Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lo7N6oykQweO03b2kndrq3GfaKE.roa
File:                     lo7N6oykQweO03b2kndrq3GfaKE.roa (raw, json)
Hash identifier:          E1wV/GVDEfWusr6Af8jytYzZXRENGVDTLC5iIQO9Ug8=
Subject key identifier:   96:8E:CD:EA:8C:A4:43:07:8E:D3:76:F6:92:77:6B:AB:71:9F:68:A1
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01863AB8215F9C632DFE7F5CB10C3B4B700A
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lo7N6oykQweO03b2kndrq3GfaKE.roa
Signing time:             Fri 10 Feb 2023 09:46:31 +0000
ROA not before:           Fri 10 Feb 2023 09:46:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     400377
IP address blocks:        163.5.102.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 May 2023 10:41:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:3a:b8:21:5f:9c:63:2d:fe:7f:5c:b1:0c:3b:4b:70:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Feb 10 09:46:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=968ecdea8ca443078ed376f692776bab719f68a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:15:34:4e:de:54:06:79:39:3c:9f:61:b5:9e:
                    f0:64:39:ca:bd:d6:79:fc:ba:76:18:3c:7d:30:ba:
                    d7:bc:c9:22:a4:15:9f:2c:db:a1:08:91:40:ca:ec:
                    81:e2:ce:94:6c:b5:73:f6:88:b6:eb:c4:d2:39:a8:
                    47:cf:d5:ee:64:73:c4:0e:98:a1:66:31:30:7f:8e:
                    69:2f:5d:29:87:41:1b:8d:6c:e2:14:c7:52:1a:5b:
                    77:7e:27:00:87:f9:42:a0:3d:f8:f6:a7:0b:1a:14:
                    71:ac:3d:38:fd:bf:99:45:75:0c:fb:65:e4:02:70:
                    ea:6d:a5:06:39:77:be:81:5f:07:e3:09:b6:d1:2e:
                    ea:28:bd:3a:8f:b3:5b:f7:dc:b0:e6:27:7c:22:c6:
                    a6:f5:7b:f7:4c:b6:f1:61:b2:f0:82:28:58:fe:f3:
                    49:08:88:ff:54:6c:4c:33:4b:18:dd:32:ee:7b:5f:
                    44:16:40:4b:b8:37:e7:1d:b4:92:2d:d7:39:4b:3c:
                    88:e1:ab:ce:c6:da:c3:24:72:0e:8b:8b:58:e9:06:
                    e5:7c:30:08:9d:a3:94:59:f2:49:19:db:6b:03:fd:
                    4a:4e:e0:f3:08:f5:12:36:f3:12:37:07:e7:84:7d:
                    34:6d:52:f6:d1:01:b7:40:0d:c3:67:31:b5:78:d1:
                    57:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8E:CD:EA:8C:A4:43:07:8E:D3:76:F6:92:77:6B:AB:71:9F:68:A1
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lo7N6oykQweO03b2kndrq3GfaKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:d1:50:d8:8f:6d:45:77:26:45:d9:65:bc:9c:84:e3:81:8f:
         24:d2:58:c8:59:22:dd:4e:7e:52:57:65:bb:ee:93:9a:04:dd:
         b9:9f:fb:da:6f:75:2f:71:b9:c0:79:a3:9d:e2:f9:8e:96:67:
         a4:70:34:e7:ff:70:28:f5:ff:90:ce:e9:f7:7e:6b:59:1f:9e:
         a1:f3:e2:b0:68:b4:db:3f:9c:9c:cf:0d:ba:d4:cc:b4:c1:c6:
         71:8e:9a:ba:89:1f:49:b9:71:40:74:cd:6c:9d:34:19:93:45:
         57:4f:69:9f:14:d0:65:ca:41:3d:4b:b0:38:e8:8a:14:e8:6c:
         37:2d:30:da:ea:3d:16:34:94:1e:ed:d3:88:e6:d6:f3:81:42:
         7e:c4:98:53:a2:81:ef:a5:36:73:db:bd:e3:cb:75:ec:81:c7:
         b2:4f:76:2b:b7:17:b6:ea:0a:e8:80:31:9d:f5:6e:17:44:73:
         6e:48:87:16:65:5e:cd:91:4c:f7:27:6d:49:d4:93:f9:f7:4b:
         62:f2:8c:b4:ac:b4:91:ba:33:8d:dc:2d:f6:6c:8a:91:c9:c5:
         f6:7c:df:ad:c2:5c:26:b3:43:64:ae:b4:61:4b:09:e0:e5:35:
         07:43:df:64:5a:55:d6:50:af:01:f9:b4:fc:0c:03:3c:e9:6c:
         64:8f:d5:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYY6uCFfnGMt/n9csQw7S3AKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMwMjEwMDk0NjMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhlY2RlYThjYTQ0MzA3OGVkMzc2ZjY5Mjc3NmJhYjcxOWY2OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhU0Tt5UBnk5PJ9htZ7wZDnKvdZ5
/Lp2GDx9MLrXvMkipBWfLNuhCJFAyuyB4s6UbLVz9oi268TSOahHz9XuZHPEDpih
ZjEwf45pL10ph0EbjWziFMdSGlt3ficAh/lCoD349qcLGhRxrD04/b+ZRXUM+2Xk
AnDqbaUGOXe+gV8H4wm20S7qKL06j7Nb99yw5id8Isam9Xv3TLbxYbLwgihY/vNJ
CIj/VGxMM0sY3TLue19EFkBLuDfnHbSSLdc5SzyI4avOxtrDJHIOi4tY6QblfDAI
naOUWfJJGdtrA/1KTuDzCPUSNvMSNwfnhH00bVL20QG3QA3DZzG1eNFXrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaOzeqMpEMHjtN29pJ3a6txn2ihMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbG83TjZveWtRd2VPMDNiMmtuZHJxM0dmYUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVmMA0G
CSqGSIb3DQEBCwUAA4IBAQA60VDYj21FdyZF2WW8nITjgY8k0ljIWSLdTn5SV2W7
7pOaBN25n/vab3UvcbnAeaOd4vmOlmekcDTn/3Ao9f+Qzun3fmtZH56h8+KwaLTb
P5yczw261My0wcZxjpq6iR9JuXFAdM1snTQZk0VXT2mfFNBlykE9S7A46IoU6Gw3
LTDa6j0WNJQe7dOI5tbzgUJ+xJhTooHvpTZz273jy3XsgceyT3Yrtxe26grogDGd
9W4XRHNuSIcWZV7NkUz3J21J1JP590ti8oy0rLSRujON3C32bIqRycX2fN+twlwm
s0NkrrRhSwng5TUHQ99kWlXWUK8B+bT8DAM86Wxkj9W/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:07 2024 by rpki-client on console-fra.rpki-client.org