Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/iE-0tDVyQxrupFI2f4isZStLfOM.roa
File:                     iE-0tDVyQxrupFI2f4isZStLfOM.roa (raw, json)
Hash identifier:          jWujwD1xAUyrXYUtpKkRLQdgnbbyArxo80n7/GZ4uy4=
Subject key identifier:   88:4F:B4:B4:35:72:43:1A:EE:A4:52:36:7F:88:AC:65:2B:4B:7C:E3
Certificate issuer:       /CN=fb744006eac3084bf88f128349b0e733bb3d79e3
Certificate serial:       018D5A76018B487CB6961FE21982CC68B85E
Authority key identifier: FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/iE-0tDVyQxrupFI2f4isZStLfOM.roa
Signing time:             Tue 30 Jan 2024 13:01:39 +0000
ROA not before:           Tue 30 Jan 2024 13:01:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35133
IP address blocks:        2.58.57.0/24 maxlen: 24
                          2.58.58.0/24 maxlen: 24
                          2.58.59.0/24 maxlen: 24
                          2.58.59.0/25 maxlen: 25
                          2.58.59.192/26 maxlen: 26
                          2a09:e240::/48 maxlen: 48
                          2a09:e240:1::/48 maxlen: 48
                          2a09:e240:2::/48 maxlen: 48
                          2a09:e240:22::/48 maxlen: 48
                          2a09:e244::/33 maxlen: 33

Validation:               Failed, certificate revoked on Fri 09 Feb 2024 12:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:76:01:8b:48:7c:b6:96:1f:e2:19:82:cc:68:b8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb744006eac3084bf88f128349b0e733bb3d79e3
        Validity
            Not Before: Jan 30 13:01:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=884fb4b43572431aeea452367f88ac652b4b7ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:81:39:89:85:de:f1:28:3e:ca:2b:dc:69:59:
                    a6:40:23:35:e1:0e:a1:c1:82:94:80:22:70:bf:7d:
                    9b:37:7c:1d:67:c7:48:1a:e8:b3:04:02:dd:d0:52:
                    25:0b:a3:b5:05:dc:97:e5:9f:35:19:cb:07:98:fe:
                    66:e5:1a:97:34:ad:7e:94:b6:28:0e:59:11:ec:a4:
                    3f:f2:06:de:34:f2:d8:22:a9:33:23:f8:93:60:b1:
                    8e:9f:dc:fc:6a:cd:8b:c0:21:44:04:0b:47:3e:c2:
                    4d:1f:62:f0:a0:e3:20:62:e0:68:40:a8:82:5d:7f:
                    6c:1a:c8:3d:13:c9:64:b7:73:85:70:df:e5:74:47:
                    9e:db:c2:e3:11:36:a4:2b:7f:99:3b:a8:46:fd:59:
                    dc:5a:88:f2:e0:68:67:97:93:a2:1d:bb:af:94:98:
                    67:49:55:97:71:7b:44:2d:8f:37:1c:64:a4:9a:cd:
                    ed:0c:c8:32:d6:90:ad:2f:6b:39:eb:76:72:19:c3:
                    40:fc:05:31:0b:75:77:56:b0:4c:28:27:10:3f:90:
                    e8:09:47:6e:18:6f:a9:84:20:f3:47:63:47:4b:8c:
                    23:47:c0:b3:76:c8:51:7a:b7:f2:0d:62:92:78:a5:
                    b2:11:4b:4c:94:53:b7:a7:17:3e:17:3d:e5:d3:9c:
                    ba:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4F:B4:B4:35:72:43:1A:EE:A4:52:36:7F:88:AC:65:2B:4B:7C:E3
            X509v3 Authority Key Identifier:
