Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UBUrQY9xVck8Nc2TfgSyfGhTvHk.roa
File:                     UBUrQY9xVck8Nc2TfgSyfGhTvHk.roa (raw, json)
Hash identifier:          +NGCGhAPAIov8XWYhJC2OF1hLpoH9bmqjGhUe/upKVQ=
Subject key identifier:   50:15:2B:41:8F:71:55:C9:3C:35:CD:93:7E:04:B2:7C:68:53:BC:79
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0191C30EF6304B3B8BD6F98C0AF0A33734AA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UBUrQY9xVck8Nc2TfgSyfGhTvHk.roa
Signing time:             Thu 05 Sep 2024 16:40:22 +0000
ROA not before:           Thu 05 Sep 2024 16:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.31.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 11 Sep 2024 16:31:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c3:0e:f6:30:4b:3b:8b:d6:f9:8c:0a:f0:a3:37:34:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep  5 16:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50152b418f7155c93c35cd937e04b27c6853bc79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f9:d2:36:ea:80:fe:79:58:40:0f:57:4b:58:
                    bf:fd:c4:4c:37:4b:eb:9c:96:a0:69:2c:f4:a4:a8:
                    ff:a4:5c:61:75:8d:de:1f:a7:b7:0e:a4:cf:f0:32:
                    ee:2a:3a:05:be:e8:a2:c8:01:ae:be:79:ef:0c:71:
                    a7:a6:61:60:9e:f4:df:af:58:fd:b8:6d:67:22:5f:
                    73:fd:29:26:75:94:1b:bc:18:10:f0:b4:83:19:cd:
                    2f:84:aa:50:d9:af:66:66:f6:22:ca:00:bc:ab:62:
                    ac:39:02:b4:c6:a3:4c:7d:b6:bb:d1:f8:d1:40:02:
                    22:db:73:9c:e8:7b:cc:c5:cd:33:8d:70:1d:67:2e:
                    e3:d5:49:9b:3b:b0:09:72:ce:13:c7:5c:3c:cc:a9:
                    bc:07:c0:ce:7c:45:59:85:56:5e:6a:de:62:47:ea:
                    85:43:09:d0:62:c1:7b:e1:9a:31:6d:81:2e:11:3e:
                    12:47:82:3d:50:c1:91:63:a4:81:90:67:6a:d9:6e:
                    49:bf:8e:e0:68:5f:69:43:bb:6e:a7:91:ee:84:6d:
                    49:e3:b5:69:6f:bd:45:85:cc:c4:b4:9c:54:5c:b4:
                    7d:b7:d2:c9:64:24:b5:2c:88:12:7c:68:98:fe:ad:
                    a3:ca:4b:c5:c6:97:4d:4e:8a:e9:3c:8e:4c:dc:77:
                    e4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:15:2B:41:8F:71:55:C9:3C:35:CD:93:7E:04:B2:7C:68:53:BC:79
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UBUrQY9xVck8Nc2TfgSyfGhTvHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.142.0/23
                  163.5.192.0/23
                  163.5.213.0-163.5.214.255
                  163.5.221.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:80:83:5a:c0:69:5a:c6:c5:fa:a4:a7:44:b5:ae:e2:41:5c:
         f9:d8:0e:20:84:d6:26:1e:00:e9:db:a6:4b:c6:63:ad:2f:89:
         66:50:7e:e6:c8:ff:54:3a:ec:d4:a9:d2:74:0d:fd:1b:02:7b:
         99:92:44:ff:33:17:3b:58:cc:26:ec:19:b2:67:d4:50:c7:1f:
         e9:05:0e:6b:d1:93:53:0e:e4:ff:e4:8f:98:79:f2:b7:3e:27:
         f6:8c:13:2b:e5:e4:77:fc:72:ba:7a:e5:ad:89:ec:86:b5:ac:
         42:6f:dd:2d:d2:21:30:0b:cd:1c:6b:7d:12:39:7f:1a:25:26:
         6d:d9:bd:4b:51:23:5b:fe:38:af:e3:d4:db:61:68:f9:8f:34:
         97:06:b5:a2:1c:cf:9f:06:ea:f8:f6:55:1c:e1:78:ba:54:e3:
         ea:0f:8b:2d:6f:9a:89:fc:24:1f:6b:9f:04:6e:18:48:de:8d:
         9c:67:94:3c:8e:ca:c9:3d:9d:22:19:3d:12:8f:6a:ac:5c:93:
         da:48:6e:67:96:56:52:90:39:f6:d5:d1:3c:cb:5c:b6:f1:7b:
         ac:76:41:9a:8c:54:56:e1:49:35:d3:27:24:d4:cc:27:33:7e:
         20:e6:3f:7f:8a:b8:b2:a7:c4:c1:e6:6d:c6:af:af:e0:fc:7f:
         79:25:f0:0b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZHDDvYwSzuL1vmMCvCjNzSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwOTA1MTY0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDE1MmI0MThmNzE1NWM5M2MzNWNkOTM3ZTA0YjI3YzY4NTNiYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovnSNuqA/nlYQA9XS1i//cRMN0vr
nJagaSz0pKj/pFxhdY3eH6e3DqTP8DLuKjoFvuiiyAGuvnnvDHGnpmFgnvTfr1j9
uG1nIl9z/SkmdZQbvBgQ8LSDGc0vhKpQ2a9mZvYiygC8q2KsOQK0xqNMfba70fjR
QAIi23Oc6HvMxc0zjXAdZy7j1UmbO7AJcs4Tx1w8zKm8B8DOfEVZhVZeat5iR+qF
QwnQYsF74ZoxbYEuET4SR4I9UMGRY6SBkGdq2W5Jv47gaF9pQ7tup5HuhG1J47Vp
b71FhczEtJxUXLR9t9LJZCS1LIgSfGiY/q2jykvFxpdNTorpPI5M3HfkPQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFAVK0GPcVXJPDXNk34EsnxoU7x5MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVUJVclFZOXhWY2s4TmMyVGZnU3lmR2hUdkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAowUfAwQA
owU+AwQAowVjAwQBowWOAwQBowXAMAwDBACjBdUDBACjBdYDBACjBd0DBAC5/TYw
DQYJKoZIhvcNAQELBQADggEBAG+Ag1rAaVrGxfqkp0S1ruJBXPnYDiCE1iYeAOnb
pkvGY60viWZQfubI/1Q67NSp0nQN/RsCe5mSRP8zFztYzCbsGbJn1FDHH+kFDmvR
k1MO5P/kj5h58rc+J/aMEyvl5Hf8crp65a2J7Ia1rEJv3S3SITALzRxrfRI5fxol
Jm3ZvUtRI1v+OK/j1NthaPmPNJcGtaIcz58G6vj2VRzheLpU4+oPiy1vmon8JB9r
nwRuGEjejZxnlDyOysk9nSIZPRKPaqxck9pIbmeWVlKQOfbV0TzLXLbxe6x2QZqM
VFbhSTXTJyTUzCczfiDmP3+KuLKnxMHmbcavr+D8f3kl8As=
-----END CERTIFICATE-----