Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OyqIYjcpnfPmKpvW1tAww1Zid08.roa
File:                     OyqIYjcpnfPmKpvW1tAww1Zid08.roa (raw, json)
Hash identifier:          Fr3FpNe1VdM8f6ADaKGaECyOBO21dJMf91LgaaPKZRc=
Subject key identifier:   3B:2A:88:62:37:29:9D:F3:E6:2A:9B:D6:D6:D0:30:C3:56:62:77:4F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0187ADBDAD273103C7AFB21E02D8E2191324
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OyqIYjcpnfPmKpvW1tAww1Zid08.roa
Signing time:             Sun 23 Apr 2023 10:51:41 +0000
ROA not before:           Sun 23 Apr 2023 10:51:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        163.5.105.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.115.0/24 maxlen: 24
                          163.5.118.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.153.0/24 maxlen: 24
                          163.5.159.0/24 maxlen: 24
                          163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 24 Apr 2023 03:51:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ad:bd:ad:27:31:03:c7:af:b2:1e:02:d8:e2:19:13:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Apr 23 10:51:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b2a886237299df3e62a9bd6d6d030c35662774f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f1:19:21:81:03:c2:80:63:c9:e0:22:fe:d9:
                    f8:97:c8:dd:f3:c7:bc:22:39:5a:af:a8:95:0f:fe:
                    cb:30:2c:29:8e:6a:b0:6c:cb:96:3a:89:7f:03:e8:
                    42:c2:8c:73:9a:81:fd:90:4e:7a:1c:9e:7e:7c:c8:
                    cd:b8:51:de:e3:dc:4b:e1:8d:27:6c:70:26:c5:02:
                    1e:6f:43:8e:35:b5:f8:a6:d0:a2:12:91:81:02:60:
                    44:7a:42:ed:ff:3a:04:39:22:0c:71:54:25:b6:aa:
                    17:af:4f:36:b6:c5:29:37:2f:3d:d2:d7:80:22:02:
                    35:05:ac:44:14:34:10:24:a3:70:8c:aa:6c:1b:41:
                    fc:c1:b6:d9:da:be:e0:bf:ec:ec:a8:0c:73:8b:60:
                    f1:cf:33:25:4f:dd:44:22:6d:43:a7:dc:bb:1d:b9:
                    4c:aa:f4:7f:d8:bd:db:59:3d:16:59:73:7e:47:95:
                    b0:24:aa:ae:d9:de:86:e3:83:ff:db:5a:3f:82:22:
                    02:e7:d1:96:5b:86:2b:35:55:f2:e7:5a:b5:51:3f:
                    32:99:91:db:5b:ca:b0:23:79:54:59:25:3a:25:e9:
                    b9:ee:da:2f:5c:b0:c5:0d:5d:fd:05:f3:bf:1c:48:
                    36:a3:ac:8b:f5:07:6c:b1:83:6d:99:78:37:74:4d:
                    1c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2A:88:62:37:29:9D:F3:E6:2A:9B:D6:D6:D0:30:C3:56:62:77:4F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/OyqIYjcpnfPmKpvW1tAww1Zid08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.105.0-163.5.106.255
                  163.5.115.0/24
                  163.5.118.0/23
                  163.5.153.0/24
                  163.5.159.0/24
                  163.5.168.0/24
                  163.5.212.0/24
                  163.5.220.0/24
                  163.5.229.0/24
                  163.5.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:22:2e:be:a7:02:bb:33:6a:16:71:d0:cf:a9:24:02:5c:86:
         1b:a2:97:6f:91:d7:02:21:86:bc:74:1c:47:86:23:30:69:3d:
         55:3f:30:ce:d0:06:bf:17:0d:1f:e9:de:07:9e:01:7a:95:80:
         04:fe:26:59:0c:ea:87:16:1c:29:f4:96:b1:dc:cb:ee:3e:ec:
         5f:3f:b4:4b:66:13:91:af:38:6f:20:87:a4:ef:04:ee:9a:dd:
         f3:51:c1:e5:71:a9:f3:20:11:e4:01:7c:2e:e8:5c:b9:a4:55:
         4a:d7:1a:70:2d:e5:22:48:96:43:30:d8:e3:67:7d:c5:d8:0a:
         f1:58:6f:a0:ce:af:f4:a3:ec:8e:06:0b:2d:5f:b6:f5:2e:22:
         cc:7c:f0:48:4a:e9:09:c8:bc:27:9c:2c:21:cf:64:95:1d:8e:
         64:16:b9:f5:a2:a8:1a:d8:2e:f0:3b:ef:03:f3:57:da:4c:b0:
         5c:f0:37:ba:e3:1d:d8:b6:78:81:14:c0:7a:99:6e:8f:f1:86:
         41:0c:6e:b6:72:bd:79:99:09:74:ee:9e:5c:18:71:5f:38:3c:
         2e:be:de:e4:c9:e8:b3:80:45:0b:93:22:ef:f3:33:ab:46:be:
         00:c3:91:52:92:06:02:b0:84:d5:ae:7a:7e:a2:37:6e:e1:08:
         45:a2:21:38
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYetva0nMQPHr7IeAtjiGRMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNDIzMTA1MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjJhODg2MjM3Mjk5ZGYzZTYyYTliZDZkNmQwMzBjMzU2NjI3NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/EZIYEDwoBjyeAi/tn4l8jd88e8
Ijlar6iVD/7LMCwpjmqwbMuWOol/A+hCwoxzmoH9kE56HJ5+fMjNuFHe49xL4Y0n
bHAmxQIeb0OONbX4ptCiEpGBAmBEekLt/zoEOSIMcVQltqoXr082tsUpNy890teA
IgI1BaxEFDQQJKNwjKpsG0H8wbbZ2r7gv+zsqAxzi2DxzzMlT91EIm1Dp9y7HblM
qvR/2L3bWT0WWXN+R5WwJKqu2d6G44P/21o/giIC59GWW4YrNVXy51q1UT8ymZHb
W8qwI3lUWSU6Jem57tovXLDFDV39BfO/HEg2o6yL9QdssYNtmXg3dE0cjwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDsqiGI3KZ3z5iqb1tbQMMNWYndPMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvT3lxSVlqY3BuZlBtS3B2VzF0QXd3MVppZDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAowUgMAwD
BACjBWkDBACjBWoDBACjBXMDBAGjBXYDBACjBZkDBACjBZ8DBACjBagDBACjBdQD
BACjBdwDBACjBeUDBACjBfIwDQYJKoZIhvcNAQELBQADggEBAEYiLr6nArszahZx
0M+pJAJchhuil2+R1wIhhrx0HEeGIzBpPVU/MM7QBr8XDR/p3geeAXqVgAT+JlkM
6ocWHCn0lrHcy+4+7F8/tEtmE5GvOG8gh6TvBO6a3fNRweVxqfMgEeQBfC7oXLmk
VUrXGnAt5SJIlkMw2ONnfcXYCvFYb6DOr/Sj7I4GCy1ftvUuIsx88EhK6QnIvCec
LCHPZJUdjmQWufWiqBrYLvA77wPzV9pMsFzwN7rjHdi2eIEUwHqZbo/xhkEMbrZy
vXmZCXTunlwYcV84PC6+3uTJ6LOARQuTIu/zM6tGvgDDkVKSBgKwhNWuen6iN27h
CEWiITg=
-----END CERTIFICATE-----