Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0oh4rFDEXvDVwO4CtQb4pZqeVzg.roa
File:                     0oh4rFDEXvDVwO4CtQb4pZqeVzg.roa (raw, json)
Hash identifier:          DqNwOZV0/rrgFA0JEwDwKp+zbJO3qLUp5pYTtFf4+aQ=
Subject key identifier:   D2:88:78:AC:50:C4:5E:F0:D5:C0:EE:02:B5:06:F8:A5:9A:9E:57:38
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01921DC872B5489D05C6E03EB9A8E0D9195B
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0oh4rFDEXvDVwO4CtQb4pZqeVzg.roa
Signing time:             Mon 23 Sep 2024 07:28:48 +0000
ROA not before:           Mon 23 Sep 2024 07:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.52.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Sep 2024 14:04:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:c8:72:b5:48:9d:05:c6:e0:3e:b9:a8:e0:d9:19:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Sep 23 07:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d28878ac50c45ef0d5c0ee02b506f8a59a9e5738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1e:ed:49:48:a0:aa:65:34:00:fa:5a:92:ba:
                    03:e7:5d:5f:85:22:b5:4e:82:12:72:db:38:a8:a7:
                    5d:a4:82:4f:71:ad:9b:1f:0d:e0:ab:1c:dd:40:dd:
                    03:d9:6d:ab:8d:64:25:be:71:b4:1a:ae:1f:f0:c5:
                    68:b6:c4:19:42:01:b1:3c:89:bf:64:e0:a4:8d:88:
                    d2:6a:87:c8:4e:b4:94:c3:b3:f4:af:0c:a3:b3:93:
                    51:10:38:a1:1d:92:89:3e:03:39:c7:66:44:43:8b:
                    b7:21:7a:cf:2b:d0:51:96:12:36:5f:8b:55:8c:4f:
                    aa:59:8a:a0:ae:f4:e9:3c:02:31:23:86:27:3a:4a:
                    c9:38:83:c0:30:8d:3f:57:d7:14:14:fd:14:0f:3e:
                    9e:cd:33:31:08:6c:c7:3b:0b:99:92:dd:d8:5e:7a:
                    1c:f7:99:b3:3b:b3:d7:cf:41:44:36:75:c2:11:bd:
                    81:d2:f6:15:ce:8b:26:8a:9b:53:27:9f:c4:c5:3b:
                    5f:84:75:59:80:67:b9:8b:27:ee:ca:2a:58:07:6b:
                    88:02:9b:25:33:43:b6:6c:72:be:68:63:91:39:50:
                    b9:04:f0:8f:71:53:a4:29:25:99:35:70:e4:91:52:
                    9c:92:17:c3:e3:0d:e4:56:d3:e3:b5:34:54:e7:7e:
                    39:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:88:78:AC:50:C4:5E:F0:D5:C0:EE:02:B5:06:F8:A5:9A:9E:57:38
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0oh4rFDEXvDVwO4CtQb4pZqeVzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  62.72.191.0/24
                  81.21.2.0-81.21.15.255
                  176.57.51.0-176.57.52.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:9c:26:00:0a:02:f1:72:70:2a:30:40:ea:bb:38:84:cc:2d:
         a5:cf:82:cf:8f:b0:04:e7:d4:2d:79:60:8e:83:c9:f8:e0:cc:
         e1:ea:2e:28:ff:f2:f8:0f:f0:80:3a:a4:eb:42:16:88:80:e8:
         01:f8:3b:42:b0:9c:5a:8a:e8:fd:78:6d:e3:14:79:e7:08:0c:
         c6:3d:4d:eb:46:11:a3:8b:65:58:06:9a:ee:b6:60:75:d4:58:
         3d:44:e4:63:ea:16:af:0c:fe:05:03:c2:c7:48:35:43:66:bb:
         7c:4f:ae:62:e5:a7:a4:cb:b3:62:53:1d:85:31:d1:3c:28:6d:
         dc:11:47:7b:66:06:df:f5:cd:6d:b0:48:69:f5:c8:81:36:50:
         1a:53:79:1b:31:a4:3b:fc:16:a8:39:be:25:78:d5:8d:6f:bf:
         bb:bb:ab:d5:16:9c:1b:ba:87:74:75:63:63:bc:2b:55:ba:45:
         fe:1e:94:67:84:e6:f4:da:7b:27:26:75:e8:ff:17:6d:0f:a5:
         90:13:90:5f:ed:d6:f4:10:87:22:17:e9:2b:f6:b5:6d:4f:a7:
         46:af:c8:a4:b7:74:4e:92:4f:f7:34:6e:6b:b8:cb:a9:26:62:
         7b:ab:2c:fc:d6:0f:9a:55:d9:6e:88:21:5f:9a:db:ab:4b:04:
         8e:8a:6f:0a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZIdyHK1SJ0FxuA+uajg2RlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwOTIzMDcyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg4NzhhYzUwYzQ1ZWYwZDVjMGVlMDJiNTA2ZjhhNTlhOWU1NzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnR7tSUigqmU0APpakroD511fhSK1
ToIScts4qKddpIJPca2bHw3gqxzdQN0D2W2rjWQlvnG0Gq4f8MVotsQZQgGxPIm/
ZOCkjYjSaofITrSUw7P0rwyjs5NREDihHZKJPgM5x2ZEQ4u3IXrPK9BRlhI2X4tV
jE+qWYqgrvTpPAIxI4YnOkrJOIPAMI0/V9cUFP0UDz6ezTMxCGzHOwuZkt3YXnoc
95mzO7PXz0FENnXCEb2B0vYVzosmiptTJ5/ExTtfhHVZgGe5iyfuyipYB2uIApsl
M0O2bHK+aGOROVC5BPCPcVOkKSWZNXDkkVKckhfD4w3kVtPjtTRU5345pwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNKIeKxQxF7w1cDuArUG+KWanlc4MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMG9oNHJGREVYdkRWd080Q3RRYjRwWnFlVnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+SKID
BAM+SKADBAA+SL0DBAA+SL8wDAMEAVEVAgMEBFEVADAMAwQAsDkzAwQAsDk0AwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQAUnCYACgLxcnAqMEDquziEzC2lz4LPj7AE
59QteWCOg8n44Mzh6i4o//L4D/CAOqTrQhaIgOgB+DtCsJxaiuj9eG3jFHnnCAzG
PU3rRhGji2VYBprutmB11Fg9RORj6havDP4FA8LHSDVDZrt8T65i5aeky7NiUx2F
MdE8KG3cEUd7Zgbf9c1tsEhp9ciBNlAaU3kbMaQ7/BaoOb4leNWNb7+7u6vVFpwb
uod0dWNjvCtVukX+HpRnhOb02nsnJnXo/xdtD6WQE5Bf7db0EIciF+kr9rVtT6dG
r8ikt3ROkk/3NG5ruMupJmJ7qyz81g+aVdluiCFfmturSwSOim8K
-----END CERTIFICATE-----