Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3ZnOcS_cBWlaRBpGmWf-qed_6Cw.roa
File:                     3ZnOcS_cBWlaRBpGmWf-qed_6Cw.roa (raw, json)
Hash identifier:          D8qtBhs4iyrw21HxiRiJmQnvq/w9asEwjg1ARaMw51c=
Subject key identifier:   DD:99:CE:71:2F:DC:05:69:5A:44:1A:46:99:67:FE:A9:E7:7F:E8:2C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018C10329DCAD1AA8247258E5EA05009FBCC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3ZnOcS_cBWlaRBpGmWf-qed_6Cw.roa
Signing time:             Mon 27 Nov 2023 09:53:21 +0000
ROA not before:           Mon 27 Nov 2023 09:53:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.228.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24
                          163.5.71.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.112.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.30.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.36.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.176.0/24 maxlen: 24
                          163.5.178.0/24 maxlen: 24
                          163.5.181.0/24 maxlen: 24
                          163.5.182.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.188.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.191.0/24 maxlen: 24
                          163.5.199.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
                          163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.218.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
                          163.5.148.0/24 maxlen: 24
                          163.5.150.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.156.0/24 maxlen: 24
                          163.5.160.0/24 maxlen: 24
                          163.5.167.0/24 maxlen: 24
                          163.5.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 01 Dec 2023 18:16:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:10:32:9d:ca:d1:aa:82:47:25:8e:5e:a0:50:09:fb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 27 09:53:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd99ce712fdc05695a441a469967fea9e77fe82c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:f9:a6:33:dc:46:45:f2:4e:90:4e:e5:35:
                    a9:4b:77:80:f8:27:b5:17:13:f0:65:12:e1:8f:31:
                    07:45:75:78:7a:d8:09:29:71:f6:4b:0e:ce:f6:3f:
                    d7:1d:2c:85:62:dd:d3:06:08:67:47:f0:7f:0f:72:
                    a4:62:51:fa:d4:10:61:ca:e6:23:0f:b9:a6:d9:51:
                    9f:01:50:ad:37:a6:24:df:f3:9c:cb:56:d8:c9:fd:
                    54:cd:7e:22:f2:73:ba:43:d3:f9:19:8c:cb:f4:21:
                    06:83:88:53:23:da:33:ae:7b:b2:c9:2c:e4:f6:fa:
                    d9:56:3d:86:7f:7e:61:98:4d:ec:8d:f7:01:a9:fa:
                    f5:58:91:2d:17:6d:c4:ef:b6:ff:2d:5e:1f:d7:3e:
                    55:76:a8:8c:5f:56:44:85:cb:c1:f8:38:b9:70:f1:
                    37:24:e7:2f:5a:6c:6f:88:8d:6c:03:99:27:ee:41:
                    98:b7:b8:7b:14:d0:58:68:bb:40:23:59:6e:0b:bd:
                    67:42:64:64:eb:c1:d2:67:cb:e9:c0:66:8c:31:3c:
                    40:2e:47:8d:cd:25:3c:df:4b:1a:69:3a:48:3e:f5:
                    48:42:a9:b1:ff:09:f9:e9:bc:38:8d:ea:fc:9a:4d:
                    e6:95:69:30:4c:55:23:d2:ec:8e:a4:95:e1:aa:8f:
                    e0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:99:CE:71:2F:DC:05:69:5A:44:1A:46:99:67:FE:A9:E7:7F:E8:2C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3ZnOcS_cBWlaRBpGmWf-qed_6Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.35.0-163.5.36.255
                  163.5.62.0/24
                  163.5.71.0/24
                  163.5.79.0/24
                  163.5.83.0/24
                  163.5.89.0/24
                  163.5.94.0/23
