Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WWem5aZBtYjhoNKwH7W7TN_xDtk.roa
File:                     WWem5aZBtYjhoNKwH7W7TN_xDtk.roa (raw, json)
Hash identifier:          03HfepIMkP6XouWsNCbEXqY3WNJFGqIeWv7/CV0p1kk=
Subject key identifier:   59:67:A6:E5:A6:41:B5:88:E1:A0:D2:B0:1F:B5:BB:4C:DF:F1:0E:D9
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CF937EB7CB017EFDDAEC75873BAE088C6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WWem5aZBtYjhoNKwH7W7TN_xDtk.roa
Signing time:             Thu 11 Jan 2024 15:50:40 +0000
ROA not before:           Thu 11 Jan 2024 15:50:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        88.209.232.0/24 maxlen: 24
                          88.209.233.0/24 maxlen: 24
                          88.209.229.0/24 maxlen: 24
                          88.209.230.0/24 maxlen: 24
                          92.52.214.0/24 maxlen: 24
                          88.209.234.0/24 maxlen: 24
                          88.209.235.0/24 maxlen: 24
                          88.209.255.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          88.209.203.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Mar 2024 13:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f9:37:eb:7c:b0:17:ef:dd:ae:c7:58:73:ba:e0:88:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 11 15:50:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5967a6e5a641b588e1a0d2b01fb5bb4cdff10ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d7:60:97:1d:65:6b:e9:df:5c:bc:f1:2d:25:
                    81:0e:15:e8:14:a2:b6:4f:f2:7a:6b:bc:83:ee:1b:
                    71:b5:d4:5a:86:da:78:d5:fe:ec:ea:3c:e9:45:8f:
                    d4:55:17:86:22:c8:3c:21:2f:cd:0b:90:91:ba:03:
                    9a:d3:db:f3:00:18:fe:ed:2e:42:27:f6:05:37:ff:
                    22:ac:0b:27:b5:28:23:be:b7:29:f8:d9:32:8f:17:
                    93:02:79:dc:42:a0:16:69:a5:45:9d:20:c5:bc:ae:
                    83:59:64:c3:03:34:cc:9d:f0:ac:15:94:61:07:1f:
                    0f:b2:98:95:a6:79:33:03:52:76:32:52:59:57:d7:
                    2c:ed:7d:47:4a:05:2d:c3:2b:21:8b:08:7f:87:d9:
                    d0:7c:a5:b8:54:0a:76:95:67:15:00:4a:a8:71:06:
                    3c:68:23:95:1f:f8:40:e2:a9:a8:6c:8d:8a:66:70:
                    f8:cc:db:97:d9:d4:f5:b8:8f:4f:8b:a3:f1:80:8d:
                    49:1d:16:11:ad:18:83:50:55:7f:20:27:fd:8f:28:
                    fe:99:25:4c:c0:43:3d:37:e4:09:de:56:bf:10:0b:
                    1b:44:cc:cd:7f:87:4f:9e:08:f8:49:80:e4:c0:f0:
                    01:53:fc:4f:89:ce:3e:6a:3c:7a:e5:f7:65:16:35:
                    36:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:67:A6:E5:A6:41:B5:88:E1:A0:D2:B0:1F:B5:BB:4C:DF:F1:0E:D9
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WWem5aZBtYjhoNKwH7W7TN_xDtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.159.0/24
                  88.151.63.0/24
                  88.209.203.0/24
                  88.209.229.0-88.209.230.255
                  88.209.232.0/22
                  88.209.255.0/24
                  92.52.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:9e:a9:dd:e3:75:4f:04:28:ac:80:2c:36:5f:73:91:76:47:
         26:49:17:de:00:3f:f2:78:4f:a5:44:0f:60:2c:92:ba:fd:c2:
         e9:c9:3d:0d:c0:87:e0:36:62:80:56:48:b7:51:f7:59:15:e0:
         87:09:e6:fa:de:c5:f8:68:3f:ef:22:e5:eb:58:ab:65:87:38:
         00:84:48:bf:f2:6f:62:86:89:13:1c:7c:6b:22:67:02:86:c8:
         72:32:37:16:eb:e9:57:59:5a:bf:18:d4:6d:6d:1d:d5:91:8f:
         60:6f:06:fc:f7:f8:11:20:2d:3e:81:3e:db:d7:fa:9a:c2:6c:
         7e:d3:d2:a7:e8:ef:51:6a:bc:5f:f8:ee:a7:5d:c6:c7:4a:b5:
         29:99:69:be:d0:4d:0c:77:f5:9a:20:0f:00:57:ed:01:12:3c:
         9f:80:db:e7:9e:4e:c7:00:c3:83:0e:18:2f:a1:51:8f:7d:eb:
         17:22:3e:96:32:b2:fc:29:e7:06:72:dc:96:9d:a4:ea:15:70:
         25:c7:a7:3c:19:a2:06:fa:c5:fb:1a:0a:92:f7:8e:ce:d1:f4:
         db:a1:45:6a:e2:2f:99:22:88:de:c7:9f:3a:bd:9a:e1:35:56:
         88:1f:b1:6f:c8:ae:a3:4c:2b:c8:99:b3:38:32:16:2e:ff:02:
         a2:95:79:42
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYz5N+t8sBfv3a7HWHO64IjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTExMTU1MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTY3YTZlNWE2NDFiNTg4ZTFhMGQyYjAxZmI1YmI0Y2RmZjEwZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNdglx1la+nfXLzxLSWBDhXoFKK2
T/J6a7yD7htxtdRahtp41f7s6jzpRY/UVReGIsg8IS/NC5CRugOa09vzABj+7S5C
J/YFN/8irAsntSgjvrcp+NkyjxeTAnncQqAWaaVFnSDFvK6DWWTDAzTMnfCsFZRh
Bx8PspiVpnkzA1J2MlJZV9cs7X1HSgUtwyshiwh/h9nQfKW4VAp2lWcVAEqocQY8
aCOVH/hA4qmobI2KZnD4zNuX2dT1uI9Pi6PxgI1JHRYRrRiDUFV/ICf9jyj+mSVM
wEM9N+QJ3la/EAsbRMzNf4dPngj4SYDkwPABU/xPic4+ajx65fdlFjU2BwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFlnpuWmQbWI4aDSsB+1u0zf8Q7ZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvV1dlbTVhWkJ0WWpob05Ld0g3VzdUTl94RHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQATfKfAwQA
WJc/AwQAWNHLMAwDBABY0eUDBABY0eYDBAJY0egDBABY0f8DBABcNNYwDQYJKoZI
hvcNAQELBQADggEBAI2eqd3jdU8EKKyALDZfc5F2RyZJF94AP/J4T6VED2Askrr9
wunJPQ3Ah+A2YoBWSLdR91kV4IcJ5vrexfhoP+8i5etYq2WHOACESL/yb2KGiRMc
fGsiZwKGyHIyNxbr6VdZWr8Y1G1tHdWRj2BvBvz3+BEgLT6BPtvX+prCbH7T0qfo
71FqvF/47qddxsdKtSmZab7QTQx39ZogDwBX7QESPJ+A2+eeTscAw4MOGC+hUY99
6xciPpYysvwp5wZy3JadpOoVcCXHpzwZogb6xfsaCpL3js7R9NuhRWriL5kiiN7H
nzq9muE1VogfsW/IrqNMK8iZszgyFi7/AqKVeUI=
-----END CERTIFICATE-----