Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DufQnzPkEyBx34RzfvRGOMpLEtM.roa
File:                     DufQnzPkEyBx34RzfvRGOMpLEtM.roa (raw, json)
Hash identifier:          5+ie1LlcYY47j3Q/oxPC1jwAeAIABxeKnTZuYtwNvdo=
Subject key identifier:   0E:E7:D0:9F:33:E4:13:20:71:DF:84:73:7E:F4:46:38:CA:4B:12:D3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019127A92FFAD6EF3BB0DB8AEF9F0524BE42
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DufQnzPkEyBx34RzfvRGOMpLEtM.roa
Signing time:             Tue 06 Aug 2024 12:28:04 +0000
ROA not before:           Tue 06 Aug 2024 12:28:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        163.5.36.0/24 maxlen: 24
                          163.5.56.0/24 maxlen: 24
                          163.5.82.0/24 maxlen: 24
                          163.5.87.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.140.0/24 maxlen: 24
                          163.5.162.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24
                          163.5.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 15 Aug 2024 14:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:27:a9:2f:fa:d6:ef:3b:b0:db:8a:ef:9f:05:24:be:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug  6 12:28:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ee7d09f33e4132071df84737ef44638ca4b12d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:9a:8c:b6:97:56:9c:4f:f1:bc:e8:d2:3a:
                    d1:75:46:16:9b:16:d7:97:33:8c:48:2e:04:bb:64:
                    65:de:d6:4f:fa:b2:da:f1:36:a9:82:51:02:de:e4:
                    2e:56:47:dd:cc:9d:d9:12:3f:53:f2:c0:75:15:49:
                    f4:dc:7f:14:86:4e:41:a2:85:c2:03:9a:b4:e7:64:
                    14:4b:6b:06:d6:fc:87:3d:9d:46:28:8b:48:86:aa:
                    3a:52:d9:ba:e2:22:48:46:df:e9:07:ef:a4:82:5b:
                    e5:63:9a:de:25:4a:0a:e6:d5:59:eb:ec:c8:a9:dd:
                    7c:f1:38:65:a9:56:fb:77:00:0b:e9:3f:21:c5:1f:
                    49:7d:1d:88:f4:26:a2:0e:df:3a:56:7a:4d:3b:cf:
                    f2:dd:8a:b3:d1:30:07:25:ab:01:b7:d6:51:6e:b5:
                    ab:be:4e:92:b1:e1:01:b9:2e:94:f4:63:8e:c2:d6:
                    59:8c:13:c2:ee:be:19:6d:02:38:5e:8d:62:c7:de:
                    39:09:d0:1f:19:49:2b:4d:f2:f1:2b:d9:5c:49:13:
                    70:10:74:be:8e:2b:03:1d:81:97:c4:9b:07:70:1d:
                    8e:01:22:bd:c7:3b:17:98:0e:64:4f:7b:5e:d4:9e:
                    b8:7b:f1:3c:9b:e4:71:fd:c4:fe:4b:38:8a:82:8e:
                    09:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E7:D0:9F:33:E4:13:20:71:DF:84:73:7E:F4:46:38:CA:4B:12:D3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DufQnzPkEyBx34RzfvRGOMpLEtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.36.0/24
                  163.5.56.0/24
                  163.5.82.0/24
                  163.5.87.0/24
                  163.5.95.0/24
                  163.5.99.0/24
                  163.5.127.0/24
                  163.5.140.0/24
                  163.5.162.0/24
                  163.5.202.0/24
                  163.5.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:2f:4e:14:20:44:99:d0:f4:96:80:ff:77:e0:19:51:ee:2b:
         65:a0:b6:36:13:db:cd:76:6a:37:3e:e6:a0:79:37:01:9a:57:
         af:63:e7:b2:c6:44:6e:86:0d:34:6f:c3:b8:9a:4c:64:b9:17:
         6b:68:42:d7:43:1a:9d:42:6c:9e:a2:b7:46:e5:81:0e:4f:1a:
         5b:50:8a:70:c1:fc:d6:e0:bc:77:1e:d9:c6:09:7f:e8:5e:76:
         28:ed:00:e2:18:c3:1c:ed:cb:7a:36:65:1d:bb:69:d5:40:62:
         8a:11:4f:89:c4:63:cf:ae:1d:65:a1:7e:c1:db:d6:68:b8:d4:
         d4:b7:a0:c8:3b:66:3e:be:ee:ab:d9:29:e2:54:3e:67:54:fe:
         6b:76:38:5d:af:4b:86:19:14:4b:70:f8:68:e0:2c:ba:d3:fe:
         f5:fe:99:01:47:7c:b7:8c:70:29:f6:74:b6:40:bd:c4:c4:fd:
         ed:c4:9f:e2:02:e0:3d:31:79:db:db:f8:d5:dd:0f:a7:0a:98:
         97:f8:a8:c3:4f:09:a8:0f:e8:0a:c7:80:bd:60:bc:f8:ed:84:
         d8:75:07:c8:dc:cd:c6:9c:20:c8:da:07:59:40:0f:f7:f5:51:
         30:bd:ce:83:ed:19:d2:df:7b:5b:7e:ec:3d:80:8b:e6:18:b0:
         fc:8c:4b:47
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZEnqS/61u87sNuK758FJL5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODA2MTIyODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU3ZDA5ZjMzZTQxMzIwNzFkZjg0NzM3ZWY0NDYzOGNhNGIxMmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyiajLaXVpxP8bzo0jrRdUYWmxbX
lzOMSC4Eu2Rl3tZP+rLa8TapglEC3uQuVkfdzJ3ZEj9T8sB1FUn03H8Uhk5BooXC
A5q052QUS2sG1vyHPZ1GKItIhqo6Utm64iJIRt/pB++kglvlY5reJUoK5tVZ6+zI
qd188ThlqVb7dwAL6T8hxR9JfR2I9CaiDt86VnpNO8/y3Yqz0TAHJasBt9ZRbrWr
vk6SseEBuS6U9GOOwtZZjBPC7r4ZbQI4Xo1ix945CdAfGUkrTfLxK9lcSRNwEHS+
jisDHYGXxJsHcB2OASK9xzsXmA5kT3te1J64e/E8m+Rx/cT+SziKgo4J+QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFA7n0J8z5BMgcd+Ec370RjjKSxLTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRHVmUW56UGtFeUJ4MzRSemZ2UkdPTXBMRXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAowUkAwQA
owU4AwQAowVSAwQAowVXAwQAowVfAwQAowVjAwQAowV/AwQAowWMAwQAowWiAwQA
owXKAwQAowX4MA0GCSqGSIb3DQEBCwUAA4IBAQCZL04UIESZ0PSWgP934BlR7itl
oLY2E9vNdmo3PuageTcBmlevY+eyxkRuhg00b8O4mkxkuRdraELXQxqdQmyeordG
5YEOTxpbUIpwwfzW4Lx3HtnGCX/oXnYo7QDiGMMc7ct6NmUdu2nVQGKKEU+JxGPP
rh1loX7B29ZouNTUt6DIO2Y+vu6r2SniVD5nVP5rdjhdr0uGGRRLcPho4Cy60/71
/pkBR3y3jHAp9nS2QL3ExP3txJ/iAuA9MXnb2/jV3Q+nCpiX+KjDTwmoD+gKx4C9
YLz47YTYdQfI3M3GnCDI2gdZQA/39VEwvc6D7RnS33tbfuw9gIvmGLD8jEtH
-----END CERTIFICATE-----