 24
                          88.209.235.0/24 maxlen: 24
                          88.209.255.0/24 maxlen: 24
                          92.52.214.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 18 Sep 2024 10:09:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:36:f6:ee:e8:06:9d:e8:24:7c:4f:10:57:69:b1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug 12 10:51:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=035feec51a1ea6daa030a32a35600e1c5240c808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9c:de:82:6d:77:b0:7c:fa:77:44:2d:50:30:
                    89:db:79:ed:fb:40:60:c2:a0:4f:75:30:f1:e2:d5:
                    7f:93:63:77:2b:da:bc:c6:46:61:97:fb:a9:7e:34:
                    04:ce:fb:de:fd:f5:65:c6:3d:b6:11:b5:a5:ad:c8:
                    65:d0:0d:bf:38:90:a3:0e:18:2b:13:58:d9:11:1b:
                    30:4c:aa:32:82:51:ab:cb:da:70:88:3a:ac:05:6d:
                    50:da:eb:92:db:7a:5b:1c:8b:4f:59:c2:04:4e:1b:
                    4a:bb:84:8d:8b:6d:b7:01:36:b8:27:b0:d0:9a:02:
                    41:f1:96:9e:10:12:f9:a7:d1:c5:b4:2c:6b:ae:cb:
                    a1:b1:d6:62:d3:0e:d8:80:cc:4a:c2:18:74:28:05:
                    b6:cd:c9:37:49:9a:0e:02:1f:ca:e3:63:e7:81:02:
                    51:3b:8c:3f:9d:d0:f3:63:68:d3:61:96:92:c6:f5:
                    a9:20:4a:cb:c3:0a:89:c8:38:a6:38:e5:24:b9:83:
                    d3:e8:58:54:f8:bc:cc:ac:1c:01:9c:46:a8:03:92:
                    12:74:90:2c:32:d2:05:86:47:0d:3c:94:24:39:fe:
                    91:bb:8c:c7:6b:74:0e:41:79:e4:e4:60:b5:f4:49:
                    31:e9:7d:27:91:c5:d2:0b:ec:c0:33:66:c3:10:4f:
                    69:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5F:EE:C5:1A:1E:A6:DA:A0:30:A3:2A:35:60:0E:1C:52:40:C8:08
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A1_uxRoeptqgMKMqNWAOHFJAyAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.114.0/24
                  77.242.146.0/23
                  77.242.159.0/24
                  88.151.63.0/24
                  88.209.203.0/24
                  88.209.229.0-88.209.230.255
                  88.209.232.0/22
                  88.209.255.0/24
                  92.52.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f8:60:fb:d0:f1:82:99:78:d8:39:87:2b:af:63:99:d9:72:
         d3:2e:0f:5d:01:7f:70:a4:77:c0:25:7a:9d:d9:0b:5a:e6:96:
         03:08:38:99:c7:e5:46:a3:d9:f9:d2:74:7a:14:66:47:4c:fb:
         0b:bb:09:4e:33:f6:d3:27:ac:80:33:5d:1f:15:ed:13:91:19:
         c8:8b:fd:e0:e0:49:e8:1f:4a:65:3b:2a:dd:ab:10:2c:78:e8:
         68:d8:8a:d3:4e:22:ab:1f:5b:8b:4e:5c:7f:63:5b:c2:c0:09:
         39:29:f7:dd:a1:a1:1e:03:88:58:da:3d:ba:56:cb:cd:a3:99:
         95:f7:5c:97:b4:9a:26:01:f8:7e:88:bb:00:ec:79:61:22:49:
         df:02:90:61:9a:af:52:21:94:f4:f7:74:47:08:30:68:cc:f5:
         3c:31:08:3a:87:c6:db:db:99:b8:8a:f1:ec:2f:6a:00:a1:95:
         ca:e7:d8:92:53:0f:d3:2c:19:99:88:c0:77:33:6f:75:4d:ff:
         0e:1f:77:d1:f2:a0:21:fe:46:63:58:42:39:9f:a0:be:3c:a6:
         db:d2:28:2b:35:26:6b:d2:33:40:b6:96:6d:87:e4:b2:d7:9e:
         9b:4c:03:fd:5e:28:63:bb:8c:ca:4e:ac:10:eb:cb:7b:9c:d4:
         92:fd:da:41
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZFGNvbu6Aad6CR8TxBXabEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwODEyMTA1MTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzVmZWVjNTFhMWVhNmRhYTAzMGEzMmEzNTYwMGUxYzUyNDBjODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5zegm13sHz6d0QtUDCJ23nt+0Bg
wqBPdTDx4tV/k2N3K9q8xkZhl/upfjQEzvve/fVlxj22EbWlrchl0A2/OJCjDhgr
E1jZERswTKoyglGry9pwiDqsBW1Q2uuS23pbHItPWcIEThtKu4SNi223ATa4J7DQ
mgJB8ZaeEBL5p9HFtCxrrsuhsdZi0w7YgMxKwhh0KAW2zck3SZoOAh/K42PngQJR
O4w/ndDzY2jTYZaSxvWpIErLwwqJyDimOOUkuYPT6FhU+LzMrBwBnEaoA5ISdJAs
MtIFhkcNPJQkOf6Ru4zHa3QOQXnk5GC19Ekx6X0nkcXSC+zAM2bDEE9peQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFANf7sUaHqbaoDCjKjVgDhxSQMgIMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQTFfdXhSb2VwdHFnTUtNcU5XQU9IRkpBeUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABbZyAwQB
TfKSAwQATfKfAwQAWJc/AwQAWNHLMAwDBABY0eUDBABY0eYDBAJY0egDBABY0f8D
BABcNNYwDQYJKoZIhvcNAQELBQADggEBABz4YPvQ8YKZeNg5hyuvY5nZctMuD10B
f3Ckd8Alep3ZC1rmlgMIOJnH5Uaj2fnSdHoUZkdM+wu7CU4z9tMnrIAzXR8V7ROR
GciL/eDgSegfSmU7Kt2rECx46GjYitNOIqsfW4tOXH9jW8LACTkp992hoR4DiFja
PbpWy82jmZX3XJe0miYB+H6IuwDseWEiSd8CkGGar1IhlPT3dEcIMGjM9TwxCDqH
xtvbmbiK8ewvagChlcrn2JJTD9MsGZmIwHczb3VN/w4fd9HyoCH+RmNYQjmfoL48
ptvSKCs1JmvSM0C2lm2H5LLXnptMA/1eKGO7jMpOrBDry3uc1JL92kE=
-----END CERTIFICATE-----