Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/A9xz2kjIUFF1fIg0hBipekJDIG8.roa
File:                     A9xz2kjIUFF1fIg0hBipekJDIG8.roa (raw, json)
Hash identifier:          kpa+CRSEaHzR7xneGte0r8OqZ6uVwnXf5YIbMIJLph8=
Subject key identifier:   03:DC:73:DA:48:C8:50:51:75:7C:88:34:84:18:A9:7A:42:43:20:6F
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018C5CC4BCE0FD70933BF1C31584A2B4FD14
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/A9xz2kjIUFF1fIg0hBipekJDIG8.roa
Signing time:             Tue 12 Dec 2023 06:44:06 +0000
ROA not before:           Tue 12 Dec 2023 06:44:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.163.0/24 maxlen: 24
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.168.0/22 maxlen: 22
                          62.72.170.0/24 maxlen: 24
                          62.72.167.0/24 maxlen: 24
                          62.72.168.0/24 maxlen: 24
                          62.72.173.0/24 maxlen: 24
                          62.72.174.0/23 maxlen: 23
                          62.72.174.0/24 maxlen: 24
                          62.72.175.0/24 maxlen: 24
                          62.72.180.0/23 maxlen: 23
                          62.72.184.0/22 maxlen: 22
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.53.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Dec 2023 12:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:5c:c4:bc:e0:fd:70:93:3b:f1:c3:15:84:a2:b4:fd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Dec 12 06:44:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03dc73da48c85051757c88348418a97a4243206f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e1:de:33:73:ed:be:25:73:c9:01:5c:7d:8a:
                    8a:fc:cf:68:ed:48:23:06:29:cc:18:7b:59:84:e2:
                    7b:41:81:19:b7:3f:1e:f9:8a:14:c5:0c:90:44:4f:
                    e2:90:f9:c3:37:f4:27:44:ca:61:b0:1d:6d:87:0f:
                    e8:94:2b:e5:de:a9:e6:5d:fb:75:07:95:da:fb:72:
                    07:a3:1f:40:db:33:b8:19:cc:d5:8a:75:86:28:a2:
                    0e:ef:6f:85:23:a5:46:d3:76:3d:81:dc:6f:0d:1d:
                    b8:03:35:b2:d0:cb:de:f6:df:71:91:a4:d2:c7:89:
                    93:3a:53:54:b3:be:3c:c7:33:a7:02:93:ac:76:4b:
                    e7:23:88:5f:7e:2b:70:27:66:60:ac:d4:c6:f9:6e:
                    c6:5c:aa:7b:da:4f:60:4c:87:0b:f6:c5:7d:05:e1:
                    38:19:bf:69:93:b8:ae:e5:6d:2e:93:6f:c8:0c:d3:
                    df:e8:26:86:a6:38:02:94:40:7d:ee:28:79:55:70:
                    79:39:f4:64:41:0a:ca:08:01:dd:4a:e0:43:2a:a3:
                    c4:6b:e9:04:bc:8d:4e:04:b5:af:d5:d8:b9:49:2d:
                    d1:fd:aa:5d:c4:fd:6a:31:b9:f9:e8:1e:75:d3:d7:
                    90:d9:4f:e7:38:d8:e9:4e:91:0e:2b:36:72:3a:8f:
                    de:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DC:73:DA:48:C8:50:51:75:7C:88:34:84:18:A9:7A:42:43:20:6F
