Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/e3SEgWVi9P_zlWOSW2IlVaZwyAs.roa
File:                     e3SEgWVi9P_zlWOSW2IlVaZwyAs.roa (raw, json)
Hash identifier:          dHM0Hw+e4Lk5v55VzNzwDA36buX/HC6IpfWO3akgpVA=
Subject key identifier:   7B:74:84:81:65:62:F4:FF:F3:95:63:92:5B:62:25:55:A6:70:C8:0B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018F254A148846ED8D34AE1FF1711A3D899B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/e3SEgWVi9P_zlWOSW2IlVaZwyAs.roa
Signing time:             Sun 28 Apr 2024 15:19:22 +0000
ROA not before:           Sun 28 Apr 2024 15:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.162.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.223.0/24 maxlen: 24
                          163.5.244.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 May 2024 08:40:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:25:4a:14:88:46:ed:8d:34:ae:1f:f1:71:1a:3d:89:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 28 15:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b7484816562f4fff39563925b622555a670c80b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:86:c7:d3:d1:52:1a:99:9e:17:df:63:d0:a3:
                    eb:12:1c:22:c5:28:a4:aa:be:78:9d:8b:b3:f2:ce:
                    53:93:ac:e9:49:19:d9:2e:20:cd:a9:67:c0:b5:cb:
                    cf:22:72:a2:ef:5c:c1:3d:13:ec:b6:a6:6a:4f:a2:
                    bd:08:db:b1:f5:86:fa:5a:15:7b:06:55:cd:51:aa:
                    e7:a7:ca:52:57:0e:ae:23:78:62:f5:4d:82:5b:3c:
                    6b:7a:47:ab:a0:1a:a9:d4:5c:92:b7:a8:06:2f:0e:
                    3c:2c:b1:9a:6e:17:68:06:54:f8:fb:65:27:6b:e8:
                    43:91:1d:f6:2d:9d:36:73:9b:91:04:c4:1f:0d:dd:
                    fa:75:ef:91:40:4f:55:86:a3:89:ef:c4:86:5f:23:
                    41:d2:17:aa:11:74:81:61:9c:a9:65:18:05:df:57:
                    7c:f2:6d:75:82:6b:de:11:3c:a2:e8:d5:af:5b:db:
                    47:8e:59:33:f0:f1:78:0e:ac:52:1e:5f:cb:eb:b2:
                    6f:55:3e:9c:11:3f:a5:bc:18:b6:82:4b:65:5c:e5:
                    0b:4c:5d:91:1c:1c:65:0e:18:57:6f:ce:74:dd:cb:
                    5a:97:22:d5:72:2a:7f:9e:b0:a8:b3:ac:58:fa:f6:
                    7d:c1:e4:d4:44:da:35:ad:86:7e:72:fe:e0:a6:5a:
                    78:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:74:84:81:65:62:F4:FF:F3:95:63:92:5B:62:25:55:A6:70:C8:0B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/e3SEgWVi9P_zlWOSW2IlVaZwyAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.110.0/23
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.145.0/24
                  163.5.162.0/24
                  163.5.212.0/24
                  163.5.223.0/24
                  163.5.244.0/24
                  163.5.250.0/24
                  163.5.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:14:15:f7:e9:52:49:b9:82:82:1c:8a:02:33:0a:fc:29:1a:
         ac:c9:e9:3d:24:0b:3f:31:b8:31:ea:d1:e9:34:88:0c:e2:f2:
         a5:63:f3:76:8d:d0:1a:f6:b0:11:25:37:b4:80:d4:61:95:89:
         13:f7:6c:8d:5b:79:8c:78:3e:d1:78:4b:00:94:0d:2b:e2:78:
         f3:c6:7f:e8:82:d1:bb:61:14:a9:5d:d7:40:77:bc:68:15:c0:
         5f:6b:3d:a7:66:09:47:2b:97:61:b3:68:ea:53:30:86:18:2f:
         f2:10:d1:26:8b:14:b1:ef:f4:88:72:6b:d1:47:b7:88:52:9f:
         3e:d5:07:8b:9a:0d:e0:64:d1:71:e0:32:33:05:eb:ce:5e:ce:
         9d:e3:e7:37:61:5b:f7:ac:4f:30:98:2b:2f:8d:b1:51:27:2b:
         2e:80:bd:07:bf:2e:c2:8f:a4:1d:40:bc:b4:a8:36:94:4b:64:
         c2:92:78:15:48:1d:1f:c1:40:c8:19:f3:57:04:4f:40:cc:18:
         5f:ac:8f:f8:3f:04:98:8c:9f:c0:b5:b9:28:55:37:6e:55:d3:
         cc:c6:08:3e:d7:0b:94:72:b5:85:29:66:14:25:ad:b3:be:4e:
         7d:f2:78:f3:23:c1:29:86:e4:a3:e7:b3:2d:26:0b:e7:1e:ad:
         9f:4d:cc:4e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY8lShSIRu2NNK4f8XEaPYmbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNDI4MTUxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjc0ODQ4MTY1NjJmNGZmZjM5NTYzOTI1YjYyMjU1NWE2NzBjODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbH09FSGpmeF99j0KPrEhwixSik
qr54nYuz8s5Tk6zpSRnZLiDNqWfAtcvPInKi71zBPRPstqZqT6K9CNux9Yb6WhV7
BlXNUarnp8pSVw6uI3hi9U2CWzxrekeroBqp1FySt6gGLw48LLGabhdoBlT4+2Un
a+hDkR32LZ02c5uRBMQfDd36de+RQE9VhqOJ78SGXyNB0heqEXSBYZypZRgF31d8
8m11gmveETyi6NWvW9tHjlkz8PF4DqxSHl/L67JvVT6cET+lvBi2gktlXOULTF2R
HBxlDhhXb8503ctalyLVcip/nrCos6xY+vZ9weTURNo1rYZ+cv7gplp43QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFHt0hIFlYvT/85VjkltiJVWmcMgLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZTNTRWdXVmk5UF96bFdPU1cySWxWYVp3eUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBowVuAwQA
owV+AwQAowWAAwQAowWRAwQAowWiAwQAowXUAwQAowXfAwQAowX0AwQAowX6AwQA
owX9MA0GCSqGSIb3DQEBCwUAA4IBAQCAFBX36VJJuYKCHIoCMwr8KRqsyek9JAs/
Mbgx6tHpNIgM4vKlY/N2jdAa9rARJTe0gNRhlYkT92yNW3mMeD7ReEsAlA0r4njz
xn/ogtG7YRSpXddAd7xoFcBfaz2nZglHK5dhs2jqUzCGGC/yENEmixSx7/SIcmvR
R7eIUp8+1QeLmg3gZNFx4DIzBevOXs6d4+c3YVv3rE8wmCsvjbFRJysugL0Hvy7C
j6QdQLy0qDaUS2TCkngVSB0fwUDIGfNXBE9AzBhfrI/4PwSYjJ/AtbkoVTduVdPM
xgg+1wuUcrWFKWYUJa2zvk598njzI8EphuSj57MtJgvnHq2fTcxO
-----END CERTIFICATE-----