Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9pYR8SrrVUjT7Iuy82vCYZffAO0.roa
File:                     9pYR8SrrVUjT7Iuy82vCYZffAO0.roa (raw, json)
Hash identifier:          vIeDL/lJDCOR/hL/MqpyNdBqX5x3I6Y6arNgxDJmuXE=
Subject key identifier:   F6:96:11:F1:2A:EB:55:48:D3:EC:8B:B2:F3:6B:C2:61:97:DF:00:ED
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018647F166E0F98FC336C9B875D0B3C65490
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9pYR8SrrVUjT7Iuy82vCYZffAO0.roa
Signing time:             Sun 12 Feb 2023 23:24:08 +0000
ROA not before:           Sun 12 Feb 2023 23:24:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:47:f1:66:e0:f9:8f:c3:36:c9:b8:75:d0:b3:c6:54:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 12 23:24:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f69611f12aeb5548d3ec8bb2f36bc26197df00ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d8:11:dd:dd:5f:94:f1:2c:ad:5d:8f:4a:04:
                    59:c1:b8:ec:e5:c7:46:19:97:09:ac:6c:3b:51:f2:
                    8c:cd:95:66:c2:6e:a0:15:4e:bf:35:d6:e6:34:2b:
                    6d:03:ce:2e:4b:e8:30:d9:e9:e6:91:3a:3f:83:8d:
                    dd:07:1b:e5:e0:22:3d:aa:11:7f:86:0d:d3:d7:58:
                    5e:ce:cd:eb:bb:2b:01:ea:8d:bc:5b:74:e2:7f:07:
                    28:f8:19:60:ea:6b:20:8d:be:34:5a:81:8c:92:68:
                    79:45:79:0d:53:38:7c:af:9d:65:2d:7a:a5:94:35:
                    07:0b:45:cf:95:42:4e:9a:28:3c:fe:b7:bb:8f:61:
                    a5:84:69:53:3b:cd:fc:b3:3f:04:8a:f1:07:9e:24:
                    3c:0b:af:a1:26:ae:4f:72:45:3d:56:d5:83:1c:09:
                    70:c0:5d:e5:c8:42:e5:90:97:ba:25:12:b7:9d:48:
                    09:9e:d2:12:22:75:71:9e:04:44:ca:c3:65:c4:8a:
                    08:94:14:47:2b:ec:90:17:d9:93:7f:aa:4d:99:e7:
                    c2:f5:1f:b1:8a:2f:69:71:38:f4:be:55:95:00:35:
                    d6:60:cc:7c:75:50:f7:b9:b1:ec:3d:01:8d:a9:61:
                    2d:89:7c:1a:5e:3e:37:1f:67:6d:be:44:76:a4:22:
                    5b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:96:11:F1:2A:EB:55:48:D3:EC:8B:B2:F3:6B:C2:61:97:DF:00:ED
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/9pYR8SrrVUjT7Iuy82vCYZffAO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.121.0/24
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.215.0/24
                  163.5.220.0/24
                  163.5.225.0/24
                  163.5.229.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:11:ce:e1:3b:6b:87:54:70:cd:45:75:5a:ee:4c:77:47:51:
         fb:2f:d4:fe:d9:7a:3d:57:57:03:2f:23:e0:63:41:d1:68:8f:
         61:ab:f7:93:87:ef:4a:61:7a:54:0c:41:f2:7f:86:bb:98:c5:
         e0:df:86:c7:34:21:08:76:ab:6c:a9:e7:81:8b:d5:a6:bc:a8:
         37:a3:ed:d0:9b:19:36:d5:46:b8:2a:09:4e:ac:e5:8c:c7:f8:
         7c:d1:6b:80:41:44:76:a4:4f:69:9a:ab:b9:80:10:f0:d7:38:
         33:34:93:41:94:46:71:ac:7c:d3:3b:37:ba:c9:98:70:89:cb:
         19:9d:4e:f5:b7:4e:69:8b:a0:97:4f:8e:59:f3:63:da:4c:e3:
         c1:50:17:ae:5f:24:73:91:a3:d2:18:01:68:d1:a4:1e:15:eb:
         81:1e:5f:4a:a2:b7:87:47:cc:37:3f:93:de:19:b3:5e:ad:e9:
         ed:c5:69:5e:02:2f:fd:24:0d:f1:fd:e1:7f:33:27:2f:aa:9b:
         14:6c:f1:7e:73:7e:91:ca:74:48:94:53:6d:79:0c:4d:7f:ab:
         a3:52:f7:13:90:dd:ac:55:a1:31:cc:18:14:33:d5:47:2e:f9:
         9b:ef:3e:0a:72:91:78:38:ea:e1:59:23:20:5a:d1:c2:c6:d3:
         5f:2d:12:5f
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYZH8Wbg+Y/DNsm4ddCzxlSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMjEyMjMyNDA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjk2MTFmMTJhZWI1NTQ4ZDNlYzhiYjJmMzZiYzI2MTk3ZGYwMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtgR3d1flPEsrV2PSgRZwbjs5cdG
GZcJrGw7UfKMzZVmwm6gFU6/NdbmNCttA84uS+gw2enmkTo/g43dBxvl4CI9qhF/
hg3T11hezs3ruysB6o28W3Tifwco+Blg6msgjb40WoGMkmh5RXkNUzh8r51lLXql
lDUHC0XPlUJOmig8/re7j2GlhGlTO838sz8EivEHniQ8C6+hJq5PckU9VtWDHAlw
wF3lyELlkJe6JRK3nUgJntISInVxngREysNlxIoIlBRHK+yQF9mTf6pNmefC9R+x
ii9pcTj0vlWVADXWYMx8dVD3ubHsPQGNqWEtiXwaXj43H2dtvkR2pCJbvQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPaWEfEq61VI0+yLsvNrwmGX3wDtMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOXBZUjhTcnJWVWpUN0l1eTgydkNZWmZmQU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBACjBWkD
BACjBWoDBACjBXMDBAGjBXYDBACjBXkDBACjBZkDBACjBZ8DBACjBagDBACjBdQD
BACjBdcDBACjBdwDBACjBeEDBACjBeUDBACjBfIwDQYJKoZIhvcNAQELBQADggEB
AKcRzuE7a4dUcM1FdVruTHdHUfsv1P7Zej1XVwMvI+BjQdFoj2Gr95OH70phelQM
QfJ/hruYxeDfhsc0IQh2q2yp54GL1aa8qDej7dCbGTbVRrgqCU6s5YzH+HzRa4BB
RHakT2maq7mAEPDXODM0k0GURnGsfNM7N7rJmHCJyxmdTvW3TmmLoJdPjlnzY9pM
48FQF65fJHORo9IYAWjRpB4V64EeX0qit4dHzDc/k94Zs16t6e3FaV4CL/0kDfH9
4X8zJy+qmxRs8X5zfpHKdEiUU215DE1/q6NS9xOQ3axVoTHMGBQz1Ucu+ZvvPgpy
kXg46uFZIyBa0cLG018tEl8=
-----END CERTIFICATE-----