Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_qMCZWoq0Fm6DVTIeHK4L6d3zyA.roa
File:                     _qMCZWoq0Fm6DVTIeHK4L6d3zyA.roa (raw, json)
Hash identifier:          YGpliU1F6On6ckONQ9uIUDXaDo8wBgOfR7T/7xjCygA=
Subject key identifier:   FE:A3:02:65:6A:2A:D0:59:BA:0D:54:C8:78:72:B8:2F:A7:77:CF:20
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018AF58932736D4B2C4F3784B99DFBF5B47A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_qMCZWoq0Fm6DVTIeHK4L6d3zyA.roa
Signing time:             Tue 03 Oct 2023 12:35:23 +0000
ROA not before:           Tue 03 Oct 2023 12:35:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.231.0/24 maxlen: 24
                          163.5.233.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.235.0/24 maxlen: 24
                          163.5.242.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.251.0/24 maxlen: 24
                          163.5.247.0/24 maxlen: 24
                          163.5.252.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
                          163.5.255.0/24 maxlen: 24
                          163.5.66.0/24 maxlen: 24
                          163.5.71.0/24 maxlen: 24
                          163.5.78.0/24 maxlen: 24
                          163.5.83.0/24 maxlen: 24
                          163.5.79.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
                          163.5.86.0/24 maxlen: 24
                          163.5.87.0/24 maxlen: 24
                          163.5.97.0/24 maxlen: 24
                          163.5.98.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.95.0/24 maxlen: 24
                          163.5.104.0/24 maxlen: 24
                          163.5.105.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.100.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.112.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.30.0/24 maxlen: 24
                          163.5.33.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.36.0/24 maxlen: 24
                          163.5.58.0/24 maxlen: 24
                          163.5.64.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
                          163.5.176.0/24 maxlen: 24
                          163.5.178.0/24 maxlen: 24
                          163.5.181.0/24 maxlen: 24
                          163.5.182.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.188.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.191.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.198.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
                          163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.216.0/24 maxlen: 24
                          163.5.217.0/24 maxlen: 24
                          163.5.218.0/24 maxlen: 24
                          163.5.220.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.120.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.122.0/24 maxlen: 24
                          163.5.123.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.141.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
                          163.5.148.0/24 maxlen: 24
                          163.5.150.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.156.0/24 maxlen: 24
                          163.5.165.0/24 maxlen: 24
