Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-laKE1-kpAyx2kNwkUewR7aJae8.roa
File:                     1-laKE1-kpAyx2kNwkUewR7aJae8.roa (raw, json)
Hash identifier:          O1NW4bWva3U11ZM8jMTo6X4c4GuYp9j7hUti1peKxAM=
Subject key identifier:   FA:56:8A:13:5F:A4:A4:0C:B1:DA:43:70:91:47:B0:47:B6:89:69:EF
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018CE8664FD985DD01A628DB6F19FEE130FA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-laKE1-kpAyx2kNwkUewR7aJae8.roa
Signing time:             Mon 08 Jan 2024 09:27:48 +0000
ROA not before:           Mon 08 Jan 2024 09:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        163.5.199.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.219.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 15:14:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:66:4f:d9:85:dd:01:a6:28:db:6f:19:fe:e1:30:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  8 09:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa568a135fa4a40cb1da43709147b047b68969ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:91:73:20:4c:f2:e3:da:fe:81:e5:6d:71:31:
                    b6:45:a0:c2:51:4a:50:f4:6f:8f:46:13:e8:dd:7b:
                    b0:7f:9c:53:f1:a8:0c:3d:e1:0a:ac:07:c1:73:cd:
                    b9:7f:29:da:48:d3:e5:43:a9:10:68:59:06:4c:28:
                    30:d2:9f:fe:bf:23:a0:e8:fa:1a:3d:1a:92:0d:26:
                    9a:24:db:af:26:1f:cb:77:7e:d8:4f:c5:aa:02:28:
                    2d:84:6a:3d:67:43:3c:db:4b:0d:bc:47:fb:6b:fb:
                    8f:9c:31:6d:18:83:9b:73:2c:e0:0d:43:72:c7:9c:
                    1a:34:b4:06:d7:c8:f1:b9:50:c3:44:ef:5b:0f:80:
                    89:72:19:ca:ee:d1:7a:28:13:ba:87:9c:c7:5d:91:
                    f1:51:df:e4:a3:3a:e0:d3:bf:18:ef:02:5c:3c:53:
                    04:5e:c9:b6:1c:70:1b:e3:94:90:3c:4f:d7:75:5d:
                    31:79:7c:f7:96:ac:dd:7c:86:b3:8e:99:f5:4e:e2:
                    d2:26:b3:88:39:8b:2b:5a:1a:c0:14:6a:e3:31:c7:
                    f8:4e:fa:bf:1a:a7:23:74:36:e8:d8:13:5c:0b:d1:
                    57:ea:2a:3f:e2:10:89:11:a4:6c:81:bf:54:e5:30:
                    9b:a1:b0:66:b4:95:5f:e4:c8:d0:77:fa:61:19:96:
                    c4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:56:8A:13:5F:A4:A4:0C:B1:DA:43:70:91:47:B0:47:B6:89:69:EF
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/1-laKE1-kpAyx2kNwkUewR7aJae8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.145.0/24
                  163.5.199.0/24
                  163.5.202.0/24
                  163.5.212.0/24
                  163.5.219.0/24
                  163.5.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:cf:50:34:f3:18:f4:51:5f:42:d7:a3:19:17:17:0d:8a:47:
         d3:37:33:df:47:93:cf:e2:0f:1f:a5:1f:07:01:e0:e9:39:05:
         88:c6:df:20:07:a9:9c:0a:d7:f6:d1:17:94:4f:3f:d2:53:72:
         f5:65:05:5d:2c:02:9c:91:f4:8c:68:bd:eb:08:80:19:17:95:
         7b:bf:5d:fd:2b:d9:b9:bb:2e:2c:26:30:dc:b3:d6:62:9c:64:
         f5:ea:2f:3b:42:1f:dd:b0:fe:d8:76:cf:6d:28:f5:98:88:d5:
         27:45:ba:b2:a3:84:64:55:28:09:52:33:04:be:5f:5c:42:79:
         e3:5d:20:65:68:c6:19:43:b7:11:c4:86:6e:91:fc:d8:fe:c5:
         48:7b:3f:2b:24:c7:48:97:4f:15:53:14:ff:1d:83:3d:87:cd:
         9c:88:6a:ba:a9:0c:62:b7:fd:d3:3a:21:eb:c2:c9:fb:fc:ad:
         cc:a1:fe:76:07:3d:a9:5d:76:ef:b5:b1:d1:93:7d:b0:8b:4f:
         2d:8e:27:90:43:95:5c:1b:cd:70:44:bb:ea:3f:5d:40:fa:fa:
         95:9d:31:67:c7:a6:84:0a:89:fe:d8:d9:c4:f5:5f:1e:16:2a:
         4c:82:80:25:0e:88:27:16:69:ed:ed:13:17:c8:72:78:34:cd:
         52:b6:37:0f
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzoZk/Zhd0Bpijbbxn+4TD6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTA4MDkyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTU2OGExMzVmYTRhNDBjYjFkYTQzNzA5MTQ3YjA0N2I2ODk2OWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJFzIEzy49r+geVtcTG2RaDCUUpQ
9G+PRhPo3Xuwf5xT8agMPeEKrAfBc825fynaSNPlQ6kQaFkGTCgw0p/+vyOg6Poa
PRqSDSaaJNuvJh/Ld37YT8WqAigthGo9Z0M820sNvEf7a/uPnDFtGIObcyzgDUNy
x5waNLQG18jxuVDDRO9bD4CJchnK7tF6KBO6h5zHXZHxUd/kozrg078Y7wJcPFME
Xsm2HHAb45SQPE/XdV0xeXz3lqzdfIazjpn1TuLSJrOIOYsrWhrAFGrjMcf4Tvq/
GqcjdDbo2BNcC9FX6io/4hCJEaRsgb9U5TCbobBmtJVf5MjQd/phGZbE6wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFPpWihNfpKQMsdpDcJFHsEe2iWnvMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvMS1sYUtFMS1rcEF5eDJrTndrVWV3UjdhSmFlOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTMvZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYw
MS8xL0RPaFJ0dDFkTms3aG5nczRJQnMtamZKaVM4cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA9BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAKMFkQME
AKMFxwMEAKMFygMEAKMF1AMEAKMF2wMEAKMF+DANBgkqhkiG9w0BAQsFAAOCAQEA
SM9QNPMY9FFfQtejGRcXDYpH0zcz30eTz+IPH6UfBwHg6TkFiMbfIAepnArX9tEX
lE8/0lNy9WUFXSwCnJH0jGi96wiAGReVe79d/SvZubsuLCYw3LPWYpxk9eovO0If
3bD+2HbPbSj1mIjVJ0W6sqOEZFUoCVIzBL5fXEJ5410gZWjGGUO3EcSGbpH82P7F
SHs/KyTHSJdPFVMU/x2DPYfNnIhquqkMYrf90zoh68LJ+/ytzKH+dgc9qV1277Wx
0ZN9sItPLY4nkEOVXBvNcES76j9dQPr6lZ0xZ8emhAqJ/tjZxPVfHhYqTIKAJQ6I
JxZp7e0TF8hyeDTNUrY3Dw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:00 2024 by rpki-client on console-fra.rpki-client.org