Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4FXbA5IwF7naGrbu4fRlbzJETrQ.roa
File:                     4FXbA5IwF7naGrbu4fRlbzJETrQ.roa (raw, json)
Hash identifier:          le7ijT+cDCPjOsQG23KpLjnOXaEr+g7RD1KqvEWycGo=
Subject key identifier:   E0:55:DB:03:92:30:17:B9:DA:1A:B6:EE:E1:F4:65:6F:32:44:4E:B4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0193CAE19C38EB34D8438F5C5CACA2CB6398
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4FXbA5IwF7naGrbu4fRlbzJETrQ.roa
Signing time:             Sun 15 Dec 2024 15:13:23 +0000
ROA not before:           Sun 15 Dec 2024 15:13:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        163.5.25.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.40.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.165.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 19:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ca:e1:9c:38:eb:34:d8:43:8f:5c:5c:ac:a2:cb:63:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Dec 15 15:13:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e055db03923017b9da1ab6eee1f4656f32444eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:32:25:c7:5f:f5:58:37:30:e4:df:b5:6a:
                    41:d7:13:bd:76:b4:da:bb:44:8a:9d:01:5c:b0:7b:
                    f2:97:3f:05:ef:85:59:62:3e:e2:78:e1:20:e9:a2:
                    51:db:ae:2c:75:37:92:45:17:fa:10:bb:97:bc:e7:
                    b2:d9:63:75:d2:f3:c4:11:6c:00:15:e5:bc:60:01:
                    c2:f1:dc:de:ea:12:f4:c5:10:3a:7d:56:7c:de:bb:
                    68:9e:c2:85:f5:44:21:a8:6b:5d:6d:b6:3f:a1:64:
                    7a:fb:15:eb:fd:18:20:ec:68:95:99:20:6a:e5:d3:
                    35:4f:0a:69:57:bc:c4:ac:ea:8f:97:97:63:ba:d1:
                    98:4a:d3:7c:92:46:25:d7:67:31:34:76:94:63:fd:
                    f7:6f:19:84:b9:82:5a:a4:14:53:89:55:df:01:ec:
                    f4:83:20:6f:27:5c:47:9c:d6:65:cd:5d:70:be:61:
                    98:9c:49:b0:2f:74:6c:45:4e:54:8f:c1:59:66:13:
                    25:f2:84:f9:ed:de:1b:8c:35:7c:98:06:47:22:3c:
                    46:6d:30:23:f6:4c:b7:fa:d6:a2:af:95:43:b9:ab:
                    34:04:1c:56:e4:c1:3c:cf:50:dc:50:74:93:2d:03:
                    31:63:b1:00:77:f5:35:94:82:73:a4:13:87:6a:02:
                    af:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:55:DB:03:92:30:17:B9:DA:1A:B6:EE:E1:F4:65:6F:32:44:4E:B4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4FXbA5IwF7naGrbu4fRlbzJETrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.25.0/24
                  163.5.33.0/24
                  163.5.40.0/24
                  163.5.110.0/23
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.145.0/24
                  163.5.165.0/24
                  163.5.250.0/24
                  163.5.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:1f:1c:09:ac:01:06:7f:62:e7:fe:4f:c5:61:40:63:23:27:
         8c:a5:02:ce:2b:f8:aa:d0:e0:ac:40:63:58:b8:41:43:7f:27:
         4f:e4:23:84:00:f8:cf:17:b5:64:08:9c:88:f1:d3:26:84:32:
         e5:bc:99:70:9e:da:bf:17:ba:06:34:04:77:dc:e4:c3:b9:16:
         69:ce:65:ba:86:2d:84:08:93:9e:48:a5:58:9c:a2:37:0a:cd:
         b0:d4:13:32:49:6c:97:43:cc:92:90:1e:02:78:ff:4b:2d:c8:
         28:07:df:47:b7:f9:98:fa:06:4b:61:be:2c:29:8e:0f:f1:ff:
         ae:f5:5c:53:3b:49:65:71:08:c2:36:02:12:74:47:c6:7e:40:
         a1:91:16:79:d0:4c:20:d8:95:8a:cb:61:e6:fe:50:e3:06:e8:
         a6:1f:55:db:55:1b:b1:41:82:61:57:67:5f:79:8e:9f:38:bd:
         e3:eb:41:3f:12:35:88:ae:d1:bb:f2:49:3e:8d:4b:17:e9:e5:
         31:9e:10:9e:0b:b2:2d:62:3d:12:f4:82:1f:7a:73:6b:00:90:
         f2:96:bf:d5:62:c8:05:47:56:60:8e:d0:be:cb:46:47:a2:74:
         42:07:c8:f5:8e:99:cc:af:e2:a4:07:39:30:4e:03:b1:0d:3e:
         ed:07:af:e2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZPK4Zw46zTYQ49cXKyiy2OYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMjE1MTUxMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDU1ZGIwMzkyMzAxN2I5ZGExYWI2ZWVlMWY0NjU2ZjMyNDQ0ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY4yJcdf9Vg3MOTftWpB1xO9drTa
u0SKnQFcsHvylz8F74VZYj7ieOEg6aJR264sdTeSRRf6ELuXvOey2WN10vPEEWwA
FeW8YAHC8dze6hL0xRA6fVZ83rtonsKF9UQhqGtdbbY/oWR6+xXr/Rgg7GiVmSBq
5dM1TwppV7zErOqPl5djutGYStN8kkYl12cxNHaUY/33bxmEuYJapBRTiVXfAez0
gyBvJ1xHnNZlzV1wvmGYnEmwL3RsRU5Uj8FZZhMl8oT57d4bjDV8mAZHIjxGbTAj
9ky3+tair5VDuas0BBxW5ME8z1DcUHSTLQMxY7EAd/U1lIJzpBOHagKvUwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFOBV2wOSMBe52hq27uH0ZW8yRE60MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNEZYYkE1SXdGN25hR3JidTRmUmxiekpFVHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAowUZAwQA
owUhAwQAowUoAwQBowVuAwQAowV+AwQAowWAAwQAowWRAwQAowWlAwQAowX6AwQA
owX9MA0GCSqGSIb3DQEBCwUAA4IBAQAQHxwJrAEGf2Ln/k/FYUBjIyeMpQLOK/iq
0OCsQGNYuEFDfydP5COEAPjPF7VkCJyI8dMmhDLlvJlwntq/F7oGNAR33OTDuRZp
zmW6hi2ECJOeSKVYnKI3Cs2w1BMySWyXQ8ySkB4CeP9LLcgoB99Ht/mY+gZLYb4s
KY4P8f+u9VxTO0llcQjCNgISdEfGfkChkRZ50Ewg2JWKy2Hm/lDjBuimH1XbVRux
QYJhV2dfeY6fOL3j60E/EjWIrtG78kk+jUsX6eUxnhCeC7ItYj0S9IIfenNrAJDy
lr/VYsgFR1ZgjtC+y0ZHonRCB8j1jpnMr+KkBzkwTgOxDT7tB6/i
-----END CERTIFICATE-----