Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HHCKk0WO4bK2DU03dP-Q3EGI140.roa
File:                     HHCKk0WO4bK2DU03dP-Q3EGI140.roa (raw, json)
Hash identifier:          kh4rOej/Ck1aP6HLSj8on3iTveSyZxKWKQIo4OFcG2M=
Subject key identifier:   1C:70:8A:93:45:8E:E1:B2:B6:0D:4D:37:74:FF:90:DC:41:88:D7:8D
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0191FF31F21F5983F3CC787C44B0891A5B66
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HHCKk0WO4bK2DU03dP-Q3EGI140.roa
Signing time:             Tue 17 Sep 2024 08:55:48 +0000
ROA not before:           Tue 17 Sep 2024 08:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        2.58.171.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 14 Oct 2024 08:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:31:f2:1f:59:83:f3:cc:78:7c:44:b0:89:1a:5b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep 17 08:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c708a93458ee1b2b60d4d3774ff90dc4188d78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:84:6d:c7:2e:75:9f:c0:36:2c:ad:41:9a:ee:
                    b2:03:a5:76:9f:ea:08:14:73:9e:44:82:24:0c:3c:
                    ce:7f:3a:8d:bb:48:d0:a4:3c:b8:d8:5d:01:b4:32:
                    2b:86:3f:6e:94:80:f3:8d:4e:44:66:14:37:0b:9d:
                    20:42:3e:38:14:bf:76:15:63:b0:fb:f1:42:eb:4d:
                    6d:5b:7a:d9:55:f3:dc:9d:2d:1c:8e:79:42:2a:b9:
                    34:4d:f5:07:13:65:d0:7c:0f:05:44:05:0d:bd:82:
                    a3:04:f6:d8:c4:ca:48:80:c9:71:bd:44:7d:81:6d:
                    43:e0:a4:15:d4:78:6b:4c:dd:c8:bd:c4:f8:46:51:
                    de:7f:86:08:69:4c:b9:2a:18:43:66:fc:74:73:f9:
                    48:50:48:52:55:a7:62:82:1d:e7:1b:23:8a:bf:95:
                    f5:69:7a:4d:1f:0f:00:80:c5:f3:44:a2:bf:25:0a:
                    48:e5:31:44:0a:1d:1a:09:6b:9f:5f:17:e3:8d:98:
                    ba:91:eb:a6:22:20:58:e3:dc:e5:4c:e3:79:9b:83:
                    51:db:f7:eb:a5:6d:41:2d:1e:6f:cc:b8:66:3f:43:
                    6e:75:f4:6d:14:e7:dc:25:a3:42:81:67:fe:98:41:
                    ef:c4:ea:a9:4d:2c:78:3a:08:a2:c5:5b:71:1c:f0:
                    dd:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:70:8A:93:45:8E:E1:B2:B6:0D:4D:37:74:FF:90:DC:41:88:D7:8D
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HHCKk0WO4bK2DU03dP-Q3EGI140.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.56.0/24
                  88.151.59.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:e9:b8:b3:c2:48:20:14:2d:0c:14:0d:6d:64:2a:cc:bb:8b:
         32:63:da:2b:b4:65:7f:b8:00:ea:ee:39:85:69:44:42:43:75:
         9e:e3:f4:4e:70:80:de:01:b8:11:e0:55:c6:21:f8:9d:3a:72:
         40:10:28:a0:44:e0:f5:0d:ae:36:be:c9:35:78:0b:e7:70:0a:
         1f:c4:b1:e0:16:a3:07:1c:65:2b:7d:2d:a8:15:2d:a2:a4:73:
         91:e3:1d:4d:35:60:f5:c1:a6:75:80:a8:c3:59:2b:d7:d7:18:
         b7:59:3c:e5:bc:62:3f:09:72:64:46:6b:d8:96:c2:7b:14:a0:
         90:0c:aa:10:70:29:0e:9b:19:86:3d:99:0f:68:8a:25:01:b2:
         ce:4a:97:29:a7:0f:d1:6a:ef:b4:fa:d4:e5:e7:ad:bb:d4:ee:
         51:28:83:3e:89:47:c1:50:1e:07:11:41:2d:f6:94:e1:dd:7f:
         81:4c:4d:dc:d1:63:4e:f0:cd:e1:74:ef:f1:d3:ce:63:ae:85:
         6d:2b:dc:df:66:25:70:94:f4:94:d5:8c:2d:29:d5:aa:24:31:
         66:c1:d9:fd:92:2e:1e:2b:8e:8a:64:09:a7:f1:0e:cc:2b:a9:
         c7:49:69:64:89:c5:c8:86:76:ce:e3:30:d2:6b:20:d9:4a:5b:
         ec:30:8d:bd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZH/MfIfWYPzzHh8RLCJGltmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwOTE3MDg1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzcwOGE5MzQ1OGVlMWIyYjYwZDRkMzc3NGZmOTBkYzQxODhkNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04Rtxy51n8A2LK1Bmu6yA6V2n+oI
FHOeRIIkDDzOfzqNu0jQpDy42F0BtDIrhj9ulIDzjU5EZhQ3C50gQj44FL92FWOw
+/FC601tW3rZVfPcnS0cjnlCKrk0TfUHE2XQfA8FRAUNvYKjBPbYxMpIgMlxvUR9
gW1D4KQV1HhrTN3IvcT4RlHef4YIaUy5KhhDZvx0c/lIUEhSVadigh3nGyOKv5X1
aXpNHw8AgMXzRKK/JQpI5TFECh0aCWufXxfjjZi6keumIiBY49zlTON5m4NR2/fr
pW1BLR5vzLhmP0NudfRtFOfcJaNCgWf+mEHvxOqpTSx4OgiixVtxHPDdRQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFBxwipNFjuGytg1NN3T/kNxBiNeNMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSEhDS2swV080YksyRFUwM2RQLVEzRUdJMTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqrAwQA
WJc4AwQAWJc7AwQAWJc9AwQAWNHAAwQAWNHPAwQAWNHRMAwDBABY0d0DBABY0d4D
BAFY0eAwDQYJKoZIhvcNAQELBQADggEBAB3puLPCSCAULQwUDW1kKsy7izJj2iu0
ZX+4AOruOYVpREJDdZ7j9E5wgN4BuBHgVcYh+J06ckAQKKBE4PUNrja+yTV4C+dw
Ch/EseAWowccZSt9LagVLaKkc5HjHU01YPXBpnWAqMNZK9fXGLdZPOW8Yj8JcmRG
a9iWwnsUoJAMqhBwKQ6bGYY9mQ9oiiUBss5KlymnD9Fq77T61OXnrbvU7lEogz6J
R8FQHgcRQS32lOHdf4FMTdzRY07wzeF07/HTzmOuhW0r3N9mJXCU9JTVjC0p1aok
MWbB2f2SLh4rjopkCafxDswrqcdJaWSJxciGds7jMNJrINlKW+wwjb0=
-----END CERTIFICATE-----