Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/D2ZU-lmRZP7908IdW7l4SL7_dck.roa
File:                     D2ZU-lmRZP7908IdW7l4SL7_dck.roa (raw, json)
Hash identifier:          GC2TGfFz2rJvShsAV54Yg+P5X7U2Y/RPOfXUfYEbW7A=
Subject key identifier:   0F:66:54:FA:59:91:64:FE:FD:D3:C2:1D:5B:B9:78:48:BE:FF:75:C9
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018BA2CD76C25A632A892D174B3EC08F2AB1
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/D2ZU-lmRZP7908IdW7l4SL7_dck.roa
Signing time:             Mon 06 Nov 2023 04:04:16 +0000
ROA not before:           Mon 06 Nov 2023 04:04:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.228.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.251.0/24 maxlen: 24
                          163.5.252.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.112.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.30.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.36.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.176.0/24 maxlen: 24
                          163.5.178.0/24 maxlen: 24
                          163.5.181.0/24 maxlen: 24
                          163.5.182.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.188.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.191.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
                          163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.218.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.141.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
                          163.5.148.0/24 maxlen: 24
                          163.5.150.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.156.0/24 maxlen: 24
                          163.5.160.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24
                          163.5.167.0/24 maxlen: 24
                          163.5.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 Nov 2023 22:49:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a2:cd:76:c2:5a:63:2a:89:2d:17:4b:3e:c0:8f:2a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov  6 04:04:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f6654fa599164fefdd3c21d5bb97848beff75c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0b:32:f4:63:5b:24:29:a1:2f:b1:83:d9:d0:
                    13:d1:db:f9:b9:e7:15:ab:7c:af:b6:20:ed:05:ec:
                    3a:59:b3:d5:95:54:4a:7e:95:df:70:6f:48:13:dd:
                    8f:fc:9f:ae:c0:13:0c:76:f9:19:a2:4e:35:db:54:
                    3b:22:b1:66:40:74:41:43:d7:99:02:93:84:9c:fb:
                    06:1f:da:12:6b:f4:f3:d6:4c:ea:62:55:18:45:00:
                    28:bb:5a:ba:17:2c:ee:81:1a:a2:95:48:67:6b:17:
                    fa:90:08:60:3c:11:3b:44:92:86:c4:b1:00:7b:9b:
                    2a:c1:f6:bd:df:b7:d9:fe:18:86:19:52:14:77:ba:
                    94:ba:7d:93:66:ae:de:16:8c:ac:91:22:86:11:b5:
                    26:ea:50:26:c5:af:dd:d4:e3:af:8f:24:2b:27:47:
                    a4:cb:05:0f:44:4d:52:a2:02:41:7e:70:87:5b:d1:
                    36:19:89:66:18:01:ee:c2:8d:d1:24:66:9e:fc:b0:
                    20:c6:b5:d9:e5:1f:8d:22:9f:26:5b:89:ca:bc:6c:
                    95:87:f8:17:cb:4a:a6:82:e9:0b:b7:db:db:c9:77:
                    62:fc:c1:24:0d:b2:e7:f0:ba:99:1b:f3:e1:9f:dc:
                    07:fe:95:dc:14:78:d4:99:23:45:23:a6:4f:74:de:
                    7f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:66:54:FA:59:91:64:FE:FD:D3:C2:1D:5B:B9:78:48:BE:FF:75:C9
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/D2ZU-lmRZP7908IdW7l4SL7_dck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.35.0-163.5.36.255
                  163.5.62.0/24
                  163.5.79.0/24
                  163.5.83.0/24
                  163.5.89.0/24
