Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9uTybxmTdn9iP41i3vVcLzPmsXM.roa
File:                     9uTybxmTdn9iP41i3vVcLzPmsXM.roa (raw, json)
Hash identifier:          AznbnbRxsrayEghEDliRis9qVhPAf1N4EAO6h18mCc4=
Subject key identifier:   F6:E4:F2:6F:19:93:76:7F:62:3F:8D:62:DE:F5:5C:2F:33:E6:B1:73
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019224597FB0E69E6D0C802A2973C6AA3D0A
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9uTybxmTdn9iP41i3vVcLzPmsXM.roa
Signing time:             Tue 24 Sep 2024 14:04:58 +0000
ROA not before:           Tue 24 Sep 2024 14:04:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.5.0/24 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.52.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 03 Oct 2024 10:07:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:59:7f:b0:e6:9e:6d:0c:80:2a:29:73:c6:aa:3d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Sep 24 14:04:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6e4f26f1993767f623f8d62def55c2f33e6b173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:43:f1:dc:d6:ab:4e:c5:87:7e:7a:8a:b5:a6:
                    26:6f:36:fb:22:14:63:1f:de:76:ff:6a:98:0b:85:
                    3b:47:34:ee:7b:0e:22:55:e2:9d:c7:2d:97:77:4e:
                    bf:28:8d:15:17:73:5e:2a:f4:12:d2:93:67:b0:02:
                    0b:0f:45:06:29:db:5a:a0:18:be:63:f7:64:e7:8c:
                    56:9d:26:77:97:af:b2:b6:12:25:84:7f:f7:58:1f:
                    69:47:c6:75:5f:02:df:66:dc:64:ad:23:e3:26:aa:
                    2b:6a:7a:8c:3c:62:f7:37:16:42:4c:7f:87:52:b6:
                    5b:c8:7d:cb:04:00:f3:bc:5b:be:65:0a:9c:0f:32:
                    b8:6d:40:f9:85:3d:8b:94:43:45:62:11:c5:67:57:
                    5a:5f:61:cb:bd:24:92:46:95:22:b0:35:17:bf:16:
                    05:86:b2:85:1b:8a:29:b2:03:f1:48:d5:1a:da:24:
                    06:87:2d:da:0b:9e:fb:93:63:f5:93:b4:c2:55:ef:
                    93:a2:bf:06:cd:3a:82:5b:87:1c:b8:eb:58:89:63:
                    36:78:6a:e7:8f:a4:af:bc:52:83:b5:7a:0d:1f:9b:
                    09:2c:1f:fb:bc:70:a6:5c:35:ae:55:69:d2:fc:f1:
                    31:6a:29:c3:f8:eb:6f:c6:2c:00:18:18:62:59:2e:
                    46:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E4:F2:6F:19:93:76:7F:62:3F:8D:62:DE:F5:5C:2F:33:E6:B1:73
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/9uTybxmTdn9iP41i3vVcLzPmsXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  62.72.191.0/24
                  81.21.2.0-81.21.15.255
                  176.57.51.0-176.57.52.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c4:90:14:53:bb:4e:ab:d4:59:6d:e6:3b:5f:1c:2d:4d:24:
         a7:ef:93:3f:ab:2b:a7:e1:2d:3d:39:6f:89:04:2c:f5:00:ec:
         31:2f:2b:7a:95:e4:ae:0e:3c:be:7b:0f:8e:b2:dc:4f:12:14:
         79:40:7f:3b:38:15:bc:5b:2d:da:81:27:08:33:b9:c9:ae:ef:
         92:ab:81:0e:a8:1f:6a:00:ad:ae:77:d1:6a:7e:24:ff:97:00:
         d4:7e:ef:37:b3:56:d8:ef:be:03:b4:f8:95:bd:d4:c4:ae:e0:
         c7:f4:64:74:f4:1e:16:a5:21:8a:2d:5e:ca:d9:89:e2:d1:48:
         c9:0a:e2:27:4c:1f:52:8c:cc:3c:58:94:e2:98:2c:a9:3e:e5:
         55:f2:7f:71:a6:a2:60:f8:f0:66:91:76:2e:57:8a:9b:9c:c7:
         5e:73:fc:84:7b:4b:a6:e5:a8:57:b0:1e:7c:7c:41:a7:76:c7:
         25:81:22:53:2e:6f:b0:0c:7c:b6:dd:4c:09:55:d7:09:4a:08:
         4c:fe:82:bd:f1:9e:46:af:ff:81:66:3f:e2:8e:56:0d:8c:08:
         7c:b1:b1:53:a4:c0:cb:ac:1a:68:6f:ca:f5:ac:bf:75:92:4e:
         d8:15:e1:88:a1:7d:62:51:4a:d5:2e:ed:ea:3b:7a:7c:ac:1f:
         d5:ed:7c:6a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZIkWX+w5p5tDIAqKXPGqj0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwOTI0MTQwNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU0ZjI2ZjE5OTM3NjdmNjIzZjhkNjJkZWY1NWMyZjMzZTZiMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UPx3NarTsWHfnqKtaYmbzb7IhRj
H952/2qYC4U7RzTuew4iVeKdxy2Xd06/KI0VF3NeKvQS0pNnsAILD0UGKdtaoBi+
Y/dk54xWnSZ3l6+ythIlhH/3WB9pR8Z1XwLfZtxkrSPjJqoranqMPGL3NxZCTH+H
UrZbyH3LBADzvFu+ZQqcDzK4bUD5hT2LlENFYhHFZ1daX2HLvSSSRpUisDUXvxYF
hrKFG4opsgPxSNUa2iQGhy3aC577k2P1k7TCVe+Tor8GzTqCW4ccuOtYiWM2eGrn
j6SvvFKDtXoNH5sJLB/7vHCmXDWuVWnS/PExainD+OtvxiwAGBhiWS5G3QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPbk8m8Zk3Z/Yj+NYt71XC8z5rFzMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvOXVUeWJ4bVRkbjlpUDQxaTN2VmNMelBtc1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+SKID
BAM+SKADBAA+SL0DBAA+SL8wDAMEAVEVAgMEBFEVADAMAwQAsDkzAwQAsDk0AwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQA/xJAUU7tOq9RZbeY7XxwtTSSn75M/qyun
4S09OW+JBCz1AOwxLyt6leSuDjy+ew+OstxPEhR5QH87OBW8Wy3agScIM7nJru+S
q4EOqB9qAK2ud9FqfiT/lwDUfu83s1bY774DtPiVvdTEruDH9GR09B4WpSGKLV7K
2Yni0UjJCuInTB9SjMw8WJTimCypPuVV8n9xpqJg+PBmkXYuV4qbnMdec/yEe0um
5ahXsB58fEGndsclgSJTLm+wDHy23UwJVdcJSghM/oK98Z5Gr/+BZj/ijlYNjAh8
sbFTpMDLrBpob8r1rL91kk7YFeGIoX1iUUrVLu3qO3p8rB/V7Xxq
-----END CERTIFICATE-----