Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qQu2IO3T1u3IP8dn1AYZChPd_wc.roa
File:                     qQu2IO3T1u3IP8dn1AYZChPd_wc.roa (raw, json)
Hash identifier:          d+1duat+94/TzS81sC6ZTgqDVOCtTnnwRaYQvA97flU=
Subject key identifier:   A9:0B:B6:20:ED:D3:D6:ED:C8:3F:C7:67:D4:06:19:0A:13:DD:FF:07
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       01914116E403E9B4736C51C182F8702F2645
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qQu2IO3T1u3IP8dn1AYZChPd_wc.roa
Signing time:             Sun 11 Aug 2024 10:58:24 +0000
ROA not before:           Sun 11 Aug 2024 10:58:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        163.5.31.0/24 maxlen: 24
                          163.5.35.0/24 maxlen: 24
                          163.5.62.0/24 maxlen: 24
                          163.5.99.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.193.0/24 maxlen: 24
                          163.5.213.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 05 Sep 2024 16:40:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:41:16:e4:03:e9:b4:73:6c:51:c1:82:f8:70:2f:26:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Aug 11 10:58:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a90bb620edd3d6edc83fc767d406190a13ddff07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3f:f9:11:5c:77:77:5d:6b:4a:bd:25:6b:28:
                    62:cb:95:f8:d8:dd:3a:f0:f6:00:5a:ed:9d:a3:7c:
                    42:c1:fd:a6:e2:32:c5:3d:8c:fa:98:89:43:c5:c7:
                    d9:10:1f:41:f3:db:22:5b:56:37:59:4d:e6:f3:ac:
                    41:99:a1:71:c5:b9:1d:87:21:e6:69:8e:b3:d3:10:
                    aa:8b:31:74:91:c7:8b:78:46:17:0e:23:0a:57:c3:
                    3e:2d:29:60:19:48:99:f8:2c:ca:98:a9:18:3c:04:
                    ca:92:a5:71:f2:a6:18:3f:35:3c:b7:08:5e:32:c8:
                    34:93:07:53:c4:58:06:81:38:8e:24:45:51:26:e5:
                    cf:81:c4:f6:3a:a7:ab:a7:54:34:2e:9e:50:35:7a:
                    b4:e6:4a:6b:e9:c1:27:87:bf:c2:ff:39:c3:d2:df:
                    f1:c8:b6:03:8f:2a:d3:5e:06:63:a7:66:ab:f7:3c:
                    2c:24:2a:b5:80:e2:3d:13:8e:c5:d0:c5:f1:4f:c5:
                    43:b7:7b:8f:8e:1d:d0:78:7e:b9:24:94:27:d6:81:
                    31:da:23:e4:1a:85:23:bd:ae:f4:8a:f5:fc:50:18:
                    2c:3f:18:79:c7:78:8a:97:e2:a9:12:80:1d:56:84:
                    44:8c:80:60:e3:b8:86:8c:64:bb:4e:3d:5b:60:ca:
                    1c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0B:B6:20:ED:D3:D6:ED:C8:3F:C7:67:D4:06:19:0A:13:DD:FF:07
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/qQu2IO3T1u3IP8dn1AYZChPd_wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24
                  163.5.35.0/24
                  163.5.62.0/24
                  163.5.99.0/24
                  163.5.142.0/23
                  163.5.192.0/23
                  163.5.213.0-163.5.214.255
                  163.5.221.0/24
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e7:b2:e5:79:a2:30:25:ee:08:2f:5c:d1:4f:d1:95:f7:31:
         15:c3:cd:4e:e0:ea:66:32:1b:54:83:84:a9:11:88:1b:43:25:
         9a:91:d1:3f:4f:84:7a:fa:29:2c:8f:87:74:24:84:2c:93:d1:
         9c:24:4d:5b:6e:1a:f3:d0:11:98:9e:71:e2:bd:1d:4c:56:73:
         1a:ad:66:6b:b8:a8:bf:e1:ad:c7:de:fc:37:ac:d8:3f:d5:ea:
         d8:5b:bc:aa:db:a0:e5:7a:97:b4:36:a8:61:94:24:cd:31:a2:
         c9:87:32:20:52:87:eb:43:9f:51:dd:41:c8:80:af:b3:b0:40:
         2d:19:e0:4e:a4:3b:f1:5d:75:11:f2:81:3d:78:15:76:75:69:
         8b:9d:2a:04:b1:89:1c:f4:38:41:42:30:2f:a8:b2:9b:45:f9:
         af:f4:8f:de:a9:17:d2:88:f1:79:b0:f6:be:37:f5:a1:a5:34:
         5f:b2:8d:9e:12:17:80:04:2f:25:23:7b:48:0f:8c:eb:47:0d:
         ca:51:1e:dc:72:51:ab:26:a3:a4:14:8c:3f:75:f9:bb:83:db:
         6e:ed:c0:86:90:6c:aa:fc:80:8c:96:5b:76:01:b3:6a:83:60:
         78:6b:79:80:b6:7b:2f:3e:7e:29:23:77:71:8b:b2:fe:e0:14:
         c4:24:a4:89
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZFBFuQD6bRzbFHBgvhwLyZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwODExMTA1ODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTBiYjYyMGVkZDNkNmVkYzgzZmM3NjdkNDA2MTkwYTEzZGRmZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj/5EVx3d11rSr0layhiy5X42N06
8PYAWu2do3xCwf2m4jLFPYz6mIlDxcfZEB9B89siW1Y3WU3m86xBmaFxxbkdhyHm
aY6z0xCqizF0kceLeEYXDiMKV8M+LSlgGUiZ+CzKmKkYPATKkqVx8qYYPzU8twhe
Msg0kwdTxFgGgTiOJEVRJuXPgcT2Oqerp1Q0Lp5QNXq05kpr6cEnh7/C/znD0t/x
yLYDjyrTXgZjp2ar9zwsJCq1gOI9E47F0MXxT8VDt3uPjh3QeH65JJQn1oEx2iPk
GoUjva70ivX8UBgsPxh5x3iKl+KpEoAdVoREjIBg47iGjGS7Tj1bYMocRQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKkLtiDt09btyD/HZ9QGGQoT3f8HMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcVF1MklPM1QxdTNJUDhkbjFBWVpDaFBkX3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowUfAwQA
owUjAwQAowU+AwQAowVjAwQBowWOAwQBowXAMAwDBACjBdUDBACjBdYDBACjBd0D
BAC5/TYwDQYJKoZIhvcNAQELBQADggEBAEDnsuV5ojAl7ggvXNFP0ZX3MRXDzU7g
6mYyG1SDhKkRiBtDJZqR0T9PhHr6KSyPh3QkhCyT0ZwkTVtuGvPQEZieceK9HUxW
cxqtZmu4qL/hrcfe/Des2D/V6thbvKrboOV6l7Q2qGGUJM0xosmHMiBSh+tDn1Hd
QciAr7OwQC0Z4E6kO/FddRHygT14FXZ1aYudKgSxiRz0OEFCMC+osptF+a/0j96p
F9KI8Xmw9r439aGlNF+yjZ4SF4AELyUje0gPjOtHDcpRHtxyUasmo6QUjD91+buD
227twIaQbKr8gIyWW3YBs2qDYHhreYC2ey8+fikjd3GLsv7gFMQkpIk=
-----END CERTIFICATE-----