Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dglvjsk2_O02vZErm2cW_re5Sgs.roa
File:                     dglvjsk2_O02vZErm2cW_re5Sgs.roa (raw, json)
Hash identifier:          nCS8y0LQMvr8MXWtmgUeLuy3Dge6Vh3LCFBw+cbH0qw=
Subject key identifier:   76:09:6F:8E:C9:36:FC:ED:36:BD:91:2B:9B:67:16:FE:B7:B9:4A:0B
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CDD95C18533271B3DFA0F080AD51BEB8B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dglvjsk2_O02vZErm2cW_re5Sgs.roa
Signing time:             Sat 06 Jan 2024 07:03:48 +0000
ROA not before:           Sat 06 Jan 2024 07:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        83.137.159.0/24 maxlen: 24
                          88.151.57.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          77.242.156.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          2.58.170.0/24 maxlen: 24
                          2.58.169.0/24 maxlen: 24
                          5.182.114.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 06 Feb 2024 12:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:dd:95:c1:85:33:27:1b:3d:fa:0f:08:0a:d5:1b:eb:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  6 07:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76096f8ec936fced36bd912b9b6716feb7b94a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ac:d2:32:b8:ee:f0:c0:a0:36:b7:e0:38:11:
                    80:10:07:3b:0f:a4:56:70:0f:22:08:09:b2:e8:ca:
                    2d:92:96:3d:30:c3:ca:37:ef:04:ec:d8:04:81:87:
                    e8:e3:2d:fa:b4:a2:b4:08:17:20:b1:58:f4:46:c7:
                    e9:30:25:3c:ea:cf:6c:9f:2d:7b:7d:93:85:52:c9:
                    16:93:e3:f9:9e:cb:e4:ec:df:8e:13:ec:75:49:0e:
                    49:a5:0f:97:b9:1d:62:1e:7b:17:a7:eb:47:06:c4:
                    f8:3a:1c:d8:b0:ea:05:85:1b:cc:a9:d7:b4:8d:7e:
                    48:f0:0b:c4:99:cf:d9:41:64:75:c1:02:c8:09:09:
                    33:d1:56:64:34:e2:ea:62:fb:11:af:47:b0:25:80:
                    24:e2:c3:51:15:93:14:03:b3:4c:7b:c9:c7:0d:b4:
                    7c:c6:43:54:ed:13:85:96:79:60:42:f5:2b:09:bf:
                    2d:96:d2:27:9c:8b:47:5a:65:98:62:ad:1c:fc:d2:
                    e6:40:f8:b7:48:51:e1:db:2e:1c:b9:23:91:41:21:
                    93:98:44:9a:42:0a:e0:91:58:ba:55:23:98:67:b3:
                    95:38:cd:84:01:17:0c:a0:60:fa:e8:75:60:73:27:
                    7f:c0:b5:c8:ab:bc:f3:d7:c3:38:0e:b8:d9:e9:6a:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:09:6F:8E:C9:36:FC:ED:36:BD:91:2B:9B:67:16:FE:B7:B9:4A:0B
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/dglvjsk2_O02vZErm2cW_re5Sgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0-2.58.170.255
                  5.182.114.0/24
                  77.242.156.0/24
                  77.242.158.0/24
                  83.137.159.0/24
                  88.151.57.0-88.151.58.255
                  88.209.195.0/24
                  88.209.217.0/24
                  88.209.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:e9:fc:b0:0b:f4:eb:3c:89:58:f6:8b:c7:25:c0:61:45:db:
         48:84:78:5a:b5:0c:74:69:3a:33:e9:5c:da:27:fb:44:a4:e1:
         9b:81:d3:d1:a6:c4:48:bc:82:c5:74:8b:c9:b4:fa:d2:d9:0f:
         d4:4a:30:f1:07:97:04:93:e4:40:d0:d2:b8:7a:28:1e:c4:0a:
         75:d6:af:e5:a4:aa:d5:8c:44:0e:bd:61:f3:d8:41:50:58:d9:
         fb:33:30:55:43:c3:d8:a3:c9:8e:ee:25:34:89:ea:d2:a5:02:
         25:cb:be:b5:a0:96:06:4d:61:1f:26:2a:d6:0b:85:65:46:c3:
         1c:b6:bb:dd:5a:5a:7f:d0:5b:41:c8:cf:7f:04:5c:c9:7c:05:
         3b:6a:ac:68:e4:29:c8:26:c8:ac:bb:e4:02:e9:3e:57:2c:89:
         af:79:2f:07:61:ab:4c:47:81:99:13:d3:56:f1:a9:f9:5f:5f:
         12:39:21:94:e2:ff:b5:8c:46:e0:83:1a:37:e6:7c:d0:67:99:
         6a:4b:1b:ae:f4:5d:3a:e6:03:f0:da:59:26:ff:b9:f4:a0:10:
         64:22:08:24:20:39:97:ec:5e:6c:a5:81:f5:87:de:90:3d:6f:
         a7:c5:0e:5a:a8:1f:dc:db:32:07:0e:f9:c2:18:10:a2:21:8f:
         a2:fb:f4:46
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzdlcGFMycbPfoPCArVG+uLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTA2MDcwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjA5NmY4ZWM5MzZmY2VkMzZiZDkxMmI5YjY3MTZmZWI3Yjk0YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KzSMrju8MCgNrfgOBGAEAc7D6RW
cA8iCAmy6MotkpY9MMPKN+8E7NgEgYfo4y36tKK0CBcgsVj0RsfpMCU86s9sny17
fZOFUskWk+P5nsvk7N+OE+x1SQ5JpQ+XuR1iHnsXp+tHBsT4OhzYsOoFhRvMqde0
jX5I8AvEmc/ZQWR1wQLICQkz0VZkNOLqYvsRr0ewJYAk4sNRFZMUA7NMe8nHDbR8
xkNU7ROFlnlgQvUrCb8tltInnItHWmWYYq0c/NLmQPi3SFHh2y4cuSORQSGTmESa
QgrgkVi6VSOYZ7OVOM2EARcMoGD66HVgcyd/wLXIq7zz18M4DrjZ6WpFwQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHYJb47JNvztNr2RK5tnFv63uUoLMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZGdsdmpzazJfTzAydlpFcm0yY1dfcmU1U2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAMCOqgD
BAACOqoDBAAFtnIDBABN8pwDBABN8p4DBABTiZ8wDAMEAFiXOQMEAFiXOgMEAFjR
wwMEAFjR2QMEAFjR4jANBgkqhkiG9w0BAQsFAAOCAQEAXun8sAv06zyJWPaLxyXA
YUXbSIR4WrUMdGk6M+lc2if7RKThm4HT0abESLyCxXSLybT60tkP1Eow8QeXBJPk
QNDSuHooHsQKddav5aSq1YxEDr1h89hBUFjZ+zMwVUPD2KPJju4lNInq0qUCJcu+
taCWBk1hHyYq1guFZUbDHLa73Vpaf9BbQcjPfwRcyXwFO2qsaOQpyCbIrLvkAuk+
VyyJr3kvB2GrTEeBmRPTVvGp+V9fEjkhlOL/tYxG4IMaN+Z80GeZaksbrvRdOuYD
8NpZJv+59KAQZCIIJCA5l+xebKWB9YfekD1vp8UOWqgf3NsyBw75whgQoiGPovv0
Rg==
-----END CERTIFICATE-----