Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bkKn2aIbn51mn5XsO4sjx6z8ObA.roa
File:                     bkKn2aIbn51mn5XsO4sjx6z8ObA.roa (raw, json)
Hash identifier:          MMxPzmpIFznB11cCgh3jhgazP8FhV58wGhkVIJ572EI=
Subject key identifier:   6E:42:A7:D9:A2:1B:9F:9D:66:9F:95:EC:3B:8B:23:C7:AC:FC:39:B0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01899BDD1CCF4EFE6DA2560339F3BA9ACFFA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bkKn2aIbn51mn5XsO4sjx6z8ObA.roa
Signing time:             Fri 28 Jul 2023 09:38:26 +0000
ROA not before:           Fri 28 Jul 2023 09:38:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204372
IP address blocks:        163.5.99.0/24 maxlen: 24
                          163.5.230.0/24 maxlen: 24
                          163.5.31.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24
                          163.5.210.0/24 maxlen: 24
                          163.5.211.0/24 maxlen: 24
                          163.5.216.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:9b:dd:1c:cf:4e:fe:6d:a2:56:03:39:f3:ba:9a:cf:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 28 09:38:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e42a7d9a21b9f9d669f95ec3b8b23c7acfc39b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:38:c1:c0:ba:01:ed:ee:9c:49:6a:98:87:d9:
                    64:41:40:3e:07:95:dd:78:f3:08:cc:74:30:49:f9:
                    83:08:e2:4a:7c:37:c4:8c:b1:a6:8c:74:81:a8:21:
                    79:d2:52:5a:2a:93:42:fe:18:11:b9:71:37:80:7e:
                    d3:d6:94:30:3c:bf:1b:39:11:15:29:ae:95:97:cc:
                    83:ec:ca:64:60:0a:54:6f:f1:ff:8a:21:dd:84:71:
                    b5:1a:3b:ab:7d:d6:dd:51:28:d8:a6:93:a3:8f:2a:
                    27:f3:77:fa:31:9f:cb:03:c6:5d:41:8f:92:57:87:
                    d0:89:e1:33:b2:da:87:40:f4:83:9a:1d:3e:fa:07:
                    7a:20:86:e9:4f:35:4b:bb:9c:18:c0:27:6d:33:f5:
                    b3:fc:24:32:1f:50:ec:f6:b5:76:65:09:8f:d6:0e:
                    c4:77:ef:c5:80:b6:b9:9f:a8:47:5c:1f:c9:22:82:
                    49:88:85:63:f6:8a:ca:00:0c:34:50:32:72:f3:60:
                    35:ed:7e:0d:34:37:74:40:11:a1:b9:5b:fd:3f:c7:
                    88:63:9f:a1:23:4a:74:14:c6:31:da:67:3c:68:df:
                    80:51:97:1b:15:8b:2f:0a:da:d7:6f:2d:13:60:a7:
                    fc:b1:c0:68:1e:a7:a4:f1:9c:6e:ad:7b:47:b6:ce:
                    07:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:42:A7:D9:A2:1B:9F:9D:66:9F:95:EC:3B:8B:23:C7:AC:FC:39:B0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/bkKn2aIbn51mn5XsO4sjx6z8ObA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.35.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.136.0/24
                  163.5.138.0/24
                  163.5.161.0/24
                  163.5.202.0/24
                  163.5.210.0/23
                  163.5.216.0/24
                  163.5.221.0/24
                  163.5.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4f:38:8f:07:3c:78:d0:6a:3b:97:5a:d0:34:1d:e2:0f:f7:
         51:2c:fe:14:a4:8b:f6:2e:51:6e:f1:d0:de:27:e9:e1:58:60:
         15:34:11:62:8b:4a:61:d7:2a:ce:4a:47:92:9f:9e:15:c5:fe:
         0d:85:d7:b1:13:68:fa:9c:33:10:09:43:60:e8:3a:d5:69:c0:
         04:0f:33:34:e2:ba:4d:c6:58:55:9f:b0:8b:f8:11:04:23:ea:
         ae:35:48:52:ad:2d:79:75:57:df:d1:97:05:3d:66:24:30:fe:
         88:f0:59:6b:f6:e8:28:73:be:1a:d3:1f:57:5d:59:d1:8f:5d:
         c3:f5:80:32:ba:22:c7:9d:c0:c0:1b:4e:e9:41:bb:1d:aa:4c:
         50:00:17:4c:23:d8:bd:b9:90:44:cd:8b:3f:f6:fa:e3:7d:d7:
         0e:78:b6:1e:87:f9:97:3d:03:6e:28:de:04:23:3b:81:12:67:
         92:e2:35:91:1b:9e:02:51:8c:a4:ae:d1:a0:3b:cd:c4:d4:57:
         1b:5b:74:2a:56:03:11:2c:65:e1:64:25:3c:6f:f1:fa:e1:27:
         45:6e:3e:a6:ea:90:b5:f2:a4:da:5f:a9:00:87:84:e6:91:ae:
         61:e0:be:8c:fc:e5:cf:0a:ea:64:16:d0:5a:f2:33:bd:87:85:
         8a:f3:23:2f
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYmb3RzPTv5tolYDOfO6ms/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNzI4MDkzODI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQyYTdkOWEyMWI5ZjlkNjY5Zjk1ZWMzYjhiMjNjN2FjZmMzOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujjBwLoB7e6cSWqYh9lkQUA+B5Xd
ePMIzHQwSfmDCOJKfDfEjLGmjHSBqCF50lJaKpNC/hgRuXE3gH7T1pQwPL8bOREV
Ka6Vl8yD7MpkYApUb/H/iiHdhHG1GjurfdbdUSjYppOjjyon83f6MZ/LA8ZdQY+S
V4fQieEzstqHQPSDmh0++gd6IIbpTzVLu5wYwCdtM/Wz/CQyH1Ds9rV2ZQmP1g7E
d+/FgLa5n6hHXB/JIoJJiIVj9orKAAw0UDJy82A17X4NNDd0QBGhuVv9P8eIY5+h
I0p0FMYx2mc8aN+AUZcbFYsvCtrXby0TYKf8scBoHqek8ZxurXtHts4HYwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFG5Cp9miG5+dZp+V7DuLI8es/DmwMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvYmtLbjJhSWJuNTFtbjVYc080c2p4Nno4T2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowUfAwQA
owUjAwQAowU+AwQAowVjAwQAowWIAwQAowWKAwQAowWhAwQAowXKAwQBowXSAwQA
owXYAwQAowXdAwQAowXmMA0GCSqGSIb3DQEBCwUAA4IBAQCaTziPBzx40Go7l1rQ
NB3iD/dRLP4UpIv2LlFu8dDeJ+nhWGAVNBFii0ph1yrOSkeSn54Vxf4NhdexE2j6
nDMQCUNg6DrVacAEDzM04rpNxlhVn7CL+BEEI+quNUhSrS15dVff0ZcFPWYkMP6I
8Flr9ugoc74a0x9XXVnRj13D9YAyuiLHncDAG07pQbsdqkxQABdMI9i9uZBEzYs/
9vrjfdcOeLYeh/mXPQNuKN4EIzuBEmeS4jWRG54CUYykrtGgO83E1FcbW3QqVgMR
LGXhZCU8b/H64SdFbj6m6pC18qTaX6kAh4Tmka5h4L6M/OXPCupkFtBa8jO9h4WK
8yMv
-----END CERTIFICATE-----