Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m3LlOPoFYdE4H9UoVMHCANyQ6IA.roa
File:                     m3LlOPoFYdE4H9UoVMHCANyQ6IA.roa (raw, json)
Hash identifier:          NkBfoHtPMnsLqjODPhCDCXyaCmGc+nsMAYx0U7iF6Xc=
Subject key identifier:   9B:72:E5:38:FA:05:61:D1:38:1F:D5:28:54:C1:C2:00:DC:90:E8:80
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01888C6D4A1FED994824CDC94D6CB895F94A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m3LlOPoFYdE4H9UoVMHCANyQ6IA.roa
Signing time:             Mon 05 Jun 2023 16:39:12 +0000
ROA not before:           Mon 05 Jun 2023 16:39:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.233.0/24 maxlen: 24
                          163.5.244.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8c:6d:4a:1f:ed:99:48:24:cd:c9:4d:6c:b8:95:f9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun  5 16:39:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b72e538fa0561d1381fd52854c1c200dc90e880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:d7:bc:06:27:05:c2:be:58:a0:0a:02:89:
                    63:0b:cd:f6:6e:d2:82:40:af:9a:05:b0:27:ce:73:
                    86:6e:f5:d5:db:e1:f1:d6:87:0b:d3:09:9e:1e:e4:
                    b8:2c:d0:3b:e9:fb:49:c0:4c:8a:48:32:3d:da:b0:
                    bb:71:ac:8f:35:3b:99:ac:27:8e:df:fb:b9:60:bd:
                    d7:85:5a:9d:c7:9d:82:88:42:f5:5a:85:af:53:49:
                    01:f1:d5:11:81:e8:60:41:26:10:de:d1:7a:06:31:
                    71:20:39:14:c3:5a:98:b2:e5:70:b0:84:87:ee:13:
                    b0:f4:94:68:ae:6a:f2:6e:66:9c:21:85:fb:a5:a1:
                    85:6e:5e:5c:0c:46:b0:51:16:22:0c:4a:cc:a3:07:
                    ee:21:fa:7d:05:02:44:89:d9:12:9a:87:09:59:14:
                    ad:32:24:1d:62:57:5c:9d:51:16:48:24:89:9b:5d:
                    d7:61:ff:af:86:55:3d:96:c5:7d:dd:32:de:d6:db:
                    32:3f:b2:d5:72:7d:cd:a9:f1:8d:40:7e:d8:51:d7:
                    d7:5b:83:aa:7e:dd:08:87:bb:1b:1c:19:95:db:ea:
                    41:84:2c:b8:b9:89:dc:d7:f0:45:90:55:45:c6:06:
                    00:e6:5b:d8:e8:1a:3a:22:c9:61:43:3b:0c:31:0a:
                    6b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:72:E5:38:FA:05:61:D1:38:1F:D5:28:54:C1:C2:00:DC:90:E8:80
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m3LlOPoFYdE4H9UoVMHCANyQ6IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.120.0/24
                  163.5.142.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/23
                  163.5.233.0/24
                  163.5.244.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:39:bf:90:71:ee:32:5d:c2:e6:03:5c:3f:ba:75:61:7f:fe:
         7a:40:82:01:9f:2f:51:9e:44:bc:e8:db:6e:97:56:a0:01:dd:
         98:f9:72:fc:f2:63:f6:f5:23:59:25:62:cb:af:ce:fc:71:c0:
         04:a4:c5:31:d6:25:52:f0:13:21:5c:fd:df:43:d4:9f:b5:9e:
         e3:df:08:64:c1:56:a8:dc:c5:59:bc:fc:bc:68:d7:0f:94:22:
         87:14:e9:1a:c8:7d:4f:46:6c:9a:a9:f1:39:24:d7:14:03:86:
         00:37:6d:6b:5f:df:ee:40:64:ed:78:e7:05:45:02:0c:8f:e9:
         a1:dc:47:21:9f:c3:4d:cf:aa:05:48:e6:e0:98:d4:23:18:67:
         3a:9d:51:b3:8f:c6:81:0a:a4:d8:40:ef:7d:97:ae:2a:29:07:
         94:ba:3f:af:1d:de:fd:61:7f:86:ba:ee:74:52:32:5d:cd:b4:
         f6:81:5d:70:f7:50:1d:11:9d:f8:28:90:fe:05:ee:ab:7a:94:
         ad:bb:b6:91:f5:68:1f:b0:f0:14:80:2f:d1:59:0f:86:d1:4a:
         fc:86:49:8e:e6:4f:26:d9:8c:b2:50:e9:3f:0e:b7:93:de:c3:
         62:f5:e2:8b:54:97:b3:93:09:75:41:50:d2:c5:4d:00:23:a2:
         57:55:3c:2a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYiMbUof7ZlIJM3JTWy4lflKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNjA1MTYzOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjcyZTUzOGZhMDU2MWQxMzgxZmQ1Mjg1NGMxYzIwMGRjOTBlODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf/XvAYnBcK+WKAKAoljC832btKC
QK+aBbAnznOGbvXV2+Hx1ocL0wmeHuS4LNA76ftJwEyKSDI92rC7cayPNTuZrCeO
3/u5YL3XhVqdx52CiEL1WoWvU0kB8dURgehgQSYQ3tF6BjFxIDkUw1qYsuVwsISH
7hOw9JRormrybmacIYX7paGFbl5cDEawURYiDErMowfuIfp9BQJEidkSmocJWRSt
MiQdYldcnVEWSCSJm13XYf+vhlU9lsV93TLe1tsyP7LVcn3NqfGNQH7YUdfXW4Oq
ft0Ih7sbHBmV2+pBhCy4uYnc1/BFkFVFxgYA5lvY6Bo6IslhQzsMMQpr1QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJty5Tj6BWHROB/VKFTBwgDckOiAMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbTNMbE9Qb0ZZZEU0SDlVb1ZNSENBTnlRNklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAowU7AwQA
owVTAwQAowV4MAwDBAGjBY4DBACjBZADBACjBZoDBAGjBcADBAGjBdYDBACjBekD
BACjBfQDBAC5/TYwDQYJKoZIhvcNAQELBQADggEBAFQ5v5Bx7jJdwuYDXD+6dWF/
/npAggGfL1GeRLzo226XVqAB3Zj5cvzyY/b1I1klYsuvzvxxwASkxTHWJVLwEyFc
/d9D1J+1nuPfCGTBVqjcxVm8/Lxo1w+UIocU6RrIfU9GbJqp8Tkk1xQDhgA3bWtf
3+5AZO145wVFAgyP6aHcRyGfw03PqgVI5uCY1CMYZzqdUbOPxoEKpNhA732Xriop
B5S6P68d3v1hf4a67nRSMl3NtPaBXXD3UB0RnfgokP4F7qt6lK27tpH1aB+w8BSA
L9FZD4bRSvyGSY7mTybZjLJQ6T8Ot5Pew2L14otUl7OTCXVBUNLFTQAjoldVPCo=
-----END CERTIFICATE-----