Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Eldn2j3A9PeikCha_c5kozKaTZs.roa
File:                     Eldn2j3A9PeikCha_c5kozKaTZs.roa (raw, json)
Hash identifier:          lgKoIHFmy1yY1BkwFwjKN93iZg0n2xUgjpemWZiV8eE=
Subject key identifier:   12:57:67:DA:3D:C0:F4:F7:A2:90:28:5A:FD:CE:64:A3:32:9A:4D:9B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01903717F1B740A747EFD0A3DEA5B642F5C3
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Eldn2j3A9PeikCha_c5kozKaTZs.roa
Signing time:             Thu 20 Jun 2024 19:20:34 +0000
ROA not before:           Thu 20 Jun 2024 19:20:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.184.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 22 Jun 2024 17:54:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:37:17:f1:b7:40:a7:47:ef:d0:a3:de:a5:b6:42:f5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 20 19:20:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=125767da3dc0f4f7a290285afdce64a3329a4d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:17:4a:78:85:21:c5:3c:15:86:8e:8a:da:55:
                    c4:82:f5:d2:13:ac:52:97:1a:35:59:85:29:28:4a:
                    67:0e:d5:9f:89:03:e2:48:f8:87:33:d9:6d:19:7c:
                    30:56:5a:69:7b:15:7a:97:b3:07:9f:7f:28:bb:db:
                    1c:14:2b:f1:93:7b:7a:84:39:6a:e2:2d:48:e8:f0:
                    70:fc:95:0b:8f:f6:cd:6f:e5:93:60:7e:bc:b6:d8:
                    74:03:0a:bd:64:d1:49:af:87:0b:d9:49:19:48:36:
                    63:d8:2b:66:83:ee:54:0f:86:f0:2b:23:dd:8c:c6:
                    b1:e8:c4:f7:9f:bc:fe:bd:52:94:5e:21:0e:c7:e1:
                    cb:3b:7d:31:65:d8:1b:d4:74:41:ee:d5:33:5f:ce:
                    5a:ad:fd:0a:f2:08:a7:a4:11:1d:be:3e:ec:4c:94:
                    c2:3b:37:ef:bf:84:1d:4a:0c:19:af:e7:ed:78:79:
                    19:c0:3f:ed:a0:15:d9:f7:da:2c:9c:1c:d6:69:48:
                    cb:eb:cd:b5:5b:35:25:c5:ab:d5:ca:fd:fe:64:55:
                    fd:25:c8:01:09:eb:41:35:10:b5:bb:c7:5f:5d:5f:
                    8c:bb:66:c7:55:90:c8:8e:9e:94:8d:d0:e6:a9:59:
                    fc:7f:57:3f:53:07:d5:66:a9:0e:1f:29:65:84:f1:
                    b1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:57:67:DA:3D:C0:F4:F7:A2:90:28:5A:FD:CE:64:A3:32:9A:4D:9B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Eldn2j3A9PeikCha_c5kozKaTZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.184.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e1:6b:db:90:0b:7a:96:90:55:54:65:6d:50:1c:86:58:ee:
         17:48:91:7c:7b:bf:d1:df:91:8b:36:59:5c:66:88:18:3d:97:
         2c:b9:ee:70:84:f1:1a:9e:d1:43:62:1e:75:2f:d6:e5:80:74:
         b7:92:7a:ef:fe:35:10:c8:ae:54:ce:52:6b:ed:8f:cd:73:19:
         89:bb:65:86:bc:43:a1:fd:53:72:45:97:fd:24:56:35:48:6c:
         69:42:9e:c2:12:f5:13:34:fe:af:3d:86:48:e5:de:55:18:80:
         d1:a2:7a:b8:15:e5:86:07:04:00:3f:a4:73:90:73:21:c0:56:
         06:3a:2a:d3:09:38:32:1d:80:74:2a:54:87:81:ed:3b:f2:ad:
         2d:80:f2:16:f0:73:35:1f:26:b2:2d:64:37:46:a1:86:5e:7c:
         9c:9d:ea:be:8d:ab:bd:52:b4:ac:6a:42:ef:41:85:f1:31:71:
         9a:fb:36:c2:b9:7e:7c:98:63:56:c9:75:db:29:df:b9:c7:fa:
         ff:08:77:cc:ec:14:99:08:52:70:3d:ac:fd:a0:65:47:50:73:
         e3:a4:84:41:a0:51:aa:8a:8e:7a:cf:8f:79:9c:20:00:f4:7a:
         4c:31:15:1f:78:58:ff:35:4d:20:95:8d:a0:ea:cc:8a:ff:85:
         fe:5d:5b:4b
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZA3F/G3QKdH79Cj3qW2QvXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNjIwMTkyMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjU3NjdkYTNkYzBmNGY3YTI5MDI4NWFmZGNlNjRhMzMyOWE0ZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhdKeIUhxTwVho6K2lXEgvXSE6xS
lxo1WYUpKEpnDtWfiQPiSPiHM9ltGXwwVlppexV6l7MHn38ou9scFCvxk3t6hDlq
4i1I6PBw/JULj/bNb+WTYH68tth0Awq9ZNFJr4cL2UkZSDZj2Ctmg+5UD4bwKyPd
jMax6MT3n7z+vVKUXiEOx+HLO30xZdgb1HRB7tUzX85arf0K8ginpBEdvj7sTJTC
Ozfvv4QdSgwZr+fteHkZwD/toBXZ99osnBzWaUjL6821WzUlxavVyv3+ZFX9JcgB
CetBNRC1u8dfXV+Mu2bHVZDIjp6UjdDmqVn8f1c/UwfVZqkOHyllhPGxlQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBJXZ9o9wPT3opAoWv3OZKMymk2bMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRWxkbjJqM0E5UGVpa0NoYV9jNWtvekthVFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAA+SLgDBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAAuFr25ALepaQVVRlbVAchljuF0iRfHu/0d+RizZZXGaIGD2XLLnu
cITxGp7RQ2IedS/W5YB0t5J67/41EMiuVM5Sa+2PzXMZibtlhrxDof1TckWX/SRW
NUhsaUKewhL1EzT+rz2GSOXeVRiA0aJ6uBXlhgcEAD+kc5BzIcBWBjoq0wk4Mh2A
dCpUh4HtO/KtLYDyFvBzNR8msi1kN0ahhl58nJ3qvo2rvVK0rGpC70GF8TFxmvs2
wrl+fJhjVsl12ynfucf6/wh3zOwUmQhScD2s/aBlR1Bz46SEQaBRqoqOes+PeZwg
APR6TDEVH3hY/zVNIJWNoOrMiv+F/l1bSw==
-----END CERTIFICATE-----