Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa
File:                     kVBcLcWpek66noG3aFY8a40cBLo.roa (raw, json)
Hash identifier:          wbDntkE5+UuFif7ALEkEWOtdLkOa5fIJukih7MS6lZ0=
Subject key identifier:   91:50:5C:2D:C5:A9:7A:4E:BA:9E:81:B7:68:56:3C:6B:8D:1C:04:BA
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018A9C969AF0DA0F718E7205874D23374574
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa
Signing time:             Sat 16 Sep 2023 06:03:50 +0000
ROA not before:           Sat 16 Sep 2023 06:03:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.245.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          2.58.169.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:9c:96:9a:f0:da:0f:71:8e:72:05:87:4d:23:37:45:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep 16 06:03:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91505c2dc5a97a4eba9e81b768563c6b8d1c04ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:68:01:6c:5d:2f:09:93:aa:99:5b:33:a0:78:
                    8b:ec:4f:e7:98:2d:fd:85:04:2d:30:3a:da:14:8d:
                    42:42:0d:d5:94:cd:f8:9d:5e:4a:88:74:3e:c0:aa:
                    ce:ed:ae:0a:20:f5:29:a4:6f:9a:c6:11:ed:79:6f:
                    b9:42:c2:8c:f6:a2:63:da:74:d2:0a:67:fd:8a:dc:
                    40:f8:91:73:1b:4d:fc:82:1f:5b:3b:82:b0:fb:cc:
                    e5:02:c9:59:c1:b4:7b:7a:6d:4f:15:99:a7:1c:81:
                    d6:ae:88:25:4a:a6:0d:fd:87:25:48:04:74:79:c4:
                    ab:06:c3:27:a4:c2:2c:a8:eb:43:76:55:6c:37:cf:
                    d2:b8:0a:16:46:a0:57:95:d6:a2:7f:16:08:a8:82:
                    55:22:7f:a6:10:a9:bc:63:cc:ac:0d:62:d7:bc:89:
                    75:9a:5e:58:88:fc:dd:9f:ee:96:53:1b:26:08:9d:
                    81:19:1d:fc:50:47:3f:40:1c:f4:bd:a7:86:2d:24:
                    db:e6:b0:54:97:5f:d4:e9:22:bc:85:2c:e3:be:9d:
                    92:c9:0b:44:cc:ae:05:da:c5:f0:b0:d7:e3:2e:4f:
                    19:f5:e8:ee:36:0c:04:ec:18:66:03:c6:e0:e1:0a:
                    29:1c:53:ee:d0:83:f8:b7:3a:99:e1:d2:e6:18:bc:
                    d4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:50:5C:2D:C5:A9:7A:4E:BA:9E:81:B7:68:56:3C:6B:8D:1C:04:BA
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kVBcLcWpek66noG3aFY8a40cBLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.169.0/24
                  77.242.150.0/24
                  77.242.157.0-77.242.158.255
                  88.151.56.0/23
                  88.151.63.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.245.0/24
                  178.210.228.0/24
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:5f:c2:15:b5:a7:b5:2b:f9:86:ca:c2:d4:f6:af:1b:85:ca:
         36:a4:3c:33:63:77:18:d2:97:e2:72:e9:d5:62:f9:9b:56:92:
         a1:cb:de:71:f1:7b:78:f3:84:d5:c1:8b:81:77:c8:72:ce:c4:
         e4:3a:5c:a7:b8:1f:5d:53:e0:f0:49:79:9d:ab:de:84:4b:01:
         db:4a:ac:50:de:63:d6:82:7c:61:b4:97:f7:6b:c7:74:d0:66:
         d3:df:b5:29:1e:f8:df:7f:0c:fb:92:b3:08:67:07:13:7b:bd:
         bb:76:21:79:fe:a2:3a:b5:92:6e:67:4a:d9:c0:31:91:c5:d3:
         96:e5:10:ec:f7:a0:75:39:b6:34:df:3c:8c:ee:40:ed:b8:13:
         6e:74:92:14:a4:85:00:18:ee:c4:72:f3:8a:41:fd:39:85:cb:
         19:d4:2e:cd:c0:4f:cf:6f:3e:11:99:64:52:8c:a8:e9:0a:2e:
         be:97:8b:32:35:51:a2:1f:36:52:c9:32:5f:93:2b:a2:b1:d9:
         e3:db:bc:ad:1b:1e:9f:1a:3f:99:fd:2e:a9:7d:ac:88:f9:2b:
         53:a5:4a:83:f6:64:ed:54:3b:62:86:c0:57:d4:99:7a:90:5e:
         bd:76:35:43:a4:a1:af:db:70:93:70:19:15:d3:23:08:a4:9f:
         de:4c:39:ab
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYqclprw2g9xjnIFh00jN0V0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTE2MDYwMzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUwNWMyZGM1YTk3YTRlYmE5ZTgxYjc2ODU2M2M2YjhkMWMwNGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGgBbF0vCZOqmVszoHiL7E/nmC39
hQQtMDraFI1CQg3VlM34nV5KiHQ+wKrO7a4KIPUppG+axhHteW+5QsKM9qJj2nTS
Cmf9itxA+JFzG038gh9bO4Kw+8zlAslZwbR7em1PFZmnHIHWroglSqYN/YclSAR0
ecSrBsMnpMIsqOtDdlVsN8/SuAoWRqBXldaifxYIqIJVIn+mEKm8Y8ysDWLXvIl1
ml5YiPzdn+6WUxsmCJ2BGR38UEc/QBz0vaeGLSTb5rBUl1/U6SK8hSzjvp2SyQtE
zK4F2sXwsNfjLk8Z9ejuNgwE7BhmA8bg4QopHFPu0IP4tzqZ4dLmGLzUOQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJFQXC3FqXpOup6Bt2hWPGuNHAS6MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEva1ZCY0xjV3BlazY2bm9HM2FGWThhNDBjQkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjqpAwQA
TfKWMAwDBABN8p0DBABN8p4DBAFYlzgDBABYlz8DBABY0dMDBABY0dkDBABY0fUD
BACy0uQDBACy0vowDQYJKoZIhvcNAQELBQADggEBAKRfwhW1p7Ur+YbKwtT2rxuF
yjakPDNjdxjSl+Jy6dVi+ZtWkqHL3nHxe3jzhNXBi4F3yHLOxOQ6XKe4H11T4PBJ
eZ2r3oRLAdtKrFDeY9aCfGG0l/drx3TQZtPftSke+N9/DPuSswhnBxN7vbt2IXn+
ojq1km5nStnAMZHF05blEOz3oHU5tjTfPIzuQO24E250khSkhQAY7sRy84pB/TmF
yxnULs3AT89vPhGZZFKMqOkKLr6XizI1UaIfNlLJMl+TK6Kx2ePbvK0bHp8aP5n9
Lql9rIj5K1OlSoP2ZO1UO2KGwFfUmXqQXr12NUOkoa/bcJNwGRXTIwikn95MOas=
-----END CERTIFICATE-----