Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IW6fVf6LY29XocV9HwugS4o--sA.roa
File:                     IW6fVf6LY29XocV9HwugS4o--sA.roa (raw, json)
Hash identifier:          pyQJNC0A7S2eZsbOlth6yU8O2OuxsFw6vUfAv0NQ9Q0=
Subject key identifier:   21:6E:9F:55:FE:8B:63:6F:57:A1:C5:7D:1F:0B:A0:4B:8A:3E:FA:C0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0192421424C52864DAAB071F0799F9B725BA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IW6fVf6LY29XocV9HwugS4o--sA.roa
Signing time:             Mon 30 Sep 2024 08:37:49 +0000
ROA not before:           Mon 30 Sep 2024 08:37:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        163.5.36.0/24 maxlen: 24
                          163.5.56.0/24 maxlen: 24
                          163.5.71.0/24 maxlen: 24
                          163.5.82.0/24 maxlen: 24
                          163.5.87.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.124.0/24 maxlen: 24
                          163.5.125.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 02 Oct 2024 13:45:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:14:24:c5:28:64:da:ab:07:1f:07:99:f9:b7:25:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep 30 08:37:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=216e9f55fe8b636f57a1c57d1f0ba04b8a3efac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:49:fe:16:62:19:87:4e:94:b0:4c:94:9a:00:
                    3f:a1:fc:51:24:37:23:79:b2:2c:36:b4:c8:70:c2:
                    fd:6f:2b:15:e8:d3:d9:5e:62:2e:ad:f8:31:b7:2a:
                    09:12:8f:54:c7:05:74:ec:61:f4:a6:5d:23:83:c7:
                    98:12:82:af:79:9b:48:f4:11:79:c3:af:9b:25:ae:
                    4d:3b:00:f8:4b:c0:f6:36:e2:f8:f8:5c:f3:5a:48:
                    c3:e0:2d:3b:c5:45:81:be:74:3e:ea:ac:1f:5f:db:
                    bc:07:69:20:72:06:30:ca:5c:e7:66:97:0a:86:1c:
                    69:71:ce:12:28:d3:b1:e8:2a:87:ce:04:fd:f9:50:
                    a8:f4:f9:c5:75:24:07:ef:d8:1c:75:c1:0b:ed:72:
                    01:86:a9:00:05:29:82:2b:67:3f:01:cb:8c:38:4a:
                    a4:65:82:ab:4f:e8:61:42:66:d7:87:61:55:0c:4c:
                    e6:e5:80:b5:51:e9:55:bb:8b:8c:8d:6f:44:13:e0:
                    29:c8:f0:51:86:96:fc:90:0b:dc:6f:6d:a8:b8:bd:
                    b4:fb:d0:52:45:54:e4:34:49:11:0b:2a:4c:5a:f7:
                    a1:c0:f7:0e:90:d3:f1:8e:f0:f3:cb:fe:fc:ea:15:
                    0d:6c:b6:28:c8:92:fb:79:44:81:cf:e2:0e:72:5e:
                    72:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:6E:9F:55:FE:8B:63:6F:57:A1:C5:7D:1F:0B:A0:4B:8A:3E:FA:C0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/IW6fVf6LY29XocV9HwugS4o--sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.36.0/24
                  163.5.56.0/24
                  163.5.71.0/24
                  163.5.82.0/24
                  163.5.87.0/24
                  163.5.95.0/24
                  163.5.99.0/24
                  163.5.124.0/23
                  163.5.127.0/24
                  163.5.136.0/24
                  163.5.138.0/24
                  163.5.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d8:b8:ed:8e:a5:10:6b:17:f3:64:00:85:3e:81:46:37:c2:
         e4:d6:d3:75:35:ad:e7:a1:47:94:0e:e5:0c:3b:0b:60:a1:1f:
         82:29:e8:1e:5c:e9:17:03:29:a9:26:4d:a0:77:c6:fd:79:a5:
         28:fe:ec:20:b3:c3:8d:b5:7d:7c:90:71:8c:39:5c:55:19:21:
         e8:74:06:11:f9:23:6e:77:8f:61:8d:98:d9:f9:2d:26:b0:29:
         1b:46:d1:12:fe:9c:96:0f:d9:bc:4a:81:d6:a0:17:2e:22:bf:
         05:7d:11:13:38:81:81:d5:05:ed:1d:79:99:92:8c:a1:03:2c:
         a9:03:32:a8:b4:5f:46:53:c9:21:99:b7:f1:55:54:7c:90:a2:
         5f:51:90:6b:8c:f5:bb:a6:42:8b:69:95:81:d5:56:88:5a:80:
         ac:82:10:23:b7:eb:34:3c:2f:21:01:84:a1:53:ff:6f:97:3b:
         be:21:09:37:c6:f6:c4:85:0f:ef:e7:9a:3f:35:c7:88:ab:95:
         ff:61:fa:df:54:fd:11:d0:80:24:05:18:71:c9:0c:3e:56:ba:
         f6:65:cc:e2:6d:c2:c9:96:c4:a4:4c:e5:e9:d0:cc:9d:f4:31:
         44:e8:de:bf:6c:a7:94:56:60:f3:3e:44:7c:9b:a4:0b:5b:74:
         ce:ec:86:72
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZJCFCTFKGTaqwcfB5n5tyW6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwOTMwMDgzNzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTZlOWY1NWZlOGI2MzZmNTdhMWM1N2QxZjBiYTA0YjhhM2VmYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kn+FmIZh06UsEyUmgA/ofxRJDcj
ebIsNrTIcML9bysV6NPZXmIurfgxtyoJEo9UxwV07GH0pl0jg8eYEoKveZtI9BF5
w6+bJa5NOwD4S8D2NuL4+FzzWkjD4C07xUWBvnQ+6qwfX9u8B2kgcgYwylznZpcK
hhxpcc4SKNOx6CqHzgT9+VCo9PnFdSQH79gcdcEL7XIBhqkABSmCK2c/AcuMOEqk
ZYKrT+hhQmbXh2FVDEzm5YC1UelVu4uMjW9EE+ApyPBRhpb8kAvcb22ouL20+9BS
RVTkNEkRCypMWvehwPcOkNPxjvDzy/786hUNbLYoyJL7eUSBz+IOcl5yCwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCFun1X+i2NvV6HFfR8LoEuKPvrAMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSVc2ZlZmNkxZMjlYb2NWOUh3dWdTNG8tLXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowUkAwQA
owU4AwQAowVHAwQAowVSAwQAowVXAwQAowVfAwQAowVjAwQBowV8AwQAowV/AwQA
owWIAwQAowWKAwQAowXKMA0GCSqGSIb3DQEBCwUAA4IBAQAh2LjtjqUQaxfzZACF
PoFGN8Lk1tN1Na3noUeUDuUMOwtgoR+CKegeXOkXAympJk2gd8b9eaUo/uwgs8ON
tX18kHGMOVxVGSHodAYR+SNud49hjZjZ+S0msCkbRtES/pyWD9m8SoHWoBcuIr8F
fRETOIGB1QXtHXmZkoyhAyypAzKotF9GU8khmbfxVVR8kKJfUZBrjPW7pkKLaZWB
1VaIWoCsghAjt+s0PC8hAYShU/9vlzu+IQk3xvbEhQ/v55o/NceIq5X/YfrfVP0R
0IAkBRhxyQw+Vrr2ZczibcLJlsSkTOXp0Myd9DFE6N6/bKeUVmDzPkR8m6QLW3TO
7IZy
-----END CERTIFICATE-----