Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NQQCtHrEitJ4sodgJbRAP6UQOjY.roa
File:                     NQQCtHrEitJ4sodgJbRAP6UQOjY.roa (raw, json)
Hash identifier:          3yOjJyVt0X96Rs/KsrwjCHCwsNT9NYjgK7kKf3GvnzA=
Subject key identifier:   35:04:02:B4:7A:C4:8A:D2:78:B2:87:60:25:B4:40:3F:A5:10:3A:36
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018647EF925EBB81B8E6DA0CBD1073DAF91F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NQQCtHrEitJ4sodgJbRAP6UQOjY.roa
Signing time:             Sun 12 Feb 2023 23:22:08 +0000
ROA not before:           Sun 12 Feb 2023 23:22:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.83.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.38.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:47:ef:92:5e:bb:81:b8:e6:da:0c:bd:10:73:da:f9:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 12 23:22:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=350402b47ac48ad278b2876025b4403fa5103a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:00:da:4f:ec:c4:a3:f8:01:e6:ef:69:83:84:
                    e7:21:31:c9:54:5a:42:dd:13:87:8a:10:fa:a6:fd:
                    2d:13:1d:0b:6f:ed:36:28:e2:57:f3:58:3e:1b:03:
                    eb:c0:3a:26:8b:4f:07:6d:6a:fb:b5:d3:1d:51:26:
                    18:e2:fa:50:7c:01:83:af:1b:3b:b8:2c:9a:b4:f8:
                    08:92:dd:ba:1c:1a:af:53:5a:d5:7c:1c:43:ee:5d:
                    39:e5:3f:05:61:97:69:05:1c:7e:a4:c2:29:31:83:
                    c0:c2:09:1a:c7:6a:35:87:ee:ff:85:84:3c:8a:e7:
                    d1:7a:cc:ba:c3:62:b8:b5:c8:b1:b3:97:0d:10:c9:
                    a1:b0:0e:b3:0f:1e:c3:9c:1d:05:a7:04:2c:4e:fa:
                    5c:21:f8:01:61:e2:13:5a:c3:c5:30:c0:da:2e:23:
                    12:15:b8:2f:62:de:be:64:6c:11:d5:e4:c5:f2:ca:
                    84:a7:4a:cc:bf:e6:2a:eb:5e:a1:c9:c4:a0:6c:20:
                    1f:3d:8e:4a:fd:13:a0:2d:a0:e1:25:6a:4e:1c:16:
                    c5:e6:b9:3a:37:1a:35:ae:b6:a1:75:ce:7c:9b:29:
                    c7:1f:5c:f8:a9:91:31:35:89:bb:76:46:02:72:fe:
                    bd:57:72:c8:f5:95:34:48:f1:05:89:8e:d1:a1:d8:
                    66:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:04:02:B4:7A:C4:8A:D2:78:B2:87:60:25:B4:40:3F:A5:10:3A:36
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/NQQCtHrEitJ4sodgJbRAP6UQOjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/24
                  163.5.59.0/24
                  163.5.83.0/24
                  163.5.120.0/24
                  163.5.143.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/24
                  163.5.214.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:bf:ff:68:93:19:41:2e:70:0a:96:a9:15:e6:44:7b:af:64:
         cc:3f:d2:be:43:ba:a7:5b:b8:37:36:8d:7b:c1:a6:71:99:86:
         36:7c:2d:95:7f:cb:3d:fc:bd:ec:0e:3d:52:e9:31:cf:bf:0b:
         2f:e4:0d:5d:ff:49:e4:80:b8:12:25:16:c5:a8:01:fd:a9:11:
         c7:44:87:47:84:39:a5:d8:f3:9e:21:50:75:bb:4f:dc:32:83:
         85:40:6a:48:61:d9:5b:9c:4b:88:02:85:e6:4d:57:58:da:24:
         bb:15:1a:ec:d3:3b:a1:c3:8e:96:0e:4b:c2:75:8a:a4:d1:86:
         d9:37:fb:5f:ee:d6:67:4d:6b:7b:39:42:74:67:03:f0:0c:07:
         c5:ad:6c:87:03:3b:55:1f:46:ce:09:1b:b3:99:4e:6e:cf:5a:
         28:94:e8:d0:b1:40:27:82:b4:0b:a0:8c:d3:fb:8d:e4:3b:69:
         59:8e:f5:54:ff:c0:3f:ca:0f:b0:f1:69:fa:3c:6f:97:b8:93:
         2d:6f:fb:a0:9f:98:24:29:ac:d5:e3:80:64:2b:b0:b8:b7:40:
         a2:d7:0f:aa:9a:21:8b:3e:2a:7f:b8:63:9f:aa:17:b6:7c:f7:
         cb:7e:47:4c:c4:a9:1b:e8:b9:36:c2:33:82:9d:2b:a0:f2:ce:
         37:59:4b:db
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYZH75Jeu4G45toMvRBz2vkfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMjEyMjMyMjA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA0MDJiNDdhYzQ4YWQyNzhiMjg3NjAyNWI0NDAzZmE1MTAzYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ADaT+zEo/gB5u9pg4TnITHJVFpC
3ROHihD6pv0tEx0Lb+02KOJX81g+GwPrwDomi08HbWr7tdMdUSYY4vpQfAGDrxs7
uCyatPgIkt26HBqvU1rVfBxD7l055T8FYZdpBRx+pMIpMYPAwgkax2o1h+7/hYQ8
iufResy6w2K4tcixs5cNEMmhsA6zDx7DnB0FpwQsTvpcIfgBYeITWsPFMMDaLiMS
FbgvYt6+ZGwR1eTF8sqEp0rMv+Yq616hycSgbCAfPY5K/ROgLaDhJWpOHBbF5rk6
Nxo1rrahdc58mynHH1z4qZExNYm7dkYCcv69V3LI9ZU0SPEFiY7RodhmcQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDUEArR6xIrSeLKHYCW0QD+lEDo2MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTlFRQ3RIckVpdEo0c29kZ0piUkFQNlVRT2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowUmAwQA
owU7AwQAowVTAwQAowV4MAwDBACjBY8DBACjBZADBACjBZoDBACjBcADBACjBdYD
BAC5/TYwDQYJKoZIhvcNAQELBQADggEBAKy//2iTGUEucAqWqRXmRHuvZMw/0r5D
uqdbuDc2jXvBpnGZhjZ8LZV/yz38vewOPVLpMc+/Cy/kDV3/SeSAuBIlFsWoAf2p
EcdEh0eEOaXY854hUHW7T9wyg4VAakhh2VucS4gCheZNV1jaJLsVGuzTO6HDjpYO
S8J1iqTRhtk3+1/u1mdNa3s5QnRnA/AMB8WtbIcDO1UfRs4JG7OZTm7PWiiU6NCx
QCeCtAugjNP7jeQ7aVmO9VT/wD/KD7Dxafo8b5e4ky1v+6CfmCQprNXjgGQrsLi3
QKLXD6qaIYs+Kn+4Y5+qF7Z898t+R0zEqRvouTbCM4KdK6DyzjdZS9s=
-----END CERTIFICATE-----