Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pCBwrBypYUorH6Hk9T09d0vcfOM.roa
File:                     pCBwrBypYUorH6Hk9T09d0vcfOM.roa (raw, json)
Hash identifier:          c81gy+BQndfc3x+BKur4+bno9Yz0sTaSfCAvbB1d94Q=
Subject key identifier:   A4:20:70:AC:1C:A9:61:4A:2B:1F:A1:E4:F5:3D:3D:77:4B:DC:7C:E3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01894AF3F5B192CC71ED25138BDFB1091A04
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pCBwrBypYUorH6Hk9T09d0vcfOM.roa
Signing time:             Wed 12 Jul 2023 16:34:09 +0000
ROA not before:           Wed 12 Jul 2023 16:34:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204372
IP address blocks:        163.5.99.0/24 maxlen: 24
                          163.5.230.0/24 maxlen: 24
                          163.5.31.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24
                          163.5.210.0/24 maxlen: 24
                          163.5.211.0/24 maxlen: 24
                          163.5.216.0/24 maxlen: 24
                          163.5.223.0/24 maxlen: 24
                          163.5.226.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4a:f3:f5:b1:92:cc:71:ed:25:13:8b:df:b1:09:1a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 12 16:34:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a42070ac1ca9614a2b1fa1e4f53d3d774bdc7ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e7:b3:e7:6a:5b:8b:da:a7:6f:f3:fb:ff:a8:
                    1c:63:3e:4b:de:2d:8d:1b:cd:2e:e6:26:23:5b:ea:
                    bd:64:78:d7:18:2b:44:9d:ba:2d:53:33:2a:0c:75:
                    7d:ef:67:3f:32:55:6a:32:35:e7:42:d3:e2:f1:10:
                    be:ed:27:e8:2a:a4:04:ad:83:11:03:7f:67:d2:da:
                    06:58:5b:7e:ef:3c:5e:19:8b:11:bd:d0:1e:20:bb:
                    f5:3e:cd:d2:e6:f5:46:7b:b2:4b:91:8f:95:4f:0b:
                    d0:26:55:3f:a5:ba:4f:a4:d5:03:a3:70:ce:d2:89:
                    59:f7:e6:86:53:94:14:5e:4d:40:21:2a:9b:fc:3e:
                    5a:01:2f:4d:e3:d7:1a:c7:eb:f0:dd:84:24:fe:fc:
                    77:02:61:04:cc:35:0c:45:87:e4:17:59:e9:d0:2d:
                    66:55:31:b8:a9:ab:6a:30:57:2e:d6:ca:7f:99:6d:
                    48:33:12:e1:a8:a8:6d:6f:00:5f:94:3e:13:39:39:
                    05:7a:c4:60:ef:c1:d4:1e:8e:d6:39:5b:8a:9e:a9:
                    30:f5:71:12:5d:00:b5:fd:30:23:3e:ca:ff:4a:c0:
                    00:0a:9a:4c:2b:17:2f:4e:5b:49:4d:ab:66:eb:8a:
                    f0:de:06:a5:57:d0:29:5a:78:56:7a:b9:1d:eb:c3:
                    37:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:20:70:AC:1C:A9:61:4A:2B:1F:A1:E4:F5:3D:3D:77:4B:DC:7C:E3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pCBwrBypYUorH6Hk9T09d0vcfOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.35.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.127.0/24
