Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rNQGbiXxdMfZpcSlK7Oo2-Tw3lE.roa
File:                     rNQGbiXxdMfZpcSlK7Oo2-Tw3lE.roa (raw, json)
Hash identifier:          xhsVGBr4LTJgHqK8OMrMe38gthPAdQYI/BStJMFIy68=
Subject key identifier:   AC:D4:06:6E:25:F1:74:C7:D9:A5:C4:A5:2B:B3:A8:DB:E4:F0:DE:51
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018D18552648985D27A7A87C7662CCB352EA
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rNQGbiXxdMfZpcSlK7Oo2-Tw3lE.roa
Signing time:             Wed 17 Jan 2024 16:50:49 +0000
ROA not before:           Wed 17 Jan 2024 16:50:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        163.5.0.0/24 maxlen: 24
                          163.5.1.0/24 maxlen: 24
                          163.5.3.0/24 maxlen: 24
                          163.5.4.0/24 maxlen: 24
                          163.5.6.0/24 maxlen: 24
                          163.5.7.0/24 maxlen: 24
                          163.5.8.0/24 maxlen: 24
                          163.5.9.0/24 maxlen: 24
                          163.5.13.0/24 maxlen: 24
                          163.5.14.0/24 maxlen: 24
                          163.5.15.0/24 maxlen: 24
                          163.5.16.0/24 maxlen: 24
                          163.5.17.0/24 maxlen: 24
                          163.5.18.0/24 maxlen: 24
                          163.5.19.0/24 maxlen: 24
                          163.5.21.0/24 maxlen: 24
                          163.5.22.0/24 maxlen: 24
                          163.5.25.0/24 maxlen: 24
                          163.5.26.0/24 maxlen: 24
                          163.5.27.0/24 maxlen: 24
                          163.5.28.0/24 maxlen: 24
                          163.5.73.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 12:24:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:55:26:48:98:5d:27:a7:a8:7c:76:62:cc:b3:52:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 17 16:50:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acd4066e25f174c7d9a5c4a52bb3a8dbe4f0de51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4c:97:f8:39:26:e7:36:6b:fe:a7:cb:5d:59:
                    5a:0d:90:21:63:bc:02:16:c2:a6:96:ce:ad:74:b2:
                    28:ac:92:da:fa:47:5a:76:89:6a:51:22:f5:c0:09:
                    a4:62:1c:f5:18:83:fc:b3:47:14:cb:e6:ec:86:fb:
                    d6:bd:83:ed:73:42:1a:e0:61:37:e2:4d:84:46:24:
                    18:5b:bb:08:6e:52:6e:32:16:96:dc:84:5e:a6:39:
                    8b:7b:ed:64:80:8b:14:cf:f4:03:4a:48:71:ee:e8:
                    d3:d9:82:90:11:d3:26:ae:1a:d7:79:9e:7f:d9:81:
                    2e:61:68:e8:5f:39:00:b4:e7:4b:0d:4f:55:38:ae:
                    c7:7b:7c:40:64:ed:c6:e5:ca:76:f8:4f:1a:75:65:
                    c0:4b:55:b6:70:ab:f5:c6:f3:82:72:26:30:58:77:
                    1c:18:18:89:85:dc:b8:4c:81:25:6c:1f:97:83:19:
                    99:54:69:38:d0:a6:e0:63:55:0a:58:3d:9d:c1:b5:
                    0c:9f:4c:2f:5d:10:e2:44:45:24:55:f3:80:f5:89:
