Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/C2FD-ebCbPa0xkqS1PeR_dJtI18.roa
File:                     C2FD-ebCbPa0xkqS1PeR_dJtI18.roa (raw, json)
Hash identifier:          FzTKElxJmvgBedRVZu+oQUdizslX26DMA3LdxtoUCrk=
Subject key identifier:   0B:61:43:F9:E6:C2:6C:F6:B4:C6:4A:92:D4:F7:91:FD:D2:6D:23:5F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018586909CE8C198A1C67A1D67045BC8F4D7
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/C2FD-ebCbPa0xkqS1PeR_dJtI18.roa
Signing time:             Fri 06 Jan 2023 10:11:42 +0000
ROA not before:           Fri 06 Jan 2023 10:11:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        163.5.91.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.34.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.152.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 13 Jan 2023 10:28:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:86:90:9c:e8:c1:98:a1:c6:7a:1d:67:04:5b:c8:f4:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  6 10:11:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b6143f9e6c26cf6b4c64a92d4f791fdd26d235f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:44:81:2d:06:cd:02:33:c5:55:0b:a8:c5:2d:
                    41:01:7f:3b:92:c6:83:cf:51:9b:5e:21:85:fa:bd:
                    5b:b7:f6:23:9e:08:45:62:ad:de:0f:0d:27:20:34:
                    e2:a5:06:0b:76:c5:ae:6d:91:eb:c4:92:66:de:31:
                    f5:d6:cc:ed:6c:d7:60:65:4b:83:63:52:ca:d2:04:
                    2b:35:0a:4e:fa:85:a0:d1:8d:dc:b3:1f:42:9e:ef:
                    55:45:1a:55:9b:54:20:d9:1c:c0:8c:2b:81:a4:f4:
                    1d:a6:51:79:b4:3a:b2:ae:50:c5:e5:99:0c:21:12:
                    ef:98:8c:5f:34:c3:29:fa:5d:6b:e5:5c:03:9e:bf:
                    46:b7:d4:16:6a:95:f5:d6:0d:53:44:05:6a:95:60:
                    04:94:df:41:4f:5a:9d:90:e6:18:68:27:e7:18:09:
                    91:28:2b:dc:e7:10:ad:e9:c3:0b:99:f6:dc:56:de:
                    56:24:36:eb:66:a3:ed:2b:cd:54:d7:38:d4:34:c7:
                    14:71:69:0a:d3:00:a3:5d:ee:22:58:95:89:57:bf:
                    22:e1:e4:66:d4:1b:d1:00:44:02:d3:3b:b6:73:d2:
                    d0:34:cf:79:88:a6:f0:82:3c:23:cf:08:5f:20:13:
                    bb:27:63:5d:ff:1e:8a:66:ca:5f:7f:4a:c0:b3:71:
                    46:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:61:43:F9:E6:C2:6C:F6:B4:C6:4A:92:D4:F7:91:FD:D2:6D:23:5F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/C2FD-ebCbPa0xkqS1PeR_dJtI18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.33.0-163.5.34.255
                  163.5.38.0/24
                  163.5.91.0/24
                  163.5.97.0/24
                  163.5.114.0/24
                  163.5.131.0/24
                  163.5.152.0/24
                  163.5.169.0/24
                  163.5.249.0/24
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d4:5a:4d:2a:4e:99:58:85:a2:d0:c7:31:77:a2:28:59:91:
         c7:66:fe:16:62:a1:60:a3:2a:f5:15:b6:49:23:9d:a8:37:9d:
         1b:a8:25:7e:3b:12:97:4b:d9:a2:a0:93:90:8d:f6:28:97:b7:
         72:de:ae:aa:72:0f:fe:de:78:e2:6a:50:3f:cf:b5:08:00:1c:
         d4:98:90:16:9d:30:0a:71:fb:13:12:59:09:81:ed:f4:36:e8:
         0f:f7:f3:c6:c0:4b:58:64:8e:dd:76:76:35:42:7a:08:a7:ec:
         04:44:9f:a4:ca:3d:6f:48:57:3e:85:79:ab:67:a9:92:2d:79:
         c9:fc:9b:71:20:21:e7:ec:8f:62:4b:d1:fb:54:d3:cd:79:9c:
         fc:9a:e8:6a:ff:f5:3e:3b:09:c6:89:29:8d:46:44:db:17:47:
         aa:9c:32:e2:e5:79:1f:29:b1:cb:5d:3f:61:5c:76:de:ee:53:
         90:14:f9:8e:ba:50:d2:77:39:fb:da:e8:24:39:3d:c8:65:d9:
         fd:60:e9:14:25:06:b9:1b:ee:e5:88:d9:09:10:14:19:28:14:
         22:99:f2:8c:dc:df:c3:8e:12:a7:f6:0c:3f:7a:64:f5:b9:ba:
         29:6a:a3:0e:b9:44:4e:b6:f8:86:cf:c5:e7:b2:6c:49:81:be:
         56:e8:ac:4b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYWGkJzowZihxnodZwRbyPTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTA2MTAxMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjYxNDNmOWU2YzI2Y2Y2YjRjNjRhOTJkNGY3OTFmZGQyNmQyMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ESBLQbNAjPFVQuoxS1BAX87ksaD
z1GbXiGF+r1bt/YjnghFYq3eDw0nIDTipQYLdsWubZHrxJJm3jH11sztbNdgZUuD
Y1LK0gQrNQpO+oWg0Y3csx9Cnu9VRRpVm1Qg2RzAjCuBpPQdplF5tDqyrlDF5ZkM
IRLvmIxfNMMp+l1r5VwDnr9Gt9QWapX11g1TRAVqlWAElN9BT1qdkOYYaCfnGAmR
KCvc5xCt6cMLmfbcVt5WJDbrZqPtK81U1zjUNMcUcWkK0wCjXe4iWJWJV78i4eRm
1BvRAEQC0zu2c9LQNM95iKbwgjwjzwhfIBO7J2Nd/x6KZspff0rAs3FGaQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFAthQ/nmwmz2tMZKktT3kf3SbSNfMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQzJGRC1lYkNiUGEweGtxUzFQZVJfZEp0STE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBACjBSED
BACjBSIDBACjBSYDBACjBVsDBACjBWEDBACjBXIDBACjBYMDBACjBZgDBACjBakD
BACjBfkDBACjBf4wDQYJKoZIhvcNAQELBQADggEBAFrUWk0qTplYhaLQxzF3oihZ
kcdm/hZioWCjKvUVtkkjnag3nRuoJX47EpdL2aKgk5CN9iiXt3LerqpyD/7eeOJq
UD/PtQgAHNSYkBadMApx+xMSWQmB7fQ26A/388bAS1hkjt12djVCegin7AREn6TK
PW9IVz6FeatnqZItecn8m3EgIefsj2JL0ftU0815nPya6Gr/9T47CcaJKY1GRNsX
R6qcMuLleR8psctdP2Fcdt7uU5AU+Y66UNJ3Ofva6CQ5Pchl2f1g6RQlBrkb7uWI
2QkQFBkoFCKZ8ozc38OOEqf2DD96ZPW5uilqow65RE62+IbPxeeybEmBvlborEs=
-----END CERTIFICATE-----