Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Nx8RJcSywWTqm9dMtFB3calGarY.roa
File:                     Nx8RJcSywWTqm9dMtFB3calGarY.roa (raw, json)
Hash identifier:          7aWZb2G+ALFX3gRizxT4tB4MlZyqgGb15SkwnfFACn4=
Subject key identifier:   37:1F:11:25:C4:B2:C1:64:EA:9B:D7:4C:B4:50:77:71:A9:46:6A:B6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018596493CDFBB33C272CF2ED302DEDC5CE8
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Nx8RJcSywWTqm9dMtFB3calGarY.roa
Signing time:             Mon 09 Jan 2023 11:27:40 +0000
ROA not before:           Mon 09 Jan 2023 11:27:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:96:49:3c:df:bb:33:c2:72:cf:2e:d3:02:de:dc:5c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  9 11:27:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=371f1125c4b2c164ea9bd74cb4507771a9466ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6a:b5:92:5a:61:66:be:17:80:7e:6e:64:5d:
                    c3:c9:b8:2a:20:87:1b:9e:97:7f:43:37:57:68:7c:
                    31:74:5a:29:94:ad:06:e2:ca:0e:64:ac:d5:47:8e:
                    ba:52:f1:9b:37:90:67:2e:83:d2:27:f3:85:30:f6:
                    8e:51:fc:9a:6d:a3:dd:4f:ad:ed:8d:57:47:ca:6c:
                    58:aa:6e:cb:64:a7:15:f4:67:28:36:43:6c:8c:41:
                    81:c4:60:05:d8:48:fc:00:a9:6e:e1:e4:79:4d:09:
                    10:e1:27:94:c6:70:d1:e0:82:ac:11:5c:0a:d5:3a:
                    33:2f:1a:72:1a:87:e5:a1:0d:1b:65:00:aa:ed:fc:
                    61:1e:11:40:6a:e5:e4:e4:a2:1e:4d:36:6e:e2:0a:
                    f8:54:9b:22:3b:fb:21:e4:02:ce:5a:ac:a3:d8:eb:
                    c2:cf:2a:be:71:96:ae:96:72:b7:b5:23:19:41:06:
                    82:7e:a7:e8:29:a8:42:ab:9d:17:0d:f5:92:e6:af:
                    ce:a3:1f:4c:eb:b9:53:b3:13:6b:a4:1d:0b:fe:3e:
                    2a:f8:5f:a8:81:ee:09:f5:6a:35:3b:86:0d:5f:18:
                    95:b2:cc:e5:ac:66:62:3a:48:24:32:af:6e:63:60:
                    b8:5a:ad:d5:1b:98:60:4c:09:40:cd:54:5f:d4:77:
                    5c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:1F:11:25:C4:B2:C1:64:EA:9B:D7:4C:B4:50:77:71:A9:46:6A:B6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/Nx8RJcSywWTqm9dMtFB3calGarY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.106.0/24
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.121.0/24
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.215.0/24
                  163.5.220.0/24
                  163.5.225.0/24
                  163.5.229.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:4c:0b:dd:e5:d7:4b:d4:c7:01:53:4e:73:bb:f1:45:23:5e:
         93:ff:45:50:e3:45:18:c8:c3:8e:fe:a9:77:62:f6:98:9a:45:
         bf:88:2f:4c:55:9c:e1:d7:1a:f0:7b:22:cd:ef:b7:11:fa:e1:
         26:bc:1c:32:bc:e3:49:98:c1:d5:c7:4d:85:cf:2c:79:20:d1:
         00:4e:2b:83:83:4b:51:65:6c:c3:6a:2f:1c:52:49:c6:83:b9:
         97:4f:49:0a:b6:da:04:6e:53:71:c0:ba:7f:b6:f4:a6:ef:5c:
         d8:f0:20:28:4a:b6:ea:9c:ca:e1:90:5e:ad:56:48:3a:7b:75:
         22:b7:fd:3c:dd:b1:66:64:49:03:07:b1:ff:89:66:73:3e:15:
         5f:26:4b:15:8f:36:34:38:a0:72:88:50:c3:18:c9:16:76:6e:
         2b:fb:15:f6:7c:52:d0:02:bf:e7:f2:da:c8:32:ff:d9:79:79:
         eb:52:1f:ec:ce:e0:d0:db:ca:fe:ea:65:d4:f8:e8:f7:62:ac:
         67:da:66:cc:05:30:41:81:1a:21:51:7e:3a:56:fd:f8:c9:f5:
         ab:c1:88:a7:39:a8:21:5a:4b:7d:72:28:dd:63:3c:13:c3:96:
         a4:cc:c9:7c:99:d5:f7:9d:34:10:98:07:a0:43:33:70:88:3a:
         67:3b:63:7e
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYWWSTzfuzPCcs8u0wLe3FzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTA5MTEyNzQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzFmMTEyNWM0YjJjMTY0ZWE5YmQ3NGNiNDUwNzc3MWE5NDY2YWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGq1klphZr4XgH5uZF3DybgqIIcb
npd/QzdXaHwxdFoplK0G4soOZKzVR466UvGbN5BnLoPSJ/OFMPaOUfyabaPdT63t
jVdHymxYqm7LZKcV9GcoNkNsjEGBxGAF2Ej8AKlu4eR5TQkQ4SeUxnDR4IKsEVwK
1TozLxpyGofloQ0bZQCq7fxhHhFAauXk5KIeTTZu4gr4VJsiO/sh5ALOWqyj2OvC
zyq+cZaulnK3tSMZQQaCfqfoKahCq50XDfWS5q/Oox9M67lTsxNrpB0L/j4q+F+o
ge4J9Wo1O4YNXxiVsszlrGZiOkgkMq9uY2C4Wq3VG5hgTAlAzVRf1HdcIwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFDcfESXEssFk6pvXTLRQd3GpRmq2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTng4UkpjU3l3V1RxbTlkTXRGQjNjYWxHYXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAowVqAwQA
owVzAwQBowV2AwQAowV5AwQAowWZAwQAowWfAwQAowWoAwQAowXUAwQAowXXAwQA
owXcAwQAowXhAwQAowXlAwQAowXyMA0GCSqGSIb3DQEBCwUAA4IBAQCcTAvd5ddL
1McBU05zu/FFI16T/0VQ40UYyMOO/ql3YvaYmkW/iC9MVZzh1xrweyLN77cR+uEm
vBwyvONJmMHVx02Fzyx5INEATiuDg0tRZWzDai8cUknGg7mXT0kKttoEblNxwLp/
tvSm71zY8CAoSrbqnMrhkF6tVkg6e3Uit/083bFmZEkDB7H/iWZzPhVfJksVjzY0
OKByiFDDGMkWdm4r+xX2fFLQAr/n8trIMv/ZeXnrUh/szuDQ28r+6mXU+Oj3Yqxn
2mbMBTBBgRohUX46Vv34yfWrwYinOaghWkt9cijdYzwTw5akzMl8mdX3nTQQmAeg
QzNwiDpnO2N+
-----END CERTIFICATE-----