Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3nO-aWF3-rMLPGbitTYEqQoj684.roa
File:                     3nO-aWF3-rMLPGbitTYEqQoj684.roa (raw, json)
Hash identifier:          zvsIrKxcyU9E5IMuWqsytYtJ5BZFpgrWm5AlqY+6J4A=
Subject key identifier:   DE:73:BE:69:61:77:FA:B3:0B:3C:66:E2:B5:36:04:A9:0A:23:EB:CE
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0187B16383CC207D0EFD06103FE98DDFA881
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3nO-aWF3-rMLPGbitTYEqQoj684.roa
Signing time:             Mon 24 Apr 2023 03:51:41 +0000
ROA not before:           Mon 24 Apr 2023 03:51:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        163.5.212.0/24 maxlen: 24
                          163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Jun 2023 20:20:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b1:63:83:cc:20:7d:0e:fd:06:10:3f:e9:8d:df:a8:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 24 03:51:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de73be696177fab30b3c66e2b53604a90a23ebce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:af:e6:89:2a:ef:9c:bf:2a:47:53:74:fd:b6:
                    81:ae:52:d7:80:bb:5c:26:82:86:99:7c:78:51:6f:
                    94:c9:23:20:c5:54:9f:6b:f6:c5:e5:bd:d3:ae:66:
                    37:99:ea:b8:49:77:8d:d6:af:d7:3d:75:82:27:bc:
                    ef:fb:74:c3:f9:9a:3f:cb:c9:c2:20:1c:4e:39:c2:
                    ef:64:75:8f:92:86:8d:cd:39:c1:d4:be:fb:c2:bd:
                    03:63:24:32:52:f6:6c:b9:e0:d8:20:e3:7f:d0:94:
                    36:0d:83:59:4f:69:f9:f5:8e:b0:52:6c:3b:ae:bd:
                    31:f5:d5:c6:5a:bb:6f:36:47:4d:c6:18:90:6a:81:
                    53:a7:b6:fd:07:bb:9b:5b:e4:06:68:d0:0f:32:01:
                    89:c2:75:70:bb:02:d7:29:b4:70:b8:12:5f:1c:0a:
                    6e:1b:50:cd:0e:bc:cf:01:54:50:54:25:08:fb:e2:
                    54:44:13:69:b2:d7:67:da:42:90:77:be:59:0e:93:
                    c6:16:c7:c7:71:5c:bb:72:13:07:ed:76:ce:76:84:
                    5e:06:2e:dc:21:fd:38:7e:44:32:12:43:66:73:9f:
                    5d:db:4e:ce:87:a6:d7:3e:2d:7c:8c:21:b5:2f:cc:
                    81:ac:ac:cb:ac:b5:45:73:d1:a1:2a:9b:79:51:a5:
                    65:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:73:BE:69:61:77:FA:B3:0B:3C:66:E2:B5:36:04:A9:0A:23:EB:CE
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3nO-aWF3-rMLPGbitTYEqQoj684.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.220.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:db:4e:df:76:90:db:84:fd:8e:30:e3:7d:7f:18:14:d9:80:
         4e:c2:43:8e:54:6b:77:79:e8:1c:2d:46:19:54:05:22:6f:4f:
         36:32:6c:00:47:8b:e1:08:0f:4c:fa:6b:97:36:c2:5a:a5:32:
         af:c5:b5:42:42:3e:47:e5:3e:c9:4f:be:53:2b:12:7d:94:f7:
         eb:4f:68:89:d3:ab:5b:37:00:f8:ac:b8:31:51:d2:3a:41:b1:
         5c:8c:f5:bd:a5:90:0c:0e:22:86:89:c9:7e:39:72:e4:a8:da:
         3a:3e:63:3e:66:22:dd:42:58:ac:0f:0e:68:d3:63:7a:f7:6c:
         a1:31:e0:61:aa:ac:36:50:b1:20:dc:12:98:ea:30:6b:33:6f:
         87:f9:4c:6c:e5:05:d7:4f:1c:5e:5d:8b:7c:ec:fb:6c:03:f0:
         b1:32:30:e8:51:b9:3f:03:cb:6b:89:55:9d:11:24:30:c9:66:
         80:38:dc:db:56:ec:f0:19:5f:77:40:d1:33:87:13:86:a4:00:
         6f:18:ad:9e:72:61:92:de:43:ad:47:49:a0:aa:e2:1e:b3:a3:
         6a:78:37:fc:3a:13:6c:8e:e4:84:22:17:70:d5:94:c4:7b:53:
         60:a3:e4:8b:85:d4:06:9a:4c:18:bf:65:90:50:47:9a:73:1c:
         a4:9a:a3:45
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYexY4PMIH0O/QYQP+mN36iBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNDI0MDM1MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTczYmU2OTYxNzdmYWIzMGIzYzY2ZTJiNTM2MDRhOTBhMjNlYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAga/miSrvnL8qR1N0/baBrlLXgLtc
JoKGmXx4UW+UySMgxVSfa/bF5b3TrmY3meq4SXeN1q/XPXWCJ7zv+3TD+Zo/y8nC
IBxOOcLvZHWPkoaNzTnB1L77wr0DYyQyUvZsueDYION/0JQ2DYNZT2n59Y6wUmw7
rr0x9dXGWrtvNkdNxhiQaoFTp7b9B7ubW+QGaNAPMgGJwnVwuwLXKbRwuBJfHApu
G1DNDrzPAVRQVCUI++JURBNpstdn2kKQd75ZDpPGFsfHcVy7chMH7XbOdoReBi7c
If04fkQyEkNmc59d207Oh6bXPi18jCG1L8yBrKzLrLVFc9GhKpt5UaVldwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN5zvmlhd/qzCzxm4rU2BKkKI+vOMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvM25PLWFXRjMtck1MUEdiaXRUWUVxUW9qNjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAowUgMAwD
BACjBWkDBACjBWoDBACjBXMDBAGjBXYDBACjBZkDBACjBZ8DBACjBagDBACjBdQD
BACjBdwDBACjBfIwDQYJKoZIhvcNAQELBQADggEBAJHbTt92kNuE/Y4w431/GBTZ
gE7CQ45Ua3d56BwtRhlUBSJvTzYybABHi+EID0z6a5c2wlqlMq/FtUJCPkflPslP
vlMrEn2U9+tPaInTq1s3APisuDFR0jpBsVyM9b2lkAwOIoaJyX45cuSo2jo+Yz5m
It1CWKwPDmjTY3r3bKEx4GGqrDZQsSDcEpjqMGszb4f5TGzlBddPHF5di3zs+2wD
8LEyMOhRuT8Dy2uJVZ0RJDDJZoA43NtW7PAZX3dA0TOHE4akAG8YrZ5yYZLeQ61H
SaCq4h6zo2p4N/w6E2yO5IQiF3DVlMR7U2Cj5IuF1AaaTBi/ZZBQR5pzHKSao0U=
-----END CERTIFICATE-----