Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa
File:                     qh1XajEdRIzsWrIyd8sBjGQ12_U.roa (raw, json)
Hash identifier:          ejgLgnuoe9bNYCVNA7y4Y0QoK2DurKVs6Ql5HN1RTdU=
Subject key identifier:   AA:1D:57:6A:31:1D:44:8C:EC:5A:B2:32:77:CB:01:8C:64:35:DB:F5
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018962AC6032F4BFAB1BB20F61B88AE19758
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa
Signing time:             Mon 17 Jul 2023 07:06:51 +0000
ROA not before:           Mon 17 Jul 2023 07:06:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.226.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:62:ac:60:32:f4:bf:ab:1b:b2:0f:61:b8:8a:e1:97:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 17 07:06:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa1d576a311d448cec5ab23277cb018c6435dbf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e8:91:7e:e0:ed:33:00:78:5b:95:20:f5:fe:
                    6d:83:6a:19:8b:44:4b:2b:a4:2a:fc:4b:5c:11:4d:
                    44:91:ad:09:97:6b:62:a9:d4:62:04:b8:b0:83:13:
                    ff:95:e2:44:ad:cc:d5:38:67:aa:5e:a2:71:65:4a:
                    33:54:a6:b7:6f:b1:8e:5f:46:e8:f6:1d:27:96:5c:
                    7d:05:f1:72:f5:1b:ad:61:59:16:0e:d8:47:fc:35:
                    5f:70:99:1c:61:51:21:a8:0b:a2:66:db:a5:28:25:
                    96:73:dc:fc:bc:cd:6c:b1:c5:b3:7d:bf:a4:2e:d6:
                    d6:9d:33:17:76:6d:c5:26:00:65:0b:9b:70:42:3a:
                    f8:24:59:64:bf:52:cb:3c:48:34:15:d1:74:00:d8:
                    f6:bc:80:94:5e:0f:eb:de:7f:2f:95:a4:e7:41:90:
                    f9:df:08:c4:e0:b7:02:ad:63:75:8b:9a:5d:30:fc:
                    07:2b:5e:8c:69:9f:96:36:e7:0e:c0:28:3f:c8:12:
                    68:a5:94:d9:24:23:f7:ae:c0:0d:9a:30:71:71:32:
                    27:0a:e1:5d:75:2c:76:c4:55:13:03:d2:22:ae:00:
                    ee:06:83:a4:e4:7d:7f:4b:69:f6:73:05:51:f2:a8:
                    72:c0:1a:2e:37:6b:b8:a1:c6:fb:6e:58:56:1c:fe:
                    4c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1D:57:6A:31:1D:44:8C:EC:5A:B2:32:77:CB:01:8C:64:35:DB:F5
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/qh1XajEdRIzsWrIyd8sBjGQ12_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  5.182.113.0/24
                  77.242.150.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.221.0/24
                  178.210.226.0/24
                  178.210.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:a0:d2:b7:3d:e9:0f:ff:6b:69:f0:6a:40:e3:93:39:94:0a:
         ae:d0:63:74:6c:d6:93:2e:d5:91:12:34:23:0a:9a:c0:b1:3e:
         59:40:23:36:46:d1:40:27:4d:99:6b:3d:1b:a8:02:e7:fc:6f:
         fd:8e:d0:11:e4:e0:1a:d8:00:d2:62:3f:60:40:35:df:f9:bf:
         e9:32:26:53:5f:a3:2f:49:34:b7:92:10:c4:7f:a5:42:cb:97:
         19:d5:5b:e0:c5:60:1d:aa:30:98:57:03:89:d0:a7:c5:29:34:
         61:19:57:34:87:4d:87:62:32:61:90:80:32:8b:6f:1c:81:4b:
         67:cb:a2:99:6a:c5:9a:ab:45:8e:4a:c8:aa:df:af:05:23:39:
         a3:5b:ba:03:25:02:5b:8f:ca:99:32:68:c2:7e:f7:9d:98:8c:
         5f:f8:10:69:d5:a7:a4:a6:b6:a7:ba:f8:71:87:5e:b3:a3:89:
         7b:f9:f3:dd:af:a8:12:d8:ca:48:98:fc:ca:75:45:62:fe:3d:
         b7:50:88:f0:ab:90:46:a3:89:96:12:d6:77:29:47:c1:8e:6a:
         06:dc:04:59:d6:ef:06:77:07:05:89:9b:b8:d7:fe:97:ce:07:
         b9:33:d3:19:05:46:88:fa:5f:29:15:1e:d5:95:60:20:a2:9c:
         28:9a:ed:18
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYlirGAy9L+rG7IPYbiK4ZdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzE3MDcwNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFkNTc2YTMxMWQ0NDhjZWM1YWIyMzI3N2NiMDE4YzY0MzVkYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OiRfuDtMwB4W5Ug9f5tg2oZi0RL
K6Qq/EtcEU1Eka0Jl2tiqdRiBLiwgxP/leJErczVOGeqXqJxZUozVKa3b7GOX0bo
9h0nllx9BfFy9RutYVkWDthH/DVfcJkcYVEhqAuiZtulKCWWc9z8vM1sscWzfb+k
LtbWnTMXdm3FJgBlC5twQjr4JFlkv1LLPEg0FdF0ANj2vICUXg/r3n8vlaTnQZD5
3wjE4LcCrWN1i5pdMPwHK16MaZ+WNucOwCg/yBJopZTZJCP3rsANmjBxcTInCuFd
dSx2xFUTA9IirgDuBoOk5H1/S2n2cwVR8qhywBouN2u4ocb7blhWHP5MIwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKodV2oxHUSM7FqyMnfLAYxkNdv1MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcWgxWGFqRWRSSXpzV3JJeWQ4c0JqR1ExMl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
BbZxAwQATfKWMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0d0DBACy0uID
BACy0uYwDQYJKoZIhvcNAQELBQADggEBAFeg0rc96Q//a2nwakDjkzmUCq7QY3Rs
1pMu1ZESNCMKmsCxPllAIzZG0UAnTZlrPRuoAuf8b/2O0BHk4BrYANJiP2BANd/5
v+kyJlNfoy9JNLeSEMR/pULLlxnVW+DFYB2qMJhXA4nQp8UpNGEZVzSHTYdiMmGQ
gDKLbxyBS2fLoplqxZqrRY5KyKrfrwUjOaNbugMlAluPypkyaMJ+952YjF/4EGnV
p6Smtqe6+HGHXrOjiXv5892vqBLYykiY/Mp1RWL+PbdQiPCrkEajiZYS1ncpR8GO
agbcBFnW7wZ3BwWJm7jX/pfOB7kz0xkFRoj6XykVHtWVYCCinCia7Rg=
-----END CERTIFICATE-----