Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/L4gNxKsmxrHUOVTUqIwPOYaxYts.roa
File:                     L4gNxKsmxrHUOVTUqIwPOYaxYts.roa (raw, json)
Hash identifier:          6s/dNGVJrOfQ8kY1k8IXsLn0dzvEk80hbK01F0J2I44=
Subject key identifier:   2F:88:0D:C4:AB:26:C6:B1:D4:39:54:D4:A8:8C:0F:39:86:B1:62:DB
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01880C7E14C4E63150826A0C4F5DEEC3C3E5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/L4gNxKsmxrHUOVTUqIwPOYaxYts.roa
Signing time:             Thu 11 May 2023 20:26:09 +0000
ROA not before:           Thu 11 May 2023 20:26:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        163.5.71.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.102.0/24 maxlen: 24
                          163.5.101.0/24 maxlen: 24
                          163.5.108.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.238.0/24 maxlen: 24
                          163.5.246.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.60.0/24 maxlen: 24
                          163.5.174.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0c:7e:14:c4:e6:31:50:82:6a:0c:4f:5d:ee:c3:c3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: May 11 20:26:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f880dc4ab26c6b1d43954d4a88c0f3986b162db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7c:50:ab:47:7b:08:66:51:c5:b7:22:fc:5d:
                    07:11:43:0b:a0:6d:a3:12:29:f5:f4:86:d9:f8:c5:
                    52:e2:1b:d9:0f:d4:c1:a5:d7:75:d4:02:74:58:1c:
                    2a:2d:f2:af:ae:a8:0a:92:e6:01:91:50:51:58:13:
                    94:cc:5f:69:2f:34:17:e8:9a:42:44:d7:a2:bc:6b:
                    ff:7d:f1:c2:99:c5:70:99:75:18:a4:79:c8:50:09:
                    17:91:d4:d6:83:47:63:cc:49:bb:b3:c6:c5:5a:60:
                    1d:53:c7:b5:8c:98:62:06:97:40:0b:26:1f:b5:56:
                    aa:8e:11:60:38:8a:15:6a:6f:ad:56:b9:b4:4f:93:
                    e6:82:9e:ce:bb:42:17:c7:40:de:16:8a:e4:82:43:
                    05:36:99:4f:aa:65:43:d7:1a:ff:69:39:9a:bd:79:
                    39:2a:d0:f1:90:d7:e6:7c:a1:6d:c5:b1:d2:ba:50:
                    69:af:36:df:38:4e:9f:88:b7:8b:9c:8d:e4:3c:11:
                    60:f2:d8:fb:4d:e0:ff:c7:1e:db:ac:a4:1a:f3:5f:
                    15:88:46:7f:51:65:5e:51:7e:b6:b9:a0:b7:d6:43:
                    1c:2f:ba:c1:15:51:8d:7f:53:91:55:12:ec:de:2c:
                    c8:b0:bf:5d:d4:d0:32:12:15:8c:38:8f:32:76:94:
                    ea:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:88:0D:C4:AB:26:C6:B1:D4:39:54:D4:A8:8C:0F:39:86:B1:62:DB
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/L4gNxKsmxrHUOVTUqIwPOYaxYts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.39.0/24
                  163.5.60.0/24
                  163.5.71.0/24
                  163.5.93.0/24
                  163.5.101.0-163.5.102.255
                  163.5.108.0/24
                  163.5.116.0/24
                  163.5.134.0/24
                  163.5.174.0/24
                  163.5.189.0/24
                  163.5.192.0/24
                  163.5.228.0/23
                  163.5.238.0/24
                  163.5.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:fa:7c:5e:7d:84:78:47:c2:68:5d:16:d3:01:99:e2:cf:ab:
         e0:26:fe:d6:9a:29:be:5f:ac:43:77:b5:8a:24:c3:e7:08:08:
         d0:04:1e:af:a6:d0:18:e2:d6:8b:a7:d0:09:23:ce:7c:cb:ba:
         e8:ef:64:5f:e7:d0:b9:81:fe:35:ab:4a:81:21:8c:ff:d7:f1:
         56:da:bd:db:8b:1a:d8:5a:cc:26:5b:b0:ab:8e:f7:23:b4:6b:
         ad:9e:97:71:ad:80:8a:64:c2:ef:ee:53:be:f0:6f:ba:0f:2a:
         f7:22:4a:11:77:e0:55:59:c7:af:ee:5b:1e:15:df:08:c7:de:
         5a:6b:0a:6f:51:bb:03:20:82:cc:89:a2:d2:8b:c4:53:f9:79:
         c2:c6:dd:f9:4b:ae:c0:be:db:d4:73:4c:cb:f4:21:5a:31:32:
         21:a4:dd:1f:d4:17:b8:ba:40:91:67:1f:45:3c:dc:25:06:7d:
         91:f2:6d:6f:b2:99:0e:6b:7b:f5:56:6a:10:56:53:0b:10:6b:
         77:6c:3f:69:0e:14:b8:9e:4c:36:3d:28:ed:6d:43:b7:aa:41:
         2b:8a:a5:f4:b0:d5:8a:9f:55:58:4b:a3:27:af:54:fd:23:41:
         5c:d4:aa:22:54:47:44:6c:97:33:c0:ff:f5:ec:02:3d:63:46:
         b8:55:2e:fb
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYgMfhTE5jFQgmoMT13uw8PlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNTExMjAyNjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg4MGRjNGFiMjZjNmIxZDQzOTU0ZDRhODhjMGYzOTg2YjE2MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnxQq0d7CGZRxbci/F0HEUMLoG2j
Ein19IbZ+MVS4hvZD9TBpdd11AJ0WBwqLfKvrqgKkuYBkVBRWBOUzF9pLzQX6JpC
RNeivGv/ffHCmcVwmXUYpHnIUAkXkdTWg0djzEm7s8bFWmAdU8e1jJhiBpdACyYf
tVaqjhFgOIoVam+tVrm0T5Pmgp7Ou0IXx0DeForkgkMFNplPqmVD1xr/aTmavXk5
KtDxkNfmfKFtxbHSulBprzbfOE6fiLeLnI3kPBFg8tj7TeD/xx7brKQa818ViEZ/
UWVeUX62uaC31kMcL7rBFVGNf1ORVRLs3izIsL9d1NAyEhWMOI8ydpTqXwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFC+IDcSrJsax1DlU1KiMDzmGsWLbMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTDRnTnhLc214ckhVT1ZUVXFJd1BPWWF4WXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAowUnAwQA
owU8AwQAowVHAwQAowVdMAwDBACjBWUDBACjBWYDBACjBWwDBACjBXQDBACjBYYD
BACjBa4DBACjBb0DBACjBcADBAGjBeQDBACjBe4DBACjBfYwDQYJKoZIhvcNAQEL
BQADggEBAKX6fF59hHhHwmhdFtMBmeLPq+Am/taaKb5frEN3tYokw+cICNAEHq+m
0Bji1oun0AkjznzLuujvZF/n0LmB/jWrSoEhjP/X8VbavduLGthazCZbsKuO9yO0
a62el3GtgIpkwu/uU77wb7oPKvciShF34FVZx6/uWx4V3wjH3lprCm9RuwMggsyJ
otKLxFP5ecLG3flLrsC+29RzTMv0IVoxMiGk3R/UF7i6QJFnH0U83CUGfZHybW+y
mQ5re/VWahBWUwsQa3dsP2kOFLieTDY9KO1tQ7eqQSuKpfSw1YqfVVhLoyevVP0j
QVzUqiJUR0RslzPA//XsAj1jRrhVLvs=
-----END CERTIFICATE-----