Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7H815mytOedAmjAsq6r2_2ebU3c.roa
File:                     7H815mytOedAmjAsq6r2_2ebU3c.roa (raw, json)
Hash identifier:          X+k+Dnby2Ih9NymMMMll9pLIsFhrp1khnvVCosL4nHQ=
Subject key identifier:   EC:7F:35:E6:6C:AD:39:E7:40:9A:30:2C:AB:AA:F6:FF:67:9B:53:77
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01857042C04A19442105F30C525DB4B5CB0F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7H815mytOedAmjAsq6r2_2ebU3c.roa
Signing time:             Mon 02 Jan 2023 02:15:00 +0000
ROA not before:           Mon 02 Jan 2023 02:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        163.5.91.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.31.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.37.0/24 maxlen: 24
                          163.5.34.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.152.0/24 maxlen: 24
                          163.5.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:c0:4a:19:44:21:05:f3:0c:52:5d:b4:b5:cb:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 02:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec7f35e66cad39e7409a302cabaaf6ff679b5377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:da:e9:92:eb:18:87:69:4c:9e:33:a4:1c:a1:
                    76:e6:ec:de:94:35:70:af:b7:4f:57:ab:3c:88:44:
                    89:0a:dd:33:fd:59:06:3a:43:53:94:cd:f0:f7:e4:
                    bb:2a:43:71:f8:e0:09:7f:ed:fb:41:40:b4:2d:36:
                    a0:71:2b:a3:43:5d:b6:8f:70:22:32:9c:56:b3:49:
                    f5:4f:60:29:c2:53:44:0e:eb:62:e3:a4:82:c2:cf:
                    57:78:61:0d:25:63:1d:1f:6f:12:50:1c:84:b0:1b:
                    d3:82:37:d7:d5:6b:bc:4c:8c:6e:9d:4b:60:3b:f5:
                    53:3e:83:93:08:65:35:04:4c:19:a9:b4:3b:82:16:
                    23:ee:26:1e:2b:f9:3d:f0:03:6d:8f:a2:4f:7d:e5:
                    90:0e:df:83:d5:77:ab:53:3f:5e:47:b1:ff:0e:89:
                    5c:6b:a0:05:48:1d:6a:5b:a4:e9:0b:c2:b0:d8:36:
                    6b:74:c9:3a:dc:f7:78:90:90:eb:90:95:6b:12:08:
                    cd:f9:c7:81:7a:16:ff:7e:3c:57:ea:fd:53:be:c1:
                    a2:b2:90:99:7c:6f:15:af:66:82:10:0b:c1:39:f6:
                    f7:0b:f3:d8:d9:6c:89:c3:50:58:80:4e:1c:63:ba:
                    11:49:dd:d3:df:3e:a6:2a:28:01:c4:99:48:5f:c9:
                    ee:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7F:35:E6:6C:AD:39:E7:40:9A:30:2C:AB:AA:F6:FF:67:9B:53:77
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/7H815mytOedAmjAsq6r2_2ebU3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.33.0-163.5.34.255
                  163.5.37.0-163.5.39.255
                  163.5.91.0/24
                  163.5.97.0/24
                  163.5.114.0/24
                  163.5.131.0/24
                  163.5.152.0/24
                  163.5.169.0/24
                  163.5.249.0/24
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:29:b0:db:95:1f:be:15:26:f0:9c:5f:2c:c0:13:44:e5:c3:
         5e:cf:4a:90:63:a8:0c:7f:68:4d:52:cd:bc:b5:3d:88:29:0e:
         3d:95:44:d6:3b:65:cd:d7:d9:fa:02:d2:73:55:20:d6:1e:f5:
         f2:35:77:2b:a0:00:a0:6f:e2:d2:d3:58:5c:2d:c2:be:a1:e7:
         94:43:35:c1:1a:ee:e7:d3:03:95:c1:45:26:ca:1c:68:07:f7:
         bd:bd:2e:22:79:d7:52:34:4c:eb:93:53:18:b5:4a:68:5e:d7:
         b3:8d:68:3f:d3:f8:34:c0:39:a9:7c:08:d1:7e:b0:ae:78:73:
         29:e6:55:62:41:a8:3a:67:be:8a:b7:04:67:83:17:ef:e7:a8:
         a8:66:9f:45:d6:8f:c6:f0:0f:2f:64:f8:8e:43:c1:fa:6b:bf:
         72:a9:92:44:47:b7:7f:2a:1b:27:1b:10:25:22:83:e5:e9:17:
         c9:02:c4:03:d3:22:23:c6:80:b8:42:78:62:2d:64:4c:a7:5f:
         4b:ec:ec:04:92:21:cb:42:20:02:e7:88:3b:e8:ef:40:63:8b:
         d3:66:df:45:b0:aa:e0:4a:4c:6a:e0:0f:20:a3:20:84:90:a7:
         5e:25:a6:ac:54:34:8b:0b:2e:a5:14:46:43:2d:fe:ee:78:83:
         ea:5b:3e:48
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYVwQsBKGUQhBfMMUl20tcsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTAyMDIxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzdmMzVlNjZjYWQzOWU3NDA5YTMwMmNhYmFhZjZmZjY3OWI1Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdrpkusYh2lMnjOkHKF25uzelDVw
r7dPV6s8iESJCt0z/VkGOkNTlM3w9+S7KkNx+OAJf+37QUC0LTagcSujQ122j3Ai
MpxWs0n1T2ApwlNEDuti46SCws9XeGENJWMdH28SUByEsBvTgjfX1Wu8TIxunUtg
O/VTPoOTCGU1BEwZqbQ7ghYj7iYeK/k98ANtj6JPfeWQDt+D1XerUz9eR7H/Dolc
a6AFSB1qW6TpC8Kw2DZrdMk63Pd4kJDrkJVrEgjN+ceBehb/fjxX6v1TvsGispCZ
fG8Vr2aCEAvBOfb3C/PY2WyJw1BYgE4cY7oRSd3T3z6mKigBxJlIX8nuXwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFOx/NeZsrTnnQJowLKuq9v9nm1N3MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvN0g4MTVteXRPZWRBbWpBc3E2cjJfMmViVTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUfMAwD
BACjBSEDBACjBSIwDAMEAKMFJQMEA6MFIAMEAKMFWwMEAKMFYQMEAKMFcgMEAKMF
gwMEAKMFmAMEAKMFqQMEAKMF+QMEAKMF/jANBgkqhkiG9w0BAQsFAAOCAQEAMCmw
25UfvhUm8JxfLMATROXDXs9KkGOoDH9oTVLNvLU9iCkOPZVE1jtlzdfZ+gLSc1Ug
1h718jV3K6AAoG/i0tNYXC3CvqHnlEM1wRru59MDlcFFJsocaAf3vb0uInnXUjRM
65NTGLVKaF7Xs41oP9P4NMA5qXwI0X6wrnhzKeZVYkGoOme+ircEZ4MX7+eoqGaf
RdaPxvAPL2T4jkPB+mu/cqmSREe3fyobJxsQJSKD5ekXyQLEA9MiI8aAuEJ4Yi1k
TKdfS+zsBJIhy0IgAueIO+jvQGOL02bfRbCq4EpMauAPIKMghJCnXiWmrFQ0iwsu
pRRGQy3+7niD6ls+SA==
-----END CERTIFICATE-----