Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kvZYhMWnwxax8nOeb2OzS0nsWtM.roa
File:                     kvZYhMWnwxax8nOeb2OzS0nsWtM.roa (raw, json)
Hash identifier:          XQ7PnMIceOP01I0ONQRWZ/3aE/5XB/yJ8dMb1x+5Koc=
Subject key identifier:   92:F6:58:84:C5:A7:C3:16:B1:F2:73:9E:6F:63:B3:4B:49:EC:5A:D3
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0189747C4242AE3CE36A67B2D626AAEF87A9
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kvZYhMWnwxax8nOeb2OzS0nsWtM.roa
Signing time:             Thu 20 Jul 2023 18:07:27 +0000
ROA not before:           Thu 20 Jul 2023 18:07:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205021
IP address blocks:        163.5.107.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:7c:42:42:ae:3c:e3:6a:67:b2:d6:26:aa:ef:87:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 20 18:07:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=92f65884c5a7c316b1f2739e6f63b34b49ec5ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ce:b5:d6:e8:de:6a:2e:5d:37:b2:ab:af:61:
                    8d:67:30:7d:d8:22:b7:be:28:64:f4:ec:19:59:dc:
                    41:f1:a1:09:22:ac:e9:36:e2:cd:f2:28:c1:58:24:
                    fa:15:ea:7d:ca:d5:26:9e:9f:df:08:b3:88:47:b6:
                    fe:8e:91:28:ac:b7:fc:53:80:78:77:fa:c4:4c:31:
                    8d:74:f4:7d:8c:a6:cf:c4:f7:17:93:8f:5e:1c:45:
                    5f:33:95:b6:e8:6e:43:1a:c4:b1:47:00:e1:fd:c1:
                    4e:47:a2:07:4b:3c:e9:a5:e6:e9:fc:f3:03:87:e6:
                    d3:36:b2:bd:ac:92:72:12:49:05:fe:ed:7f:7c:c2:
                    f2:87:8b:ad:1d:71:33:ca:d8:8b:f1:18:98:09:4b:
                    61:22:de:5d:70:30:9c:a4:49:4d:9f:c3:71:ca:9b:
                    59:0d:64:f3:92:59:fc:94:c2:c1:73:3f:86:b8:67:
                    16:46:89:1c:04:c4:bd:bb:54:3e:81:73:68:66:cf:
                    cd:fe:56:c4:c9:a3:6a:56:8f:7e:be:d5:b8:86:3a:
                    c7:6f:37:a5:a5:6b:b2:17:6a:91:2f:1b:42:37:b0:
                    47:80:39:df:86:65:ae:13:68:5b:b5:bc:b3:6e:54:
                    ed:49:48:d8:40:bb:fa:5f:7c:3e:ee:98:bc:ec:05:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F6:58:84:C5:A7:C3:16:B1:F2:73:9E:6F:63:B3:4B:49:EC:5A:D3
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/kvZYhMWnwxax8nOeb2OzS0nsWtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ac:5d:ba:8a:91:53:dd:56:4b:be:c9:07:2c:9b:b6:27:3c:
         7f:7c:ec:7a:15:8d:c3:ce:b0:df:f3:5d:09:e9:c5:40:2d:55:
         ce:d3:be:67:d7:9c:7b:ae:08:ed:00:35:89:5c:0a:67:61:41:
         93:9c:d4:19:03:47:a4:3f:1d:c3:80:3b:49:a3:7c:b7:e6:ab:
         4b:fd:42:a0:70:53:8d:87:02:b3:f4:16:ca:72:6c:3c:b2:06:
         81:03:cb:f4:3f:ab:c9:c9:18:0f:41:69:5e:a4:05:25:84:66:
         02:05:92:b5:20:ab:cf:10:24:b0:b0:7e:a8:72:4b:5f:af:01:
         86:70:30:7e:50:e9:a7:bb:00:6b:61:70:fc:df:39:6d:f3:dd:
         cf:0c:1b:04:3d:e8:5e:2e:8c:30:8d:1f:a0:78:11:b5:4c:20:
         a5:aa:87:fe:af:6e:29:b3:a0:64:2d:c7:47:07:3b:d6:8c:02:
         09:c5:4e:c9:b5:01:89:b8:85:75:ad:79:fe:86:0c:ed:8a:4e:
         a8:8a:87:49:8b:b4:86:8a:72:9a:73:37:7f:43:0e:1b:4e:ab:
         a7:f6:6f:b0:85:1e:e9:b0:7f:ee:97:60:44:81:6d:ff:9a:08:
         c6:fc:7c:cf:d7:28:be:2a:89:e7:16:97:b5:02:88:85:e3:fc:
         b3:5f:0a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYl0fEJCrjzjamey1iaq74epMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNzIwMTgwNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmY2NTg4NGM1YTdjMzE2YjFmMjczOWU2ZjYzYjM0YjQ5ZWM1YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8611ujeai5dN7Krr2GNZzB92CK3
vihk9OwZWdxB8aEJIqzpNuLN8ijBWCT6Fep9ytUmnp/fCLOIR7b+jpEorLf8U4B4
d/rETDGNdPR9jKbPxPcXk49eHEVfM5W26G5DGsSxRwDh/cFOR6IHSzzppebp/PMD
h+bTNrK9rJJyEkkF/u1/fMLyh4utHXEzytiL8RiYCUthIt5dcDCcpElNn8NxyptZ
DWTzkln8lMLBcz+GuGcWRokcBMS9u1Q+gXNoZs/N/lbEyaNqVo9+vtW4hjrHbzel
pWuyF2qRLxtCN7BHgDnfhmWuE2hbtbyzblTtSUjYQLv6X3w+7pi87AX7kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL2WITFp8MWsfJznm9js0tJ7FrTMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEva3ZaWWhNV253eGF4OG5PZWIyT3pTMG5zV3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVrMA0G
CSqGSIb3DQEBCwUAA4IBAQClrF26ipFT3VZLvskHLJu2Jzx/fOx6FY3DzrDf810J
6cVALVXO075n15x7rgjtADWJXApnYUGTnNQZA0ekPx3DgDtJo3y35qtL/UKgcFON
hwKz9BbKcmw8sgaBA8v0P6vJyRgPQWlepAUlhGYCBZK1IKvPECSwsH6ocktfrwGG
cDB+UOmnuwBrYXD83zlt893PDBsEPeheLowwjR+geBG1TCClqof+r24ps6BkLcdH
BzvWjAIJxU7JtQGJuIV1rXn+hgztik6oiodJi7SGinKaczd/Qw4bTqun9m+whR7p
sH/ul2BEgW3/mgjG/HzP1yi+KonnFpe1AoiF4/yzXwr2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:35 2024 by rpki-client on console-ams.rpki-client.org