Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kpAuLg65gGoBYEaiOL5ahIJd7gY.roa
File:                     kpAuLg65gGoBYEaiOL5ahIJd7gY.roa (raw, json)
Hash identifier:          lvgbusSlfF7b13SfU3STpCNnKpgBa9GYK1zatn+QRjY=
Subject key identifier:   92:90:2E:2E:0E:B9:80:6A:01:60:46:A2:38:BE:5A:84:82:5D:EE:06
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019081EE07AD5A852A7AB50EDBFEC62DB5D5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kpAuLg65gGoBYEaiOL5ahIJd7gY.roa
Signing time:             Fri 05 Jul 2024 08:06:18 +0000
ROA not before:           Fri 05 Jul 2024 08:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        163.5.0.0/24 maxlen: 24
                          163.5.1.0/24 maxlen: 24
                          163.5.3.0/24 maxlen: 24
                          163.5.4.0/24 maxlen: 24
                          163.5.6.0/24 maxlen: 24
                          163.5.7.0/24 maxlen: 24
                          163.5.8.0/24 maxlen: 24
                          163.5.9.0/24 maxlen: 24
                          163.5.13.0/24 maxlen: 24
                          163.5.14.0/24 maxlen: 24
                          163.5.15.0/24 maxlen: 24
                          163.5.16.0/24 maxlen: 24
                          163.5.17.0/24 maxlen: 24
                          163.5.18.0/24 maxlen: 24
                          163.5.19.0/24 maxlen: 24
                          163.5.22.0/24 maxlen: 24
                          163.5.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 13 Sep 2024 15:14:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:81:ee:07:ad:5a:85:2a:7a:b5:0e:db:fe:c6:2d:b5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul  5 08:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92902e2e0eb9806a016046a238be5a84825dee06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8c:12:9d:45:e6:1f:d6:11:5a:f9:44:37:20:
                    db:66:30:55:09:a1:c3:15:f9:f0:59:ba:1a:c9:f6:
                    49:b0:ef:bd:bf:49:2f:e4:bc:0a:ae:fe:90:60:59:
                    9f:db:19:8f:62:32:4c:f1:40:e7:09:ce:26:47:c2:
                    f5:19:32:96:df:57:c2:c8:8e:29:06:78:8b:84:bd:
                    ae:3f:2c:7a:9b:86:73:10:cc:f1:82:4c:51:1b:cc:
                    1a:eb:9d:1c:ef:9d:9a:f2:42:61:ce:24:aa:9a:8b:
                    bc:6e:29:cb:d7:7c:b5:c2:de:92:d8:35:0f:5a:f7:
                    65:a5:da:c0:f8:5e:ea:4d:85:c4:12:da:e7:25:19:
                    93:f1:d6:02:e4:3c:53:3c:24:e9:fc:f2:76:23:2d:
                    47:69:c9:15:92:bd:cb:cf:21:5f:f0:25:dd:f7:78:
                    39:6f:6b:4a:64:0a:42:2a:6f:e9:4f:f7:b3:21:bc:
                    32:5b:6d:f4:09:e1:59:88:5e:0e:72:a6:cb:b9:98:
                    b3:c7:2d:2b:28:26:51:7b:1f:4e:40:6f:ac:6b:15:
                    29:50:f1:e8:8d:6a:b2:76:33:7b:de:dd:a9:88:97:
