Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CmGMGIt2ZeouW_LHzKqW5g4P77o.roa
File:                     CmGMGIt2ZeouW_LHzKqW5g4P77o.roa (raw, json)
Hash identifier:          wAFo1qfmVjJOfK54wfpIU0WD20AiUJw5rJCpVMEMgHg=
Subject key identifier:   0A:61:8C:18:8B:76:65:EA:2E:5B:F2:C7:CC:AA:96:E6:0E:0F:EF:BA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0186C2CD81408713336273E95C98C0F7C531
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CmGMGIt2ZeouW_LHzKqW5g4P77o.roa
Signing time:             Wed 08 Mar 2023 19:58:13 +0000
ROA not before:           Wed 08 Mar 2023 19:58:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.84.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c2:cd:81:40:87:13:33:62:73:e9:5c:98:c0:f7:c5:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar  8 19:58:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a618c188b7665ea2e5bf2c7ccaa96e60e0fefba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:91:60:a6:f4:f5:c4:dc:5e:a9:f6:0e:0d:dd:
                    19:8d:35:4c:a6:bf:61:20:8a:b6:02:ef:d6:8f:6a:
                    22:e2:7f:c4:c7:13:19:89:44:ed:a9:d4:98:ec:97:
                    b4:ca:3f:57:8f:10:6a:67:82:63:98:76:96:73:29:
                    1e:b0:e8:74:bd:74:82:e6:6c:eb:7c:c7:09:67:ca:
                    9b:64:24:30:fe:15:11:fa:34:2a:59:76:4b:32:c3:
                    dc:3d:e8:e0:1f:ff:c3:af:ca:f2:a5:57:1a:fb:80:
                    a0:7e:a8:31:c1:63:07:68:85:85:43:2e:7f:24:c4:
                    fb:db:1e:80:4c:72:d8:33:37:4a:0b:58:9a:e8:73:
                    f6:69:3d:06:3a:e1:86:71:32:84:78:a1:43:c4:c7:
                    7c:1b:d6:0a:84:da:81:8e:32:67:b1:8f:33:f5:70:
                    92:b7:cd:ac:01:df:4b:3d:58:78:ed:33:62:0b:93:
                    e7:6a:9f:f8:af:05:4f:5e:c8:ae:03:1f:bb:25:19:
                    85:0c:3e:8f:6c:8e:a7:87:f8:e6:34:bf:fa:01:a0:
                    14:2c:5a:b0:21:bf:92:85:b9:c9:38:20:fa:d2:2a:
                    2b:5e:de:13:09:ef:f2:d2:4c:f2:a9:19:a6:ff:68:
                    a5:dc:38:92:27:d7:45:18:6b:b7:79:ed:5b:23:b4:
                    fc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:61:8C:18:8B:76:65:EA:2E:5B:F2:C7:CC:AA:96:E6:0E:0F:EF:BA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CmGMGIt2ZeouW_LHzKqW5g4P77o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/24
                  163.5.59.0/24
                  163.5.83.0-163.5.84.255
                  163.5.120.0/24
                  163.5.143.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.214.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:b1:2c:32:68:52:5f:4a:ed:64:5f:ee:ac:f5:0b:e7:cf:2e:
         a2:61:74:9d:a9:34:40:82:87:02:a5:55:c0:05:6b:d6:83:5c:
         11:17:d2:a3:f1:55:bd:a0:01:ce:8d:5e:15:54:52:33:17:30:
         6b:30:74:ae:36:be:cd:77:c0:d8:d9:fc:47:96:5d:d6:be:98:
         e1:be:db:4b:39:da:99:e0:75:58:c0:2e:4e:00:c2:7b:01:a3:
         3f:39:26:32:70:b2:ef:d8:b3:71:ef:33:d2:3d:1a:c2:f2:8e:
         d7:96:42:9f:55:b9:44:4d:da:13:d3:b8:a2:d4:39:df:f8:99:
         0e:64:67:a4:0b:a2:9d:55:22:21:50:36:66:76:74:48:c5:87:
         f3:89:f8:55:49:b5:eb:87:04:db:1d:ed:21:b9:fe:bf:28:a1:
         34:eb:88:b0:6c:00:5f:88:8e:d9:a2:65:d9:94:f1:25:a3:15:
         6a:a4:ab:d0:b7:26:6b:00:c2:ac:4c:12:0a:af:f0:1e:b6:1b:
         c6:e4:58:07:d3:2b:7c:9f:e6:21:b8:7c:1a:ef:3c:90:bb:fa:
         be:09:5a:f2:c0:a1:9e:73:c8:d9:13:7b:69:a4:c1:4e:33:9b:
         8b:de:00:4a:ec:11:76:a8:70:5e:12:b7:83:30:62:5f:5b:2c:
         d3:f8:01:d7
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYbCzYFAhxMzYnPpXJjA98UxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMzA4MTk1ODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYxOGMxODhiNzY2NWVhMmU1YmYyYzdjY2FhOTZlNjBlMGZlZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZFgpvT1xNxeqfYODd0ZjTVMpr9h
IIq2Au/Wj2oi4n/ExxMZiUTtqdSY7Je0yj9XjxBqZ4JjmHaWcykesOh0vXSC5mzr
fMcJZ8qbZCQw/hUR+jQqWXZLMsPcPejgH//Dr8rypVca+4CgfqgxwWMHaIWFQy5/
JMT72x6ATHLYMzdKC1ia6HP2aT0GOuGGcTKEeKFDxMd8G9YKhNqBjjJnsY8z9XCS
t82sAd9LPVh47TNiC5Pnap/4rwVPXsiuAx+7JRmFDD6PbI6nh/jmNL/6AaAULFqw
Ib+ShbnJOCD60iorXt4TCe/y0kzyqRmm/2il3DiSJ9dFGGu3ee1bI7T87QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAphjBiLdmXqLlvyx8yqluYOD++6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ21HTUdJdDJaZW91V19MSHpLcVc1ZzRQNzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAowUmAwQA
owU7MAwDBACjBVMDBACjBVQDBACjBXgwDAMEAKMFjwMEAKMFkAMEAKMFmgMEAaMF
wAMEAKMF1gMEALn9NjANBgkqhkiG9w0BAQsFAAOCAQEAnbEsMmhSX0rtZF/urPUL
588uomF0nak0QIKHAqVVwAVr1oNcERfSo/FVvaABzo1eFVRSMxcwazB0rja+zXfA
2Nn8R5Zd1r6Y4b7bSznameB1WMAuTgDCewGjPzkmMnCy79izce8z0j0awvKO15ZC
n1W5RE3aE9O4otQ53/iZDmRnpAuinVUiIVA2ZnZ0SMWH84n4VUm164cE2x3tIbn+
vyihNOuIsGwAX4iO2aJl2ZTxJaMVaqSr0LcmawDCrEwSCq/wHrYbxuRYB9MrfJ/m
Ibh8Gu88kLv6vgla8sChnnPI2RN7aaTBTjObi94ASuwRdqhwXhK3gzBiX1ss0/gB
1w==
-----END CERTIFICATE-----