Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/525JR5nznz5dkp9fZ4ekRODDLHc.roa
File:                     525JR5nznz5dkp9fZ4ekRODDLHc.roa (raw, json)
Hash identifier:          p9tAae2VEp+JXkmXtDps7/N2I+EC+7q14PWRBLrNR+M=
Subject key identifier:   E7:6E:49:47:99:F3:9F:3E:5D:92:9F:5F:67:87:A4:44:E0:C3:2C:77
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018FE3990677F283BCEB875CB23D73F33FA1
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/525JR5nznz5dkp9fZ4ekRODDLHc.roa
Signing time:             Tue 04 Jun 2024 14:13:27 +0000
ROA not before:           Tue 04 Jun 2024 14:13:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.185.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.53.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jun 2024 10:30:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:99:06:77:f2:83:bc:eb:87:5c:b2:3d:73:f3:3f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun  4 14:13:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e76e494799f39f3e5d929f5f6787a444e0c32c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:52:e7:a7:7b:d3:45:3c:c5:97:d3:f0:58:1c:
                    32:45:8e:14:ec:85:37:a6:76:0c:69:8b:d6:be:d6:
                    62:22:17:6b:d9:6d:ef:1f:42:d2:f2:88:31:a6:ed:
                    4c:49:48:67:74:78:95:8e:f8:cc:c3:39:8b:c0:fc:
                    b5:d5:47:13:f6:66:9a:5a:22:e2:b7:94:13:cd:e1:
                    53:2d:98:ab:10:f9:28:0c:ca:5f:cb:15:0f:88:c5:
                    fb:82:44:ff:9d:c0:49:fd:cd:79:5f:14:9b:74:0e:
                    14:fd:dd:b3:25:94:8d:d5:90:8b:c2:f7:cc:95:0f:
                    c9:b4:cd:fe:ae:4c:e8:9b:ac:ba:7e:1f:3b:6e:31:
                    b2:51:7a:30:7e:c0:b3:d2:e2:f2:57:66:f7:0a:bb:
                    c3:42:d7:99:b2:29:c1:db:e9:5b:9f:28:0c:d5:7f:
                    ae:fc:7b:c6:94:e3:b5:56:6c:46:14:35:7f:b5:f0:
                    f1:8c:27:d6:fd:2f:f5:92:af:af:b6:cc:cf:8f:b2:
                    f0:19:27:3e:f2:54:61:b6:a8:42:1b:4d:b1:2c:fe:
                    08:b4:0f:44:20:6a:5d:69:38:ad:fb:1c:78:67:41:
                    7e:80:31:bc:79:e1:7e:5c:24:e6:94:8c:b3:02:5e:
                    60:29:96:94:00:24:75:85:16:9b:76:56:5b:bf:0e:
                    81:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6E:49:47:99:F3:9F:3E:5D:92:9F:5F:67:87:A4:44:E0:C3:2C:77
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/525JR5nznz5dkp9fZ4ekRODDLHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.185.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.53.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6d:98:1e:24:90:cd:4f:63:06:c9:00:89:21:b3:57:17:29:
         d9:c0:2b:70:3c:d4:9f:17:aa:b2:f9:fe:19:15:0c:00:5c:b3:
         11:e1:fd:e8:43:c7:c5:75:0d:8d:97:69:3a:d5:11:f2:53:4d:
         71:9b:20:0e:a7:0b:81:c3:9b:5e:60:12:fc:37:df:d0:05:95:
         be:d1:c8:b6:71:fa:b3:19:1a:02:2f:07:0a:a6:c1:89:66:08:
         19:6b:6f:b6:7f:69:2e:d0:dd:da:fc:9f:18:43:59:16:2c:07:
         7b:4b:9e:a1:de:e8:ec:3a:c5:7a:4d:18:76:f4:35:a2:6d:08:
         6d:6f:31:bd:35:ae:aa:69:1e:ba:dc:9c:d9:86:df:2a:4e:85:
         a9:e3:b7:f4:4b:26:46:55:a6:d3:97:57:fd:d2:98:0e:a8:92:
         ad:06:5e:9a:0c:c9:d8:71:09:21:cc:cb:cb:10:4b:17:b4:2a:
         cf:58:2c:9d:49:6c:b8:c6:13:93:54:aa:d3:6c:40:6c:ef:d7:
         4c:14:cc:64:87:82:ef:54:b6:a3:6f:36:cf:a3:58:46:d6:94:
         85:25:ee:97:17:98:9d:8a:5c:09:4d:a2:9b:64:7e:a2:54:f7:
         1a:54:91:4a:6a:c6:f7:72:f3:dc:48:fd:5a:20:06:db:01:fa:
         3f:0a:ab:ee
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAY/jmQZ38oO864dcsj1z8z+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNjA0MTQxMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZlNDk0Nzk5ZjM5ZjNlNWQ5MjlmNWY2Nzg3YTQ0NGUwYzMyYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFLnp3vTRTzFl9PwWBwyRY4U7IU3
pnYMaYvWvtZiIhdr2W3vH0LS8ogxpu1MSUhndHiVjvjMwzmLwPy11UcT9maaWiLi
t5QTzeFTLZirEPkoDMpfyxUPiMX7gkT/ncBJ/c15XxSbdA4U/d2zJZSN1ZCLwvfM
lQ/JtM3+rkzom6y6fh87bjGyUXowfsCz0uLyV2b3CrvDQteZsinB2+lbnygM1X+u
/HvGlOO1VmxGFDV/tfDxjCfW/S/1kq+vtszPj7LwGSc+8lRhtqhCG02xLP4ItA9E
IGpdaTit+xx4Z0F+gDG8eeF+XCTmlIyzAl5gKZaUACR1hRabdlZbvw6BFQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFOduSUeZ858+XZKfX2eHpETgwyx3MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvNTI1SlI1bnpuejVka3A5Zlo0ZWtST0RETEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAE+SKID
BAM+SKADBAA+SLkDBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5NQMEALA5PzANBgkq
hkiG9w0BAQsFAAOCAQEAem2YHiSQzU9jBskAiSGzVxcp2cArcDzUnxeqsvn+GRUM
AFyzEeH96EPHxXUNjZdpOtUR8lNNcZsgDqcLgcObXmAS/Dff0AWVvtHItnH6sxka
Ai8HCqbBiWYIGWtvtn9pLtDd2vyfGENZFiwHe0ueod7o7DrFek0YdvQ1om0IbW8x
vTWuqmkeutyc2YbfKk6FqeO39EsmRlWm05dX/dKYDqiSrQZemgzJ2HEJIczLyxBL
F7Qqz1gsnUlsuMYTk1Sq02xAbO/XTBTMZIeC71S2o282z6NYRtaUhSXulxeYnYpc
CU2im2R+olT3GlSRSmrG93Lz3Ej9WiAG2wH6Pwqr7g==
-----END CERTIFICATE-----