Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PxQEjnXPf73DgY27ZyfD8g1S_LQ.roa
File:                     PxQEjnXPf73DgY27ZyfD8g1S_LQ.roa (raw, json)
Hash identifier:          csBNOBJXNBrGcUXMkKZ1jMs5iUfEYKKTTcuL+q5CeXw=
Subject key identifier:   3F:14:04:8E:75:CF:7F:BD:C3:81:8D:BB:67:27:C3:F2:0D:52:FC:B4
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018862A81D52231B090950B19C473E5D388A
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PxQEjnXPf73DgY27ZyfD8g1S_LQ.roa
Signing time:             Sun 28 May 2023 13:59:24 +0000
ROA not before:           Sun 28 May 2023 13:59:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.245.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.168.0/22 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:62:a8:1d:52:23:1b:09:09:50:b1:9c:47:3e:5d:38:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 28 13:59:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f14048e75cf7fbdc3818dbb6727c3f20d52fcb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:b2:db:8d:59:f7:94:19:74:9b:e0:e5:65:
                    f9:49:4c:98:55:6f:ba:e8:ba:73:1d:bb:85:cb:68:
                    34:85:d6:f8:e4:02:33:5e:43:9d:2a:f6:7c:e9:2e:
                    4b:04:4d:ed:1e:37:a7:42:73:cd:e4:19:d0:d1:56:
                    8b:0a:b3:e3:42:45:1a:7f:1d:6d:7d:50:66:91:f4:
                    30:c1:f6:91:ba:1a:8c:63:30:f5:21:a6:30:f2:12:
                    e0:c5:80:c3:fe:00:93:54:01:dd:41:c9:bf:ae:83:
                    43:94:f5:08:fd:41:1d:da:6d:e9:96:10:72:0d:d7:
                    49:7d:25:92:78:b5:fd:59:9b:96:d0:ec:1c:62:b8:
                    52:22:ce:19:9c:12:98:1d:c9:4a:77:2c:48:9a:76:
                    23:51:2b:1b:69:5b:3c:97:4b:b7:d6:ca:5c:76:e7:
                    c9:97:70:7a:7a:e7:7c:7e:f5:f6:e2:10:a8:5f:3a:
                    dd:55:a6:3a:b6:a4:6e:90:f7:e4:ce:3e:ae:07:c4:
                    e8:d8:89:1b:e9:7e:32:05:e1:47:06:58:56:1e:99:
                    e3:36:85:0b:69:b4:c5:cd:2c:76:ff:0c:a4:ff:bd:
                    8c:7d:2c:0b:c4:90:51:a8:b0:48:e5:78:5f:0d:f7:
                    2f:90:ca:12:df:ff:da:a2:af:fd:ec:c6:23:ea:ec:
                    aa:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:14:04:8E:75:CF:7F:BD:C3:81:8D:BB:67:27:C3:F2:0D:52:FC:B4
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/PxQEjnXPf73DgY27ZyfD8g1S_LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/22
                  5.182.113.0/24
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.195.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.220.0-88.209.222.255
                  88.209.224.0/23
                  88.209.245.0/24
                  88.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:9d:11:2e:f5:e2:de:ff:96:8d:4e:ac:64:6b:83:5b:b9:ba:
         9c:c5:b4:9c:7d:ee:aa:0f:41:f5:94:02:8b:f5:48:a8:d1:85:
         05:fd:e9:be:63:0d:cb:9c:2d:ac:e5:ae:5d:3f:ba:15:9f:60:
         86:a9:b3:07:e4:ce:fb:05:f2:5f:dd:b1:5b:5f:07:eb:51:2c:
         20:50:48:29:44:f2:47:53:f5:2e:21:80:19:1e:95:48:7f:f4:
         52:06:ef:4e:3e:5b:89:fd:23:59:4a:10:64:9c:c7:a0:70:57:
         cb:bb:c9:0b:c1:8d:38:2d:39:f1:0e:b6:10:64:fe:52:3e:d1:
         74:d7:0d:f3:9e:7f:63:19:86:b1:28:85:0b:34:d1:b5:af:9d:
         bb:16:38:df:89:7f:7b:64:b0:1b:3d:ad:c9:34:d9:b5:43:36:
         39:e9:fb:5b:7a:4d:1b:42:c4:61:8b:48:45:71:53:1f:cf:9f:
         7e:eb:43:f3:6e:2a:c4:ca:17:6c:a7:f2:ad:d8:19:12:1f:74:
         0d:04:28:e7:18:ff:ff:69:cb:7a:49:9c:d8:0a:65:83:a1:54:
         01:a0:f0:32:91:b7:ae:88:9f:3d:77:c6:c0:cf:fc:10:99:d1:
         f5:07:40:de:82:07:b0:72:9e:0a:38:6f:21:5d:af:02:ff:36:
         7f:00:fc:da
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYhiqB1SIxsJCVCxnEc+XTiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTI4MTM1OTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjE0MDQ4ZTc1Y2Y3ZmJkYzM4MThkYmI2NzI3YzNmMjBkNTJmY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimGy241Z95QZdJvg5WX5SUyYVW+6
6LpzHbuFy2g0hdb45AIzXkOdKvZ86S5LBE3tHjenQnPN5BnQ0VaLCrPjQkUafx1t
fVBmkfQwwfaRuhqMYzD1IaYw8hLgxYDD/gCTVAHdQcm/roNDlPUI/UEd2m3plhBy
DddJfSWSeLX9WZuW0OwcYrhSIs4ZnBKYHclKdyxImnYjUSsbaVs8l0u31spcdufJ
l3B6eud8fvX24hCoXzrdVaY6tqRukPfkzj6uB8To2Ikb6X4yBeFHBlhWHpnjNoUL
abTFzSx2/wyk/72MfSwLxJBRqLBI5XhfDfcvkMoS3//aoq/97MYj6uyqeQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFD8UBI51z3+9w4GNu2cnw/INUvy0MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUHhRRWpuWFBmNzNEZ1kyN1p5ZkQ4ZzFTX0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQCAjqoAwQA
BbZxAwQAWJc6AwQAWJc9AwQAWNHDAwQAWNHRAwQAWNHTMAwDBAJY0dwDBABY0d4D
BAFY0eADBABY0fUDBAFY0fgwDQYJKoZIhvcNAQELBQADggEBAFidES714t7/lo1O
rGRrg1u5upzFtJx97qoPQfWUAov1SKjRhQX96b5jDcucLazlrl0/uhWfYIapswfk
zvsF8l/dsVtfB+tRLCBQSClE8kdT9S4hgBkelUh/9FIG704+W4n9I1lKEGScx6Bw
V8u7yQvBjTgtOfEOthBk/lI+0XTXDfOef2MZhrEohQs00bWvnbsWON+Jf3tksBs9
rck02bVDNjnp+1t6TRtCxGGLSEVxUx/Pn37rQ/NuKsTKF2yn8q3YGRIfdA0EKOcY
//9py3pJnNgKZYOhVAGg8DKRt66Inz13xsDP/BCZ0fUHQN6CB7Byngo4byFdrwL/
Nn8A/No=
-----END CERTIFICATE-----