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/A9xz2kjIUFF1fIg0hBipekJDIG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.171.255
                  62.72.173.0-62.72.175.255
                  62.72.180.0/23
                  62.72.184.0/22
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.51.0/24
                  176.57.53.0/24
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:cf:e8:ed:c5:c8:1d:79:a8:e2:2d:53:c9:19:af:a8:22:a7:
         25:40:22:5d:c2:08:39:6b:42:c5:07:b6:68:fa:ab:82:5e:fc:
         d1:34:16:04:1a:9f:9d:35:1f:c7:f0:93:28:1c:f2:91:30:2c:
         98:93:da:5c:02:64:33:7c:4c:53:7c:95:bf:62:8e:30:e1:4a:
         2a:8d:4b:5b:30:e1:b5:80:34:2c:d4:cc:c8:bd:2c:6b:92:8d:
         da:54:9a:e4:5c:e5:b6:1b:d8:ad:54:84:96:59:55:2c:68:92:
         7c:a6:b0:1e:b1:45:28:7d:0b:19:f3:c0:86:ce:2c:8c:0e:cc:
         1c:d5:15:04:68:87:45:6e:48:da:4f:5e:33:e0:3d:b6:5f:c0:
         6c:c9:8e:86:9e:4b:47:3d:ca:0d:95:69:32:8f:52:62:46:8f:
         66:d0:db:3c:91:d9:41:32:87:8d:37:7a:2b:a3:56:f0:c1:d9:
         3f:cb:81:f0:30:5c:3a:ef:3c:0c:c6:c6:bb:49:9b:92:2a:58:
         4e:5d:e9:ab:d7:4d:7d:a6:f8:dc:71:25:71:db:29:a0:19:24:
         86:9b:2d:fa:e9:e5:b7:bf:dd:56:11:3a:10:24:b0:7c:b8:13:
         58:7a:4a:7c:82:12:da:7d:67:23:b2:af:b6:9a:74:4e:5d:35:
         0c:49:00:49
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYxcxLzg/XCTO/HDFYSitP0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMxMjEyMDY0NDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RjNzNkYTQ4Yzg1MDUxNzU3Yzg4MzQ4NDE4YTk3YTQyNDMyMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueHeM3PtviVzyQFcfYqK/M9o7Ugj
BinMGHtZhOJ7QYEZtz8e+YoUxQyQRE/ikPnDN/QnRMphsB1thw/olCvl3qnmXft1
B5Xa+3IHox9A2zO4GczVinWGKKIO72+FI6VG03Y9gdxvDR24AzWy0Mve9t9xkaTS
x4mTOlNUs748xzOnApOsdkvnI4hffitwJ2ZgrNTG+W7GXKp72k9gTIcL9sV9BeE4
Gb9pk7iu5W0uk2/IDNPf6CaGpjgClEB97ih5VXB5OfRkQQrKCAHdSuBDKqPEa+kE
vI1OBLWv1di5SS3R/apdxP1qMbn56B5109eQ2U/nONjpTpEOKzZyOo/elQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFAPcc9pIyFBRdXyINIQYqXpCQyBvMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQTl4ejJraklVRkYxZklnMGhCaXBla0pESUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcMAwDBAE+SKID
BAI+SKgwDAMEAD5IrQMEBD5IoAMEAT5ItAMEAj5IuDAMAwQBURUCAwQDURUAMAwD
BAFRFQoDBARRFQADBACwOTMDBACwOTUDBAGwOToDBACwOT8wDQYJKoZIhvcNAQEL
BQADggEBAEfP6O3FyB15qOItU8kZr6gipyVAIl3CCDlrQsUHtmj6q4Je/NE0FgQa
n501H8fwkygc8pEwLJiT2lwCZDN8TFN8lb9ijjDhSiqNS1sw4bWANCzUzMi9LGuS
jdpUmuRc5bYb2K1UhJZZVSxoknymsB6xRSh9CxnzwIbOLIwOzBzVFQRoh0VuSNpP
XjPgPbZfwGzJjoaeS0c9yg2VaTKPUmJGj2bQ2zyR2UEyh403eiujVvDB2T/LgfAw
XDrvPAzGxrtJm5IqWE5d6avXTX2m+NxxJXHbKaAZJIabLfrp5be/3VYROhAksHy4
E1h6SnyCEtp9ZyOyr7aadE5dNQxJAEk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:54 2024 by rpki-client on console-ams.rpki-client.org