                  163.5.136.0/24
                  163.5.138.0/24
                  163.5.161.0/24
                  163.5.202.0/24
                  163.5.210.0/23
                  163.5.216.0/24
                  163.5.221.0/24
                  163.5.223.0/24
                  163.5.226.0/24
                  163.5.230.0/24
                  163.5.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:a3:69:41:e8:c6:63:a6:4e:86:b6:61:4a:eb:6d:0b:17:b3:
         ba:0d:97:ba:c5:20:d5:d4:06:ea:19:8d:ae:c1:be:5b:92:e7:
         db:d5:24:6c:7f:ed:69:e1:65:5a:13:f1:76:d1:e4:7d:be:2b:
         f9:25:c6:28:4f:b9:df:8d:37:72:ea:d0:21:c0:9f:ae:8c:1e:
         da:e8:44:cb:ce:ee:14:47:c5:dc:26:43:c8:99:54:6c:7d:2c:
         bd:8e:28:b4:d9:89:c9:b0:4a:6f:de:af:db:f6:18:4f:a3:6d:
         45:c6:6a:3d:78:e4:85:2a:60:5c:dd:99:5f:f4:d4:73:23:af:
         f1:25:b2:03:4b:8b:2c:15:7d:6a:f9:10:fe:35:23:01:61:70:
         77:4e:b4:85:7b:17:c9:1d:56:47:26:5c:f5:8f:9f:8b:81:7d:
         1c:23:b8:a4:6d:05:c7:9a:85:56:81:d3:14:4a:ec:c2:3c:7b:
         53:d2:c3:ca:52:6d:04:1c:63:9e:81:b8:4d:82:c6:34:1c:bc:
         09:aa:c1:7d:dd:96:2f:2c:68:11:fe:50:f5:cb:7a:41:7b:a9:
         30:fc:dd:93:11:f8:c2:b4:1a:dc:60:26:c1:57:2e:c3:27:02:
         12:31:27:7a:20:34:3a:d4:7b:bd:ae:19:2d:92:45:99:66:53:
         d2:ac:a5:e5
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYlK8/Wxksxx7SUTi9+xCRoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNzEyMTYzNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDIwNzBhYzFjYTk2MTRhMmIxZmExZTRmNTNkM2Q3NzRiZGM3Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+ez52pbi9qnb/P7/6gcYz5L3i2N
G80u5iYjW+q9ZHjXGCtEnbotUzMqDHV972c/MlVqMjXnQtPi8RC+7SfoKqQErYMR
A39n0toGWFt+7zxeGYsRvdAeILv1Ps3S5vVGe7JLkY+VTwvQJlU/pbpPpNUDo3DO
0olZ9+aGU5QUXk1AISqb/D5aAS9N49cax+vw3YQk/vx3AmEEzDUMRYfkF1np0C1m
VTG4qatqMFcu1sp/mW1IMxLhqKhtbwBflD4TOTkFesRg78HUHo7WOVuKnqkw9XES
XQC1/TAjPsr/SsAACppMKxcvTltJTatm64rw3galV9ApWnhWerkd68M38wIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFKQgcKwcqWFKKx+h5PU9PXdL3HzjMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcENCd3JCeXBZVW9ySDZIazlUMDlkMHZjZk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAowUfAwQA
owUjAwQAowU+AwQAowVjAwQAowV/AwQAowWIAwQAowWKAwQAowWhAwQAowXKAwQB
owXSAwQAowXYAwQAowXdAwQAowXfAwQAowXiAwQAowXmAwQAowX+MA0GCSqGSIb3
DQEBCwUAA4IBAQB7o2lB6MZjpk6GtmFK620LF7O6DZe6xSDV1AbqGY2uwb5bkufb
1SRsf+1p4WVaE/F20eR9viv5JcYoT7nfjTdy6tAhwJ+ujB7a6ETLzu4UR8XcJkPI
mVRsfSy9jii02YnJsEpv3q/b9hhPo21Fxmo9eOSFKmBc3Zlf9NRzI6/xJbIDS4ss
FX1q+RD+NSMBYXB3TrSFexfJHVZHJlz1j5+LgX0cI7ikbQXHmoVWgdMUSuzCPHtT
0sPKUm0EHGOegbhNgsY0HLwJqsF93ZYvLGgR/lD1y3pBe6kw/N2TEfjCtBrcYCbB
Vy7DJwISMSd6IDQ61Hu9rhktkkWZZlPSrKXl
-----END CERTIFICATE-----