Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/LxMLVqI8Gdto4HwnkCD9RfH2EcU.roa
File:                     LxMLVqI8Gdto4HwnkCD9RfH2EcU.roa (raw, json)
Hash identifier:          Ia0iX9dOy+MMqhBe7u0wn6W/grPvio4xIHLo1e/tGQ0=
Subject key identifier:   2F:13:0B:56:A2:3C:19:DB:68:E0:7C:27:90:20:FD:45:F1:F6:11:C5
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FB99AC4C8EAB2E1C86AA104B3F9DB2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/LxMLVqI8Gdto4HwnkCD9RfH2EcU.roa
Signing time:             Wed 01 Jan 2025 17:48:21 +0000
ROA not before:           Wed 01 Jan 2025 17:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        2.58.171.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 03 Mar 2025 07:39:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:99:ac:4c:8e:ab:2e:1c:86:aa:10:4b:3f:9d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f130b56a23c19db68e07c279020fd45f1f611c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:60:e8:26:06:f0:40:ce:0f:3f:e2:45:88:
                    cb:fe:5a:aa:64:01:5c:a4:e5:0f:09:bc:77:81:87:
                    17:77:b4:a9:81:15:ce:ee:2e:c7:35:e0:11:90:01:
                    c8:f5:a4:b8:a4:16:b3:d4:86:7b:d0:e5:8e:87:38:
                    a0:ff:07:1a:2c:f4:1e:e3:35:9d:3e:bb:0e:12:ba:
                    94:b7:95:ee:e4:4f:dc:d3:73:b5:00:d7:e5:98:31:
                    66:c4:9e:33:c9:83:2d:a2:38:c0:a3:77:83:01:d8:
                    11:34:be:2b:48:ee:dc:77:1d:46:3a:a5:29:68:88:
                    dd:d0:be:57:fc:71:fe:14:c5:87:3f:cb:6e:f1:b9:
                    00:4d:8d:27:27:0f:c3:98:69:e8:8f:59:78:9f:4f:
                    f3:9f:c7:27:5b:3a:31:12:d9:86:75:90:42:61:45:
                    b3:ca:6d:86:cb:9d:e9:57:78:9d:74:69:e5:7f:98:
                    69:ab:b9:68:38:50:c9:13:9b:bc:d2:41:bd:e3:2a:
                    d8:d7:93:4c:c2:e5:40:9a:13:40:66:cf:63:53:8f:
                    02:69:df:ba:e7:67:e5:55:40:52:27:0a:d7:c5:45:
                    44:a7:e3:57:08:51:10:dd:57:44:79:b7:9c:85:e7:
                    26:4f:11:33:83:3c:ce:83:5c:3b:8f:e0:56:2b:9a:
                    1d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:13:0B:56:A2:3C:19:DB:68:E0:7C:27:90:20:FD:45:F1:F6:11:C5
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/LxMLVqI8Gdto4HwnkCD9RfH2EcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.56.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:39:b0:75:08:b7:dd:d8:1f:9b:63:1e:46:40:f2:a7:dd:1d:
         3a:df:fc:bc:6a:da:b3:95:ed:d7:37:03:7a:5a:2c:2d:c8:a7:
         b2:0c:ee:60:e2:6b:87:fe:b8:15:e0:58:f1:2b:90:ca:cb:93:
         93:cd:e0:30:8a:87:6c:33:dd:6b:89:db:31:c3:81:e0:93:4f:
         75:da:d1:3c:ad:30:ec:9f:83:71:ce:a2:d7:f1:d1:ff:ba:8d:
         b0:b8:1a:c7:7c:86:52:80:52:fe:20:f7:ad:38:73:47:8e:4d:
         18:4b:25:4a:4a:d9:5e:52:20:8d:54:64:9f:51:31:1b:0a:5f:
         d1:7e:36:88:82:a4:39:43:21:7e:0e:4f:30:be:a3:4a:db:c7:
         24:18:37:ab:df:f8:b8:94:0b:b2:17:01:98:4a:58:95:ec:70:
         08:5f:30:70:26:46:0c:04:1d:9d:39:cb:bb:37:e0:70:8b:45:
         d1:07:3c:b5:8e:9a:2c:d4:58:75:f7:27:66:e8:74:87:c2:f8:
         94:87:02:74:e5:c8:3d:0e:da:f4:ff:4e:18:6f:76:8b:fe:b8:
         af:08:d0:e9:71:9d:ef:f0:6d:0f:b6:3a:a7:dc:4f:d6:ea:37:
         d6:84:af:87:a8:e5:18:f0:17:83:0d:c2:9e:26:a1:5c:ca:ac:
         04:7e:72:ad
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQi+5msTI6rLhyGqhBLP52yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjEzMGI1NmEyM2MxOWRiNjhlMDdjMjc5MDIwZmQ0NWYxZjYxMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFxg6CYG8EDODz/iRYjL/lqqZAFc
pOUPCbx3gYcXd7SpgRXO7i7HNeARkAHI9aS4pBaz1IZ70OWOhzig/wcaLPQe4zWd
PrsOErqUt5Xu5E/c03O1ANflmDFmxJ4zyYMtojjAo3eDAdgRNL4rSO7cdx1GOqUp
aIjd0L5X/HH+FMWHP8tu8bkATY0nJw/DmGnoj1l4n0/zn8cnWzoxEtmGdZBCYUWz
ym2Gy53pV3iddGnlf5hpq7loOFDJE5u80kG94yrY15NMwuVAmhNAZs9jU48Cad+6
52flVUBSJwrXxUVEp+NXCFEQ3VdEebechecmTxEzgzzOg1w7j+BWK5odqQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFC8TC1aiPBnbaOB8J5Ag/UXx9hHFMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTHhNTFZxSThHZHRvNEh3bmtDRDlSZkgyRWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAAjqrAwQA
WJc4AwQAWJc9AwQAWNHAAwQAWNHPAwQAWNHRMAwDBABY0d0DBABY0d4DBAFY0eAw
DQYJKoZIhvcNAQELBQADggEBAC45sHUIt93YH5tjHkZA8qfdHTrf/Lxq2rOV7dc3
A3paLC3Ip7IM7mDia4f+uBXgWPErkMrLk5PN4DCKh2wz3WuJ2zHDgeCTT3Xa0Tyt
MOyfg3HOotfx0f+6jbC4Gsd8hlKAUv4g9604c0eOTRhLJUpK2V5SII1UZJ9RMRsK
X9F+NoiCpDlDIX4OTzC+o0rbxyQYN6vf+LiUC7IXAZhKWJXscAhfMHAmRgwEHZ05
y7s34HCLRdEHPLWOmizUWHX3J2bodIfC+JSHAnTlyD0O2vT/Thhvdov+uK8I0Olx
ne/wbQ+2OqfcT9bqN9aEr4eo5RjwF4MNwp4moVzKrAR+cq0=
-----END CERTIFICATE-----