Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TnbqcQZ5IBbIOBc7Em0YKoNcdWY.roa
File:                     TnbqcQZ5IBbIOBc7Em0YKoNcdWY.roa (raw, json)
Hash identifier:          5NaZ3oz2l6nocOPgI/9MAN/bZQkTOHDHKxQJcAoJZCk=
Subject key identifier:   4E:76:EA:71:06:79:20:16:C8:38:17:3B:12:6D:18:2A:83:5C:75:66
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018BECA9B2B7F92FD82A4D649630D18904F9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TnbqcQZ5IBbIOBc7Em0YKoNcdWY.roa
Signing time:             Mon 20 Nov 2023 12:17:06 +0000
ROA not before:           Mon 20 Nov 2023 12:17:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.228.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
                          163.5.254.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24
                          163.5.74.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.112.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.30.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.36.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
                          163.5.176.0/24 maxlen: 24
                          163.5.178.0/24 maxlen: 24
                          163.5.181.0/24 maxlen: 24
                          163.5.182.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.188.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.191.0/24 maxlen: 24
                          163.5.199.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
                          163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.218.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
                          163.5.148.0/24 maxlen: 24
                          163.5.150.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.156.0/24 maxlen: 24
                          163.5.160.0/24 maxlen: 24
                          163.5.167.0/24 maxlen: 24
                          163.5.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Nov 2023 15:56:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:a9:b2:b7:f9:2f:d8:2a:4d:64:96:30:d1:89:04:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 20 12:17:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e76ea7106792016c838173b126d182a835c7566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e6:89:57:a9:8c:f1:be:29:ae:10:84:de:cb:
                    1c:2f:9d:3b:9f:28:c5:fd:3a:d3:61:c5:4b:d9:1d:
                    10:ec:fb:b8:b9:f3:16:8b:c3:68:e0:32:9f:b5:93:
                    75:69:7b:0f:12:04:01:c0:48:ec:83:ba:52:c7:4b:
                    e2:f7:ef:b1:e5:f3:18:86:74:23:18:04:d6:6c:81:
                    79:2f:7b:5c:6d:ef:7c:da:f4:98:d2:2d:89:ba:20:
                    2a:a2:02:4d:95:ac:42:29:4c:bd:3d:dd:fb:e7:e0:
                    a6:da:9f:4e:5f:20:5e:68:a4:11:09:fd:28:b4:00:
                    a5:c9:63:d5:c4:44:e5:1f:f3:4f:7b:7d:e5:a4:7f:
                    5e:34:07:a2:ae:c8:5f:42:5d:bb:dd:42:80:c4:8a:
                    b2:43:71:8a:bf:d2:e0:f8:b4:ac:a9:f8:ca:51:29:
                    b9:18:45:5a:6d:cb:5f:62:85:36:07:b2:a0:33:8c:
                    99:44:96:a6:79:00:aa:fd:3b:8e:24:5f:66:53:be:
                    91:67:b1:c0:41:62:06:e6:4c:55:93:14:4a:61:15:
                    ce:27:7e:04:24:f9:8d:c5:e5:22:9b:12:99:5d:7c:
                    8d:17:bb:9c:01:af:ac:4d:a2:d4:0f:80:57:60:d7:
                    84:e1:ea:01:60:b1:cb:87:58:f8:cd:83:ca:63:2e:
                    ee:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:76:EA:71:06:79:20:16:C8:38:17:3B:12:6D:18:2A:83:5C:75:66
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/TnbqcQZ5IBbIOBc7Em0YKoNcdWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.35.0-163.5.36.255
                  163.5.62.0/24
                  163.5.74.0/24
                  163.5.79.0/24
                  163.5.83.0/24
