Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0tjIS5BtNvKhz0aleQYAdXNJ54Q.roa
File:                     0tjIS5BtNvKhz0aleQYAdXNJ54Q.roa (raw, json)
Hash identifier:          767WO0FPWfn1lv3hLDN802Bl+3xX6vOnq//Ba0l6Ajg=
Subject key identifier:   D2:D8:C8:4B:90:6D:36:F2:A1:CF:46:A5:79:06:00:75:73:49:E7:84
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0188EDF378BD4EFB555DFAEDF5BA874D2E5C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0tjIS5BtNvKhz0aleQYAdXNJ54Q.roa
Signing time:             Sat 24 Jun 2023 15:08:56 +0000
ROA not before:           Sat 24 Jun 2023 15:08:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/24 maxlen: 24
                          62.72.163.0/24 maxlen: 24
                          62.72.161.0/24 maxlen: 24
                          62.72.169.0/24 maxlen: 24
                          62.72.176.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.190.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          62.72.187.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 27 Jun 2023 11:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ed:f3:78:bd:4e:fb:55:5d:fa:ed:f5:ba:87:4d:2e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 24 15:08:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2d8c84b906d36f2a1cf46a5790600757349e784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:32:de:b0:35:b0:e6:57:36:a0:52:eb:13:02:
                    4a:31:86:4a:4c:73:de:8a:07:d0:2f:cc:6f:9b:0e:
                    83:1c:4d:0a:2b:a2:08:76:61:00:54:56:13:bf:e4:
                    f0:21:c2:b8:0d:02:94:5c:8a:8e:17:e9:ef:82:70:
                    5d:5a:cb:06:af:7b:ac:5f:07:a8:3e:96:7a:27:78:
                    d2:9f:9c:3d:68:3b:52:44:6d:f7:23:56:aa:f3:84:
                    7b:bf:5f:94:12:bd:8b:23:b5:fb:3e:18:60:d9:48:
                    30:bc:a3:ae:58:24:c9:bd:7e:96:c9:c9:da:92:5a:
                    e1:f4:8b:e4:52:d9:27:ba:77:79:cd:8d:5a:da:eb:
                    28:82:51:30:43:e7:df:a1:d2:37:8c:ba:1b:ac:64:
                    82:de:f8:8e:1b:ad:e1:82:00:8e:ba:65:58:25:34:
                    fd:98:49:5f:7a:af:6d:60:28:70:bc:83:21:9f:bd:
                    4e:da:79:66:88:36:f8:66:77:e7:c3:ff:f2:bc:a0:
                    98:70:74:23:51:85:ec:95:7f:90:ae:ef:f6:7c:84:
                    84:c4:fb:a9:12:eb:3f:30:e8:e6:c5:15:d7:57:2e:
                    0e:15:a5:1d:77:75:62:4c:a2:4d:16:49:20:74:8e:
                    ea:a7:23:19:76:82:4b:db:b5:2c:46:15:2d:a9:28:
                    cf:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D8:C8:4B:90:6D:36:F2:A1:CF:46:A5:79:06:00:75:73:49:E7:84
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/0tjIS5BtNvKhz0aleQYAdXNJ54Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.161.0-62.72.163.255
                  62.72.169.0/24
                  62.72.176.0/24
                  62.72.184.0/24
                  62.72.187.0/24
                  62.72.190.0/23
                  81.21.12.0/22
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:7d:d1:90:df:7c:bc:d7:a3:57:21:62:c3:39:dc:37:83:df:
         fd:6d:68:19:49:10:34:35:0d:12:5c:e9:0a:0a:2e:2e:65:27:
         3a:50:cd:13:ca:01:15:44:9a:ee:af:fa:38:b3:5a:c6:9f:76:
         ad:98:0c:2d:f0:eb:72:e3:d3:05:85:8e:9b:79:62:73:03:06:
         58:0e:e4:29:6d:13:05:a8:57:90:a0:a7:69:0e:a2:32:44:02:
         32:18:e9:3b:f2:49:f0:7e:c7:14:de:05:29:10:4d:25:0c:bd:
         ca:5a:e1:ee:2b:04:b0:1d:d6:79:8b:7e:05:c8:80:fe:2f:e3:
         34:a0:e9:ca:49:c4:a5:d0:d2:90:58:bd:c1:db:86:77:11:a7:
         e5:ba:57:40:e5:a9:81:be:47:f4:c3:d1:2a:04:a4:bd:e1:98:
         93:22:15:c2:76:28:43:ce:78:17:6a:b3:f8:69:9a:10:70:73:
         ac:4b:c0:34:c8:72:33:e9:42:d5:4e:bb:c2:0d:d8:10:65:28:
         d6:bd:68:54:42:27:81:d2:bd:c1:56:72:f1:6e:f1:d7:ca:86:
         dd:02:92:3b:b0:7f:05:32:f0:ac:15:39:66:ef:3f:63:e8:5b:
         d5:9e:ec:6f:ff:a1:3f:ee:7d:b0:88:25:45:33:79:46:58:b3:
         c1:14:cc:2c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYjt83i9TvtVXfrt9bqHTS5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMwNjI0MTUwODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQ4Yzg0YjkwNmQzNmYyYTFjZjQ2YTU3OTA2MDA3NTczNDllNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjLesDWw5lc2oFLrEwJKMYZKTHPe
igfQL8xvmw6DHE0KK6IIdmEAVFYTv+TwIcK4DQKUXIqOF+nvgnBdWssGr3usXweo
PpZ6J3jSn5w9aDtSRG33I1aq84R7v1+UEr2LI7X7Phhg2UgwvKOuWCTJvX6Wycna
klrh9IvkUtknund5zY1a2usoglEwQ+ffodI3jLobrGSC3viOG63hggCOumVYJTT9
mElfeq9tYChwvIMhn71O2nlmiDb4Znfnw//yvKCYcHQjUYXslX+Qru/2fISExPup
Eus/MOjmxRXXVy4OFaUdd3ViTKJNFkkgdI7qpyMZdoJL27UsRhUtqSjPowIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNLYyEuQbTbyoc9GpXkGAHVzSeeEMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMHRqSVM1QnROdktoejBhbGVRWUFkWE5KNTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAA+SKED
BAI+SKADBAA+SKkDBAA+SLADBAA+SLgDBAA+SLsDBAE+SL4DBAJRFQwDBACwOT8w
DQYJKoZIhvcNAQELBQADggEBAJV90ZDffLzXo1chYsM53DeD3/1taBlJEDQ1DRJc
6QoKLi5lJzpQzRPKARVEmu6v+jizWsafdq2YDC3w63Lj0wWFjpt5YnMDBlgO5Clt
EwWoV5Cgp2kOojJEAjIY6TvySfB+xxTeBSkQTSUMvcpa4e4rBLAd1nmLfgXIgP4v
4zSg6cpJxKXQ0pBYvcHbhncRp+W6V0DlqYG+R/TD0SoEpL3hmJMiFcJ2KEPOeBdq
s/hpmhBwc6xLwDTIcjPpQtVOu8IN2BBlKNa9aFRCJ4HSvcFWcvFu8dfKht0Ckjuw
fwUy8KwVOWbvP2PoW9We7G//oT/ufbCIJUUzeUZYs8EUzCw=
-----END CERTIFICATE-----