Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BkaGfCizg_539w4vBKLuSH4ctys.roa
File:                     BkaGfCizg_539w4vBKLuSH4ctys.roa (raw, json)
Hash identifier:          /Qx+zb5KtU8zHTQ73nvcjcVkbiOODhz7gHnv0Z0bRe0=
Subject key identifier:   06:46:86:7C:28:B3:83:FE:77:F7:0E:2F:04:A2:EE:48:7E:1C:B7:2B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0189D4EB0470FFDA34648FC2FC085118308D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BkaGfCizg_539w4vBKLuSH4ctys.roa
Signing time:             Tue 08 Aug 2023 11:31:59 +0000
ROA not before:           Tue 08 Aug 2023 11:31:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.149.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d4:eb:04:70:ff:da:34:64:8f:c2:fc:08:51:18:30:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug  8 11:31:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0646867c28b383fe77f70e2f04a2ee487e1cb72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:72:18:8a:5e:85:7a:7b:2d:29:62:35:04:
                    3c:8a:32:f4:e3:28:db:63:2d:be:1f:25:3e:00:bc:
                    3b:5c:81:f4:90:4b:41:5a:e1:ef:e5:d9:8e:eb:d6:
                    3a:44:de:62:14:b8:ab:04:a7:e6:e7:f7:2e:b0:10:
                    7d:24:3b:cc:8f:40:ca:4b:6b:f7:03:6f:0e:28:a5:
                    75:66:a1:1f:db:94:0e:9e:ab:0f:13:c7:fd:54:1f:
                    eb:d2:33:de:d3:0a:d2:f8:73:17:1b:cc:e2:b3:2e:
                    9e:61:60:0c:74:eb:27:c3:02:ac:49:9a:9e:14:8a:
                    d3:2b:bd:32:15:7e:ec:5f:ed:93:cc:07:88:b9:a2:
                    6f:65:b5:80:c2:0b:15:38:d2:fa:16:c8:98:bc:7b:
                    10:14:b3:a6:ff:c9:72:7d:61:c0:87:62:e2:71:f2:
                    b6:a5:fc:34:df:c4:ec:a4:c0:f4:6d:ee:9c:06:73:
                    cf:de:b8:79:7f:25:d8:70:50:94:cb:46:14:39:3a:
                    6d:d5:f2:48:e1:c8:39:bb:b9:0c:22:07:4a:0f:a9:
                    28:fa:82:15:0c:b3:58:10:0e:87:80:8c:c6:b7:ab:
                    c5:c3:82:91:c8:8a:3e:87:1d:b6:54:ac:db:d5:ae:
                    c3:66:a6:0c:f4:e3:c0:b7:52:eb:82:1b:50:46:65:
                    d7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:46:86:7C:28:B3:83:FE:77:F7:0E:2F:04:A2:EE:48:7E:1C:B7:2B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BkaGfCizg_539w4vBKLuSH4ctys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.142.0-163.5.144.255
                  163.5.149.0/24
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/23
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:37:c5:85:5b:e5:da:c1:8e:fa:05:6c:46:d4:6c:2b:47:f4:
         a8:df:42:b1:3a:ca:72:8a:f2:58:96:b4:16:de:a9:63:21:21:
         a8:aa:ba:6d:90:20:a3:e9:33:6b:ea:66:01:6f:32:b6:61:91:
         fd:ff:e4:cf:21:d1:ef:0a:92:32:71:9e:cb:ca:86:2c:6c:a1:
         17:91:8d:0e:27:93:4c:50:43:56:8a:db:b6:d5:db:12:e9:4b:
         68:da:4c:7e:ec:6d:9f:bd:b7:3c:61:81:7b:6e:9d:c7:2e:94:
         f4:8d:ad:f5:95:d9:47:12:66:d9:dc:d7:76:bc:e4:1b:ab:bd:
         bc:69:8d:cb:e1:a5:45:a7:9d:78:6c:a7:ba:5e:d9:dc:94:15:
         df:f4:8e:60:42:65:0c:7f:60:20:c3:0a:ed:16:20:1b:44:06:
         51:d3:c6:7d:4e:1b:3c:d8:49:0d:bf:e3:f3:85:55:b6:81:8b:
         1b:7e:b1:99:a2:f1:d5:d1:f9:e2:39:eb:30:f7:37:ef:b5:46:
         5b:d9:3a:0e:f9:d1:1f:2d:ce:3a:7f:1b:51:fe:a9:d8:fa:39:
         bd:f6:98:59:4e:5d:34:36:fb:e6:08:40:fc:60:3a:02:10:2e:
         c1:b0:17:7e:6e:43:80:08:b8:63:5b:82:90:f9:b4:ff:45:0d:
         5a:2b:ca:b8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYnU6wRw/9o0ZI/C/AhRGDCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwODA4MTEzMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ2ODY3YzI4YjM4M2ZlNzdmNzBlMmYwNGEyZWU0ODdlMWNiNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXZyGIpehXp7LSliNQQ8ijL04yjb
Yy2+HyU+ALw7XIH0kEtBWuHv5dmO69Y6RN5iFLirBKfm5/cusBB9JDvMj0DKS2v3
A28OKKV1ZqEf25QOnqsPE8f9VB/r0jPe0wrS+HMXG8zisy6eYWAMdOsnwwKsSZqe
FIrTK70yFX7sX+2TzAeIuaJvZbWAwgsVONL6FsiYvHsQFLOm/8lyfWHAh2LicfK2
pfw038TspMD0be6cBnPP3rh5fyXYcFCUy0YUOTpt1fJI4cg5u7kMIgdKD6ko+oIV
DLNYEA6HgIzGt6vFw4KRyIo+hx22VKzb1a7DZqYM9OPAt1LrghtQRmXXowIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAZGhnwos4P+d/cOLwSi7kh+HLcrMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQmthR2ZDaXpnXzUzOXc0dkJLTHVTSDRjdHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAowU7AwQA
owVTMAwDBAGjBY4DBACjBZADBACjBZUDBACjBZoDBAGjBcADBAGjBdYDBAC5/TYw
DQYJKoZIhvcNAQELBQADggEBADQ3xYVb5drBjvoFbEbUbCtH9KjfQrE6ynKK8liW
tBbeqWMhIaiqum2QIKPpM2vqZgFvMrZhkf3/5M8h0e8KkjJxnsvKhixsoReRjQ4n
k0xQQ1aK27bV2xLpS2jaTH7sbZ+9tzxhgXtuncculPSNrfWV2UcSZtnc13a85Bur
vbxpjcvhpUWnnXhsp7pe2dyUFd/0jmBCZQx/YCDDCu0WIBtEBlHTxn1OGzzYSQ2/
4/OFVbaBixt+sZmi8dXR+eI56zD3N++1RlvZOg750R8tzjp/G1H+qdj6Ob32mFlO
XTQ2++YIQPxgOgIQLsGwF35uQ4AIuGNbgpD5tP9FDVoryrg=
-----END CERTIFICATE-----