Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PuZ0h8vTOJrmCU8vZTVe6oUJi6g.roa
File:                     PuZ0h8vTOJrmCU8vZTVe6oUJi6g.roa (raw, json)
Hash identifier:          SkwUNeHFGmz205Wu6kyCBgS6m6rjnXretgimsqdtPTo=
Subject key identifier:   3E:E6:74:87:CB:D3:38:9A:E6:09:4F:2F:65:35:5E:EA:85:09:8B:A8
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D98CEF30185D52A44260DC2D122DB6D31
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PuZ0h8vTOJrmCU8vZTVe6oUJi6g.roa
Signing time:             Sun 11 Feb 2024 15:35:15 +0000
ROA not before:           Sun 11 Feb 2024 15:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.31.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 07 Apr 2024 16:33:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:98:ce:f3:01:85:d5:2a:44:26:0d:c2:d1:22:db:6d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 11 15:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ee67487cbd3389ae6094f2f65355eea85098ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e5:7d:1b:0a:f3:ff:37:40:be:d8:60:90:1e:
                    13:1d:71:a3:c1:0b:1b:df:6a:20:25:54:76:95:dd:
                    af:74:ea:87:eb:d6:62:de:73:ef:57:57:0a:00:d6:
                    c0:27:f3:c5:60:fe:bb:43:ea:1c:3f:b7:09:3a:88:
                    e4:b8:11:7b:16:26:18:cf:00:ef:90:00:7f:96:0a:
                    7b:65:c6:83:17:c9:47:cb:8b:a5:c5:67:34:cd:ad:
                    38:7e:22:dd:d9:15:61:d2:07:75:19:30:96:c1:fb:
                    76:61:f2:b5:f5:b8:70:38:98:d1:5b:40:24:e2:86:
                    d6:3e:a9:cd:36:8d:96:40:64:bd:db:a0:47:cd:54:
                    6b:b0:1e:ca:2a:8c:0e:b4:72:92:9d:3d:ee:32:43:
                    01:dd:bb:c0:e1:8f:90:d7:79:35:de:77:21:85:d4:
                    ec:a5:91:25:26:7d:59:d7:41:2b:d2:00:20:05:f4:
                    a5:ed:e7:a9:4e:ae:ef:49:76:66:b3:b6:b6:ca:e6:
                    fd:6c:57:ef:bd:78:9c:34:87:d7:6e:ad:3c:9c:9f:
                    f5:f4:2f:c8:ed:55:a8:21:9d:df:64:6c:3d:5b:56:
                    97:97:8c:08:23:2e:40:82:62:a6:4b:4c:e0:c7:b2:
                    09:07:fd:7a:5d:50:b4:88:b5:d6:77:92:13:a4:de:
                    05:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E6:74:87:CB:D3:38:9A:E6:09:4F:2F:65:35:5E:EA:85:09:8B:A8
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/PuZ0h8vTOJrmCU8vZTVe6oUJi6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.35.0/24
                  163.5.59.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.142.0/23
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.213.0-163.5.215.255
                  163.5.221.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3e:66:fb:96:d4:2e:c4:fe:95:84:da:b6:9d:18:e7:85:c6:
         cc:2e:80:00:30:5c:4f:d1:55:7f:f2:e7:a1:a5:1e:22:6c:da:
         ce:01:a3:11:5a:d1:77:84:8a:1f:0d:0e:92:cd:5a:96:f5:06:
         87:9b:bd:8b:10:b8:2b:f4:0c:39:c6:65:cb:a1:de:38:c9:4b:
         85:5d:7f:2e:cd:8f:02:10:2f:38:a7:c7:62:b4:ea:f2:d0:19:
         6e:7c:75:7d:f2:5f:a8:6a:7a:b2:b1:6d:7f:90:f7:d0:9e:73:
         e9:42:4c:7e:11:e2:61:25:06:c7:4a:b8:08:1e:ec:50:14:08:
         7b:55:38:4d:ee:7d:b2:49:5e:38:51:fa:50:84:1c:40:d0:d0:
         b2:61:38:dc:e8:8c:ac:1e:62:c2:df:ce:94:f5:d7:f2:3a:d3:
         a7:27:6e:ad:dc:5d:04:73:b0:e6:f5:04:7e:3a:f8:a6:c1:f1:
         80:aa:b0:3d:10:87:3b:49:23:70:15:83:b8:00:1f:79:55:16:
         6a:aa:42:92:8a:ed:ce:a4:52:57:7b:32:42:9c:dd:61:08:a4:
         03:f9:18:4a:2a:22:08:7b:d9:24:5e:d7:d8:26:ad:35:58:7b:
         8b:9b:e7:19:24:b2:d9:27:63:94:81:1e:4f:e6:44:19:5b:86:
         c4:42:75:7f
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAY2YzvMBhdUqRCYNwtEi220xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMjExMTUzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU2NzQ4N2NiZDMzODlhZTYwOTRmMmY2NTM1NWVlYTg1MDk4YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+V9Gwrz/zdAvthgkB4THXGjwQsb
32ogJVR2ld2vdOqH69Zi3nPvV1cKANbAJ/PFYP67Q+ocP7cJOojkuBF7FiYYzwDv
kAB/lgp7ZcaDF8lHy4ulxWc0za04fiLd2RVh0gd1GTCWwft2YfK19bhwOJjRW0Ak
4obWPqnNNo2WQGS926BHzVRrsB7KKowOtHKSnT3uMkMB3bvA4Y+Q13k13nchhdTs
pZElJn1Z10Er0gAgBfSl7eepTq7vSXZms7a2yub9bFfvvXicNIfXbq08nJ/19C/I
7VWoIZ3fZGw9W1aXl4wIIy5AgmKmS0zgx7IJB/16XVC0iLXWd5ITpN4F3wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFD7mdIfL0zia5glPL2U1XuqFCYuoMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUHVaMGg4dlRPSnJtQ1U4dlpUVmU2b1VKaTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAowUfAwQA
owUjAwQAowU7AwQAowU+AwQAowVjAwQBowWOAwQAowWaAwQBowXAMAwDBACjBdUD
BAOjBdADBACjBd0DBAC5/TYwDQYJKoZIhvcNAQELBQADggEBAAY+ZvuW1C7E/pWE
2radGOeFxswugAAwXE/RVX/y56GlHiJs2s4BoxFa0XeEih8NDpLNWpb1BoebvYsQ
uCv0DDnGZcuh3jjJS4Vdfy7NjwIQLzinx2K06vLQGW58dX3yX6hqerKxbX+Q99Ce
c+lCTH4R4mElBsdKuAge7FAUCHtVOE3ufbJJXjhR+lCEHEDQ0LJhONzojKweYsLf
zpT11/I606cnbq3cXQRzsOb1BH46+KbB8YCqsD0QhztJI3AVg7gAH3lVFmqqQpKK
7c6kUld7MkKc3WEIpAP5GEoqIgh72SRe19gmrTVYe4ub5xkkstknY5SBHk/mRBlb
hsRCdX8=
-----END CERTIFICATE-----