Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8WkyuHq8qmZFdPaX4YSJYqkplOM.roa
File:                     8WkyuHq8qmZFdPaX4YSJYqkplOM.roa (raw, json)
Hash identifier:          5w8O+3mZwDGzAbA2trsi2Iw1cIFexqPdJLpo/sygpLQ=
Subject key identifier:   F1:69:32:B8:7A:BC:AA:66:45:74:F6:97:E1:84:89:62:A9:29:94:E3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0189552987956E3F4D10D1673829DD048A9D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8WkyuHq8qmZFdPaX4YSJYqkplOM.roa
Signing time:             Fri 14 Jul 2023 16:08:52 +0000
ROA not before:           Fri 14 Jul 2023 16:08:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.233.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.149.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:55:29:87:95:6e:3f:4d:10:d1:67:38:29:dd:04:8a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 14 16:08:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f16932b87abcaa664574f697e1848962a92994e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ed:0c:86:ce:fd:dc:45:a3:cf:b4:06:21:c0:
                    98:12:cb:57:06:4f:13:dd:7b:e2:85:0f:00:ee:d6:
                    5f:35:82:e2:52:c7:07:1a:c0:e5:f1:b8:c5:56:fe:
                    69:64:ee:23:c7:0e:5e:8b:03:77:d1:e0:bb:03:15:
                    d5:c6:22:2a:e2:fd:22:b1:ec:4f:76:63:39:a4:bd:
                    09:fb:d3:71:8a:e0:c6:40:8f:49:75:dc:19:91:6f:
                    7e:ac:13:52:20:37:b6:10:3c:31:70:b4:87:57:d0:
                    f3:98:34:7c:dd:94:55:b6:e2:80:39:e7:3b:97:50:
                    5e:bd:77:cc:f9:fc:d8:aa:a6:c7:f9:ba:7a:7c:30:
                    b2:6b:31:8b:81:df:e8:bb:ed:01:cd:f6:21:75:f2:
                    5c:2f:4c:43:17:3d:cb:13:d2:e1:69:6d:f7:90:f8:
                    2b:83:87:44:d6:f3:e8:d2:1a:39:cc:96:7d:55:f7:
                    84:fa:be:d8:9a:1c:e1:1f:97:6c:a8:ce:e2:e5:40:
                    57:77:ae:51:1b:d9:bd:1d:b2:78:87:75:ad:b3:36:
                    d7:bd:76:35:d1:9f:6f:48:94:f1:33:68:1d:0f:d5:
                    fd:72:de:db:8f:2b:92:3d:1b:6b:d0:76:40:34:c9:
                    a4:eb:ef:db:82:fa:4b:7e:eb:fa:c4:69:a9:7e:3f:
                    a7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:69:32:B8:7A:BC:AA:66:45:74:F6:97:E1:84:89:62:A9:29:94:E3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8WkyuHq8qmZFdPaX4YSJYqkplOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.142.0-163.5.144.255
                  163.5.149.0/24
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/23
                  163.5.233.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:11:77:0f:48:8b:f3:c6:37:9c:c3:cb:4d:95:a5:cd:48:5e:
         ee:5e:1e:9f:a6:20:3d:a0:aa:79:f8:b9:e3:34:d5:c6:aa:22:
         5a:9d:7e:9f:bd:b7:92:d6:1c:b1:3d:51:81:46:49:26:19:ce:
         f6:42:d7:68:72:34:52:e1:b0:c5:22:05:8b:ee:8c:81:0a:80:
         25:50:42:b6:00:d1:42:7a:96:1e:d8:f0:b3:73:54:8e:89:b8:
         55:3a:56:15:e2:e3:a3:ad:72:b3:80:3a:30:a3:eb:98:c7:56:
         fd:6e:63:f1:b9:9b:b8:2d:42:62:1c:96:be:c4:2d:28:b6:b4:
         01:b1:6c:b5:b8:8d:61:b2:32:7b:ac:68:07:36:3e:05:ba:c1:
         15:09:17:37:25:ab:fe:f3:86:12:23:68:ff:03:fe:75:83:53:
         b3:d4:91:7a:e9:d3:c8:57:05:e4:85:da:65:61:29:72:f8:ec:
         95:97:ce:8b:0f:97:fa:68:32:ca:59:f0:b4:1d:7b:e0:44:e5:
         91:d7:3f:d8:75:c9:90:08:a0:f3:e4:9d:ad:36:6a:1d:de:31:
         46:a1:96:34:d3:08:7f:92:24:eb:ed:4e:9d:91:48:0b:32:ad:
         02:2e:fa:da:86:ed:e3:9f:14:66:44:c5:80:66:e2:1c:b3:90:
         da:0b:70:78
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYlVKYeVbj9NENFnOCndBIqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNzE0MTYwODUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTY5MzJiODdhYmNhYTY2NDU3NGY2OTdlMTg0ODk2MmE5Mjk5NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAou0Mhs793EWjz7QGIcCYEstXBk8T
3XvihQ8A7tZfNYLiUscHGsDl8bjFVv5pZO4jxw5eiwN30eC7AxXVxiIq4v0isexP
dmM5pL0J+9NxiuDGQI9JddwZkW9+rBNSIDe2EDwxcLSHV9DzmDR83ZRVtuKAOec7
l1BevXfM+fzYqqbH+bp6fDCyazGLgd/ou+0BzfYhdfJcL0xDFz3LE9LhaW33kPgr
g4dE1vPo0ho5zJZ9VfeE+r7YmhzhH5dsqM7i5UBXd65RG9m9HbJ4h3WtszbXvXY1
0Z9vSJTxM2gdD9X9ct7bjyuSPRtr0HZANMmk6+/bgvpLfuv6xGmpfj+nAQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPFpMrh6vKpmRXT2l+GEiWKpKZTjMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOFdreXVIcThxbVpGZFBhWDRZU0pZcWtwbE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowU7AwQA
owVTMAwDBAGjBY4DBACjBZADBACjBZUDBACjBZoDBAGjBcADBAGjBdYDBACjBekD
BAC5/TYwDQYJKoZIhvcNAQELBQADggEBAJ4Rdw9Ii/PGN5zDy02Vpc1IXu5eHp+m
ID2gqnn4ueM01caqIlqdfp+9t5LWHLE9UYFGSSYZzvZC12hyNFLhsMUiBYvujIEK
gCVQQrYA0UJ6lh7Y8LNzVI6JuFU6VhXi46OtcrOAOjCj65jHVv1uY/G5m7gtQmIc
lr7ELSi2tAGxbLW4jWGyMnusaAc2PgW6wRUJFzclq/7zhhIjaP8D/nWDU7PUkXrp
08hXBeSF2mVhKXL47JWXzosPl/poMspZ8LQde+BE5ZHXP9h1yZAIoPPkna02ah3e
MUahljTTCH+SJOvtTp2RSAsyrQIu+tqG7eOfFGZExYBm4hyzkNoLcHg=
-----END CERTIFICATE-----