                  163.5.89.0/24
                  163.5.94.0/23
                  163.5.99.0/24
                  163.5.106.0/24
                  163.5.110.0-163.5.113.255
                  163.5.121.0/24
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.134.0/24
                  163.5.138.0/23
                  163.5.142.0/23
                  163.5.146.0/24
                  163.5.148.0/24
                  163.5.150.0/23
                  163.5.156.0/24
                  163.5.160.0/24
                  163.5.167.0/24
                  163.5.170.0/24
                  163.5.176.0/24
                  163.5.178.0/23
                  163.5.181.0-163.5.182.255
                  163.5.186.0/24
                  163.5.188.0/23
                  163.5.191.0/24
                  163.5.199.0/24
                  163.5.201.0/24
                  163.5.203.0-163.5.205.255
                  163.5.218.0/24
                  163.5.224.0/24
                  163.5.228.0/24
                  163.5.241.0/24
                  163.5.250.0/24
                  163.5.253.0-163.5.255.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:15:0d:89:fb:a4:80:77:dc:cf:f0:28:8c:c1:c4:e7:a8:c7:
         b9:22:74:03:43:20:2f:11:f4:33:81:ea:03:85:6e:66:94:42:
         e1:25:56:70:f5:75:0b:5c:75:f6:7e:0c:23:17:27:e3:26:6a:
         c8:30:2d:9c:2d:cd:98:79:55:e4:30:a5:91:6f:3e:b1:bb:46:
         3d:ec:90:1b:0a:81:27:da:4d:7f:f4:47:1b:83:7d:e1:86:c3:
         50:2c:b1:c7:00:92:4c:02:6e:4d:7a:50:35:68:15:5c:4b:a7:
         04:89:f5:32:42:bf:e9:a3:df:3c:7d:ce:ec:09:d3:58:6e:3b:
         1f:bd:20:1f:f7:19:fe:c8:c8:90:fd:fe:54:0c:d7:59:db:7e:
         d9:27:10:ef:fe:76:cf:93:9f:36:9b:72:bd:ca:ef:7f:a6:bb:
         3d:cb:25:7f:4c:8d:b6:d2:92:ce:4f:34:9f:0f:ec:f7:25:e4:
         11:a0:16:22:70:12:d2:e4:57:99:a2:e7:11:c7:75:7b:34:3b:
         de:a0:73:22:8e:04:99:29:71:19:44:b1:02:c9:43:42:17:0e:
         ae:1c:c5:98:75:29:79:f1:9a:9e:9e:00:c0:d8:46:45:6a:b9:
         08:c6:16:d7:ef:b2:31:c5:c3:c9:20:af:d8:bf:5c:9a:5c:59:
         d3:37:c7:f4
-----BEGIN CERTIFICATE-----
MIIGEjCCBPqgAwIBAgISAYvsqbK3+S/YKk1kljDRiQT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMTIwMTIxNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTc2ZWE3MTA2NzkyMDE2YzgzODE3M2IxMjZkMTgyYTgzNWM3NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOaJV6mM8b4prhCE3sscL507nyjF
/TrTYcVL2R0Q7Pu4ufMWi8No4DKftZN1aXsPEgQBwEjsg7pSx0vi9++x5fMYhnQj
GATWbIF5L3tcbe982vSY0i2JuiAqogJNlaxCKUy9Pd375+Cm2p9OXyBeaKQRCf0o
tAClyWPVxETlH/NPe33lpH9eNAeirshfQl273UKAxIqyQ3GKv9Lg+LSsqfjKUSm5
GEVabctfYoU2B7KgM4yZRJameQCq/TuOJF9mU76RZ7HAQWIG5kxVkxRKYRXOJ34E
JPmNxeUimxKZXXyNF7ucAa+sTaLUD4BXYNeE4eoBYLHLh1j4zYPKYy7uFwIDAQAB
o4IDHjCCAxowHQYDVR0OBBYEFE526nEGeSAWyDgXOxJtGCqDXHVmMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVG5icWNRWjVJQmJJT0JjN0VtMFlLb05jZFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMgYIKwYBBQUHAQcBAf8EggEhMIIBHTCCARkEAgABMIIB
EQMEAKMFHjAMAwQAowUjAwQAowUkAwQAowU+AwQAowVKAwQAowVPAwQAowVTAwQA
owVZAwQBowVeAwQAowVjAwQAowVqMAwDBAGjBW4DBAGjBXADBACjBXkDBACjBX4D
BACjBYADBACjBYYDBAGjBYoDBAGjBY4DBACjBZIDBACjBZQDBAGjBZYDBACjBZwD
BACjBaADBACjBacDBACjBaoDBACjBbADBAGjBbIwDAMEAKMFtQMEAKMFtgMEAKMF
ugMEAaMFvAMEAKMFvwMEAKMFxwMEAKMFyTAMAwQAowXLAwQBowXMAwQAowXaAwQA
owXgAwQAowXkAwQAowXxAwQAowX6MAsDBACjBf0DAwGjBDANBgkqhkiG9w0BAQsF
AAOCAQEAfRUNifukgHfcz/AojMHE56jHuSJ0A0MgLxH0M4HqA4VuZpRC4SVWcPV1
C1x19n4MIxcn4yZqyDAtnC3NmHlV5DClkW8+sbtGPeyQGwqBJ9pNf/RHG4N94YbD
UCyxxwCSTAJuTXpQNWgVXEunBIn1MkK/6aPfPH3O7AnTWG47H70gH/cZ/sjIkP3+
VAzXWdt+2ScQ7/52z5OfNptyvcrvf6a7Pcslf0yNttKSzk80nw/s9yXkEaAWInAS
0uRXmaLnEcd1ezQ73qBzIo4EmSlxGUSxAslDQhcOrhzFmHUpefGanp4AwNhGRWq5
CMYW1++yMcXDySCv2L9cmlxZ0zfH9A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:06 2024 by rpki-client on console-fra.rpki-client.org