Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KIoESon8FDYoMXzBRLhYXFKHc_o.roa
File:                     KIoESon8FDYoMXzBRLhYXFKHc_o.roa (raw, json)
Hash identifier:          +z80iFZsuv1LK4NIWalnc45SFOnIvfRa0Y1vgKDpHHg=
Subject key identifier:   28:8A:04:4A:89:FC:14:36:28:31:7C:C1:44:B8:58:5C:52:87:73:FA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0188F16F330B3A8B897CC66EB823654C681B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KIoESon8FDYoMXzBRLhYXFKHc_o.roa
Signing time:             Sun 25 Jun 2023 07:22:56 +0000
ROA not before:           Sun 25 Jun 2023 07:22:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.233.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.149.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f1:6f:33:0b:3a:8b:89:7c:c6:6e:b8:23:65:4c:68:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 25 07:22:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=288a044a89fc143628317cc144b8585c528773fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f1:1b:ab:23:b6:fa:b2:3c:fd:47:65:46:67:
                    29:5a:dc:ae:b6:1c:04:ea:ff:3c:b3:a4:65:34:fa:
                    ab:5b:45:80:2f:9a:dc:5c:ad:f5:e6:0e:0a:6f:a3:
                    59:ab:87:2b:78:d9:54:9e:77:ab:a5:cb:d9:29:83:
                    84:1a:ae:7f:53:9d:28:e5:c8:59:9f:6a:66:28:a0:
                    cc:04:c2:d8:e9:46:34:aa:5c:4e:1e:06:dd:6c:bf:
                    13:84:6a:a9:db:4f:04:85:9f:bd:54:36:82:96:9a:
                    a2:5d:f4:ca:0f:26:60:da:c0:69:f8:cc:7b:d8:94:
                    4b:3d:b7:99:d8:d8:35:cb:71:b9:16:0b:b3:6c:27:
                    51:e0:fc:35:fa:9d:ed:ec:83:48:d0:9c:ec:a5:2c:
                    18:9c:60:44:db:0e:52:f4:c1:74:ab:a1:fa:64:3b:
                    a2:7b:e7:8f:6a:ed:66:93:3d:68:7d:64:5c:df:9b:
                    0e:8e:78:e6:f7:e2:b4:fa:43:e3:37:52:36:d6:c1:
                    d7:6a:56:ea:e0:b1:06:dc:12:d1:f6:02:52:48:de:
                    aa:16:82:f5:62:a1:d1:de:8f:3b:b9:4b:5a:ba:c3:
                    d6:a7:e1:ad:15:d4:f4:46:e3:12:9c:79:47:fd:e4:
                    d0:bc:fa:31:62:04:92:b8:cd:47:4f:a8:e9:25:2c:
                    79:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:8A:04:4A:89:FC:14:36:28:31:7C:C1:44:B8:58:5C:52:87:73:FA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KIoESon8FDYoMXzBRLhYXFKHc_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.120.0/24
                  163.5.142.0-163.5.144.255
                  163.5.149.0/24
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/23
                  163.5.233.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:98:36:f0:ee:73:14:39:d8:88:82:89:34:f8:4d:81:e1:4f:
         05:ac:2c:27:7f:aa:8f:5a:b9:02:fb:1d:ad:82:22:b8:25:95:
         f5:89:9a:77:3a:2d:c8:84:87:90:41:3d:30:d1:01:89:fc:31:
         d6:5c:f6:c2:08:55:e6:c1:3c:a0:fa:d9:e1:56:e3:64:08:c5:
         da:12:dd:ba:be:1d:5e:7f:ad:73:e3:07:3a:d6:05:f9:c6:13:
         e8:6d:1f:a9:6a:e7:bd:e0:55:06:f8:3b:cf:39:cd:3f:3a:aa:
         52:fa:99:99:3d:6e:6e:a7:4a:89:33:3a:5a:dc:0b:07:e0:05:
         b6:99:62:4c:ef:64:e4:94:c6:2b:5d:0d:83:fc:09:b6:37:07:
         f0:1f:ce:8f:bc:b6:63:db:ed:33:f2:70:97:22:59:31:b9:3a:
         e2:13:b8:ab:4e:c2:b5:8a:86:1f:1e:a9:6b:a8:0a:aa:7a:92:
         c0:db:23:49:f6:b3:6a:44:21:af:3f:1d:48:51:1b:a4:c3:72:
         05:78:d5:e0:85:6f:31:57:db:ca:0f:52:f9:9e:38:92:16:1d:
         a8:e4:06:9b:87:d2:c8:53:24:c3:9e:d8:75:c9:09:49:d6:1f:
         7c:97:1d:02:4b:45:a6:e5:67:ff:71:64:09:c3:d8:1c:85:6f:
         c8:5e:69:a7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYjxbzMLOouJfMZuuCNlTGgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNjI1MDcyMjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODhhMDQ0YTg5ZmMxNDM2MjgzMTdjYzE0NGI4NTg1YzUyODc3M2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPEbqyO2+rI8/UdlRmcpWtyuthwE
6v88s6RlNPqrW0WAL5rcXK315g4Kb6NZq4creNlUnnerpcvZKYOEGq5/U50o5chZ
n2pmKKDMBMLY6UY0qlxOHgbdbL8ThGqp208EhZ+9VDaClpqiXfTKDyZg2sBp+Mx7
2JRLPbeZ2Ng1y3G5FguzbCdR4Pw1+p3t7INI0JzspSwYnGBE2w5S9MF0q6H6ZDui
e+ePau1mkz1ofWRc35sOjnjm9+K0+kPjN1I21sHXalbq4LEG3BLR9gJSSN6qFoL1
YqHR3o87uUtausPWp+GtFdT0RuMSnHlH/eTQvPoxYgSSuM1HT6jpJSx5awIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCiKBEqJ/BQ2KDF8wUS4WFxSh3P6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvS0lvRVNvbjhGRFlvTVh6QlJMaFlYRktIY19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAowU7AwQA
owVTAwQAowV4MAwDBAGjBY4DBACjBZADBACjBZUDBACjBZoDBAGjBcADBAGjBdYD
BACjBekDBAC5/TYwDQYJKoZIhvcNAQELBQADggEBAGGYNvDucxQ52IiCiTT4TYHh
TwWsLCd/qo9auQL7Ha2CIrgllfWJmnc6LciEh5BBPTDRAYn8MdZc9sIIVebBPKD6
2eFW42QIxdoS3bq+HV5/rXPjBzrWBfnGE+htH6lq573gVQb4O885zT86qlL6mZk9
bm6nSokzOlrcCwfgBbaZYkzvZOSUxitdDYP8CbY3B/Afzo+8tmPb7TPycJciWTG5
OuITuKtOwrWKhh8eqWuoCqp6ksDbI0n2s2pEIa8/HUhRG6TDcgV41eCFbzFX28oP
UvmeOJIWHajkBpuH0shTJMOe2HXJCUnWH3yXHQJLRablZ/9xZAnD2ByFb8heaac=
-----END CERTIFICATE-----