Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i8VEzI1ppz0VMHq3ejMtVqhZZ-Q.roa
File:                     i8VEzI1ppz0VMHq3ejMtVqhZZ-Q.roa (raw, json)
Hash identifier:          jAa4wefiMt37+bKVI827+IhF6uA7Tu+cglwNswhrhYA=
Subject key identifier:   8B:C5:44:CC:8D:69:A7:3D:15:30:7A:B7:7A:33:2D:56:A8:59:67:E4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01857042CE087D775B033CC8616789789736
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i8VEzI1ppz0VMHq3ejMtVqhZZ-Q.roa
Signing time:             Mon 02 Jan 2023 02:15:04 +0000
ROA not before:           Mon 02 Jan 2023 02:15:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212166
IP address blocks:        163.5.213.0/24 maxlen: 24
                          163.5.147.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 01 Jun 2023 08:44:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:ce:08:7d:77:5b:03:3c:c8:61:67:89:78:97:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 02:15:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8bc544cc8d69a73d15307ab77a332d56a85967e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4e:07:0f:04:e6:b5:a9:ee:7c:49:59:e6:97:
                    43:45:78:b8:16:fa:f4:d8:4a:0d:60:9a:2c:a5:56:
                    5a:55:3a:ee:ec:06:fc:33:6f:a6:47:a0:6b:b5:8f:
                    3c:18:d8:fb:d9:95:9e:06:a1:4b:f0:fe:ab:4b:59:
                    98:6e:99:bc:65:60:cc:56:fc:3e:99:10:5f:32:45:
                    e1:87:9b:52:5a:be:6d:5d:ac:67:b2:39:0d:00:2c:
                    25:5a:4f:88:32:8f:ad:71:29:25:0b:88:23:10:8d:
                    0c:02:98:3c:c6:c5:bc:8e:bd:b3:1c:f9:f7:73:61:
                    0d:86:7a:42:4b:01:71:22:d4:ef:30:86:91:7e:22:
                    f6:9b:1b:d8:93:a9:39:a8:51:bd:ef:06:0c:2e:64:
                    d5:5b:9e:55:b9:ce:7b:6c:03:72:12:0d:64:91:15:
                    61:61:25:e3:ec:88:5a:58:cb:1f:46:f9:25:de:52:
                    07:22:17:94:94:4d:48:1e:29:b6:6a:16:ae:48:96:
                    0b:10:48:e0:de:b9:da:2d:6d:5f:3d:8e:ee:ef:05:
                    d9:e8:2d:52:27:53:a8:4d:ef:9c:ff:8b:77:7f:d4:
                    55:b1:e2:53:d4:42:f2:cb:82:74:b8:8d:c9:91:3a:
                    af:10:c8:a5:2a:7f:0b:18:02:c5:61:64:6f:6c:58:
                    c5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C5:44:CC:8D:69:A7:3D:15:30:7A:B7:7A:33:2D:56:A8:59:67:E4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/i8VEzI1ppz0VMHq3ejMtVqhZZ-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.147.0/24
                  163.5.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:bd:65:6f:a0:07:a1:48:1a:5f:97:3a:cc:3b:6f:fd:1f:02:
         d7:ce:f1:89:4e:94:4c:9f:a5:e0:a1:aa:50:67:f1:3b:e2:7a:
         bc:59:3e:53:ff:2a:8e:cd:5d:5a:81:45:6d:25:35:53:63:75:
         54:6a:a4:78:d6:8a:57:ab:e3:fa:95:11:39:5c:71:0c:c4:81:
         60:61:f0:9c:b3:46:24:92:13:e9:5a:e7:14:14:ce:cb:3d:3a:
         ea:42:fd:7d:8b:89:ed:13:71:91:bc:29:ec:31:b3:23:b9:f6:
         1d:8e:d1:c3:0f:f3:08:ef:14:b9:8b:78:f1:40:32:c9:02:03:
         05:3d:32:7b:ec:df:bf:ab:9d:7a:5c:fc:75:0f:de:c6:40:07:
         fa:44:20:53:ff:09:50:70:b4:8d:47:25:d2:e0:8c:03:53:62:
         f6:f9:88:ec:69:ab:85:3f:98:41:94:44:ee:6d:86:ab:9a:f7:
         88:3f:e0:ab:f9:5d:6d:b1:d3:c1:56:61:2e:a2:13:99:35:bc:
         46:d8:3f:e8:ed:0a:75:3c:17:7d:4b:8a:92:2a:61:59:68:91:
         a8:a9:e0:06:e3:2f:b0:73:84:3d:a5:65:6c:e3:87:90:be:36:
         9c:7b:c1:19:31:e5:02:58:67:5e:b6:cd:3c:ba:aa:56:88:0a:
         b9:6e:d7:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwQs4IfXdbAzzIYWeJeJc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMTAyMDIxNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmM1NDRjYzhkNjlhNzNkMTUzMDdhYjc3YTMzMmQ1NmE4NTk2N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjE4HDwTmtanufElZ5pdDRXi4Fvr0
2EoNYJospVZaVTru7Ab8M2+mR6BrtY88GNj72ZWeBqFL8P6rS1mYbpm8ZWDMVvw+
mRBfMkXhh5tSWr5tXaxnsjkNACwlWk+IMo+tcSklC4gjEI0MApg8xsW8jr2zHPn3
c2ENhnpCSwFxItTvMIaRfiL2mxvYk6k5qFG97wYMLmTVW55Vuc57bANyEg1kkRVh
YSXj7IhaWMsfRvkl3lIHIheUlE1IHim2ahauSJYLEEjg3rnaLW1fPY7u7wXZ6C1S
J1OoTe+c/4t3f9RVseJT1ELyy4J0uI3JkTqvEMilKn8LGALFYWRvbFjFuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIvFRMyNaac9FTB6t3ozLVaoWWfkMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaThWRXpJMXBwejBWTUhxM2VqTXRWcWhaWi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAowWTAwQA
owXVMA0GCSqGSIb3DQEBCwUAA4IBAQBGvWVvoAehSBpflzrMO2/9HwLXzvGJTpRM
n6XgoapQZ/E74nq8WT5T/yqOzV1agUVtJTVTY3VUaqR41opXq+P6lRE5XHEMxIFg
YfCcs0YkkhPpWucUFM7LPTrqQv19i4ntE3GRvCnsMbMjufYdjtHDD/MI7xS5i3jx
QDLJAgMFPTJ77N+/q516XPx1D97GQAf6RCBT/wlQcLSNRyXS4IwDU2L2+YjsaauF
P5hBlETubYarmveIP+Cr+V1tsdPBVmEuohOZNbxG2D/o7Qp1PBd9S4qSKmFZaJGo
qeAG4y+wc4Q9pWVs44eQvjace8EZMeUCWGdets08uqpWiAq5btcw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:34 2024 by rpki-client on console-ams.rpki-client.org