Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XJk52K2W3aHGb5tS21coL5rzOYI.roa
File:                     XJk52K2W3aHGb5tS21coL5rzOYI.roa (raw, json)
Hash identifier:          reqoBeQcmtgJ1G0tN95pQA1W6Sdk4s+wx6HuOc7QfsQ=
Subject key identifier:   5C:99:39:D8:AD:96:DD:A1:C6:6F:9B:52:DB:57:28:2F:9A:F3:39:82
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018B381E384EA20E70034520D900C3BCE9E9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XJk52K2W3aHGb5tS21coL5rzOYI.roa
Signing time:             Mon 16 Oct 2023 10:53:06 +0000
ROA not before:           Mon 16 Oct 2023 10:53:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:38:1e:38:4e:a2:0e:70:03:45:20:d9:00:c3:bc:e9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 16 10:53:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c9939d8ad96dda1c66f9b52db57282f9af33982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:28:9e:dc:09:94:07:1a:c8:e7:d1:50:45:3f:
                    18:9c:91:7e:f3:f7:28:d7:23:97:ec:bd:77:b2:0b:
                    e2:22:b0:5b:93:cf:a4:54:03:a9:c3:7a:0c:06:52:
                    40:97:6f:3d:d9:e8:7a:f2:08:aa:46:87:9e:33:bd:
                    aa:0f:9d:30:f6:80:05:bb:2c:de:f7:d1:58:35:39:
                    de:d8:35:7c:24:ad:9d:01:f7:82:e3:e6:64:26:1d:
                    66:64:b4:39:1f:67:49:8f:4b:e2:34:1e:64:b4:29:
                    08:68:22:4c:15:08:1a:f0:20:87:a3:ba:45:cd:d6:
                    27:1e:7c:08:78:00:cd:88:df:ff:21:d5:ac:92:23:
                    01:d7:8d:26:64:d0:a3:19:0a:3e:ea:38:3b:e2:46:
                    a3:89:20:1d:74:46:7f:c8:82:5c:1d:74:ab:8e:b3:
                    1d:cc:d6:58:ad:fc:c5:3b:38:09:a9:41:f0:3c:73:
                    cf:e9:5b:35:03:35:c9:87:1e:8f:b0:af:e4:9b:c8:
                    d4:15:c4:f3:f2:65:a3:ac:d0:de:14:db:4e:a7:6d:
                    d9:53:c1:5f:d8:a8:68:65:fa:2c:98:fb:cf:d9:6e:
                    f8:7f:cb:07:76:62:d6:e7:ba:1b:ca:ab:76:87:aa:
                    ab:52:33:05:1d:e5:f6:14:24:c0:3c:91:33:87:c4:
                    03:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:99:39:D8:AD:96:DD:A1:C6:6F:9B:52:DB:57:28:2F:9A:F3:39:82
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/XJk52K2W3aHGb5tS21coL5rzOYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.142.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.213.0-163.5.215.255
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:58:db:10:c9:23:21:9c:a4:fb:3d:bf:8d:53:f7:2c:92:61:
         8d:18:84:c6:5e:7e:1d:19:f3:c3:7a:33:47:80:ab:b3:b7:5f:
         42:53:c6:95:27:6e:4d:bc:7e:ad:ee:41:23:1b:18:a9:92:51:
         b6:95:61:64:3b:ac:bc:33:3d:ea:c8:0a:3d:88:20:b4:18:5d:
         14:44:d5:58:ab:b9:b6:4a:7d:4b:cc:28:c6:4c:ac:36:a0:c9:
         a3:d5:f5:66:64:b7:7e:98:47:f2:87:ea:ec:85:cb:23:5a:f3:
         44:93:17:cd:78:75:90:30:65:10:07:70:6c:f0:a7:21:9f:2f:
         5f:df:f6:15:9d:74:e3:44:be:98:a0:4f:36:b4:55:01:b8:ee:
         93:23:d0:73:29:50:11:6b:e8:69:a0:ed:d4:00:26:af:4e:a6:
         32:d1:55:82:fb:0f:a0:db:ea:df:5f:33:12:35:92:a7:26:82:
         05:ac:e1:6b:f6:87:4e:15:cc:b3:66:af:9d:18:f0:e0:70:a6:
         42:7d:bc:f4:a1:2f:03:8e:91:b7:78:bd:3c:2f:95:17:a3:7e:
         65:ad:4b:7c:1e:fe:fb:43:3e:d2:0f:39:c0:96:45:9f:be:de:
         4f:c5:a7:5a:38:5b:08:72:f2:f7:a6:e9:d8:82:7c:81:0a:53:
         10:2e:6b:15
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYs4HjhOog5wA0Ug2QDDvOnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMDE2MTA1MzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk5MzlkOGFkOTZkZGExYzY2ZjliNTJkYjU3MjgyZjlhZjMzOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSie3AmUBxrI59FQRT8YnJF+8/co
1yOX7L13sgviIrBbk8+kVAOpw3oMBlJAl2892eh68giqRoeeM72qD50w9oAFuyze
99FYNTne2DV8JK2dAfeC4+ZkJh1mZLQ5H2dJj0viNB5ktCkIaCJMFQga8CCHo7pF
zdYnHnwIeADNiN//IdWskiMB140mZNCjGQo+6jg74kajiSAddEZ/yIJcHXSrjrMd
zNZYrfzFOzgJqUHwPHPP6Vs1AzXJhx6PsK/km8jUFcTz8mWjrNDeFNtOp23ZU8Ff
2KhoZfosmPvP2W74f8sHdmLW57obyqt2h6qrUjMFHeX2FCTAPJEzh8QDgQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFFyZOditlt2hxm+bUttXKC+a8zmCMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWEprNTJLMlczYUhHYjV0UzIxY29MNXJ6T1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAowU7AwQA
owVTMAwDBAGjBY4DBACjBZADBACjBZoDBAGjBcAwDAMEAKMF1QMEA6MF0AMEALn9
NjANBgkqhkiG9w0BAQsFAAOCAQEAJFjbEMkjIZyk+z2/jVP3LJJhjRiExl5+HRnz
w3ozR4Crs7dfQlPGlSduTbx+re5BIxsYqZJRtpVhZDusvDM96sgKPYggtBhdFETV
WKu5tkp9S8woxkysNqDJo9X1ZmS3fphH8ofq7IXLI1rzRJMXzXh1kDBlEAdwbPCn
IZ8vX9/2FZ1040S+mKBPNrRVAbjukyPQcylQEWvoaaDt1AAmr06mMtFVgvsPoNvq
318zEjWSpyaCBazha/aHThXMs2avnRjw4HCmQn289KEvA46Rt3i9PC+VF6N+Za1L
fB7++0M+0g85wJZFn77eT8WnWjhbCHLy96bp2IJ8gQpTEC5rFQ==
-----END CERTIFICATE-----