Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gwad0x57snWw5_ZaLqk9PKApULI.roa
File:                     gwad0x57snWw5_ZaLqk9PKApULI.roa (raw, json)
Hash identifier:          dyLX3YSyK4OpIsXeCPM4v367Aa90OMUPLPIHvVYs8Do=
Subject key identifier:   83:06:9D:D3:1E:7B:B2:75:B0:E7:F6:5A:2E:A9:3D:3C:A0:29:50:B2
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0187E765A939EA4080683173AF4DEBA4B850
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gwad0x57snWw5_ZaLqk9PKApULI.roa
Signing time:             Thu 04 May 2023 15:33:32 +0000
ROA not before:           Thu 04 May 2023 15:33:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e7:65:a9:39:ea:40:80:68:31:73:af:4d:eb:a4:b8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May  4 15:33:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=83069dd31e7bb275b0e7f65a2ea93d3ca02950b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:25:f7:73:c5:ff:bd:cd:cb:b6:e6:3d:c9:cb:
                    15:a2:bf:a6:c4:4d:ef:e1:b3:39:44:d9:25:28:38:
                    97:f6:e1:a5:cd:14:30:fb:17:1e:d3:5b:4a:6b:16:
                    07:b0:de:69:2f:e2:d0:ed:d8:e8:2d:c1:b8:cc:d1:
                    dd:ba:ef:01:e7:49:d4:88:4c:6a:d7:4e:e5:cb:62:
                    a2:da:05:d4:a5:cc:07:a0:b1:2c:8c:1c:0e:16:ce:
                    ed:d4:e9:f0:fc:c1:fc:ca:3f:6a:a8:f1:7e:45:32:
                    1d:c0:d0:0a:1d:c9:72:2d:f9:4c:c0:34:2d:44:e3:
                    cc:3a:ad:10:96:06:ce:2a:70:86:2b:e6:f6:92:fd:
                    7d:7d:38:6f:12:04:f9:13:80:98:2f:c7:ab:5e:a0:
                    e4:66:4a:d1:32:50:34:7b:d7:87:d2:8e:03:6c:cd:
                    22:e9:6f:e4:3f:a5:1f:6c:a0:2f:1a:7b:54:6b:4d:
                    42:32:1e:12:e8:99:9f:64:cb:7f:38:5b:40:f2:e7:
                    ed:69:28:22:69:f2:d0:61:68:cb:96:05:70:bf:9f:
                    4c:57:39:03:b4:7f:0a:13:df:08:13:2b:c6:fd:c8:
                    dd:f7:5b:9f:d5:14:74:49:3c:84:8b:80:79:d6:b7:
                    82:fb:0c:05:16:f3:6b:ce:89:02:a8:4e:e6:0e:72:
                    1e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:06:9D:D3:1E:7B:B2:75:B0:E7:F6:5A:2E:A9:3D:3C:A0:29:50:B2
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gwad0x57snWw5_ZaLqk9PKApULI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  88.151.56.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.195.0/24
                  88.209.209.0/24
                  88.209.216.0/24
                  88.209.221.0/24
                  88.209.225.0/24
                  88.209.248.0/23
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:0b:6b:34:10:cc:bb:1d:6e:17:19:20:c1:dd:47:81:d2:48:
         32:76:05:4e:5e:25:e1:91:28:97:d1:9e:c2:2a:bc:34:03:22:
         3e:a3:c2:c2:a4:47:0c:ca:3f:56:54:8b:99:27:f2:8e:1c:eb:
         d8:14:c0:5f:e9:6f:e0:ee:e5:5f:c6:22:4f:71:bf:46:43:35:
         34:ca:a2:2e:16:d4:12:aa:22:26:b9:12:72:ec:d3:9a:9f:86:
         b1:cf:a7:8a:f5:cc:e4:ca:03:cd:b7:25:39:bb:78:65:be:e4:
         35:15:83:e0:ff:16:b4:88:ab:27:0f:3e:96:57:75:86:67:c9:
         d1:79:0e:18:2e:07:c9:74:05:e5:2f:e2:a5:3b:69:9b:07:2d:
         56:d6:89:19:e3:cf:25:94:98:1a:2d:cb:8d:42:9a:01:33:e5:
         c3:f0:83:28:43:e9:26:bd:0d:d5:16:d3:fa:62:cb:21:76:74:
         53:09:ff:4e:f8:b2:33:82:66:05:33:c7:28:a2:54:b4:9a:3c:
         7d:0b:67:20:e0:06:07:96:48:70:60:d8:ca:65:c0:b2:0d:b8:
         b9:d5:bf:5f:ae:e0:23:17:bd:90:96:25:0b:c8:ac:2f:b9:69:
         06:1f:55:94:49:ac:c1:d0:d6:33:21:ba:22:e4:51:65:0f:93:
         6b:61:bd:f2
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYfnZak56kCAaDFzr03rpLhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTA0MTUzMzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA2OWRkMzFlN2JiMjc1YjBlN2Y2NWEyZWE5M2QzY2EwMjk1MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSX3c8X/vc3LtuY9ycsVor+mxE3v
4bM5RNklKDiX9uGlzRQw+xce01tKaxYHsN5pL+LQ7djoLcG4zNHduu8B50nUiExq
107ly2Ki2gXUpcwHoLEsjBwOFs7t1Onw/MH8yj9qqPF+RTIdwNAKHclyLflMwDQt
ROPMOq0QlgbOKnCGK+b2kv19fThvEgT5E4CYL8erXqDkZkrRMlA0e9eH0o4DbM0i
6W/kP6UfbKAvGntUa01CMh4S6JmfZMt/OFtA8uftaSgiafLQYWjLlgVwv59MVzkD
tH8KE98IEyvG/cjd91uf1RR0STyEi4B51reC+wwFFvNrzokCqE7mDnIebQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIMGndMee7J1sOf2Wi6pPTygKVCyMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZ3dhZDB4NTdzbld3NV9aYUxxazlQS0FwVUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABbZxAwQA
WJc4AwQAWJc9AwQAWNHAAwQAWNHDAwQAWNHRAwQAWNHYAwQAWNHdAwQAWNHhAwQB
WNH4AwQAstLsMA0GCSqGSIb3DQEBCwUAA4IBAQB1C2s0EMy7HW4XGSDB3UeB0kgy
dgVOXiXhkSiX0Z7CKrw0AyI+o8LCpEcMyj9WVIuZJ/KOHOvYFMBf6W/g7uVfxiJP
cb9GQzU0yqIuFtQSqiImuRJy7NOan4axz6eK9czkygPNtyU5u3hlvuQ1FYPg/xa0
iKsnDz6WV3WGZ8nReQ4YLgfJdAXlL+KlO2mbBy1W1okZ488llJgaLcuNQpoBM+XD
8IMoQ+kmvQ3VFtP6YsshdnRTCf9O+LIzgmYFM8coolS0mjx9C2cg4AYHlkhwYNjK
ZcCyDbi51b9fruAjF72QliULyKwvuWkGH1WUSazB0NYzIboi5FFlD5NrYb3y
-----END CERTIFICATE-----