Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dMq_XeEEfOCUbE9G2UViWHLxn2g.roa
File:                     dMq_XeEEfOCUbE9G2UViWHLxn2g.roa (raw, json)
Hash identifier:          6wZcbNC3grGYyEooQVwuYvFPEj03xAv22YR+SYvdglA=
Subject key identifier:   74:CA:BF:5D:E1:04:7C:E0:94:6C:4F:46:D9:45:62:58:72:F1:9F:68
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D73F81B79D8282245984791C81ADCAAFE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dMq_XeEEfOCUbE9G2UViWHLxn2g.roa
Signing time:             Sun 04 Feb 2024 11:54:16 +0000
ROA not before:           Sun 04 Feb 2024 11:54:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.31.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.154.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.215.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 11 Feb 2024 15:35:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:73:f8:1b:79:d8:28:22:45:98:47:91:c8:1a:dc:aa:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb  4 11:54:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74cabf5de1047ce0946c4f46d945625872f19f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fa:04:50:23:2a:a6:a4:46:ea:5f:25:4b:c7:
                    83:3e:5b:52:e6:da:b5:96:74:f3:1c:7d:85:65:5e:
                    72:3d:8c:93:e0:eb:96:7f:55:31:f5:9b:a0:d7:5c:
                    24:ff:58:ca:08:19:af:2b:4f:7f:e6:0e:11:0f:5e:
                    8d:82:34:9c:91:40:26:c3:af:8c:a2:6a:cc:07:f7:
                    c4:74:74:a8:28:f9:85:ef:97:c4:bf:70:d6:9a:20:
                    e8:02:7f:80:74:00:95:0a:4f:6b:4f:df:f1:ab:1d:
                    9f:f2:a4:70:80:4c:26:d1:89:8c:73:f0:6d:67:51:
                    60:e1:10:06:4c:30:ae:2b:44:ff:6f:1f:d3:19:db:
                    88:27:cd:99:73:29:67:00:08:19:61:42:ab:26:2c:
                    7a:54:d9:d5:e8:a8:ab:41:0e:92:5a:ad:4c:d1:0f:
                    2a:8f:0f:ac:2d:35:18:5e:43:f5:9a:00:5f:14:98:
                    0f:b9:bf:47:dc:3b:b0:be:93:02:08:d5:37:88:d6:
                    9a:00:72:d6:19:c9:66:2c:4e:3e:c8:04:a2:67:25:
                    fa:5a:4e:32:18:93:a2:9a:9e:4e:6a:2a:b4:3f:d7:
                    85:c1:79:f4:1a:97:f4:c4:b4:07:33:de:40:6b:94:
                    6e:07:8e:a0:eb:63:20:b9:4b:bf:ca:47:04:9d:90:
                    1c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:CA:BF:5D:E1:04:7C:E0:94:6C:4F:46:D9:45:62:58:72:F1:9F:68
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/dMq_XeEEfOCUbE9G2UViWHLxn2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.35.0/24
                  163.5.59.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.142.0-163.5.144.255
                  163.5.154.0/24
                  163.5.192.0/23
                  163.5.213.0-163.5.215.255
                  163.5.221.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f0:8b:9a:c1:ea:20:40:2b:19:1d:2a:77:02:79:28:18:6c:
         08:35:2c:bc:a3:d6:fd:7f:37:9c:41:81:8f:bd:c1:99:e4:0d:
         dd:8a:b6:1b:51:d6:bf:c0:97:e9:58:f5:df:a9:a1:15:4c:7f:
         1b:68:3c:b7:42:50:a8:c1:4f:bc:ae:64:4f:5a:73:80:81:01:
         c8:d2:03:7b:ec:f1:71:3d:5e:f4:c3:d5:8d:68:2d:9d:79:45:
         96:19:68:36:44:75:42:13:c0:ec:f3:e6:65:1d:58:ac:d4:6f:
         88:ce:e1:79:b2:a4:25:e1:a4:21:38:d7:f2:c9:f4:fe:cf:b4:
         62:ec:55:78:74:18:56:e7:a1:31:4f:6e:8a:5f:21:0b:f1:e7:
         7a:0c:10:39:71:b3:13:0c:d0:d2:d9:53:05:61:5a:45:9d:bb:
         09:09:82:20:8c:8e:10:18:9f:fb:a7:2b:09:cb:ae:d0:aa:54:
         63:be:70:aa:9c:fb:54:78:1e:1d:0b:f2:ec:d4:27:b7:de:51:
         ef:9c:1f:43:ed:bf:87:52:f9:ac:91:a2:dd:a5:5f:90:38:88:
         7a:f6:1d:8a:9e:3f:00:d1:79:b5:cf:dc:c1:a0:45:01:58:23:
         8b:00:a2:fe:b2:08:fc:b5:69:21:94:66:f7:f5:bc:af:3b:38:
         d0:3b:b4:fb
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY1z+Bt52CgiRZhHkcga3Kr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMjA0MTE1NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGNhYmY1ZGUxMDQ3Y2UwOTQ2YzRmNDZkOTQ1NjI1ODcyZjE5ZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvoEUCMqpqRG6l8lS8eDPltS5tq1
lnTzHH2FZV5yPYyT4OuWf1Ux9Zug11wk/1jKCBmvK09/5g4RD16NgjSckUAmw6+M
omrMB/fEdHSoKPmF75fEv3DWmiDoAn+AdACVCk9rT9/xqx2f8qRwgEwm0YmMc/Bt
Z1Fg4RAGTDCuK0T/bx/TGduIJ82ZcylnAAgZYUKrJix6VNnV6KirQQ6SWq1M0Q8q
jw+sLTUYXkP1mgBfFJgPub9H3DuwvpMCCNU3iNaaAHLWGclmLE4+yASiZyX6Wk4y
GJOimp5Oaiq0P9eFwXn0Gpf0xLQHM95Aa5RuB46g62MguUu/ykcEnZAcGQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFHTKv13hBHzglGxPRtlFYlhy8Z9oMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZE1xX1hlRUVmT0NVYkU5RzJVVmlXSEx4bjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUfAwQA
owUjAwQAowU7AwQAowU+AwQAowVjMAwDBAGjBY4DBACjBZADBACjBZoDBAGjBcAw
DAMEAKMF1QMEA6MF0AMEAKMF3QMEALn9NjANBgkqhkiG9w0BAQsFAAOCAQEAD/CL
msHqIEArGR0qdwJ5KBhsCDUsvKPW/X83nEGBj73BmeQN3Yq2G1HWv8CX6Vj136mh
FUx/G2g8t0JQqMFPvK5kT1pzgIEByNIDe+zxcT1e9MPVjWgtnXlFlhloNkR1QhPA
7PPmZR1YrNRviM7hebKkJeGkITjX8sn0/s+0YuxVeHQYVuehMU9uil8hC/HnegwQ
OXGzEwzQ0tlTBWFaRZ27CQmCIIyOEBif+6crCcuu0KpUY75wqpz7VHgeHQvy7NQn
t95R75wfQ+2/h1L5rJGi3aVfkDiIevYdip4/ANF5tc/cwaBFAVgjiwCi/rII/LVp
IZRm9/W8rzs40Du0+w==
-----END CERTIFICATE-----