Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jzDD3K5A9uXHZLk_1tnXrO4vO2E.roa
File:                     jzDD3K5A9uXHZLk_1tnXrO4vO2E.roa (raw, json)
Hash identifier:          3w+LX3R8cF5qRn3qBZc3fd//g95UnGVzRmUVbUSH/Ls=
Subject key identifier:   8F:30:C3:DC:AE:40:F6:E5:C7:64:B9:3F:D6:D9:D7:AC:EE:2F:3B:61
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0187476F62534237942F3DC30F5C5088E4A6
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jzDD3K5A9uXHZLk_1tnXrO4vO2E.roa
Signing time:             Mon 03 Apr 2023 14:04:54 +0000
ROA not before:           Mon 03 Apr 2023 14:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.84.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:47:6f:62:53:42:37:94:2f:3d:c3:0f:5c:50:88:e4:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr  3 14:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8f30c3dcae40f6e5c764b93fd6d9d7acee2f3b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6b:75:a5:98:06:08:1d:a8:0d:85:43:b6:e2:
                    ba:57:92:26:f4:f1:51:dd:31:e2:d3:0d:a1:55:12:
                    b4:53:6e:5f:f0:95:ca:8e:7e:c4:67:33:72:ad:89:
                    6e:16:af:54:c6:b8:01:3b:87:cc:50:65:d0:22:e7:
                    ed:63:b7:3e:de:58:06:da:9b:a0:2f:47:14:f2:b3:
                    af:9e:5b:9b:d4:95:75:d8:dc:82:09:d3:90:68:b3:
                    53:ae:5c:f3:08:82:99:07:de:3f:2e:a0:e9:7f:ac:
                    37:b2:40:e7:14:42:41:1b:80:78:7d:5d:8f:12:2c:
                    51:7c:96:78:6f:2c:c1:c0:85:ff:c1:d5:2f:cd:b0:
                    49:95:59:0d:4a:b0:0c:c5:6b:10:5a:07:f6:27:98:
                    b9:ec:93:d0:02:56:55:bf:8d:2b:df:64:b0:83:8d:
                    90:68:97:e8:cb:af:b7:b4:6f:d1:31:10:63:49:0e:
                    3e:9a:d0:32:37:a3:2c:7f:66:5a:b3:63:ca:83:a8:
                    ec:ae:88:c1:0e:81:70:3a:65:ce:81:ef:ac:ed:ed:
                    10:35:18:63:a4:55:bc:61:f8:64:f0:69:d3:65:54:
                    86:f1:bb:80:fe:21:9b:ce:95:68:09:f3:06:c4:bd:
                    db:b2:07:9b:a8:27:11:fa:72:fd:9e:da:a6:47:80:
                    98:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:30:C3:DC:AE:40:F6:E5:C7:64:B9:3F:D6:D9:D7:AC:EE:2F:3B:61
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jzDD3K5A9uXHZLk_1tnXrO4vO2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/24
                  163.5.59.0/24
                  163.5.83.0-163.5.84.255
                  163.5.120.0/24
                  163.5.142.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:9c:e9:aa:32:10:89:99:7c:7d:4c:3c:d1:52:9e:26:ac:52:
         68:8c:65:cf:61:f5:c6:2c:3e:a9:36:d1:5f:0a:af:30:0c:3c:
         98:5a:16:96:ab:31:39:7c:21:22:41:fc:8a:d2:58:8d:38:d9:
         8a:d1:9b:48:90:f5:1e:dd:0b:70:55:ca:cd:43:be:0f:d3:27:
         70:aa:ba:9a:16:f3:1d:c4:75:4c:14:45:23:84:b6:61:de:de:
         e5:89:cb:eb:ac:47:5f:2a:3f:9c:fc:d3:e7:fe:0b:69:fa:8a:
         48:6c:c9:8c:5f:b3:d0:e9:91:06:eb:d4:16:92:c2:45:93:e5:
         bf:5b:05:b4:11:f4:26:3c:a1:df:04:3f:9a:bd:88:09:e5:c6:
         97:c3:3b:f8:33:1e:6e:e7:7e:08:05:c7:09:d5:f9:2a:cc:e8:
         04:a0:79:5d:83:cc:14:43:94:47:bb:f3:dd:b0:19:6b:77:e0:
         77:1d:bb:71:38:e7:5d:6f:47:bc:0e:b7:77:f1:b5:fc:ae:76:
         6d:dc:f3:9d:f1:95:7b:35:a0:75:01:e1:00:c0:6a:d4:a5:99:
         f9:55:b2:52:3d:64:44:f1:99:ab:4c:03:0d:4e:04:32:9e:10:
         62:99:55:89:c9:17:4e:7a:d1:c9:1c:c5:8d:bc:57:9b:98:ce:
         71:21:e5:67
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYdHb2JTQjeULz3DD1xQiOSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNDAzMTQwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjMwYzNkY2FlNDBmNmU1Yzc2NGI5M2ZkNmQ5ZDdhY2VlMmYzYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmt1pZgGCB2oDYVDtuK6V5Im9PFR
3THi0w2hVRK0U25f8JXKjn7EZzNyrYluFq9UxrgBO4fMUGXQIuftY7c+3lgG2pug
L0cU8rOvnlub1JV12NyCCdOQaLNTrlzzCIKZB94/LqDpf6w3skDnFEJBG4B4fV2P
EixRfJZ4byzBwIX/wdUvzbBJlVkNSrAMxWsQWgf2J5i57JPQAlZVv40r32Swg42Q
aJfoy6+3tG/RMRBjSQ4+mtAyN6Msf2Zas2PKg6jsrojBDoFwOmXOge+s7e0QNRhj
pFW8Yfhk8GnTZVSG8buA/iGbzpVoCfMGxL3bsgebqCcR+nL9ntqmR4CY7QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI8ww9yuQPblx2S5P9bZ16zuLzthMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvanpERDNLNUE5dVhIWkxrXzF0blhyTzR2TzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAowUmAwQA
owU7MAwDBACjBVMDBACjBVQDBACjBXgwDAMEAaMFjgMEAKMFkAMEAKMFmgMEAaMF
wAMEAKMF1gMEALn9NjANBgkqhkiG9w0BAQsFAAOCAQEAlZzpqjIQiZl8fUw80VKe
JqxSaIxlz2H1xiw+qTbRXwqvMAw8mFoWlqsxOXwhIkH8itJYjTjZitGbSJD1Ht0L
cFXKzUO+D9MncKq6mhbzHcR1TBRFI4S2Yd7e5YnL66xHXyo/nPzT5/4LafqKSGzJ
jF+z0OmRBuvUFpLCRZPlv1sFtBH0Jjyh3wQ/mr2ICeXGl8M7+DMebud+CAXHCdX5
KszoBKB5XYPMFEOUR7vz3bAZa3fgdx27cTjnXW9HvA63d/G1/K52bdzznfGVezWg
dQHhAMBq1KWZ+VWyUj1kRPGZq0wDDU4EMp4QYplVickXTnrRyRzFjbxXm5jOcSHl
Zw==
-----END CERTIFICATE-----