Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vFDX_2I8F4uu3RWB4_gqMq_EL7A.roa
File:                     vFDX_2I8F4uu3RWB4_gqMq_EL7A.roa (raw, json)
Hash identifier:          58rUUnlU/0R7niA0fPHwoi9wsr/Z4PDYrzEp9AgWRdE=
Subject key identifier:   BC:50:D7:FF:62:3C:17:8B:AE:DD:15:81:E3:F8:2A:32:AF:C4:2F:B0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018E7205C876396A422E84AA597499097180
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vFDX_2I8F4uu3RWB4_gqMq_EL7A.roa
Signing time:             Sun 24 Mar 2024 19:52:45 +0000
ROA not before:           Sun 24 Mar 2024 19:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        163.5.38.0/23 maxlen: 23
                          163.5.38.0/24 maxlen: 24
                          163.5.39.0/24 maxlen: 24
                          163.5.60.0/24 maxlen: 24
                          163.5.63.0/24 maxlen: 24
                          163.5.88.0/24 maxlen: 24
                          163.5.90.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.100.0/24 maxlen: 24
                          163.5.101.0/24 maxlen: 24
                          163.5.102.0/24 maxlen: 24
                          163.5.108.0/24 maxlen: 24
                          163.5.109.0/24 maxlen: 24
                          163.5.114.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.117.0/24 maxlen: 24
                          163.5.119.0/24 maxlen: 24
                          163.5.130.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.147.0/24 maxlen: 24
                          163.5.174.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.192.0/24 maxlen: 24
                          163.5.225.0/24 maxlen: 24
                          163.5.226.0/24 maxlen: 24
                          163.5.227.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.229.0/24 maxlen: 24
                          163.5.230.0/24 maxlen: 24
                          163.5.238.0/24 maxlen: 24
                          163.5.240.0/24 maxlen: 24
                          163.5.243.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24
                          163.5.246.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 31 Mar 2024 15:57:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:72:05:c8:76:39:6a:42:2e:84:aa:59:74:99:09:71:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Mar 24 19:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc50d7ff623c178baedd1581e3f82a32afc42fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:36:f4:b3:09:42:c5:bc:a8:e7:8d:ce:5a:ac:
                    19:aa:0f:0e:8e:5d:e5:36:36:a6:35:80:40:d6:2c:
                    5e:4d:7f:53:0c:68:af:07:7e:e4:d5:9d:a0:7b:4f:
                    90:87:fa:dd:54:e0:30:90:45:50:ed:07:0b:8f:eb:
                    ac:f2:ad:91:5c:db:8a:c6:f7:3d:34:43:7e:56:21:
                    8d:1d:d1:20:b5:f4:07:c6:ba:1a:f0:29:b3:bd:b7:
                    7b:69:e0:4c:84:8c:11:7d:63:55:e7:3d:86:f4:60:
                    39:43:fc:01:78:3d:52:6f:9b:b8:e4:25:db:bb:de:
                    77:fc:b8:05:7c:c9:c7:25:a8:07:7b:69:eb:54:26:
                    b4:e0:17:59:b9:c8:ea:51:9b:e1:5b:59:e5:f2:66:
                    ae:0b:94:86:5f:07:73:f4:d6:71:04:0d:21:9c:6d:
                    86:8c:69:d0:10:4d:ed:c8:ff:85:ba:ec:2f:b4:8d:
                    c8:78:1b:88:30:37:5b:3a:2f:46:c1:1e:9b:95:08:
                    07:c8:b3:df:20:44:c0:40:c1:7f:7f:1b:12:1e:d0:
                    ce:a7:46:6f:34:c3:56:41:35:b8:6b:af:bc:aa:c2:
                    be:55:7a:de:4e:6a:a7:da:20:24:50:d7:4a:a2:94:
