Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BItOZSXzgqNpy46uWF43EifpR0U.roa
File:                     BItOZSXzgqNpy46uWF43EifpR0U.roa (raw, json)
Hash identifier:          7FCTP0pYwu1LVqb7VT41PJChI9axYIsGmIS9hBSMAZo=
Subject key identifier:   04:8B:4E:65:25:F3:82:A3:69:CB:8E:AE:58:5E:37:12:27:E9:47:45
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01915B14008A1F423B5EF2D15864FF028668
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BItOZSXzgqNpy46uWF43EifpR0U.roa
Signing time:             Fri 16 Aug 2024 12:05:23 +0000
ROA not before:           Fri 16 Aug 2024 12:05:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/24 maxlen: 24
                          62.72.188.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 19 Aug 2024 09:39:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:14:00:8a:1f:42:3b:5e:f2:d1:58:64:ff:02:86:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 16 12:05:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=048b4e6525f382a369cb8eae585e371227e94745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ea:7e:76:f6:27:c4:f1:3c:9b:88:2c:1b:e3:
                    40:0b:9d:fb:7e:b4:18:a0:52:79:1b:8d:20:7c:9b:
                    e6:3a:d7:b9:a8:ba:77:cd:8c:96:78:64:4d:90:cf:
                    47:bd:03:3d:62:36:5d:95:89:8a:bf:0b:e7:7d:59:
                    e0:37:d0:67:cf:de:86:b3:9f:fd:bb:3a:d2:1a:4a:
                    09:80:89:48:9d:cd:0f:5a:db:ac:39:7f:8d:08:b0:
                    eb:0e:dc:3e:e4:d1:10:a4:c9:5c:50:0e:d6:48:38:
                    50:1f:bc:ff:fc:a2:9b:46:6f:c6:1d:1c:07:9d:30:
                    68:86:37:46:b3:6f:40:17:35:6f:1f:5d:d9:31:03:
                    eb:1d:2b:46:68:5c:18:c1:6e:9e:5d:b6:c8:fd:ef:
                    75:32:97:ab:1b:7e:56:44:c1:15:a4:1b:8a:c7:ad:
                    75:3b:ec:78:7b:6d:ce:32:d0:fd:d9:74:4b:d4:51:
                    6c:8d:63:c0:ee:46:6b:e0:fa:2b:31:3e:8e:35:c3:
                    13:67:c7:ae:8a:ed:8b:42:48:45:63:03:f2:ed:f0:
                    bb:67:01:f4:8e:38:0d:da:fd:f7:45:d1:41:e8:f5:
                    1b:48:42:4f:51:c1:bb:ba:7d:90:45:c5:3b:a0:ac:
                    63:64:33:64:0d:fb:08:57:72:a1:f6:ae:14:83:1f:
                    6b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8B:4E:65:25:F3:82:A3:69:CB:8E:AE:58:5E:37:12:27:E9:47:45
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BItOZSXzgqNpy46uWF43EifpR0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.188.0/23
                  81.21.2.0-81.21.15.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:73:46:15:2f:3f:b0:a0:fd:67:53:2d:2a:c2:1e:7a:6c:f6:
         4c:c1:43:00:1d:21:7a:68:ae:cb:9a:9b:8f:80:39:64:48:9e:
         3e:90:59:79:40:6f:7e:b9:3a:5e:04:4c:4f:62:46:18:23:21:
         de:dd:9f:56:37:77:bb:44:a7:3c:4f:ec:f6:00:b7:bb:2a:61:
         7a:3d:4a:d9:93:0a:5f:aa:1a:d5:02:2b:03:09:7f:4a:70:bc:
         1d:df:80:82:96:2f:7f:e7:1d:f2:29:8c:8a:e6:e7:94:51:a4:
         5c:a4:ab:b7:3d:7b:0d:81:f3:6e:32:fa:c0:1c:02:2f:29:cd:
         c2:a4:6c:1e:4a:42:55:c3:39:61:82:40:73:1d:6d:68:c5:c8:
         01:29:e4:73:87:c2:26:cf:79:7c:1a:dd:e7:e5:61:d8:fb:c2:
         bc:e9:5b:4d:64:0e:3d:98:a7:c1:eb:ea:87:f5:03:d9:06:59:
         d2:c9:85:b1:f1:52:b2:e7:2c:08:da:5f:fb:99:e8:5d:c2:10:
         f9:5d:e6:fa:a2:69:16:2e:ec:bb:b6:29:95:82:2f:22:4b:8d:
         d8:59:5a:b5:a6:e1:86:d0:ba:e5:18:99:22:7a:04:68:c3:16:
         47:56:79:e9:3e:a2:d4:f1:12:57:b3:7d:c1:82:61:28:8d:7e:
         6d:f0:4d:80
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZFbFACKH0I7XvLRWGT/AoZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwODE2MTIwNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhiNGU2NTI1ZjM4MmEzNjljYjhlYWU1ODVlMzcxMjI3ZTk0NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+p+dvYnxPE8m4gsG+NAC537frQY
oFJ5G40gfJvmOte5qLp3zYyWeGRNkM9HvQM9YjZdlYmKvwvnfVngN9Bnz96Gs5/9
uzrSGkoJgIlInc0PWtusOX+NCLDrDtw+5NEQpMlcUA7WSDhQH7z//KKbRm/GHRwH
nTBohjdGs29AFzVvH13ZMQPrHStGaFwYwW6eXbbI/e91MperG35WRMEVpBuKx611
O+x4e23OMtD92XRL1FFsjWPA7kZr4PorMT6ONcMTZ8euiu2LQkhFYwPy7fC7ZwH0
jjgN2v33RdFB6PUbSEJPUcG7un2QRcU7oKxjZDNkDfsIV3Kh9q4Ugx9rbwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFASLTmUl84KjacuOrlheNxIn6UdFMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQkl0T1pTWHpncU5weTQ2dVdGNDNFaWZwUjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAE+SKID
BAM+SKADBAE+SLwwDAMEAVEVAgMEBFEVAAMEALA5PzANBgkqhkiG9w0BAQsFAAOC
AQEAIXNGFS8/sKD9Z1MtKsIeemz2TMFDAB0hemiuy5qbj4A5ZEiePpBZeUBvfrk6
XgRMT2JGGCMh3t2fVjd3u0SnPE/s9gC3uyphej1K2ZMKX6oa1QIrAwl/SnC8Hd+A
gpYvf+cd8imMiubnlFGkXKSrtz17DYHzbjL6wBwCLynNwqRsHkpCVcM5YYJAcx1t
aMXIASnkc4fCJs95fBrd5+Vh2PvCvOlbTWQOPZinwevqh/UD2QZZ0smFsfFSsucs
CNpf+5noXcIQ+V3m+qJpFi7su7YplYIvIkuN2FlatabhhtC65RiZInoEaMMWR1Z5
6T6i1PESV7N9wYJhKI1+bfBNgA==
-----END CERTIFICATE-----