                    52:95:2c:d9:85:6e:2d:09:aa:4b:4a:02:08:c4:27:
                    69:13:db:cd:54:14:17:52:8f:8f:af:79:40:58:fd:
                    82:58:71:bd:b4:bb:d2:39:4d:41:b5:e4:30:b1:68:
                    df:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D4:06:6E:25:F1:74:C7:D9:A5:C4:A5:2B:B3:A8:DB:E4:F0:DE:51
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rNQGbiXxdMfZpcSlK7Oo2-Tw3lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.0.0/23
                  163.5.3.0-163.5.4.255
                  163.5.6.0-163.5.9.255
                  163.5.13.0-163.5.19.255
                  163.5.21.0-163.5.22.255
                  163.5.25.0-163.5.28.255
                  163.5.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:0d:92:8e:10:ea:67:34:aa:b1:ff:02:e4:06:06:18:47:d3:
         ed:b1:67:ca:d7:ff:10:b8:1c:05:e6:34:16:62:52:99:46:88:
         61:f5:0c:41:9a:59:f6:29:9e:3f:54:c5:59:6b:7d:52:12:21:
         ab:d1:43:a9:21:90:af:98:f0:3f:94:4a:be:10:10:d0:01:aa:
         31:ba:ed:98:73:ff:cf:32:7c:83:d4:eb:5f:f9:f5:ae:60:cc:
         81:43:0b:ab:68:e2:aa:8b:5e:66:d5:13:24:cf:bc:02:3b:5a:
         79:4d:68:df:06:69:ab:1c:b1:61:94:7e:0a:ce:7f:a2:3f:da:
         12:46:8f:41:c0:1a:f4:e3:7f:5d:69:81:9f:bc:45:9d:e9:9c:
         88:31:0b:60:db:cf:a4:3d:c9:47:46:26:7a:a9:0c:71:8a:f7:
         db:cd:da:3d:3f:e7:18:9d:fd:4a:b0:f1:24:b1:bd:06:c5:cc:
         85:50:4a:2e:9e:4f:d4:2d:35:0b:a5:17:43:b1:2b:27:7f:05:
         a2:78:67:71:18:b1:f4:0f:9c:a1:5f:f1:5a:a4:9c:75:c4:89:
         7d:52:03:d2:8e:aa:76:66:c2:64:f0:5d:45:b0:df:c1:90:a3:
         ac:87:7e:f8:a9:22:fe:9c:71:17:19:a6:d3:d1:cc:95:a0:59:
         5f:61:55:b7
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY0YVSZImF0np6h8dmLMs1LqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTE3MTY1MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Q0MDY2ZTI1ZjE3NGM3ZDlhNWM0YTUyYmIzYThkYmU0ZjBkZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEyX+Dkm5zZr/qfLXVlaDZAhY7wC
FsKmls6tdLIorJLa+kdadolqUSL1wAmkYhz1GIP8s0cUy+bshvvWvYPtc0Ia4GE3
4k2ERiQYW7sIblJuMhaW3IRepjmLe+1kgIsUz/QDSkhx7ujT2YKQEdMmrhrXeZ5/
2YEuYWjoXzkAtOdLDU9VOK7He3xAZO3G5cp2+E8adWXAS1W2cKv1xvOCciYwWHcc
GBiJhdy4TIElbB+XgxmZVGk40KbgY1UKWD2dwbUMn0wvXRDiREUkVfOA9YlSlSzZ
hW4tCapLSgIIxCdpE9vNVBQXUo+Pr3lAWP2CWHG9tLvSOU1BteQwsWjfpwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFKzUBm4l8XTH2aXEpSuzqNvk8N5RMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvck5RR2JpWHhkTWZacGNTbEs3T28yLVR3M2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQBowUAMAwD
BACjBQMDBACjBQQwDAMEAaMFBgMEAaMFCDAMAwQAowUNAwQCowUQMAwDBACjBRUD
BACjBRYwDAMEAKMFGQMEAKMFHAMEAKMFSTANBgkqhkiG9w0BAQsFAAOCAQEAEQ2S
jhDqZzSqsf8C5AYGGEfT7bFnytf/ELgcBeY0FmJSmUaIYfUMQZpZ9imeP1TFWWt9
UhIhq9FDqSGQr5jwP5RKvhAQ0AGqMbrtmHP/zzJ8g9TrX/n1rmDMgUMLq2jiqote
ZtUTJM+8AjtaeU1o3wZpqxyxYZR+Cs5/oj/aEkaPQcAa9ON/XWmBn7xFnemciDEL
YNvPpD3JR0YmeqkMcYr3283aPT/nGJ39SrDxJLG9BsXMhVBKLp5P1C01C6UXQ7Er
J38FonhncRix9A+coV/xWqScdcSJfVID0o6qdmbCZPBdRbDfwZCjrId++Kki/pxx
Fxmm09HMlaBZX2FVtw==
-----END CERTIFICATE-----