Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lQ7Nh_1JvLPxKXZIbwQdRGbPs3g.roa
File:                     lQ7Nh_1JvLPxKXZIbwQdRGbPs3g.roa (raw, json)
Hash identifier:          LKsP9eryETKW2GpBiBmxipkEkRLrb3U4hKgfqAG4lhs=
Subject key identifier:   95:0E:CD:87:FD:49:BC:B3:F1:29:76:48:6F:04:1D:44:66:CF:B3:78
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0188F16D5FD824205401676E2F391388E5A4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lQ7Nh_1JvLPxKXZIbwQdRGbPs3g.roa
Signing time:             Sun 25 Jun 2023 07:20:56 +0000
ROA not before:           Sun 25 Jun 2023 07:20:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211936
IP address blocks:        163.5.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f1:6d:5f:d8:24:20:54:01:67:6e:2f:39:13:88:e5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jun 25 07:20:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=950ecd87fd49bcb3f12976486f041d4466cfb378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:12:43:43:7e:59:34:da:17:5b:9d:b5:08:16:
                    17:95:10:16:8f:f3:2c:ba:98:b0:3f:08:e1:82:db:
                    cb:cc:24:13:0c:35:26:4d:3d:ca:c5:1d:86:81:66:
                    16:67:d1:49:a1:0e:a7:a5:f5:bd:c4:c9:7f:97:5d:
                    97:e1:e9:d0:3b:5a:dc:a6:a1:c3:31:d6:d9:48:90:
                    9c:d8:06:62:b3:51:b4:8d:a5:b4:67:8a:fc:cd:ea:
                    72:79:8c:8a:0b:48:22:83:39:77:1a:ab:54:c7:a0:
                    a9:45:e5:23:84:4d:bc:60:3f:35:6f:e2:56:a9:fe:
                    2f:7b:5d:9f:1a:87:5a:f8:b2:94:1e:5c:3a:b1:be:
                    c6:79:9f:d8:7b:02:f0:38:b9:7c:c6:79:c3:f9:9c:
                    63:54:04:8d:10:b5:71:2d:51:9c:91:d3:3c:e4:4d:
                    ad:1b:6c:57:8d:4d:3a:9b:2a:b5:0f:26:30:bc:37:
                    a5:fb:ee:d9:a7:fa:8c:25:5c:16:0b:58:a9:d9:0f:
                    e9:44:ab:62:e0:64:fe:bd:bc:be:b6:b6:da:5a:d8:
                    8b:58:d3:48:6b:e7:fd:59:1e:67:94:0e:de:d9:de:
                    b7:cc:51:47:8d:c5:8b:ca:51:44:32:c6:6a:1a:3e:
                    5b:f2:0f:4e:04:6d:8d:ce:91:a4:0d:c5:40:10:17:
                    e4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0E:CD:87:FD:49:BC:B3:F1:29:76:48:6F:04:1D:44:66:CF:B3:78
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lQ7Nh_1JvLPxKXZIbwQdRGbPs3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:0c:1e:4d:a6:19:96:1f:33:3e:12:8e:ed:44:0f:59:cc:e4:
         d0:ce:92:04:0d:f0:89:87:62:31:c0:13:1f:93:d3:7c:ac:f0:
         64:61:f7:20:32:a6:88:cb:c5:95:f1:a7:9d:f5:71:06:30:1b:
         83:76:89:35:52:d8:b5:5e:da:34:4a:18:b5:cf:9b:25:1f:6a:
         22:f1:f1:28:21:91:84:24:c1:9f:58:1f:39:80:c4:f0:35:a3:
         72:be:f1:37:25:26:ba:16:6e:8f:2b:9f:12:0c:21:74:1b:45:
         d1:99:3c:b3:3f:ff:38:ff:92:b1:83:20:6a:15:c2:92:f1:1a:
         98:bb:e7:18:b6:21:01:b6:43:49:31:96:62:47:8e:b0:d9:e2:
         90:ea:c2:3c:5a:eb:64:93:aa:18:c9:64:c2:1b:be:ff:2b:67:
         9e:da:49:a3:a9:71:a5:83:85:90:53:f4:fa:b3:73:d5:44:50:
         9f:92:1a:56:85:0b:8c:cf:98:50:d4:9f:e4:86:9b:67:f0:51:
         fc:3e:9f:97:f7:1c:74:84:82:da:11:36:64:d1:30:72:34:a8:
         e0:ed:cc:f9:30:c0:5d:da:fe:a7:48:65:94:d4:ab:7d:1e:ab:
         79:47:e3:59:e8:63:62:90:24:83:f5:1b:5c:c9:5a:b8:1a:c1:
         94:aa:63:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYjxbV/YJCBUAWduLzkTiOWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwNjI1MDcyMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBlY2Q4N2ZkNDliY2IzZjEyOTc2NDg2ZjA0MWQ0NDY2Y2ZiMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRJDQ35ZNNoXW521CBYXlRAWj/Ms
upiwPwjhgtvLzCQTDDUmTT3KxR2GgWYWZ9FJoQ6npfW9xMl/l12X4enQO1rcpqHD
MdbZSJCc2AZis1G0jaW0Z4r8zepyeYyKC0gigzl3GqtUx6CpReUjhE28YD81b+JW
qf4ve12fGoda+LKUHlw6sb7GeZ/YewLwOLl8xnnD+ZxjVASNELVxLVGckdM85E2t
G2xXjU06myq1DyYwvDel++7Zp/qMJVwWC1ip2Q/pRKti4GT+vby+trbaWtiLWNNI
a+f9WR5nlA7e2d63zFFHjcWLylFEMsZqGj5b8g9OBG2NzpGkDcVAEBfkDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUOzYf9Sbyz8Sl2SG8EHURmz7N4MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbFE3TmhfMUp2TFB4S1haSWJ3UWRSR2JQczNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWoMA0G
CSqGSIb3DQEBCwUAA4IBAQBxDB5NphmWHzM+Eo7tRA9ZzOTQzpIEDfCJh2IxwBMf
k9N8rPBkYfcgMqaIy8WV8aed9XEGMBuDdok1Uti1Xto0Shi1z5slH2oi8fEoIZGE
JMGfWB85gMTwNaNyvvE3JSa6Fm6PK58SDCF0G0XRmTyzP/84/5KxgyBqFcKS8RqY
u+cYtiEBtkNJMZZiR46w2eKQ6sI8Wutkk6oYyWTCG77/K2ee2kmjqXGlg4WQU/T6
s3PVRFCfkhpWhQuMz5hQ1J/khptn8FH8Pp+X9xx0hILaETZk0TByNKjg7cz5MMBd
2v6nSGWU1Kt9Hqt5R+NZ6GNikCSD9RtcyVq4GsGUqmPg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:07 2024 by rpki-client on console-fra.rpki-client.org