Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/duKqy_RxAqvH2yN4A9riHhBGhOU.roa
File:                     duKqy_RxAqvH2yN4A9riHhBGhOU.roa (raw, json)
Hash identifier:          GiGpZHsgJOK+KsVB9Arj/HQbBimgPFej5IQPX/PkabU=
Subject key identifier:   76:E2:AA:CB:F4:71:02:AB:C7:DB:23:78:03:DA:E2:1E:10:46:84:E5
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01883422F0B447EE79A4B14F1FAEE01231C8
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/duKqy_RxAqvH2yN4A9riHhBGhOU.roa
Signing time:             Fri 19 May 2023 13:11:24 +0000
ROA not before:           Fri 19 May 2023 13:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.229.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 May 2023 06:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:34:22:f0:b4:47:ee:79:a4:b1:4f:1f:ae:e0:12:31:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 19 13:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76e2aacbf47102abc7db237803dae21e104684e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e0:03:bc:57:db:1f:17:64:ad:92:65:a8:c9:
                    55:10:4b:ed:cd:bd:7d:b1:da:1c:85:f8:1b:f4:db:
                    d9:e3:c5:00:3e:40:ba:35:f4:6a:f8:96:74:64:ad:
                    fe:a1:02:a8:d1:d0:c9:b7:9a:76:ae:02:3e:2d:b5:
                    30:82:42:68:e5:a2:fa:cb:97:56:77:c1:6a:6e:e2:
                    36:34:cf:f8:8e:76:e9:8f:21:58:ca:ab:3c:41:f2:
                    83:ee:ae:ad:2e:d6:f6:43:53:6e:43:22:f8:2e:61:
                    6c:ad:73:e4:ad:4b:73:9d:d1:8f:cb:e2:86:dc:07:
                    31:68:de:fa:e8:a7:1d:ff:94:a2:90:85:08:c8:f1:
                    3b:b0:a8:66:0c:33:ef:cd:be:46:86:3f:2d:c7:fb:
                    ad:6b:63:b1:57:47:dd:fe:82:02:bb:53:15:af:01:
                    22:99:cc:0f:34:01:0a:7d:32:c1:16:3d:f0:06:04:
                    e1:e9:5f:9b:9d:17:e4:fb:fd:30:f1:7b:c1:7d:54:
                    08:ce:3e:fb:db:ff:46:8b:35:1e:e9:9e:59:d0:b9:
                    3a:14:de:70:9f:3d:89:5d:ed:44:2b:22:12:cb:a6:
                    b9:c2:f2:52:f9:89:3d:e9:e2:6f:03:8f:4d:5b:c9:
                    af:0a:ce:e3:ad:7e:68:42:da:2b:14:cc:56:b8:25:
                    a4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E2:AA:CB:F4:71:02:AB:C7:DB:23:78:03:DA:E2:1E:10:46:84:E5
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/duKqy_RxAqvH2yN4A9riHhBGhOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.195.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.216.0/24
                  88.209.220.0-88.209.222.255
                  88.209.224.0/23
                  88.209.229.0/24
                  88.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:da:f4:06:68:dd:83:f0:32:db:da:64:10:22:03:ed:ae:dd:
         c3:c9:d5:22:26:f8:6e:69:95:ce:76:f9:2a:ca:f8:e4:ee:c5:
         bb:02:df:0d:38:7b:b5:30:4b:fe:86:9e:5b:31:36:0c:71:fd:
         91:14:ec:be:5e:78:59:0e:78:51:20:f3:cd:b1:7c:83:41:39:
         9e:ad:55:c2:54:0d:a1:c0:36:34:74:0c:e3:69:9c:ae:43:c3:
         cc:01:25:80:19:0e:97:a5:ff:4d:fe:38:1b:a2:34:7e:7a:0c:
         1e:7e:5e:3d:57:1f:e4:f0:0d:59:71:fa:cd:57:2e:65:a6:10:
         fd:f4:ee:7d:4b:50:d3:d0:45:17:e0:1e:6d:a4:19:15:5d:7f:
         31:0c:1c:bd:44:93:98:42:a5:09:da:47:6d:70:70:12:db:a8:
         c8:4b:ab:e4:e6:aa:68:3a:1a:66:4e:a2:a3:7b:ef:79:68:b8:
         4f:ca:9a:45:bf:d2:5d:ba:a1:0c:68:7e:ad:16:08:d4:9d:06:
         09:11:f7:c5:f0:c4:32:36:72:8e:50:4b:87:bd:43:59:3e:21:
         05:b3:e9:b6:bb:46:bb:b0:76:d3:d5:b1:60:7c:bf:2a:9f:fa:
         08:45:57:30:d6:c2:42:08:6f:53:e6:24:b9:7f:17:d9:f5:56:
         5c:1d:7d:46
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYg0IvC0R+55pLFPH67gEjHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTE5MTMxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmUyYWFjYmY0NzEwMmFiYzdkYjIzNzgwM2RhZTIxZTEwNDY4NGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeADvFfbHxdkrZJlqMlVEEvtzb19
sdochfgb9NvZ48UAPkC6NfRq+JZ0ZK3+oQKo0dDJt5p2rgI+LbUwgkJo5aL6y5dW
d8FqbuI2NM/4jnbpjyFYyqs8QfKD7q6tLtb2Q1NuQyL4LmFsrXPkrUtzndGPy+KG
3AcxaN766Kcd/5SikIUIyPE7sKhmDDPvzb5Ghj8tx/uta2OxV0fd/oICu1MVrwEi
mcwPNAEKfTLBFj3wBgTh6V+bnRfk+/0w8XvBfVQIzj772/9GizUe6Z5Z0Lk6FN5w
nz2JXe1EKyISy6a5wvJS+Yk96eJvA49NW8mvCs7jrX5oQtorFMxWuCWk6wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFHbiqsv0cQKrx9sjeAPa4h4QRoTlMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZHVLcXlfUnhBcXZIMnlONEE5cmlIaEJHaE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQABbZxAwQA
WJc6AwQAWJc9AwQAWNHDAwQAWNHRAwQAWNHTAwQAWNHYMAwDBAJY0dwDBABY0d4D
BAFY0eADBABY0eUDBAFY0fgwDQYJKoZIhvcNAQELBQADggEBAEba9AZo3YPwMtva
ZBAiA+2u3cPJ1SIm+G5plc52+SrK+OTuxbsC3w04e7UwS/6GnlsxNgxx/ZEU7L5e
eFkOeFEg882xfINBOZ6tVcJUDaHANjR0DONpnK5Dw8wBJYAZDpel/03+OBuiNH56
DB5+Xj1XH+TwDVlx+s1XLmWmEP307n1LUNPQRRfgHm2kGRVdfzEMHL1Ek5hCpQna
R21wcBLbqMhLq+Tmqmg6GmZOoqN773louE/KmkW/0l26oQxofq0WCNSdBgkR98Xw
xDI2co5QS4e9Q1k+IQWz6ba7RruwdtPVsWB8vyqf+ghFVzDWwkIIb1PmJLl/F9n1
VlwdfUY=
-----END CERTIFICATE-----