                          163.5.162.0/24 maxlen: 24
                          163.5.160.0/24 maxlen: 24
                          163.5.161.0/24 maxlen: 24
                          163.5.167.0/24 maxlen: 24
                          163.5.172.0/24 maxlen: 24
                          163.5.170.0/24 maxlen: 24
                          163.5.171.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 05 Oct 2023 23:31:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f5:89:32:73:6d:4b:2c:4f:37:84:b9:9d:fb:f5:b4:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct  3 12:35:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fea302656a2ad059ba0d54c87872b82fa777cf20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:bb:26:83:84:54:9c:c0:29:8f:ac:eb:aa:
                    db:30:c5:92:88:21:02:99:28:21:14:76:f0:cd:25:
                    63:4d:b1:f6:85:84:3a:35:be:af:a1:56:41:db:bb:
                    a3:b9:57:6a:f3:6b:7c:62:3e:b8:60:85:46:c7:1f:
                    96:4a:c0:a9:af:c1:2f:b1:83:84:1b:dd:a7:c9:4a:
                    34:b1:ea:43:2b:8c:41:a5:6f:68:6f:1c:ef:d5:c7:
                    75:f4:f7:48:49:7d:84:99:aa:39:c9:b1:b6:1c:1c:
                    4f:11:cc:db:dc:3d:10:74:08:0c:86:3f:b1:6c:99:
                    88:f6:b1:53:b7:db:78:cc:6e:5c:5d:b8:fe:df:f1:
                    61:cd:b9:a8:5b:8c:58:ed:89:19:f9:ba:7f:fe:3d:
                    d0:94:4f:c0:67:be:1c:f3:ce:08:82:dd:d6:ec:f9:
                    2e:70:9d:6a:81:fc:a3:09:2d:4b:b7:ff:29:bf:73:
                    aa:33:2a:a1:03:df:31:b9:41:cc:7c:e7:e4:99:74:
                    07:76:6d:20:73:d3:57:36:c4:a3:5c:d4:97:6b:55:
                    41:cc:29:92:68:f0:3e:fd:ea:69:6c:e3:3b:b1:3d:
                    25:61:ae:91:7d:ed:6c:ea:2b:4f:23:3d:54:68:88:
                    78:5c:b4:39:97:ee:96:db:d9:0b:be:19:dc:5e:80:
                    2c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A3:02:65:6A:2A:D0:59:BA:0D:54:C8:78:72:B8:2F:A7:77:CF:20
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/_qMCZWoq0Fm6DVTIeHK4L6d3zyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.33.0/24
                  163.5.35.0-163.5.36.255
                  163.5.58.0/24
                  163.5.62.0/24
                  163.5.64.0/24
                  163.5.66.0/24
                  163.5.71.0/24
                  163.5.78.0/23
                  163.5.83.0/24
                  163.5.86.0/23
                  163.5.89.0/24
                  163.5.94.0/23
                  163.5.97.0-163.5.100.255
                  163.5.104.0-163.5.106.255
                  163.5.110.0-163.5.114.255
                  163.5.120.0/22
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.134.0/24
                  163.5.138.0/23
                  163.5.141.0-163.5.143.255
                  163.5.146.0/24
                  163.5.148.0/24
                  163.5.150.0/23
                  163.5.156.0/24
                  163.5.160.0-163.5.162.255
                  163.5.165.0/24
                  163.5.167.0/24
                  163.5.170.0-163.5.172.255
                  163.5.176.0/24
                  163.5.178.0/23
                  163.5.181.0-163.5.182.255
                  163.5.186.0/24
                  163.5.188.0/23
                  163.5.191.0/24
                  163.5.195.0/24
                  163.5.198.0/24
                  163.5.201.0/24