                    c1:65:0c:4b:d8:40:cc:23:e7:93:a3:d7:ee:61:9d:
                    fb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:50:D7:FF:62:3C:17:8B:AE:DD:15:81:E3:F8:2A:32:AF:C4:2F:B0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/vFDX_2I8F4uu3RWB4_gqMq_EL7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/23
                  163.5.60.0/24
                  163.5.63.0/24
                  163.5.88.0/24
                  163.5.90.0/24
                  163.5.93.0/24
                  163.5.100.0-163.5.102.255
                  163.5.108.0/23
                  163.5.114.0/24
                  163.5.116.0/23
                  163.5.119.0/24
                  163.5.130.0/23
                  163.5.133.0-163.5.134.255
                  163.5.147.0/24
                  163.5.174.0/24
                  163.5.189.0/24
                  163.5.192.0/24
                  163.5.225.0-163.5.230.255
                  163.5.238.0/24
                  163.5.240.0/24
                  163.5.243.0/24
                  163.5.245.0-163.5.246.255

    Signature Algorithm: sha256WithRSAEncryption
         2b:5c:ea:69:53:a5:aa:1d:47:a7:22:f6:6f:88:0b:1b:fd:fa:
         f2:b9:48:03:ae:73:cf:d7:7d:9f:5a:86:b7:14:fb:1e:29:e9:
         ad:2e:be:6d:38:7f:46:97:02:63:1e:4d:24:3e:a7:80:17:ba:
         62:81:2f:f7:e7:11:7d:85:cb:55:01:b9:fe:6d:a3:c9:68:b8:
         b3:72:ba:d7:56:10:43:ac:0d:c0:66:a6:8e:38:32:91:a8:9a:
         65:5c:10:ee:f4:25:f9:48:e7:19:04:bb:01:3c:f2:bd:49:1f:
         87:08:34:ac:33:0b:b3:ad:fc:58:1c:aa:c4:8c:c1:fc:88:3f:
         84:c4:f1:78:01:a2:93:fd:1e:e2:f2:e4:98:10:a2:b2:55:e3:
         7b:7c:14:9e:5b:31:da:49:a9:2e:44:fb:45:e3:85:26:f9:39:
         20:f3:a6:3b:09:a1:e4:8f:36:d8:4f:67:1e:64:7c:85:98:d2:
         44:cb:a8:3b:38:01:92:3d:8f:58:47:2b:5f:fb:dd:4a:62:6d:
         9b:1e:d7:cc:c2:1b:08:d9:0d:91:da:2b:c7:54:0b:81:ec:db:
         69:5f:dc:0a:74:21:8e:06:27:bf:b0:3d:a1:b8:b0:7d:86:af:
         bc:7d:83:ec:41:b2:4a:ef:e5:40:f0:75:11:60:c4:0c:ed:57:
         59:d4:f5:dc
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAY5yBch2OWpCLoSqWXSZCXGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMzI0MTk1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzUwZDdmZjYyM2MxNzhiYWVkZDE1ODFlM2Y4MmEzMmFmYzQyZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzb0swlCxbyo543OWqwZqg8Ojl3l
NjamNYBA1ixeTX9TDGivB37k1Z2ge0+Qh/rdVOAwkEVQ7QcLj+us8q2RXNuKxvc9
NEN+ViGNHdEgtfQHxroa8Cmzvbd7aeBMhIwRfWNV5z2G9GA5Q/wBeD1Sb5u45CXb
u953/LgFfMnHJagHe2nrVCa04BdZucjqUZvhW1nl8mauC5SGXwdz9NZxBA0hnG2G
jGnQEE3tyP+FuuwvtI3IeBuIMDdbOi9GwR6blQgHyLPfIETAQMF/fxsSHtDOp0Zv
NMNWQTW4a6+8qsK+VXreTmqn2iAkUNdKopTBZQxL2EDMI+eTo9fuYZ372wIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFLxQ1/9iPBeLrt0VgeP4KjKvxC+wMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvdkZEWF8ySThGNHV1M1JXQjRfZ3FNcV9FTDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAGj
BSYDBACjBTwDBACjBT8DBACjBVgDBACjBVoDBACjBV0wDAMEAqMFZAMEAKMFZgME
AaMFbAMEAKMFcgMEAaMFdAMEAKMFdwMEAaMFgjAMAwQAowWFAwQAowWGAwQAowWT
AwQAowWuAwQAowW9AwQAowXAMAwDBACjBeEDBACjBeYDBACjBe4DBACjBfADBACj
BfMwDAMEAKMF9QMEAKMF9jANBgkqhkiG9w0BAQsFAAOCAQEAK1zqaVOlqh1HpyL2
b4gLG/368rlIA65zz9d9n1qGtxT7HinprS6+bTh/RpcCYx5NJD6ngBe6YoEv9+cR
fYXLVQG5/m2jyWi4s3K611YQQ6wNwGamjjgykaiaZVwQ7vQl+UjnGQS7ATzyvUkf
hwg0rDMLs638WByqxIzB/Ig/hMTxeAGik/0e4vLkmBCislXje3wUnlsx2kmpLkT7
ReOFJvk5IPOmOwmh5I822E9nHmR8hZjSRMuoOzgBkj2PWEcrX/vdSmJtmx7XzMIb
CNkNkdorx1QLgezbaV/cCnQhjgYnv7A9obiwfYavvH2D7EGySu/lQPB1EWDEDO1X
WdT13A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:08 2024 by rpki-client on console-fra.rpki-client.org