Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8HP6J-f9l19ieSD0kHBX50FSoGk.roa
File:                     8HP6J-f9l19ieSD0kHBX50FSoGk.roa (raw, json)
Hash identifier:          JEEZl3X+Y7+5dWkkdW3CGCfr2D8wIHCgoJ/GdpAfdQk=
Subject key identifier:   F0:73:FA:27:E7:FD:97:5F:62:79:20:F4:90:70:57:E7:41:52:A0:69
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019256F8A7FF2A27255D1E54E64005C901BE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8HP6J-f9l19ieSD0kHBX50FSoGk.roa
Signing time:             Fri 04 Oct 2024 09:59:49 +0000
ROA not before:           Fri 04 Oct 2024 09:59:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        163.5.34.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.158.0/24 maxlen: 24
                          163.5.162.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
                          163.5.187.0/24 maxlen: 24
                          163.5.211.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          163.5.230.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 15 Oct 2024 15:51:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:f8:a7:ff:2a:27:25:5d:1e:54:e6:40:05:c9:01:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct  4 09:59:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f073fa27e7fd975f627920f4907057e74152a069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3a:06:82:ac:f9:b5:44:28:eb:b6:a5:ff:e1:
                    31:29:2e:90:25:f9:7e:81:ec:eb:15:91:ce:cc:0a:
                    78:9a:27:dd:8f:9a:9b:ba:9c:e8:d1:4f:43:00:65:
                    ac:1d:e4:b1:cc:47:ae:72:23:ef:52:4c:94:28:c3:
                    3c:74:ef:00:07:fb:f3:f5:8e:84:25:1c:a9:1a:1c:
                    21:f2:ea:a3:b3:3f:bc:d9:52:3d:d7:ee:25:44:30:
                    a1:11:5a:a5:95:d1:59:17:7d:78:85:58:19:1a:fe:
                    3f:37:22:d0:fb:52:bf:ce:09:df:dc:38:cf:ac:4d:
                    e8:7c:0a:72:56:6d:b2:78:4d:26:23:23:f4:b0:ae:
                    3a:fe:f9:fd:e6:6c:5c:0e:b2:54:46:c6:f4:b9:d8:
                    55:ab:1b:09:cd:45:13:a9:1d:d2:24:59:93:d8:26:
                    ef:b8:90:b7:81:bd:4f:05:d0:f1:ba:6b:9f:f7:e0:
                    a7:bc:33:1e:dd:0f:1f:d4:71:2c:34:ae:8e:07:50:
                    83:bb:ac:0b:7d:96:20:15:d6:ba:68:7a:d5:92:a4:
                    34:4f:29:91:f8:a7:02:dc:cc:22:a4:32:f5:62:5a:
                    1c:c0:63:42:0e:33:98:24:fd:05:86:c8:05:d6:c6:
                    38:8e:41:5a:2f:af:48:39:28:e5:9f:31:00:bc:6a:
                    c1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:73:FA:27:E7:FD:97:5F:62:79:20:F4:90:70:57:E7:41:52:A0:69
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/8HP6J-f9l19ieSD0kHBX50FSoGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.34.0/24
                  163.5.118.0/23
                  163.5.158.0/24
                  163.5.162.0/24
                  163.5.173.0/24
                  163.5.179.0/24
                  163.5.187.0/24
                  163.5.211.0/24
                  163.5.221.0/24
                  163.5.230.0/24
                  163.5.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c6:f3:43:9b:71:2e:c0:7f:49:65:e9:24:c8:ef:ec:93:df:
         b4:9b:43:69:98:07:3d:33:0c:5e:de:6f:41:08:ea:e1:2c:3b:
         79:00:eb:57:fd:0e:ab:1b:b4:3c:7c:ff:49:2f:91:70:5d:7f:
         c2:42:ae:67:53:65:98:ba:1b:41:b2:36:2a:8a:f3:ef:35:6c:
         05:a1:29:c7:bf:4d:3a:bc:8c:ff:54:b2:b1:55:97:1f:a8:be:
         09:1f:04:93:95:6b:33:9a:e3:18:42:4e:6e:a8:12:76:ce:72:
         39:53:20:7a:7a:31:ba:c6:1b:cd:52:a7:fe:c3:6c:2d:d3:c1:
         c7:ff:61:7a:3b:a1:e7:81:18:fd:04:14:24:84:c2:b6:61:b0:
         96:b8:cc:4e:7e:25:36:90:da:bb:e3:b5:bd:1a:b4:2a:30:a8:
         ea:b7:bb:0d:d0:aa:11:8b:f7:5d:44:13:5d:f7:69:2a:ea:21:
         59:45:74:75:67:70:79:95:97:a8:f7:f7:f1:75:87:28:12:c6:
         47:75:9f:c5:6c:02:6e:c9:11:53:27:68:2e:e6:92:a0:dc:e3:
         16:31:e6:a9:43:ae:69:d5:27:4f:84:4e:4a:5c:c2:80:cd:e2:
         1b:32:aa:95:7d:f3:c3:ae:64:ce:9d:6d:3d:77:9d:bf:96:c0:
         43:64:09:05
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZJW+Kf/KiclXR5U5kAFyQG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQxMDA0MDk1OTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDczZmEyN2U3ZmQ5NzVmNjI3OTIwZjQ5MDcwNTdlNzQxNTJhMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApToGgqz5tUQo67al/+ExKS6QJfl+
gezrFZHOzAp4mifdj5qbupzo0U9DAGWsHeSxzEeuciPvUkyUKMM8dO8AB/vz9Y6E
JRypGhwh8uqjsz+82VI91+4lRDChEVqlldFZF314hVgZGv4/NyLQ+1K/zgnf3DjP
rE3ofApyVm2yeE0mIyP0sK46/vn95mxcDrJURsb0udhVqxsJzUUTqR3SJFmT2Cbv
uJC3gb1PBdDxumuf9+CnvDMe3Q8f1HEsNK6OB1CDu6wLfZYgFda6aHrVkqQ0TymR
+KcC3MwipDL1YlocwGNCDjOYJP0FhsgF1sY4jkFaL69IOSjlnzEAvGrBTwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPBz+ifn/ZdfYnkg9JBwV+dBUqBpMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvOEhQNkotZjlsMTlpZVNEMGtIQlg1MEZTb0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAowUiAwQB
owV2AwQAowWeAwQAowWiAwQAowWtAwQAowWzAwQAowW7AwQAowXTAwQAowXdAwQA
owXmAwQAowX1MA0GCSqGSIb3DQEBCwUAA4IBAQBBxvNDm3EuwH9JZekkyO/sk9+0
m0NpmAc9Mwxe3m9BCOrhLDt5AOtX/Q6rG7Q8fP9JL5FwXX/CQq5nU2WYuhtBsjYq
ivPvNWwFoSnHv006vIz/VLKxVZcfqL4JHwSTlWszmuMYQk5uqBJ2znI5UyB6ejG6
xhvNUqf+w2wt08HH/2F6O6HngRj9BBQkhMK2YbCWuMxOfiU2kNq747W9GrQqMKjq
t7sN0KoRi/ddRBNd92kq6iFZRXR1Z3B5lZeo9/fxdYcoEsZHdZ/FbAJuyRFTJ2gu
5pKg3OMWMeapQ65p1SdPhE5KXMKAzeIbMqqVffPDrmTOnW09d52/lsBDZAkF
-----END CERTIFICATE-----