Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/K4T8ZNq9O8KHZfP9-0YT0_fjuT0.roa
File:                     K4T8ZNq9O8KHZfP9-0YT0_fjuT0.roa (raw, json)
Hash identifier:          BmLrKDQaxiAZ2/78UsEb5agYx3d8LzWvi9Ko+GxhEPQ=
Subject key identifier:   2B:84:FC:64:DA:BD:3B:C2:87:65:F3:FD:FB:46:13:D3:F7:E3:B9:3D
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D7E6D1A18216EFB539977DD5FC02CA22C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/K4T8ZNq9O8KHZfP9-0YT0_fjuT0.roa
Signing time:             Tue 06 Feb 2024 12:38:15 +0000
ROA not before:           Tue 06 Feb 2024 12:38:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        5.182.114.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24
                          178.210.226.0/24 maxlen: 24
                          178.210.227.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          178.210.253.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 10 Feb 2024 08:41:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:6d:1a:18:21:6e:fb:53:99:77:dd:5f:c0:2c:a2:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb  6 12:38:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b84fc64dabd3bc28765f3fdfb4613d3f7e3b93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d6:5f:ed:5e:61:2c:50:96:2d:71:df:39:91:
                    d6:1c:83:2e:c6:ec:ff:96:32:36:58:62:91:21:7c:
                    c9:54:db:1e:dc:33:64:69:62:24:2f:32:f8:01:6d:
                    bb:42:aa:8a:77:3a:32:29:f2:66:15:01:1e:a3:3d:
                    1d:17:58:09:96:24:0f:d5:4a:ea:f5:8f:22:e2:43:
                    c4:52:51:9d:f6:6b:ae:a4:2c:e7:f4:76:96:2c:dd:
                    b8:16:c2:86:18:61:3f:99:dd:6b:0c:7c:8b:29:7c:
                    94:e4:da:dc:f3:d2:fd:c4:4f:b1:67:86:32:40:37:
                    e9:1f:f9:e0:ba:90:6e:72:e0:f2:2d:80:9f:70:64:
                    c7:18:73:b0:43:d4:6d:cc:52:89:35:75:ec:1e:97:
                    b5:8f:f7:21:88:0c:13:86:5c:04:cc:52:7a:72:5f:
                    df:54:b6:4e:e0:5f:17:d4:c2:8c:17:47:5a:16:ac:
                    a9:7a:80:00:72:7e:68:f3:1f:40:36:bd:c7:f1:43:
                    5b:2f:39:41:be:18:e1:18:36:93:2e:6a:fd:eb:e4:
                    e2:41:17:8a:30:79:bf:d1:01:00:e9:11:1f:5e:80:
                    56:de:21:d2:7a:67:76:bd:d2:61:43:f2:dd:38:7b:
                    e8:ae:f3:ef:7f:e9:67:ab:e0:7e:34:a8:dd:d8:03:
                    3b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:84:FC:64:DA:BD:3B:C2:87:65:F3:FD:FB:46:13:D3:F7:E3:B9:3D
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/K4T8ZNq9O8KHZfP9-0YT0_fjuT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.114.0/24
                  88.151.56.0/23
                  88.209.211.0/24
                  88.209.232.0/22
                  178.210.226.0-178.210.228.255
                  178.210.230.0/23
                  178.210.236.0/24
                  178.210.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:18:4c:bf:66:0c:8f:14:eb:d7:f7:61:7a:ab:22:c3:1d:fd:
         df:6e:8b:55:23:72:94:5c:b2:51:0a:c4:c7:58:59:7c:5a:f3:
         03:c6:bc:ab:da:8c:5a:14:0a:6a:a7:8a:ef:86:53:66:cd:08:
         9d:36:00:a8:a0:d5:ee:e9:56:ed:13:dc:2c:b4:51:ad:b8:73:
         dc:35:a6:a8:68:3b:d3:10:57:0f:a1:ff:ad:ca:5d:39:a6:e1:
         7a:9a:c1:de:3d:3f:12:f2:b8:ae:c4:62:ad:fa:da:10:3a:21:
         d9:de:7a:80:1a:d1:d7:fe:8a:4d:fb:a4:61:bc:6c:87:5d:13:
         27:2d:63:d2:65:4f:0a:97:00:c7:6f:e4:b5:00:50:0c:03:79:
         29:08:9b:14:1a:ee:b9:1c:d0:67:2c:25:45:d2:03:58:0d:08:
         06:66:58:f2:f4:72:aa:62:54:ed:c8:30:4f:32:86:0b:92:f7:
         b9:72:11:a8:6a:d0:d7:e0:ae:b4:c5:27:8c:ad:0b:12:ba:57:
         54:b0:34:b6:c6:0c:ca:35:1b:8b:ba:3d:1a:58:e5:13:0b:b5:
         2c:f5:48:0f:74:9f:95:30:65:cf:e1:55:4e:1f:6f:86:65:f3:
         1b:77:4d:14:c5:9e:da:98:1e:3e:8f:b2:bb:db:bd:95:c6:60:
         8b:85:30:7f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY1+bRoYIW77U5l33V/ALKIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMjA2MTIzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg0ZmM2NGRhYmQzYmMyODc2NWYzZmRmYjQ2MTNkM2Y3ZTNiOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktZf7V5hLFCWLXHfOZHWHIMuxuz/
ljI2WGKRIXzJVNse3DNkaWIkLzL4AW27QqqKdzoyKfJmFQEeoz0dF1gJliQP1Urq
9Y8i4kPEUlGd9muupCzn9HaWLN24FsKGGGE/md1rDHyLKXyU5Nrc89L9xE+xZ4Yy
QDfpH/ngupBucuDyLYCfcGTHGHOwQ9RtzFKJNXXsHpe1j/chiAwThlwEzFJ6cl/f
VLZO4F8X1MKMF0daFqypeoAAcn5o8x9ANr3H8UNbLzlBvhjhGDaTLmr96+TiQReK
MHm/0QEA6REfXoBW3iHSemd2vdJhQ/LdOHvorvPvf+lnq+B+NKjd2AM7fwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCuE/GTavTvCh2Xz/ftGE9P347k9MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSzRUOFpOcTlPOEtIWmZQOS0wWVQwX2ZqdVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQABbZyAwQB
WJc4AwQAWNHTAwQCWNHoMAwDBAGy0uIDBACy0uQDBAGy0uYDBACy0uwDBAGy0vww
DQYJKoZIhvcNAQELBQADggEBADUYTL9mDI8U69f3YXqrIsMd/d9ui1UjcpRcslEK
xMdYWXxa8wPGvKvajFoUCmqniu+GU2bNCJ02AKig1e7pVu0T3Cy0Ua24c9w1pqho
O9MQVw+h/63KXTmm4Xqawd49PxLyuK7EYq362hA6IdneeoAa0df+ik37pGG8bIdd
EyctY9JlTwqXAMdv5LUAUAwDeSkImxQa7rkc0GcsJUXSA1gNCAZmWPL0cqpiVO3I
ME8yhguS97lyEahq0NfgrrTFJ4ytCxK6V1SwNLbGDMo1G4u6PRpY5RMLtSz1SA90
n5UwZc/hVU4fb4Zl8xt3TRTFntqYHj6PsrvbvZXGYIuFMH8=