Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DEHOUQKo5DGN6fZNxha0hMHslnY.roa
File:                     DEHOUQKo5DGN6fZNxha0hMHslnY.roa (raw, json)
Hash identifier:          IAJ9Mm2AiNwFkOZB23ck4jw+CRoVRvtAhEiL+A+X28U=
Subject key identifier:   0C:41:CE:51:02:A8:E4:31:8D:E9:F6:4D:C6:16:B4:84:C1:EC:96:76
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0191566190CED4E737247B4C90ABB22F50A9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DEHOUQKo5DGN6fZNxha0hMHslnY.roa
Signing time:             Thu 15 Aug 2024 14:12:00 +0000
ROA not before:           Thu 15 Aug 2024 14:12:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        163.5.36.0/24 maxlen: 24
                          163.5.56.0/24 maxlen: 24
                          163.5.82.0/24 maxlen: 24
                          163.5.87.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.140.0/24 maxlen: 24
                          163.5.162.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24
                          163.5.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Aug 2024 04:05:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:61:90:ce:d4:e7:37:24:7b:4c:90:ab:b2:2f:50:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 15 14:12:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c41ce5102a8e4318de9f64dc616b484c1ec9676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:83:10:49:e8:d6:3f:75:34:76:82:4e:5c:cb:
                    37:08:01:20:c5:c0:ca:82:5d:b4:80:c1:20:6e:92:
                    9d:20:25:b8:b9:cc:88:6b:5c:71:d8:15:a7:62:0f:
                    a1:aa:1b:9e:f1:74:69:1b:c8:cf:e2:3b:8c:1f:ed:
                    1f:03:7e:9a:9e:43:24:b8:15:91:8d:e1:e6:67:1c:
                    b4:26:44:af:60:7a:86:19:d4:30:37:30:b2:01:ce:
                    fe:74:0b:b7:e3:ff:a8:a0:14:45:fb:6c:d7:29:2d:
                    a8:4e:f9:f6:aa:d9:da:bd:24:7f:87:d8:55:03:4c:
                    7e:37:ce:2b:93:b9:68:67:b9:cd:7e:f4:53:60:ba:
                    65:87:0f:78:f8:90:0e:4e:36:ef:18:e1:00:df:46:
                    1f:de:2d:3e:18:26:1f:d3:31:a8:09:f6:ae:c3:9e:
                    c3:31:a3:01:9f:6a:84:09:40:f4:ae:37:df:14:62:
                    b5:f9:55:65:14:07:a4:8c:26:cc:df:8a:f6:f5:2e:
                    68:66:33:22:59:fb:90:3f:1e:93:a5:71:30:e1:3f:
                    3d:3e:27:8a:39:f8:a4:11:f3:2c:b3:2f:1c:75:4f:
                    cc:e5:5e:d9:be:70:33:9c:5d:19:05:5e:0b:bb:05:
                    3c:26:87:f4:08:af:c0:b7:d2:73:a7:67:0a:22:f8:
                    8b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:41:CE:51:02:A8:E4:31:8D:E9:F6:4D:C6:16:B4:84:C1:EC:96:76
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DEHOUQKo5DGN6fZNxha0hMHslnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.36.0/24
                  163.5.56.0/24
                  163.5.82.0/24
                  163.5.87.0/24
                  163.5.95.0/24
                  163.5.99.0/24
                  163.5.127.0/24
                  163.5.136.0/24
                  163.5.140.0/24
                  163.5.162.0/24
                  163.5.202.0/24
                  163.5.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6e:56:0e:f4:73:b1:c7:d0:ee:dc:61:39:e4:f8:c2:6a:ec:
         82:02:8b:11:f0:e6:bb:70:27:82:ac:ac:44:2f:39:08:e3:32:
         56:3a:4d:3f:c8:70:a1:ea:5b:1b:c9:fc:c3:89:69:db:65:97:
         37:01:d9:47:2c:3c:cb:0f:fc:ea:f4:47:7b:98:bb:81:c0:71:
         9e:5e:1c:49:ae:8c:fb:a6:6e:92:f6:2d:ab:61:3e:57:15:12:
         a2:15:ce:70:34:6b:fe:a8:e4:97:dd:b4:90:04:6e:d2:32:14:
         aa:c8:79:ae:c5:d7:f5:e8:65:5c:8e:d5:3b:0e:a0:26:24:57:
         b2:15:86:e7:da:f0:d2:bf:36:dd:bd:c8:07:24:86:55:a6:11:
         a8:a2:ed:7b:c0:0a:88:ae:cd:05:43:95:64:91:bb:b3:48:1d:
         ba:ed:01:93:4e:0d:52:b6:9e:14:91:b9:18:31:b1:3a:ee:dd:
         7a:d5:d5:31:58:89:fc:06:7f:aa:09:63:4a:05:41:2e:2e:91:
         ff:0c:01:eb:83:52:96:f4:e1:27:24:e9:ca:06:7d:db:94:c9:
         01:4e:94:e0:8d:73:04:c8:d2:99:c1:c3:1c:7f:52:28:6b:86:
         f7:2b:ee:06:ba:b8:cc:78:62:e5:34:7b:2c:27:59:4d:a5:09:
         dd:55:f5:0c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZFWYZDO1Oc3JHtMkKuyL1CpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODE1MTQxMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQxY2U1MTAyYThlNDMxOGRlOWY2NGRjNjE2YjQ4NGMxZWM5Njc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oMQSejWP3U0doJOXMs3CAEgxcDK
gl20gMEgbpKdICW4ucyIa1xx2BWnYg+hqhue8XRpG8jP4juMH+0fA36ankMkuBWR
jeHmZxy0JkSvYHqGGdQwNzCyAc7+dAu34/+ooBRF+2zXKS2oTvn2qtnavSR/h9hV
A0x+N84rk7loZ7nNfvRTYLplhw94+JAOTjbvGOEA30Yf3i0+GCYf0zGoCfauw57D
MaMBn2qECUD0rjffFGK1+VVlFAekjCbM34r29S5oZjMiWfuQPx6TpXEw4T89PieK
OfikEfMssy8cdU/M5V7ZvnAznF0ZBV4LuwU8Jof0CK/At9Jzp2cKIviLtwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAxBzlECqOQxjen2TcYWtITB7JZ2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvREVIT1VRS281REdONmZaTnhoYTBoTUhzbG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowUkAwQA
owU4AwQAowVSAwQAowVXAwQAowVfAwQAowVjAwQAowV/AwQAowWIAwQAowWMAwQA
owWiAwQAowXKAwQAowX4MA0GCSqGSIb3DQEBCwUAA4IBAQAAblYO9HOxx9Du3GE5
5PjCauyCAosR8Oa7cCeCrKxELzkI4zJWOk0/yHCh6lsbyfzDiWnbZZc3AdlHLDzL
D/zq9Ed7mLuBwHGeXhxJroz7pm6S9i2rYT5XFRKiFc5wNGv+qOSX3bSQBG7SMhSq
yHmuxdf16GVcjtU7DqAmJFeyFYbn2vDSvzbdvcgHJIZVphGoou17wAqIrs0FQ5Vk
kbuzSB267QGTTg1Stp4UkbkYMbE67t161dUxWIn8Bn+qCWNKBUEuLpH/DAHrg1KW
9OEnJOnKBn3blMkBTpTgjXMEyNKZwcMcf1Ioa4b3K+4GurjMeGLlNHssJ1lNpQnd
VfUM
-----END CERTIFICATE-----