Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o89DQqhiebVkgR8X5Zh_bNAQZrY.roa
File:                     o89DQqhiebVkgR8X5Zh_bNAQZrY.roa (raw, json)
Hash identifier:          t8Yu+DShe7Uby4xZpGgqrNesrL0cjis4Y8uxbCtDc0I=
Subject key identifier:   A3:CF:43:42:A8:62:79:B5:64:81:1F:17:E5:98:7F:6C:D0:10:66:B6
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01858177F9F39F9B3B9D4B845311BF6B673E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o89DQqhiebVkgR8X5Zh_bNAQZrY.roa
Signing time:             Thu 05 Jan 2023 10:26:41 +0000
ROA not before:           Thu 05 Jan 2023 10:26:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        163.5.91.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.34.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.152.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 06 Jan 2023 10:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:81:77:f9:f3:9f:9b:3b:9d:4b:84:53:11:bf:6b:67:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  5 10:26:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3cf4342a86279b564811f17e5987f6cd01066b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:92:a0:79:df:b0:d8:23:69:10:04:f1:31:18:
                    6f:28:89:c0:ae:05:d8:d5:86:b9:a1:ac:ed:e0:e1:
                    eb:ba:89:fe:33:08:d8:0b:0e:71:19:78:d4:9c:33:
                    36:8a:e0:97:01:72:f4:09:88:0e:54:1f:be:ca:03:
                    65:0c:45:e1:a2:a5:20:53:cb:ce:59:c4:70:ec:3d:
                    b4:e9:7a:d8:2f:36:98:88:25:67:8d:28:42:00:95:
                    0e:55:01:45:64:00:91:63:ee:45:13:d3:ec:1f:34:
                    47:26:99:30:bf:8a:f1:31:23:a0:6e:77:8c:82:28:
                    84:73:2d:bf:46:5d:b7:1b:14:b7:27:91:ab:c3:2b:
                    f3:51:5b:97:21:73:5f:77:f6:d8:f1:6e:ca:dc:eb:
                    1a:44:d9:14:b3:05:9b:f4:8b:44:f8:8a:30:2a:d6:
                    18:e3:d9:a1:ea:7a:79:46:90:da:40:ee:87:4e:9a:
                    b3:d5:43:df:42:ce:30:e4:12:ac:d8:90:4c:d1:ab:
                    ff:c7:2b:f9:d5:d4:8e:53:ba:70:6b:1d:4b:64:8e:
                    74:37:3a:ce:0e:9e:88:74:df:52:61:c3:f7:c4:81:
                    a1:b4:d3:ea:bf:0e:11:4c:cb:f6:6a:d9:12:7d:ce:
                    c4:41:ea:df:f2:64:46:95:b9:e9:79:6a:45:f2:f3:
                    0d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:43:42:A8:62:79:B5:64:81:1F:17:E5:98:7F:6C:D0:10:66:B6
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/o89DQqhiebVkgR8X5Zh_bNAQZrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.33.0-163.5.34.255
                  163.5.38.0/23
                  163.5.91.0/24
                  163.5.97.0/24
                  163.5.114.0/24
                  163.5.131.0/24
                  163.5.152.0/24
                  163.5.169.0/24
                  163.5.249.0/24
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:26:a5:a7:d9:e7:59:33:a6:99:c8:59:f3:3c:64:ea:50:dd:
         2a:d4:19:e6:b8:a5:44:f3:7d:91:26:52:61:23:ea:f8:4c:a8:
         d5:3f:59:da:09:25:df:3c:a8:86:8b:77:cc:65:dd:e4:91:ee:
         8e:a0:ac:78:19:08:2c:08:a2:15:45:c6:a9:84:56:4f:72:9b:
         f4:3e:89:f6:26:c9:d9:f9:de:48:89:17:dc:89:d9:32:48:3e:
         54:60:ef:13:d2:c5:2d:d4:c6:4f:35:86:ac:60:78:4e:68:88:
         83:62:a3:7d:44:fe:d9:37:97:4b:c0:63:55:dc:67:39:b4:db:
         8f:5d:10:1e:18:cd:01:e2:e4:cb:64:55:68:a2:1a:5b:57:11:
         f3:ef:de:1d:1a:89:a5:53:1a:1c:e0:b5:c8:41:5a:41:73:bc:
         7f:d7:22:6a:67:c0:a9:1c:e6:03:86:6f:4a:81:42:a6:00:3e:
         ae:34:ee:05:53:2b:85:18:9b:c7:76:b0:db:0c:a2:4a:da:86:
         f5:64:d2:94:80:64:6f:a0:07:70:f8:13:f1:29:82:67:1c:82:
         f2:9f:e7:7d:43:8b:a5:65:c5:37:36:da:1f:e7:e1:e8:74:8e:
         41:35:89:a2:3b:0c:a9:40:92:a9:76:0d:7c:00:6d:f1:0f:9d:
         dd:fc:6f:94
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYWBd/nzn5s7nUuEUxG/a2c+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTA1MTAyNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmNDM0MmE4NjI3OWI1NjQ4MTFmMTdlNTk4N2Y2Y2QwMTA2NmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5Kged+w2CNpEATxMRhvKInArgXY
1Ya5oazt4OHruon+MwjYCw5xGXjUnDM2iuCXAXL0CYgOVB++ygNlDEXhoqUgU8vO
WcRw7D206XrYLzaYiCVnjShCAJUOVQFFZACRY+5FE9PsHzRHJpkwv4rxMSOgbneM
giiEcy2/Rl23GxS3J5GrwyvzUVuXIXNfd/bY8W7K3OsaRNkUswWb9ItE+IowKtYY
49mh6np5RpDaQO6HTpqz1UPfQs4w5BKs2JBM0av/xyv51dSOU7pwax1LZI50NzrO
Dp6IdN9SYcP3xIGhtNPqvw4RTMv2atkSfc7EQerf8mRGlbnpeWpF8vMN8QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKPPQ0KoYnm1ZIEfF+WYf2zQEGa2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbzg5RFFxaGllYlZrZ1I4WDVaaF9iTkFRWnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBACjBSED
BACjBSIDBAGjBSYDBACjBVsDBACjBWEDBACjBXIDBACjBYMDBACjBZgDBACjBakD
BACjBfkDBACjBf4wDQYJKoZIhvcNAQELBQADggEBAA8mpafZ51kzppnIWfM8ZOpQ
3SrUGea4pUTzfZEmUmEj6vhMqNU/WdoJJd88qIaLd8xl3eSR7o6grHgZCCwIohVF
xqmEVk9ym/Q+ifYmydn53kiJF9yJ2TJIPlRg7xPSxS3Uxk81hqxgeE5oiINio31E
/tk3l0vAY1XcZzm0249dEB4YzQHi5MtkVWiiGltXEfPv3h0aiaVTGhzgtchBWkFz
vH/XImpnwKkc5gOGb0qBQqYAPq407gVTK4UYm8d2sNsMokrahvVk0pSAZG+gB3D4
E/EpgmccgvKf531Di6VlxTc22h/n4eh0jkE1iaI7DKlAkql2DXwAbfEPnd38b5Q=
-----END CERTIFICATE-----