                  163.5.203.0-163.5.205.255
                  163.5.212.0/23
                  163.5.216.0-163.5.218.255
                  163.5.220.0/24
                  163.5.224.0/24
                  163.5.228.0/24
                  163.5.231.0/24
                  163.5.233.0/24
                  163.5.235.0/24
                  163.5.241.0-163.5.242.255
                  163.5.247.0/24
                  163.5.249.0-163.5.253.255
                  163.5.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:92:79:bc:3e:f4:ec:da:92:3a:6c:1f:b8:3a:45:94:9e:cf:
         23:bd:86:8a:f4:45:61:27:7e:b8:f0:b0:d0:62:66:42:5c:a6:
         70:64:84:7a:14:4a:4b:ac:ae:e1:19:e5:9f:ee:f1:3a:cd:4c:
         59:5f:82:8a:2c:67:54:98:fc:5f:c3:62:27:88:20:1d:21:26:
         e7:e3:f0:ca:d2:e9:be:18:08:c5:8d:37:d9:26:26:87:e4:b0:
         16:e8:84:fe:91:5d:69:02:3d:0a:79:24:ed:ed:8d:11:e7:5a:
         30:e1:ea:13:f6:e6:95:97:fd:4e:a8:d1:11:68:e0:07:94:38:
         38:9f:79:e6:61:21:f9:7c:1e:3e:69:62:71:5c:a2:0f:50:e4:
         66:d3:ae:85:e7:81:bb:c8:f1:45:13:74:d5:87:2d:d6:37:20:
         f0:fc:fe:93:86:8a:05:23:b1:69:05:24:ea:24:6b:aa:f4:a0:
         58:2b:47:07:80:85:20:1d:88:cb:3e:a4:01:e5:7b:4c:fd:80:
         7c:f8:e9:e1:3a:7d:e2:d1:0e:0a:09:87:b8:0d:5e:af:99:32:
         b6:f6:15:8e:4a:6d:70:89:55:0c:66:3d:5f:64:d9:b6:98:9c:
         4f:f4:e3:d4:03:be:34:7d:49:ca:4d:16:00:48:c8:96:56:ed:
         b8:26:a1:9f
-----BEGIN CERTIFICATE-----
MIIGmTCCBYGgAwIBAgISAYr1iTJzbUssTzeEuZ379bR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMDAzMTIzNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWEzMDI2NTZhMmFkMDU5YmEwZDU0Yzg3ODcyYjgyZmE3NzdjZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0e7JoOEVJzAKY+s66rbMMWSiCEC
mSghFHbwzSVjTbH2hYQ6Nb6voVZB27ujuVdq82t8Yj64YIVGxx+WSsCpr8EvsYOE
G92nyUo0sepDK4xBpW9obxzv1cd19PdISX2Emao5ybG2HBxPEczb3D0QdAgMhj+x
bJmI9rFTt9t4zG5cXbj+3/FhzbmoW4xY7YkZ+bp//j3QlE/AZ74c884Igt3W7Pku
cJ1qgfyjCS1Lt/8pv3OqMyqhA98xuUHMfOfkmXQHdm0gc9NXNsSjXNSXa1VBzCmS
aPA+/eppbOM7sT0lYa6Rfe1s6itPIz1UaIh4XLQ5l+6W29kLvhncXoAszQIDAQAB
o4IDpTCCA6EwHQYDVR0OBBYEFP6jAmVqKtBZug1UyHhyuC+nd88gMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvX3FNQ1pXb3EwRm02RFZUSWVISzRMNmQzenlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBuQYIKwYBBQUHAQcBAf8EggGoMIIBpDCCAaAEAgABMIIB
mAMEAKMFHgMEAKMFITAMAwQAowUjAwQAowUkAwQAowU6AwQAowU+AwQAowVAAwQA
owVCAwQAowVHAwQBowVOAwQAowVTAwQBowVWAwQAowVZAwQBowVeMAwDBACjBWED
BACjBWQwDAMEA6MFaAMEAKMFajAMAwQBowVuAwQAowVyAwQCowV4AwQAowV+AwQA
owWAAwQAowWGAwQBowWKMAwDBACjBY0DBASjBYADBACjBZIDBACjBZQDBAGjBZYD
BACjBZwwDAMEBaMFoAMEAKMFogMEAKMFpQMEAKMFpzAMAwQBowWqAwQAowWsAwQA
owWwAwQBowWyMAwDBACjBbUDBACjBbYDBACjBboDBAGjBbwDBACjBb8DBACjBcMD
BACjBcYDBACjBckwDAMEAKMFywMEAaMFzAMEAaMF1DAMAwQDowXYAwQAowXaAwQA
owXcAwQAowXgAwQAowXkAwQAowXnAwQAowXpAwQAowXrMAwDBACjBfEDBACjBfID
BACjBfcwDAMEAKMF+QMEAaMF/AMEAKMF/zANBgkqhkiG9w0BAQsFAAOCAQEAspJ5
vD707NqSOmwfuDpFlJ7PI72GivRFYSd+uPCw0GJmQlymcGSEehRKS6yu4Rnln+7x
Os1MWV+CiixnVJj8X8NiJ4ggHSEm5+PwytLpvhgIxY032SYmh+SwFuiE/pFdaQI9
Cnkk7e2NEedaMOHqE/bmlZf9TqjREWjgB5Q4OJ955mEh+XwePmlicVyiD1DkZtOu
heeBu8jxRRN01Yct1jcg8Pz+k4aKBSOxaQUk6iRrqvSgWCtHB4CFIB2Iyz6kAeV7
TP2AfPjp4Tp94tEOCgmHuA1er5kytvYVjkptcIlVDGY9X2TZtpicT/Tj1AO+NH1J
yk0WAEjIllbtuCahnw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:06 2024 by rpki-client on console-fra.rpki-client.org