Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RpO2BnTwh2PKYTUCJ8Hxc2BXcUg.roa
File:                     RpO2BnTwh2PKYTUCJ8Hxc2BXcUg.roa (raw, json)
Hash identifier:          C20O3AXQ53TYJrhqKXHjPLaedSNECxX5xAQ6Wn517Bs=
Subject key identifier:   46:93:B6:06:74:F0:87:63:CA:61:35:02:27:C1:F1:73:60:57:71:48
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01878F361FEC7413CFBB123B8A58763AADE4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RpO2BnTwh2PKYTUCJ8Hxc2BXcUg.roa
Signing time:             Mon 17 Apr 2023 12:35:01 +0000
ROA not before:           Mon 17 Apr 2023 12:35:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8f:36:1f:ec:74:13:cf:bb:12:3b:8a:58:76:3a:ad:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 17 12:35:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4693b60674f08763ca61350227c1f17360577148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:35:4c:bb:a9:af:d6:b6:45:8d:dc:2a:0e:4d:
                    46:e4:b6:26:19:aa:c0:31:1c:c6:4a:ec:a4:db:f8:
                    5f:2e:c7:2a:a4:c8:4f:08:90:84:db:51:14:81:62:
                    62:3d:8e:20:b2:6b:e2:80:0f:24:a2:68:d3:15:86:
                    f0:6f:30:79:c2:6d:2d:53:0e:8b:9c:11:72:cd:13:
                    0d:a3:de:0c:93:4d:3b:2a:63:c3:42:9c:4c:65:cf:
                    99:9a:f9:5d:17:24:c7:c6:2a:c6:d1:7f:f9:33:e2:
                    54:54:65:d1:8e:af:c9:af:14:30:a6:cc:00:35:2b:
                    af:03:0e:3f:9d:96:9b:26:e0:76:e3:05:30:30:48:
                    66:a3:dc:30:d6:b3:c6:ed:8b:b9:0e:17:05:40:c6:
                    b4:b4:68:e3:35:4d:52:f9:e9:f2:e0:38:cf:df:7f:
                    55:fc:9d:66:30:81:50:e5:39:05:c0:97:7b:8d:72:
                    92:69:60:b2:1c:c1:b6:fa:fc:47:8d:81:24:e7:b4:
                    21:c2:20:4d:5e:7e:21:14:e0:30:9a:36:eb:bf:cc:
                    d6:c1:af:d6:de:18:e0:a9:19:1c:81:39:5f:d8:d5:
                    c6:69:13:ff:bb:db:03:09:83:29:bd:20:8a:b5:dd:
                    36:c6:9b:4e:10:0f:25:1f:f6:cf:84:6e:ea:de:55:
                    f4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:93:B6:06:74:F0:87:63:CA:61:35:02:27:C1:F1:73:60:57:71:48
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/RpO2BnTwh2PKYTUCJ8Hxc2BXcUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.220.0/24
                  163.5.225.0/24
                  163.5.229.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c9:68:40:86:b9:a6:a5:df:bf:38:8b:d9:04:d7:91:d6:12:
         1f:cc:95:84:f5:89:3a:71:0c:5e:32:31:d8:29:a5:ad:c8:91:
         15:d8:81:bc:bf:9a:e1:9b:ad:ac:f8:71:16:0c:fb:f0:6b:18:
         90:91:29:6d:5f:d4:ef:80:57:58:34:62:86:1c:11:f6:71:c2:
         b1:7d:55:6e:82:31:e3:29:ef:ab:24:66:34:02:a9:93:28:bc:
         60:b6:28:7f:99:93:bd:ba:93:f4:b7:ab:2d:8d:76:7a:73:67:
         a4:18:b1:85:df:50:7a:58:85:64:6f:d7:70:37:02:e8:09:2d:
         58:13:51:a6:c5:6e:ac:49:54:fb:35:61:31:70:72:48:62:72:
         1f:0a:30:04:0c:e9:7c:6b:db:12:ca:60:42:e1:5d:cd:6d:e6:
         ae:32:99:5a:4c:a3:9c:96:af:a8:b0:d3:6c:cb:f1:39:06:e6:
         ce:f8:66:da:0b:47:03:b2:e8:ef:a8:3d:46:39:51:0b:c9:ff:
         ce:4d:14:74:fc:75:26:09:9f:20:42:95:f0:8e:d6:f6:fb:69:
         cf:a8:11:dc:3f:ec:42:6f:ff:46:a8:01:ee:16:1a:59:c3:e9:
         2b:76:3f:56:a0:ca:96:5c:57:0f:e1:5e:66:bd:d9:ff:ff:74:
         59:d9:cc:9b
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYePNh/sdBPPuxI7ilh2Oq3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNDE3MTIzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjkzYjYwNjc0ZjA4NzYzY2E2MTM1MDIyN2MxZjE3MzYwNTc3MTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzVMu6mv1rZFjdwqDk1G5LYmGarA
MRzGSuyk2/hfLscqpMhPCJCE21EUgWJiPY4gsmvigA8komjTFYbwbzB5wm0tUw6L
nBFyzRMNo94Mk007KmPDQpxMZc+ZmvldFyTHxirG0X/5M+JUVGXRjq/JrxQwpswA
NSuvAw4/nZabJuB24wUwMEhmo9ww1rPG7Yu5DhcFQMa0tGjjNU1S+eny4DjP339V
/J1mMIFQ5TkFwJd7jXKSaWCyHMG2+vxHjYEk57QhwiBNXn4hFOAwmjbrv8zWwa/W
3hjgqRkcgTlf2NXGaRP/u9sDCYMpvSCKtd02xptOEA8lH/bPhG7q3lX09QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFEaTtgZ08IdjymE1AifB8XNgV3FIMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUnBPMkJuVHdoMlBLWVRVQ0o4SHhjMkJYY1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAowUgMAwD
BACjBWkDBACjBWoDBACjBXMDBAGjBXYDBACjBZkDBACjBZ8DBACjBagDBACjBdQD
BACjBdwDBACjBeEDBACjBeUDBACjBfIwDQYJKoZIhvcNAQELBQADggEBAFfJaECG
uaal3784i9kE15HWEh/MlYT1iTpxDF4yMdgppa3IkRXYgby/muGbraz4cRYM+/Br
GJCRKW1f1O+AV1g0YoYcEfZxwrF9VW6CMeMp76skZjQCqZMovGC2KH+Zk726k/S3
qy2NdnpzZ6QYsYXfUHpYhWRv13A3AugJLVgTUabFbqxJVPs1YTFwckhich8KMAQM
6Xxr2xLKYELhXc1t5q4ymVpMo5yWr6iw02zL8TkG5s74ZtoLRwOy6O+oPUY5UQvJ
/85NFHT8dSYJnyBClfCO1vb7ac+oEdw/7EJv/0aoAe4WGlnD6St2P1agypZcVw/h
Xma92f//dFnZzJs=
-----END CERTIFICATE-----