                    d1:43:6f:fe:f1:1e:5b:f8:32:be:2d:a3:b8:0b:64:
                    aa:68:b3:ac:d5:b6:cf:b9:e3:df:24:c0:b7:1b:32:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:90:2E:2E:0E:B9:80:6A:01:60:46:A2:38:BE:5A:84:82:5D:EE:06
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kpAuLg65gGoBYEaiOL5ahIJd7gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.0.0/23
                  163.5.3.0-163.5.4.255
                  163.5.6.0-163.5.9.255
                  163.5.13.0-163.5.19.255
                  163.5.22.0/24
                  163.5.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d5:73:f5:80:8f:9e:5f:3b:7e:3f:42:ba:75:4f:c1:60:92:
         30:7f:cc:ab:82:e5:90:2c:5a:3f:e2:b4:f5:d7:00:b3:1a:8e:
         0c:87:5c:e2:01:0a:b6:33:4e:f8:e9:0e:52:56:89:30:bb:42:
         7e:21:82:c2:f7:58:90:d6:67:b1:89:42:91:21:11:fd:f3:b7:
         0f:a4:86:de:45:8f:35:65:69:9d:b4:95:e9:ce:cb:05:4b:79:
         d8:0a:33:3e:b8:bf:d8:49:fe:ca:be:90:2c:c7:d0:dd:89:68:
         ff:62:da:d0:dd:a3:4d:6e:57:e4:15:47:f4:db:c8:fc:78:55:
         5e:ec:cc:18:d1:d7:25:91:1d:17:e1:ef:68:a3:08:04:52:de:
         64:df:fe:2f:9d:52:40:06:41:4e:dc:30:5a:ca:56:7e:96:71:
         68:d6:28:1f:f7:b2:6a:c8:01:aa:e6:d3:4e:2f:b4:3c:dd:24:
         31:8d:9f:c2:96:9f:92:eb:05:f6:0f:83:66:94:73:1b:e0:67:
         8d:8b:d7:9a:59:a4:d2:6d:03:b4:a4:5d:9a:23:dc:cb:2a:df:
         61:bc:ff:d6:6d:65:07:17:e3:e9:20:3f:84:4d:7e:e5:16:3b:
         48:06:09:19:c3:ab:16:ab:f7:8d:e9:a5:0f:9f:e6:e5:22:df:
         31:71:36:a2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZCB7getWoUqerUO2/7GLbXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNzA1MDgwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjkwMmUyZTBlYjk4MDZhMDE2MDQ2YTIzOGJlNWE4NDgyNWRlZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYwSnUXmH9YRWvlENyDbZjBVCaHD
FfnwWboayfZJsO+9v0kv5LwKrv6QYFmf2xmPYjJM8UDnCc4mR8L1GTKW31fCyI4p
BniLhL2uPyx6m4ZzEMzxgkxRG8wa650c752a8kJhziSqmou8binL13y1wt6S2DUP
WvdlpdrA+F7qTYXEEtrnJRmT8dYC5DxTPCTp/PJ2Iy1HackVkr3LzyFf8CXd93g5
b2tKZApCKm/pT/ezIbwyW230CeFZiF4OcqbLuZizxy0rKCZRex9OQG+saxUpUPHo
jWqydjN73t2piJfRQ2/+8R5b+DK+LaO4C2SqaLOs1bbPuePfJMC3GzILfQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJKQLi4OuYBqAWBGoji+WoSCXe4GMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEva3BBdUxnNjVnR29CWUVhaU9MNWFoSUpkN2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBowUAMAwD
BACjBQMDBACjBQQwDAMEAaMFBgMEAaMFCDAMAwQAowUNAwQCowUQAwQAowUWAwQA
owUZMA0GCSqGSIb3DQEBCwUAA4IBAQB91XP1gI+eXzt+P0K6dU/BYJIwf8yrguWQ
LFo/4rT11wCzGo4Mh1ziAQq2M0746Q5SVokwu0J+IYLC91iQ1mexiUKRIRH987cP
pIbeRY81ZWmdtJXpzssFS3nYCjM+uL/YSf7KvpAsx9DdiWj/YtrQ3aNNblfkFUf0
28j8eFVe7MwY0dclkR0X4e9oowgEUt5k3/4vnVJABkFO3DBaylZ+lnFo1igf97Jq
yAGq5tNOL7Q83SQxjZ/Clp+S6wX2D4NmlHMb4GeNi9eaWaTSbQO0pF2aI9zLKt9h
vP/WbWUHF+PpID+ETX7lFjtIBgkZw6sWq/eN6aUPn+blIt8xcTai
-----END CERTIFICATE-----