Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/x5FETmsZ-y62aoo2_JsnCLjxHco.roa
File:                     x5FETmsZ-y62aoo2_JsnCLjxHco.roa (raw, json)
Hash identifier:          27CioOcyJkztFdZTabMH+nldZzolheAAqYIxkbvDhRI=
Subject key identifier:   C7:91:44:4E:6B:19:FB:2E:B6:6A:8A:36:FC:9B:27:08:B8:F1:1D:CA
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01886CB69406D1CE02CF443860D5CF456046
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/x5FETmsZ-y62aoo2_JsnCLjxHco.roa
Signing time:             Tue 30 May 2023 12:51:24 +0000
ROA not before:           Tue 30 May 2023 12:51:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.245.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.168.0/22 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 May 2023 06:17:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6c:b6:94:06:d1:ce:02:cf:44:38:60:d5:cf:45:60:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 30 12:51:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c791444e6b19fb2eb66a8a36fc9b2708b8f11dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ed:76:22:64:c1:60:86:57:55:01:07:ba:12:
                    30:46:da:d3:2c:9a:ef:82:a9:7b:a7:c3:d9:ca:23:
                    10:5c:bd:49:8d:ab:4d:e8:19:51:99:1b:5a:d3:1d:
                    62:27:e1:00:2c:45:a5:f2:f8:c3:70:fe:0f:88:28:
                    b9:32:9d:49:7c:da:8e:a8:8c:48:7a:1b:ce:a1:30:
                    76:ff:f0:2b:3e:30:03:5f:5e:36:e1:87:8a:55:a3:
                    df:43:98:77:22:7e:6d:fb:1b:cb:b1:72:3a:af:03:
                    c9:8a:14:bc:8a:1b:d2:db:49:99:f8:c1:0f:ba:17:
                    34:18:54:9d:e8:71:a8:6e:f1:9d:06:d7:ca:e7:fb:
                    8e:fd:7b:38:f0:18:90:c3:83:b3:d8:57:38:aa:f5:
                    74:20:81:ed:fd:ba:d2:72:c2:d8:76:2d:fc:4a:ed:
                    ca:5a:c6:e6:4d:a9:80:9b:42:66:bf:d5:e0:24:1e:
                    26:0c:a7:a6:f0:5b:d7:3a:13:2d:3c:fd:03:6c:dd:
                    db:f2:3d:1a:88:0b:ae:3e:a2:9a:53:80:03:9b:e4:
                    9d:36:3a:14:07:08:04:91:db:18:76:38:a9:ea:9b:
                    29:7c:78:48:ba:b6:ec:18:bf:16:0a:1d:f8:58:e5:
                    bc:37:ff:b0:0b:fd:b4:bb:f2:33:09:a7:2e:08:94:
                    8a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:91:44:4E:6B:19:FB:2E:B6:6A:8A:36:FC:9B:27:08:B8:F1:1D:CA
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/x5FETmsZ-y62aoo2_JsnCLjxHco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/22
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.220.0-88.209.222.255
                  88.209.224.0/23
                  88.209.245.0/24
                  88.209.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:87:56:b9:3f:6f:e2:5d:f4:8c:78:5d:04:45:a4:04:3f:47:
         7f:06:9f:e7:7b:64:aa:49:9a:6d:28:79:2f:9a:f0:5c:27:e6:
         d1:f5:39:1f:55:68:ec:eb:eb:f9:e3:72:66:5e:e0:8d:e0:be:
         04:3e:13:87:42:9d:76:da:0a:7b:25:a2:87:a6:5f:5f:ee:04:
         eb:30:eb:71:65:1b:03:8d:33:f1:e5:1e:60:c6:7f:96:b8:6d:
         34:d1:d3:ef:69:66:59:65:a6:ac:93:e7:8d:1f:9e:5d:5d:ab:
         48:e8:3f:47:67:f4:66:8c:31:31:1c:2e:09:86:1a:e0:6f:ab:
         73:bf:7a:5e:ad:f0:ff:bf:17:46:c8:db:17:d7:d6:8f:8c:44:
         e1:a4:cd:4b:00:a9:17:53:a9:01:ef:00:73:e9:0e:6b:d9:ad:
         88:18:a8:08:e5:da:c4:11:88:c1:e3:e5:43:1c:fe:6a:9a:35:
         fb:c3:9b:bc:cf:67:ff:f8:f9:92:b8:b6:98:9a:4b:be:e1:7d:
         66:c0:84:49:0d:e2:83:30:bb:65:45:a0:df:11:88:25:29:a7:
         7f:3c:8e:d1:31:7b:da:42:30:cf:86:cb:3b:2a:ca:41:69:f4:
         bb:b6:16:66:23:81:f6:57:95:50:2f:f6:cb:7a:8d:6d:dd:79:
         6f:fa:d0:f7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYhstpQG0c4Cz0Q4YNXPRWBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTMwMTI1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzkxNDQ0ZTZiMTlmYjJlYjY2YThhMzZmYzliMjcwOGI4ZjExZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu12ImTBYIZXVQEHuhIwRtrTLJrv
gql7p8PZyiMQXL1JjatN6BlRmRta0x1iJ+EALEWl8vjDcP4PiCi5Mp1JfNqOqIxI
ehvOoTB2//ArPjADX1424YeKVaPfQ5h3In5t+xvLsXI6rwPJihS8ihvS20mZ+MEP
uhc0GFSd6HGobvGdBtfK5/uO/Xs48BiQw4Oz2Fc4qvV0IIHt/brScsLYdi38Su3K
WsbmTamAm0Jmv9XgJB4mDKem8FvXOhMtPP0DbN3b8j0aiAuuPqKaU4ADm+SdNjoU
BwgEkdsYdjip6pspfHhIurbsGL8WCh34WOW8N/+wC/20u/IzCacuCJSKWwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMeRRE5rGfsutmqKNvybJwi48R3KMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveDVGRVRtc1oteTYyYW9vMl9Kc25DTGp4SGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCAjqoAwQA
WJc6AwQAWJc9AwQAWNHDAwQAWNHTMAwDBAJY0dwDBABY0d4DBAFY0eADBABY0fUD
BABY0fgwDQYJKoZIhvcNAQELBQADggEBAHiHVrk/b+Jd9Ix4XQRFpAQ/R38Gn+d7
ZKpJmm0oeS+a8Fwn5tH1OR9VaOzr6/njcmZe4I3gvgQ+E4dCnXbaCnslooemX1/u
BOsw63FlGwONM/HlHmDGf5a4bTTR0+9pZlllpqyT540fnl1dq0joP0dn9GaMMTEc
LgmGGuBvq3O/el6t8P+/F0bI2xfX1o+MROGkzUsAqRdTqQHvAHPpDmvZrYgYqAjl
2sQRiMHj5UMc/mqaNfvDm7zPZ//4+ZK4tpiaS77hfWbAhEkN4oMwu2VFoN8RiCUp
p388jtExe9pCMM+GyzsqykFp9Lu2FmYjgfZXlVAv9st6jW3deW/60Pc=
-----END CERTIFICATE-----