Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/H1opFFX0wDjcbw_SH7JU93VCx7A.roa
File:                     H1opFFX0wDjcbw_SH7JU93VCx7A.roa (raw, json)
Hash identifier:          hEClwB7K3dtp8Kxp8Vt4MPOe6qS6VawRstk+QJopf4c=
Subject key identifier:   1F:5A:29:14:55:F4:C0:38:DC:6F:0F:D2:1F:B2:54:F7:75:42:C7:B0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01857042D10228A3DDCE17851ACFCFB0C86A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/H1opFFX0wDjcbw_SH7JU93VCx7A.roa
Signing time:             Mon 02 Jan 2023 02:15:05 +0000
ROA not before:           Mon 02 Jan 2023 02:15:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     396356
IP address blocks:        163.5.70.0/24 maxlen: 24
                          163.5.74.0/24 maxlen: 24
                          163.5.76.0/24 maxlen: 24
                          163.5.72.0/24 maxlen: 24
                          163.5.78.0/24 maxlen: 24
                          163.5.75.0/24 maxlen: 24
                          163.5.77.0/24 maxlen: 24
                          163.5.98.0/24 maxlen: 24
                          163.5.96.0/24 maxlen: 24
                          163.5.92.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.243.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:d1:02:28:a3:dd:ce:17:85:1a:cf:cf:b0:c8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 02:15:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f5a291455f4c038dc6f0fd21fb254f77542c7b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:46:61:7b:a0:92:f0:4c:af:09:b9:18:b0:55:
                    af:fd:57:19:df:ca:39:0c:fb:45:e0:52:72:6a:6f:
                    0a:b4:23:2c:7b:05:a6:b4:30:05:7a:0f:26:26:ee:
                    9a:90:ac:07:d4:a2:01:b4:98:db:17:13:44:77:f0:
                    b4:19:dc:bb:4b:3d:c0:0c:f1:83:62:1d:d7:fb:fe:
                    0e:9a:62:49:63:da:88:d7:41:05:eb:ac:a1:67:c4:
                    ef:29:81:be:86:ba:3e:d3:dc:7d:2a:14:cc:91:18:
                    48:cb:f0:70:93:d6:6f:b9:d9:51:b9:6f:62:7d:41:
                    c6:d9:62:1a:56:1d:be:ea:db:6e:ac:49:49:b1:76:
                    17:b5:12:10:da:39:89:bc:de:d8:d8:db:ce:57:d7:
                    01:d5:6c:5a:73:2f:63:6f:25:06:9c:2e:21:cc:0d:
                    25:50:6a:b4:76:96:21:45:9c:84:2a:33:53:55:2c:
                    39:b9:dc:2d:15:84:22:33:07:ac:43:6f:59:4f:8d:
                    ce:fc:f3:15:ef:36:ce:c3:82:9e:7c:17:47:6b:9b:
                    2e:98:2c:ae:48:bb:49:26:53:59:a6:79:ad:36:12:
                    e7:17:89:bc:09:14:cd:9e:83:9a:e6:27:7c:74:7d:
                    67:c2:cf:9e:48:23:94:6d:19:7a:0e:41:08:a0:7d:
                    52:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5A:29:14:55:F4:C0:38:DC:6F:0F:D2:1F:B2:54:F7:75:42:C7:B0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/H1opFFX0wDjcbw_SH7JU93VCx7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.70.0/24
                  163.5.72.0/24
                  163.5.74.0-163.5.78.255
                  163.5.92.0/23
                  163.5.96.0/24
                  163.5.98.0/24
                  163.5.243.0/24
                  163.5.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:0a:f8:6a:a3:32:b4:fc:57:c2:cd:a4:01:d9:a1:db:72:53:
         63:c6:ee:64:ee:7d:46:9f:1c:98:fb:45:b3:25:2b:c2:d1:94:
         20:37:ca:af:36:9d:d2:c7:87:96:fd:a0:d5:bc:ac:b5:7f:a1:
         9e:38:0e:d8:6f:e8:c8:de:9a:ce:ea:ab:50:fd:ed:21:cb:7f:
         a2:9e:54:f4:77:3a:27:91:fc:02:1c:40:01:2e:18:5b:85:24:
         f4:4d:8a:3a:d9:4a:2b:1a:88:22:22:70:01:66:84:0a:af:1e:
         20:e4:07:e2:0b:77:b9:70:ba:d6:27:4a:a8:b3:19:10:a4:74:
         c1:a1:04:f0:88:8e:4f:ea:d1:8b:16:eb:e9:c2:a1:08:b2:73:
         13:a3:9a:b1:7f:ed:e3:b6:ca:7e:91:21:2d:8e:19:0a:03:98:
         fe:c6:9f:ff:e6:31:fd:e9:38:74:e8:40:b2:7d:98:a5:43:c5:
         90:12:12:33:9b:2b:f3:30:6a:39:2b:e2:f2:ff:5a:5c:f6:14:
         e5:e6:2f:e0:fb:d8:51:a4:5d:e9:21:2e:81:aa:3b:af:22:36:
         bd:09:ad:b1:b7:fe:14:a3:1c:62:08:b6:ff:18:81:8a:a2:82:
         9b:69:13:22:c9:0b:51:c5:fe:d9:f8:ea:ef:28:54:97:09:64:
         39:d7:be:47
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVwQtECKKPdzheFGs/PsMhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTAyMDIxNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjVhMjkxNDU1ZjRjMDM4ZGM2ZjBmZDIxZmIyNTRmNzc1NDJjN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0Zhe6CS8EyvCbkYsFWv/VcZ38o5
DPtF4FJyam8KtCMsewWmtDAFeg8mJu6akKwH1KIBtJjbFxNEd/C0Gdy7Sz3ADPGD
Yh3X+/4OmmJJY9qI10EF66yhZ8TvKYG+hro+09x9KhTMkRhIy/Bwk9ZvudlRuW9i
fUHG2WIaVh2+6tturElJsXYXtRIQ2jmJvN7Y2NvOV9cB1Wxacy9jbyUGnC4hzA0l
UGq0dpYhRZyEKjNTVSw5udwtFYQiMwesQ29ZT43O/PMV7zbOw4KefBdHa5sumCyu
SLtJJlNZpnmtNhLnF4m8CRTNnoOa5id8dH1nws+eSCOUbRl6DkEIoH1SawIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB9aKRRV9MA43G8P0h+yVPd1QsewMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSDFvcEZGWDB3RGpjYndfU0g3SlU5M1ZDeDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAowVGAwQA
owVIMAwDBAGjBUoDBACjBU4DBAGjBVwDBACjBWADBACjBWIDBACjBfMDBACjBfUw
DQYJKoZIhvcNAQELBQADggEBAJwK+GqjMrT8V8LNpAHZodtyU2PG7mTufUafHJj7
RbMlK8LRlCA3yq82ndLHh5b9oNW8rLV/oZ44Dthv6Mjems7qq1D97SHLf6KeVPR3
OieR/AIcQAEuGFuFJPRNijrZSisaiCIicAFmhAqvHiDkB+ILd7lwutYnSqizGRCk
dMGhBPCIjk/q0YsW6+nCoQiycxOjmrF/7eO2yn6RIS2OGQoDmP7Gn//mMf3pOHTo
QLJ9mKVDxZASEjObK/Mwajkr4vL/Wlz2FOXmL+D72FGkXekhLoGqO68iNr0JrbG3
/hSjHGIItv8YgYqigptpEyLJC1HF/tn46u8oVJcJZDnXvkc=
-----END CERTIFICATE-----