                  163.5.94.0/23
                  163.5.99.0/24
                  163.5.106.0/24
                  163.5.110.0-163.5.114.255
                  163.5.121.0/24
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.134.0/24
                  163.5.138.0/23
                  163.5.141.0-163.5.143.255
                  163.5.146.0/24
                  163.5.148.0/24
                  163.5.150.0/23
                  163.5.156.0/24
                  163.5.160.0/23
                  163.5.167.0/24
                  163.5.170.0/24
                  163.5.176.0/24
                  163.5.178.0/24
                  163.5.181.0-163.5.182.255
                  163.5.186.0/24
                  163.5.188.0/23
                  163.5.191.0/24
                  163.5.201.0/24
                  163.5.203.0-163.5.205.255
                  163.5.218.0/24
                  163.5.224.0/24
                  163.5.228.0/24
                  163.5.241.0/24
                  163.5.250.0-163.5.253.255
                  163.5.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:75:62:99:4b:a1:d1:ee:eb:ee:0d:33:ff:48:b4:7a:99:14:
         37:4b:54:ee:56:4a:48:49:25:ac:0a:56:c1:f6:6f:56:a2:36:
         24:9b:a6:83:b6:7f:44:67:3a:36:cb:e2:99:ee:19:19:87:0c:
         12:91:03:93:37:64:31:84:d8:92:a2:c6:75:fc:5b:95:ab:26:
         8f:37:5d:2b:83:29:c2:11:33:4a:9c:47:f7:bf:81:32:71:9b:
         3d:62:c5:99:31:1d:a3:8c:78:89:35:f8:c8:82:3e:75:87:ed:
         77:88:18:56:fa:7b:59:29:19:a3:84:f6:80:23:c5:21:7e:2f:
         34:a9:25:d1:98:19:40:7d:93:0b:a4:8c:87:83:79:96:ff:1f:
         de:3b:b2:02:66:2f:f4:dd:c5:b1:8a:56:96:f3:11:e4:5d:30:
         be:35:cc:01:9d:57:e8:28:c4:90:f6:d5:e6:e4:55:04:81:ff:
         f2:d5:68:df:6e:69:8f:d9:2e:d6:d5:06:45:99:c3:14:9b:61:
         a3:25:85:df:86:b6:1d:e8:21:7e:2d:07:93:1b:d2:46:cd:e9:
         98:73:a7:1a:19:80:72:fb:7f:4d:98:f3:1b:d8:9d:f2:4b:e9:
         6b:c6:7c:ab:1d:7f:38:c1:5e:ef:08:07:69:98:cc:20:dd:52:
         09:8b:71:88
-----BEGIN CERTIFICATE-----
MIIGDzCCBPegAwIBAgISAYuizXbCWmMqiS0XSz7AjyqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMTA2MDQwNDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY2NTRmYTU5OTE2NGZlZmRkM2MyMWQ1YmI5Nzg0OGJlZmY3NWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwsy9GNbJCmhL7GD2dAT0dv5uecV
q3yvtiDtBew6WbPVlVRKfpXfcG9IE92P/J+uwBMMdvkZok4121Q7IrFmQHRBQ9eZ
ApOEnPsGH9oSa/Tz1kzqYlUYRQAou1q6FyzugRqilUhnaxf6kAhgPBE7RJKGxLEA
e5sqwfa937fZ/hiGGVIUd7qUun2TZq7eFoyskSKGEbUm6lAmxa/d1OOvjyQrJ0ek
ywUPRE1SogJBfnCHW9E2GYlmGAHuwo3RJGae/LAgxrXZ5R+NIp8mW4nKvGyVh/gX
y0qmgukLt9vbyXdi/MEkDbLn8LqZG/Phn9wH/pXcFHjUmSNFI6ZPdN5/XwIDAQAB
o4IDGzCCAxcwHQYDVR0OBBYEFA9mVPpZkWT+/dPCHVu5eEi+/3XJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvRDJaVS1sbVJaUDc5MDhJZFc3bDRTTDdfZGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLwYIKwYBBQUHAQcBAf8EggEeMIIBGjCCARYEAgABMIIB
DgMEAKMFHjAMAwQAowUjAwQAowUkAwQAowU+AwQAowVPAwQAowVTAwQAowVZAwQB
owVeAwQAowVjAwQAowVqMAwDBAGjBW4DBACjBXIDBACjBXkDBACjBX4DBACjBYAD
BACjBYYDBAGjBYowDAMEAKMFjQMEBKMFgAMEAKMFkgMEAKMFlAMEAaMFlgMEAKMF
nAMEAaMFoAMEAKMFpwMEAKMFqgMEAKMFsAMEAKMFsjAMAwQAowW1AwQAowW2AwQA
owW6AwQBowW8AwQAowW/AwQAowXJMAwDBACjBcsDBAGjBcwDBACjBdoDBACjBeAD
BACjBeQDBACjBfEwDAMEAaMF+gMEAaMF/AMEAKMF/zANBgkqhkiG9w0BAQsFAAOC
AQEAL3VimUuh0e7r7g0z/0i0epkUN0tU7lZKSEklrApWwfZvVqI2JJumg7Z/RGc6
Nsvime4ZGYcMEpEDkzdkMYTYkqLGdfxblasmjzddK4MpwhEzSpxH97+BMnGbPWLF
mTEdo4x4iTX4yII+dYftd4gYVvp7WSkZo4T2gCPFIX4vNKkl0ZgZQH2TC6SMh4N5
lv8f3juyAmYv9N3FsYpWlvMR5F0wvjXMAZ1X6CjEkPbV5uRVBIH/8tVo325pj9ku
1tUGRZnDFJthoyWF34a2Heghfi0HkxvSRs3pmHOnGhmAcvt/TZjzG9id8kvpa8Z8
qx1/OMFe7wgHaZjMIN1SCYtxiA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:29 2024 by rpki-client on console-ams.rpki-client.org