Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iz4t1N1Ool7ZWo_7c5rU4K1XZtM.roa
File:                     iz4t1N1Ool7ZWo_7c5rU4K1XZtM.roa (raw, json)
Hash identifier:          mNofqi4AUwyYtBShUjfTH7uMT22nLYYo8qN71T00Xcs=
Subject key identifier:   8B:3E:2D:D4:DD:4E:A2:5E:D9:5A:8F:FB:73:9A:D4:E0:AD:57:66:D3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0187862F0758919BAA9A83218C408B69F6EB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iz4t1N1Ool7ZWo_7c5rU4K1XZtM.roa
Signing time:             Sat 15 Apr 2023 18:30:41 +0000
ROA not before:           Sat 15 Apr 2023 18:30:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 17 Apr 2023 12:35:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:86:2f:07:58:91:9b:aa:9a:83:21:8c:40:8b:69:f6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 15 18:30:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b3e2dd4dd4ea25ed95a8ffb739ad4e0ad5766d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ad:e1:37:ba:1f:fc:ad:59:b6:54:e4:a9:6f:
                    96:6d:65:a9:56:73:95:d9:d1:75:0d:99:c8:1b:f9:
                    28:ba:64:5f:94:df:ff:7e:b8:e5:85:b2:5e:b9:f8:
                    24:34:a9:3a:57:e4:5c:21:d9:01:4f:29:c7:03:12:
                    59:da:b5:f5:40:f5:73:89:c0:3e:6b:bc:af:15:c3:
                    a1:d0:17:4e:e8:b2:7a:fb:43:25:f2:06:ff:43:d4:
                    40:0f:f7:9e:e0:42:be:95:cf:07:19:ce:53:11:0a:
                    8c:46:79:82:35:dc:5c:24:46:e3:c5:fc:fa:88:7f:
                    56:cd:28:67:5a:b4:09:4e:17:f1:77:a3:0d:f6:4e:
                    88:73:0f:73:84:7f:f2:a5:1c:03:71:71:30:ab:a4:
                    e8:a4:2f:5c:b8:f3:0b:c1:48:80:0d:9d:fd:0d:c7:
                    1b:c0:4b:53:4c:fb:90:0f:94:50:aa:bc:d8:d3:33:
                    29:b6:98:f5:c8:f8:e3:8c:c9:15:40:ef:3d:f5:7c:
                    31:14:b7:68:c8:81:4a:be:94:23:b5:44:60:0f:db:
                    51:c2:a6:b4:81:e0:f8:c8:f6:fd:77:6d:2b:f8:a1:
                    9a:9c:89:bf:46:43:98:0b:f3:6a:27:42:0b:d8:b9:
                    ff:12:f5:0b:e9:8b:fb:27:35:29:a8:30:0c:ed:67:
                    36:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3E:2D:D4:DD:4E:A2:5E:D9:5A:8F:FB:73:9A:D4:E0:AD:57:66:D3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iz4t1N1Ool7ZWo_7c5rU4K1XZtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.121.0/24
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.220.0/24
                  163.5.225.0/24
                  163.5.229.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:b5:0b:5a:a4:bb:41:be:0e:d1:ba:d7:44:b8:f5:f3:44:7a:
         53:d3:a0:46:fa:06:26:1e:8d:c6:2a:c7:a6:93:9e:1e:bf:6c:
         cd:0f:b9:14:da:24:a2:c9:ee:6a:84:65:22:4c:79:10:cf:6e:
         35:24:38:40:dd:e3:1d:f8:f0:60:79:1f:a0:39:69:c2:49:c1:
         27:b4:43:69:87:b4:05:02:a9:c7:15:fd:a3:91:76:fa:04:40:
         09:f7:90:5f:a7:b0:c0:8c:e8:fd:d3:69:28:67:cc:7c:db:59:
         7b:87:c2:83:f7:79:94:ca:69:7a:e2:de:f9:76:44:0b:3a:38:
         08:da:ae:48:63:4c:32:50:6f:ea:0f:a3:1c:67:af:5f:f0:eb:
         3f:96:bf:0f:b6:52:f6:92:7c:54:e2:5d:93:66:13:12:ba:65:
         37:fd:03:2f:c3:34:77:03:7e:bd:4e:64:e6:5d:39:29:c0:54:
         e8:ce:fa:1a:6e:66:4f:01:50:ce:43:7b:c8:e9:74:3d:44:a1:
         91:86:c9:f2:61:71:ea:a6:4f:e2:a3:39:b6:77:b9:ab:dd:6b:
         03:d9:b3:aa:3e:51:5a:e3:85:f3:1c:ff:48:9b:13:5e:2c:57:
         bf:56:43:45:7b:8c:df:5e:b9:58:c8:95:f6:a7:8b:0a:e4:d4:
         cb:f8:97:79
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYeGLwdYkZuqmoMhjECLafbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNDE1MTgzMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjNlMmRkNGRkNGVhMjVlZDk1YThmZmI3MzlhZDRlMGFkNTc2NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa3hN7of/K1ZtlTkqW+WbWWpVnOV
2dF1DZnIG/koumRflN//frjlhbJeufgkNKk6V+RcIdkBTynHAxJZ2rX1QPVzicA+
a7yvFcOh0BdO6LJ6+0Ml8gb/Q9RAD/ee4EK+lc8HGc5TEQqMRnmCNdxcJEbjxfz6
iH9WzShnWrQJThfxd6MN9k6Icw9zhH/ypRwDcXEwq6TopC9cuPMLwUiADZ39Dccb
wEtTTPuQD5RQqrzY0zMptpj1yPjjjMkVQO899XwxFLdoyIFKvpQjtURgD9tRwqa0
geD4yPb9d20r+KGanIm/RkOYC/NqJ0IL2Ln/EvUL6Yv7JzUpqDAM7Wc2gwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFIs+LdTdTqJe2VqP+3Oa1OCtV2bTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaXo0dDFOMU9vbDdaV29fN2M1clU0SzFYWnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAowUgMAwD
BACjBWkDBACjBWoDBACjBXMDBAGjBXYDBACjBXkDBACjBZkDBACjBZ8DBACjBagD
BACjBdQDBACjBdwDBACjBeEDBACjBeUDBACjBfIwDQYJKoZIhvcNAQELBQADggEB
AAW1C1qku0G+DtG610S49fNEelPToEb6BiYejcYqx6aTnh6/bM0PuRTaJKLJ7mqE
ZSJMeRDPbjUkOEDd4x348GB5H6A5acJJwSe0Q2mHtAUCqccV/aORdvoEQAn3kF+n
sMCM6P3TaShnzHzbWXuHwoP3eZTKaXri3vl2RAs6OAjarkhjTDJQb+oPoxxnr1/w
6z+Wvw+2UvaSfFTiXZNmExK6ZTf9Ay/DNHcDfr1OZOZdOSnAVOjO+hpuZk8BUM5D
e8jpdD1EoZGGyfJhceqmT+KjObZ3uavdawPZs6o+UVrjhfMc/0ibE14sV79WQ0V7
jN9euVjIlfaniwrk1Mv4l3k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:34 2024 by rpki-client on console-ams.rpki-client.org