Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ReoUnhpSHCePvF1dqJac7uVP5s4.roa
File:                     ReoUnhpSHCePvF1dqJac7uVP5s4.roa (raw, json)
Hash identifier:          DKEckq0otM7OV6EHN2AaU6tTJbASUIZ/hTN5THFT8lM=
Subject key identifier:   45:EA:14:9E:1A:52:1C:27:8F:BC:5D:5D:A8:96:9C:EE:E5:4F:E6:CE
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0185817FA04A17981034AD47E9F26A584AEC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ReoUnhpSHCePvF1dqJac7uVP5s4.roa
Signing time:             Thu 05 Jan 2023 10:35:03 +0000
ROA not before:           Thu 05 Jan 2023 10:35:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 11:27:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:81:7f:a0:4a:17:98:10:34:ad:47:e9:f2:6a:58:4a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  5 10:35:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=45ea149e1a521c278fbc5d5da8969ceee54fe6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3c:50:e5:80:85:cb:70:0d:d1:ee:92:17:40:
                    d6:12:d9:f8:0a:23:59:e4:61:e3:3d:d6:59:ab:f0:
                    a2:7f:5e:dc:cb:a7:5a:9a:6d:4d:08:fb:c5:40:2c:
                    d0:21:d9:cf:e5:71:b8:af:fb:da:e6:4b:cd:2d:2b:
                    6a:81:ca:db:b3:f4:ac:ba:01:fb:85:36:db:17:f9:
                    6b:84:95:1c:61:37:3e:af:99:0c:7c:28:98:17:15:
                    ee:8c:36:fa:a7:2f:a7:92:f2:c8:80:49:74:2b:ab:
                    9a:5a:5d:3b:c1:c2:7f:44:8c:5c:cb:48:7b:43:e6:
                    c5:f9:ff:69:63:ee:8f:14:19:b1:aa:d9:6f:a0:c2:
                    84:03:cb:ef:66:88:68:b2:43:7a:44:b5:82:e5:32:
                    91:74:74:63:20:9e:96:c9:06:62:1b:3f:cf:84:74:
                    e6:63:99:92:0b:ff:b7:77:53:8d:08:dc:31:bb:a3:
                    05:ac:b8:f8:29:6e:4d:ed:e5:a2:9f:d3:8e:cc:63:
                    ee:e2:ca:ae:cf:c2:38:7b:c7:6e:d6:46:19:86:70:
                    5d:bc:54:2d:0e:5b:94:04:70:90:5c:5d:57:7a:40:
                    7a:71:41:f4:e9:e0:ce:e3:40:c5:84:c6:ca:00:a9:
                    7c:83:c3:c2:62:e6:69:19:7f:7b:93:ce:e2:3d:c7:
                    9f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:EA:14:9E:1A:52:1C:27:8F:BC:5D:5D:A8:96:9C:EE:E5:4F:E6:CE
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ReoUnhpSHCePvF1dqJac7uVP5s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.106.0/24
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.121.0/24
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.215.0/24
                  163.5.220.0/24
                  163.5.225.0/24
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:59:2a:7f:c4:5e:a6:e9:c4:ea:98:9a:84:d8:60:ed:70:bc:
         20:ad:58:87:e0:4c:f6:00:80:df:ca:2a:64:01:85:ed:19:e1:
         d7:59:96:05:40:1b:73:0e:3e:93:e5:fb:be:89:6e:03:db:2f:
         2b:7b:05:80:74:63:c8:bd:b1:e1:0d:6b:91:a8:63:bc:2f:18:
         6f:59:2e:22:b2:4d:28:6c:34:6f:31:8c:9a:99:6c:40:4b:1b:
         cb:4e:fd:7b:fd:49:b9:b1:79:8d:8b:aa:1e:54:ff:49:04:38:
         2b:f1:f6:b5:fe:4a:f1:f7:0f:24:36:2b:bf:24:a8:6b:98:fb:
         8d:4b:8c:c0:f3:06:b8:c3:2c:09:5e:cf:b9:0c:32:d5:61:fa:
         72:b0:3b:1b:fb:1c:1a:42:af:9d:c0:83:d9:d7:e3:81:ff:19:
         39:61:6e:9e:40:56:55:e2:c4:40:bf:d8:18:b6:f6:79:f1:41:
         27:5c:6c:c2:f8:e5:41:72:99:66:11:d6:f2:5a:05:24:52:69:
         69:9d:78:24:5b:f1:f7:70:ef:ab:e6:06:fb:67:9e:32:82:ce:
         29:66:15:d2:76:d4:d7:7d:0b:75:6c:3f:2e:37:d4:e0:47:a6:
         66:3c:47:cb:49:9f:4e:3f:d7:b1:4f:7e:01:4c:25:1a:30:40:
         cb:6b:85:90
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYWBf6BKF5gQNK1H6fJqWErsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTA1MTAzNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWVhMTQ5ZTFhNTIxYzI3OGZiYzVkNWRhODk2OWNlZWU1NGZlNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDxQ5YCFy3AN0e6SF0DWEtn4CiNZ
5GHjPdZZq/Cif17cy6damm1NCPvFQCzQIdnP5XG4r/va5kvNLStqgcrbs/SsugH7
hTbbF/lrhJUcYTc+r5kMfCiYFxXujDb6py+nkvLIgEl0K6uaWl07wcJ/RIxcy0h7
Q+bF+f9pY+6PFBmxqtlvoMKEA8vvZohoskN6RLWC5TKRdHRjIJ6WyQZiGz/PhHTm
Y5mSC/+3d1ONCNwxu6MFrLj4KW5N7eWin9OOzGPu4squz8I4e8du1kYZhnBdvFQt
DluUBHCQXF1XekB6cUH06eDO40DFhMbKAKl8g8PCYuZpGX97k87iPcef8QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEXqFJ4aUhwnj7xdXaiWnO7lT+bOMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUmVvVW5ocFNIQ2VQdkYxZHFKYWM3dVZQNXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowVqAwQA
owVzAwQBowV2AwQAowV5AwQAowWZAwQAowWfAwQAowWoAwQAowXUAwQAowXXAwQA
owXcAwQAowXhAwQAowXlMA0GCSqGSIb3DQEBCwUAA4IBAQBqWSp/xF6m6cTqmJqE
2GDtcLwgrViH4Ez2AIDfyipkAYXtGeHXWZYFQBtzDj6T5fu+iW4D2y8rewWAdGPI
vbHhDWuRqGO8LxhvWS4isk0obDRvMYyamWxASxvLTv17/Um5sXmNi6oeVP9JBDgr
8fa1/krx9w8kNiu/JKhrmPuNS4zA8wa4wywJXs+5DDLVYfpysDsb+xwaQq+dwIPZ
1+OB/xk5YW6eQFZV4sRAv9gYtvZ58UEnXGzC+OVBcplmEdbyWgUkUmlpnXgkW/H3
cO+r5gb7Z54ygs4pZhXSdtTXfQt1bD8uN9TgR6ZmPEfLSZ9OP9exT34BTCUaMEDL
a4WQ
-----END CERTIFICATE-----