                keyid:FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/iE-0tDVyQxrupFI2f4isZStLfOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/1-3RABurDCEv4jxKDSbDnM7s9eeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.57.0-2.58.59.255
                IPv6:
                  2a09:e240::-2a09:e240:2:ffff:ffff:ffff:ffff:ffff
                  2a09:e240:22::/48
                  2a09:e244::/33

    Signature Algorithm: sha256WithRSAEncryption
         ac:e1:73:00:db:20:31:80:de:91:cd:07:fa:16:e1:f8:ee:ef:
         14:96:61:f2:83:f5:8e:3e:ee:ea:89:5b:33:f3:5e:14:46:dd:
         cf:37:dd:52:95:79:67:60:42:49:fd:85:04:e8:17:8b:b0:e4:
         75:c1:43:bf:39:0f:f4:44:1c:14:2d:93:04:9a:e6:be:be:5d:
         b5:98:ce:9a:84:60:b8:30:f0:b8:aa:65:12:52:ab:9b:63:2c:
         90:e6:a8:da:91:91:8e:db:82:bc:3f:2b:4b:b9:0e:41:b3:33:
         ea:2f:5f:ec:b8:f3:a5:f3:a9:5c:85:15:32:80:bf:cc:87:13:
         82:eb:3d:6d:1e:3f:f2:e1:af:0a:42:d7:f1:ec:43:7b:d6:25:
         cb:d3:9f:fa:e9:c8:1d:e9:ac:e8:7f:7d:7f:62:90:02:30:a5:
         95:ac:65:e9:ed:96:15:c3:27:49:47:ec:e8:76:75:14:57:8c:
         bd:54:02:fe:1d:21:10:ac:db:79:9e:5e:9a:c8:00:55:e8:d9:
         00:33:5c:7f:1b:ef:a4:84:05:76:32:9d:5b:b5:a3:6a:7c:8c:
         4d:db:74:f1:fd:bf:57:c4:14:76:5c:b6:5f:13:67:bc:f6:72:
         e3:be:85:4e:9f:e9:ab:46:8d:8c:b7:e9:13:43:7a:88:83:e3:
         c3:f4:70:bc
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAY1adgGLSHy2lh/iGYLMaLheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzQ0MDA2ZWFjMzA4NGJmODhmMTI4MzQ5YjBlNzMzYmIz
ZDc5ZTMwHhcNMjQwMTMwMTMwMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRmYjRiNDM1NzI0MzFhZWVhNDUyMzY3Zjg4YWM2NTJiNGI3Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4E5iYXe8Sg+yivcaVmmQCM14Q6h
wYKUgCJwv32bN3wdZ8dIGuizBALd0FIlC6O1BdyX5Z81GcsHmP5m5RqXNK1+lLYo
DlkR7KQ/8gbeNPLYIqkzI/iTYLGOn9z8as2LwCFEBAtHPsJNH2LwoOMgYuBoQKiC
XX9sGsg9E8lkt3OFcN/ldEee28LjETakK3+ZO6hG/VncWojy4Ghnl5OiHbuvlJhn
SVWXcXtELY83HGSkms3tDMgy1pCtL2s563ZyGcNA/AUxC3V3VrBMKCcQP5DoCUdu
GG+phCDzR2NHS4wjR8CzdshRerfyDWKSeKWyEUtMlFO3pxc+Fz3l05y6MwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFIhPtLQ1ckMa7qRSNn+IrGUrS3zjMB8GA1UdIwQY
MBaAFPt0QAbqwwhL+I8Sg0mw5zO7PXnjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zUkFCdXJEQ0V2NGp4S0RTYkRuTTdzOWVlTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIy
LTVlYjdiZWY5YTdhOC8xL2lFLTB0RFZ5UXhydXBGSTJmNGlzWlN0TGZPTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIyLTVlYjdiZWY5YTdh
OC8xLzEtM1JBQnVyRENFdjRqeEtEU2JEbk03czllZU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUgYIKwYBBQUHAQcBAf8EQzBBMBQEAgABMA4wDAMEAAI6
OQMEAgI6ODApBAIAAjAjMBADBQYqCeJAAwcAKgniQAACAwcAKgniQAAiAwYHKgni
RAAwDQYJKoZIhvcNAQELBQADggEBAKzhcwDbIDGA3pHNB/oW4fju7xSWYfKD9Y4+
7uqJWzPzXhRG3c833VKVeWdgQkn9hQToF4uw5HXBQ785D/REHBQtkwSa5r6+XbWY
zpqEYLgw8LiqZRJSq5tjLJDmqNqRkY7bgrw/K0u5DkGzM+ovX+y486XzqVyFFTKA
v8yHE4LrPW0eP/LhrwpC1/HsQ3vWJcvTn/rpyB3prOh/fX9ikAIwpZWsZentlhXD
J0lH7Oh2dRRXjL1UAv4dIRCs23meXprIAFXo2QAzXH8b76SEBXYynVu1o2p8jE3b
dPH9v1fEFHZctl8TZ7z2cuO+hU6f6atGjYy36RNDeoiD48P0cLw=
-----END CERTIFICATE-----