                  163.5.99.0/24
                  163.5.106.0/24
                  163.5.110.0-163.5.113.255
                  163.5.121.0/24
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.134.0/24
                  163.5.138.0/23
                  163.5.142.0/23
                  163.5.146.0/24
                  163.5.148.0/24
                  163.5.150.0/23
                  163.5.156.0/24
                  163.5.160.0/24
                  163.5.167.0/24
                  163.5.170.0/24
                  163.5.176.0/24
                  163.5.178.0/24
                  163.5.181.0-163.5.182.255
                  163.5.186.0/24
                  163.5.188.0/23
                  163.5.191.0/24
                  163.5.199.0/24
                  163.5.201.0/24
                  163.5.203.0-163.5.205.255
                  163.5.212.0/24
                  163.5.218.0/24
                  163.5.224.0/24
                  163.5.228.0/24
                  163.5.241.0/24
                  163.5.250.0/24
                  163.5.253.0/24
                  163.5.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e2:6b:b3:ab:d5:11:0c:a8:b9:67:7f:06:f6:15:c7:29:96:
         26:79:bf:62:b2:cc:9b:42:43:51:ad:a6:72:65:0e:94:33:f7:
         0b:61:95:60:87:62:f7:78:a6:dc:63:ea:77:24:1d:99:b7:70:
         61:a5:db:71:62:c9:84:92:40:d0:40:ed:28:67:55:41:64:d3:
         1e:47:31:64:c4:32:4e:19:ec:db:4e:0d:bb:f4:43:9f:35:c4:
         f0:c5:a6:02:50:cb:a5:16:78:5b:62:18:f3:58:4c:fb:cb:6f:
         34:6f:dc:07:c1:ce:6f:74:75:b5:0e:9b:e1:63:1c:f1:b2:fa:
         0d:cc:1a:78:c3:f7:b1:a6:48:0d:95:2d:1b:7f:ad:7a:50:9c:
         37:71:be:6d:d6:ff:59:c3:79:46:34:34:48:8c:59:cb:6e:05:
         61:b5:cd:d7:f9:18:e7:01:98:ee:0c:57:c5:71:37:62:03:bd:
         dd:88:94:a5:7c:18:b6:cc:e0:8a:93:cd:a4:7f:07:68:30:4a:
         e1:dc:23:1f:d4:d4:40:25:e7:77:25:36:f9:4a:7c:3c:b4:c3:
         f0:13:3b:d9:11:c6:fd:ca:d9:29:1f:37:97:43:6e:70:8f:88:
         6a:e6:79:73:26:0b:14:68:27:03:4c:46:de:a4:bd:66:d7:4b:
         fb:22:7b:ea
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAYwQMp3K0aqCRyWOXqBQCfvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMTI3MDk1MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDk5Y2U3MTJmZGMwNTY5NWE0NDFhNDY5OTY3ZmVhOWU3N2ZlODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuH5pjPcRkXyTpBO5TWpS3eA+Ce1
FxPwZRLhjzEHRXV4etgJKXH2Sw7O9j/XHSyFYt3TBghnR/B/D3KkYlH61BBhyuYj
D7mm2VGfAVCtN6Yk3/Ocy1bYyf1UzX4i8nO6Q9P5GYzL9CEGg4hTI9ozrnuyySzk
9vrZVj2Gf35hmE3sjfcBqfr1WJEtF23E77b/LV4f1z5VdqiMX1ZEhcvB+Di5cPE3
JOcvWmxviI1sA5kn7kGYt7h7FNBYaLtAI1luC71nQmRk68HSZ8vpwGaMMTxALkeN
zSU830saaTpIPvVIQqmx/wn56bw4jer8mk3mlWkwTFUj0uyOpJXhqo/gQwIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFN2ZznEv3AVpWkQaRpln/qnnf+gsMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvM1puT2NTX2NCV2xhUkJwR21XZi1xZWRfNkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FgMEAKMFHjAMAwQAowUjAwQAowUkAwQAowU+AwQAowVHAwQAowVPAwQAowVTAwQA
owVZAwQBowVeAwQAowVjAwQAowVqMAwDBAGjBW4DBAGjBXADBACjBXkDBACjBX4D
BACjBYADBACjBYYDBAGjBYoDBAGjBY4DBACjBZIDBACjBZQDBAGjBZYDBACjBZwD
BACjBaADBACjBacDBACjBaoDBACjBbADBACjBbIwDAMEAKMFtQMEAKMFtgMEAKMF
ugMEAaMFvAMEAKMFvwMEAKMFxwMEAKMFyTAMAwQAowXLAwQBowXMAwQAowXUAwQA
owXaAwQAowXgAwQAowXkAwQAowXxAwQAowX6AwQAowX9AwQAowX/MA0GCSqGSIb3
DQEBCwUAA4IBAQBg4muzq9URDKi5Z38G9hXHKZYmeb9issybQkNRraZyZQ6UM/cL
YZVgh2L3eKbcY+p3JB2Zt3BhpdtxYsmEkkDQQO0oZ1VBZNMeRzFkxDJOGezbTg27
9EOfNcTwxaYCUMulFnhbYhjzWEz7y280b9wHwc5vdHW1DpvhYxzxsvoNzBp4w/ex
pkgNlS0bf616UJw3cb5t1v9Zw3lGNDRIjFnLbgVhtc3X+RjnAZjuDFfFcTdiA73d
iJSlfBi2zOCKk82kfwdoMErh3CMf1NRAJed3JTb5Snw8tMPwEzvZEcb9ytkpHzeX
Q25wj4hq5nlzJgsUaCcDTEbepL1m10v7Invq
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:28 2024 by rpki-client on console-ams.rpki-client.org