Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IgeXEwm7no2VUFBEJCdK3vqGeS0.roa
File:                     IgeXEwm7no2VUFBEJCdK3vqGeS0.roa (raw, json)
Hash identifier:          b1IFVPMrH6g8BAq/vBykxg3ZQomXkqN3K++hPRaCMz4=
Subject key identifier:   22:07:97:13:09:BB:9E:8D:95:50:50:44:24:27:4A:DE:FA:86:79:2D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0187FA557FCCF596015D83056D5E602D5DBC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IgeXEwm7no2VUFBEJCdK3vqGeS0.roa
Signing time:             Mon 08 May 2023 07:48:39 +0000
ROA not before:           Mon 08 May 2023 07:48:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        163.5.71.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.101.0/24 maxlen: 24
                          163.5.108.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.238.0/24 maxlen: 24
                          163.5.246.0/24 maxlen: 24
                          163.5.60.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 May 2023 14:53:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fa:55:7f:cc:f5:96:01:5d:83:05:6d:5e:60:2d:5d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May  8 07:48:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2207971309bb9e8d9550504424274adefa86792d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e5:e6:43:c9:2e:bd:14:41:0e:09:b0:fa:42:
                    18:7f:56:ba:9d:dd:f0:1e:d8:d0:4f:ad:08:f0:c2:
                    a2:54:d5:b4:76:aa:dd:82:c4:e8:c6:ab:f0:38:22:
                    8e:2c:bc:0d:6b:7d:06:b6:f1:c6:a9:71:80:7a:11:
                    b4:f2:49:d5:11:9d:3d:71:c7:16:f9:2b:99:d9:9f:
                    53:f6:b8:94:8d:26:30:c0:ee:85:49:d8:81:6d:a3:
                    6c:58:19:e3:42:4c:31:24:3c:51:f1:e7:da:cd:e8:
                    b5:95:09:7b:6a:4a:a3:6c:fe:68:ca:4d:d9:a7:55:
                    e7:64:18:08:4b:7d:bc:fc:09:9c:2b:81:7c:aa:4d:
                    07:57:99:84:ee:71:8d:05:13:b3:33:05:1f:3a:53:
                    df:e4:97:d3:dc:db:22:b1:1f:d6:4d:14:be:96:9c:
                    15:dd:33:ee:36:08:22:3e:e8:8b:82:a8:7d:bd:af:
                    84:38:e5:e0:2e:0a:55:55:3e:8e:25:d8:f0:c1:97:
                    b3:a7:fe:10:38:78:dd:cb:73:61:f0:0c:ca:73:c7:
                    65:90:af:a7:e1:8f:f5:f9:af:6e:21:90:64:88:fb:
                    c7:eb:3d:85:57:2c:0a:2c:de:db:b4:fd:15:bd:a2:
                    b1:b8:4d:fc:35:c2:14:7a:01:21:1b:aa:38:be:bb:
                    70:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:07:97:13:09:BB:9E:8D:95:50:50:44:24:27:4A:DE:FA:86:79:2D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IgeXEwm7no2VUFBEJCdK3vqGeS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.60.0/24
                  163.5.71.0/24
                  163.5.93.0/24
                  163.5.101.0/24
                  163.5.108.0/24
                  163.5.116.0/24
                  163.5.134.0/24
                  163.5.189.0/24
                  163.5.192.0/24
                  163.5.228.0/23
                  163.5.238.0/24
                  163.5.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:1c:48:49:a5:ed:ea:81:80:fc:f5:81:1e:a0:46:34:27:fa:
         d9:52:11:21:b0:29:7f:59:f0:03:1c:76:3d:5c:ad:2d:92:d5:
         de:4a:c9:e4:87:84:e5:26:41:c2:96:05:98:9f:93:82:8b:bf:
         37:44:fb:6e:c8:9b:ce:08:a7:19:7f:52:53:20:9c:f2:92:a3:
         f0:83:ec:99:9a:8f:82:c0:3d:5c:8b:0c:7d:5d:b0:bc:38:9e:
         de:1f:37:82:41:37:4f:20:f3:ed:4f:3d:aa:c9:f4:66:d2:3f:
         5e:6d:c8:a5:af:18:21:f7:88:3f:23:27:56:0c:c0:b8:41:0b:
         16:c2:80:1b:b0:23:f3:b7:71:17:bd:15:75:90:e5:35:7a:69:
         ed:67:84:bf:06:96:7d:70:ef:18:ee:33:78:9d:90:ea:3f:27:
         6a:0f:9e:30:a9:bc:8a:e2:43:39:86:80:b3:7a:61:e3:f0:87:
         7d:84:8b:75:89:cb:74:49:cd:77:4c:4d:09:ea:81:d4:6a:94:
         63:3d:56:b0:bc:bc:91:3c:44:d1:85:46:de:08:f8:a2:80:57:
         41:25:76:fc:e1:5e:70:00:5c:eb:18:8e:01:29:6f:06:51:13:
         da:e2:1b:57:85:4e:22:f3:79:d1:4e:1f:fb:f0:84:28:8e:4f:
         e3:06:80:e7
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYf6VX/M9ZYBXYMFbV5gLV28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNTA4MDc0ODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjA3OTcxMzA5YmI5ZThkOTU1MDUwNDQyNDI3NGFkZWZhODY3OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeXmQ8kuvRRBDgmw+kIYf1a6nd3w
HtjQT60I8MKiVNW0dqrdgsToxqvwOCKOLLwNa30GtvHGqXGAehG08knVEZ09cccW
+SuZ2Z9T9riUjSYwwO6FSdiBbaNsWBnjQkwxJDxR8efazei1lQl7akqjbP5oyk3Z
p1XnZBgIS328/AmcK4F8qk0HV5mE7nGNBROzMwUfOlPf5JfT3NsisR/WTRS+lpwV
3TPuNggiPuiLgqh9va+EOOXgLgpVVT6OJdjwwZezp/4QOHjdy3Nh8AzKc8dlkK+n
4Y/1+a9uIZBkiPvH6z2FVywKLN7btP0VvaKxuE38NcIUegEhG6o4vrtw9wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCIHlxMJu56NlVBQRCQnSt76hnktMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSWdlWEV3bTdubzJWVUZCRUpDZEszdnFHZVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowU8AwQA
owVHAwQAowVdAwQAowVlAwQAowVsAwQAowV0AwQAowWGAwQAowW9AwQAowXAAwQB
owXkAwQAowXuAwQAowX2MA0GCSqGSIb3DQEBCwUAA4IBAQAuHEhJpe3qgYD89YEe
oEY0J/rZUhEhsCl/WfADHHY9XK0tktXeSsnkh4TlJkHClgWYn5OCi783RPtuyJvO
CKcZf1JTIJzykqPwg+yZmo+CwD1ciwx9XbC8OJ7eHzeCQTdPIPPtTz2qyfRm0j9e
bcilrxgh94g/IydWDMC4QQsWwoAbsCPzt3EXvRV1kOU1emntZ4S/BpZ9cO8Y7jN4
nZDqPydqD54wqbyK4kM5hoCzemHj8Id9hIt1ict0Sc13TE0J6oHUapRjPVawvLyR
PETRhUbeCPiigFdBJXb84V5wAFzrGI4BKW8GURPa4htXhU4i83nRTh/78IQojk/j
BoDn
-----END CERTIFICATE-----