Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zchpBmwjcOQZZ_DofKg25mGIv70.roa
File:                     zchpBmwjcOQZZ_DofKg25mGIv70.roa (raw, json)
Hash identifier:          JMS+EZHwSUkPi2Vf5kojHswyWlCNbNxHf8jfeaN1NZc=
Subject key identifier:   CD:C8:69:06:6C:23:70:E4:19:67:F0:E8:7C:A8:36:E6:61:88:BF:BD
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01885BD54A38489B4874F74A1BAF52F60125
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zchpBmwjcOQZZ_DofKg25mGIv70.roa
Signing time:             Sat 27 May 2023 06:11:24 +0000
ROA not before:           Sat 27 May 2023 06:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.229.0/24 maxlen: 24
                          88.209.245.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 27 May 2023 10:49:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5b:d5:4a:38:48:9b:48:74:f7:4a:1b:af:52:f6:01:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 27 06:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cdc869066c2370e41967f0e87ca836e66188bfbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:61:f1:e1:e4:42:48:f0:71:6b:a4:f5:45:1e:
                    3a:47:3f:6f:09:8b:7d:3e:f8:ce:f8:34:02:0c:42:
                    96:64:46:67:84:44:21:42:ce:1d:6d:5f:d7:56:9b:
                    16:71:29:55:e4:af:d3:68:27:9f:e4:fb:db:10:97:
                    c6:f6:1e:47:1a:9f:0d:24:78:8a:d6:28:fc:55:d2:
                    57:a9:9b:be:3f:22:ce:da:05:48:75:1c:68:65:c0:
                    89:8d:41:bc:a4:79:be:a5:bc:f3:1c:36:69:45:d9:
                    92:4b:99:91:50:bb:cd:c0:75:03:76:a4:61:9c:f8:
                    43:b6:70:f5:0e:d4:32:3c:21:93:01:cc:7d:48:ac:
                    ea:9d:22:88:be:29:80:57:bf:5b:e1:07:bd:7c:d8:
                    87:71:c4:1f:7e:b6:e0:f1:cc:77:93:2a:e6:a2:64:
                    f3:e9:af:eb:81:98:98:d8:ed:d2:94:0a:d7:97:e7:
                    81:c1:71:5a:a6:55:9e:28:4b:51:4c:5d:31:2e:97:
                    15:a7:a8:8b:d0:86:49:16:a8:a7:6d:2b:9e:19:cc:
                    d9:0f:e9:08:3e:5f:1a:93:05:02:53:a2:fd:95:f1:
                    a6:71:95:96:df:7b:e2:5e:88:09:6d:df:28:ce:9a:
                    be:df:4a:64:c6:63:f9:4e:ab:dd:01:37:9d:13:4f:
                    ff:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:C8:69:06:6C:23:70:E4:19:67:F0:E8:7C:A8:36:E6:61:88:BF:BD
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zchpBmwjcOQZZ_DofKg25mGIv70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.195.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.216.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23
                  88.209.229.0/24
                  88.209.245.0/24
                  88.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:dd:0d:69:36:0f:c8:f3:99:35:1b:0d:63:9c:e8:61:cb:55:
         23:da:54:7e:6f:0b:7d:f9:73:71:0a:e7:70:08:c9:9a:9d:41:
         eb:65:17:83:bf:c0:d2:d4:a0:18:f8:d4:b1:53:0e:1b:06:30:
         fa:c1:d7:67:df:b8:4b:47:17:57:fb:80:87:c3:bf:9f:24:2e:
         df:45:04:92:37:1b:03:ce:be:25:c5:5b:b2:99:47:fe:8f:46:
         a7:ce:c1:08:da:b9:5f:a5:4c:0e:f0:81:b9:5d:dc:4c:c3:1c:
         75:c4:4b:04:a8:29:30:49:e0:47:ac:d7:1c:75:84:a1:aa:9d:
         74:a4:00:70:4f:c3:e9:af:71:49:c6:fd:c9:82:a9:12:8f:27:
         eb:cd:50:c7:1a:62:e8:05:2a:8a:76:8d:01:70:10:62:65:00:
         49:a9:55:bf:07:d2:bb:eb:f9:fc:b2:62:0d:31:a3:81:b0:74:
         2d:09:f6:61:ef:99:78:99:3c:7a:7d:80:de:6a:61:09:03:79:
         3c:03:26:d2:a0:b8:be:9f:f2:39:bc:5a:2c:40:ac:c8:9d:bf:
         8c:e1:c1:a5:7f:90:93:52:73:28:23:81:d0:d8:58:37:32:e6:
         9b:40:f3:1c:9d:bf:d2:fb:85:76:11:5c:a6:b3:e6:0c:c7:b4:
         ac:4b:d2:9a
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYhb1Uo4SJtIdPdKG69S9gElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTI3MDYxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGM4NjkwNjZjMjM3MGU0MTk2N2YwZTg3Y2E4MzZlNjYxODhiZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGHx4eRCSPBxa6T1RR46Rz9vCYt9
PvjO+DQCDEKWZEZnhEQhQs4dbV/XVpsWcSlV5K/TaCef5PvbEJfG9h5HGp8NJHiK
1ij8VdJXqZu+PyLO2gVIdRxoZcCJjUG8pHm+pbzzHDZpRdmSS5mRULvNwHUDdqRh
nPhDtnD1DtQyPCGTAcx9SKzqnSKIvimAV79b4Qe9fNiHccQffrbg8cx3kyrmomTz
6a/rgZiY2O3SlArXl+eBwXFaplWeKEtRTF0xLpcVp6iL0IZJFqinbSueGczZD+kI
Pl8akwUCU6L9lfGmcZWW33viXogJbd8ozpq+30pkxmP5TqvdATedE0//pwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFM3IaQZsI3DkGWfw6HyoNuZhiL+9MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvemNocEJtd2pjT1FaWl9Eb2ZLZzI1bUdJdjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQABbZxAwQA
WJc6AwQAWJc9AwQAWNHDAwQAWNHRAwQAWNHTAwQAWNHYMAwDBABY0d0DBABY0d4D
BAFY0eADBABY0eUDBABY0fUDBAFY0fgwDQYJKoZIhvcNAQELBQADggEBAB/dDWk2
D8jzmTUbDWOc6GHLVSPaVH5vC335c3EK53AIyZqdQetlF4O/wNLUoBj41LFTDhsG
MPrB12ffuEtHF1f7gIfDv58kLt9FBJI3GwPOviXFW7KZR/6PRqfOwQjauV+lTA7w
gbld3EzDHHXESwSoKTBJ4Ees1xx1hKGqnXSkAHBPw+mvcUnG/cmCqRKPJ+vNUMca
YugFKop2jQFwEGJlAEmpVb8H0rvr+fyyYg0xo4GwdC0J9mHvmXiZPHp9gN5qYQkD
eTwDJtKguL6f8jm8WixArMidv4zhwaV/kJNScygjgdDYWDcy5ptA8xydv9L7hXYR
XKaz5gzHtKxL0po=
-----END CERTIFICATE-----