Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EyqmlpbfCp3erbvY02zrQkyFfL0.roa
File:                     EyqmlpbfCp3erbvY02zrQkyFfL0.roa (raw, json)
Hash identifier:          0IELopSkHZ1ECwf+uLrVeb5vrewkKJzw3QP7PrYj4qY=
Subject key identifier:   13:2A:A6:96:96:DF:0A:9D:DE:AD:BB:D8:D3:6C:EB:42:4C:85:7C:BD
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018EFC3AB17A79D8E73535730BD60AD2A02E
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EyqmlpbfCp3erbvY02zrQkyFfL0.roa
Signing time:             Sat 20 Apr 2024 15:58:08 +0000
ROA not before:           Sat 20 Apr 2024 15:58:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/24 maxlen: 24
                          62.72.176.0/24 maxlen: 24
                          62.72.183.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 10:09:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fc:3a:b1:7a:79:d8:e7:35:35:73:0b:d6:0a:d2:a0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 20 15:58:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=132aa69696df0a9ddeadbbd8d36ceb424c857cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:98:7f:a4:ec:58:b9:06:46:8d:dd:58:2d:f2:
                    97:91:ae:6c:cc:30:4c:6b:e3:34:dc:5b:de:74:36:
                    94:26:b7:d1:6b:69:ce:1e:51:7d:51:47:0e:92:2c:
                    96:b1:95:3c:3c:de:39:e3:a3:b4:b4:cc:08:8b:e7:
                    d6:5f:01:7f:b5:60:c8:53:4d:28:96:97:77:44:53:
                    44:7e:ca:59:b2:30:49:d7:4b:6a:38:2e:0e:34:02:
                    36:9c:13:78:6e:bd:cb:f7:67:2c:5f:cc:7d:a6:63:
                    72:1d:4c:3d:3d:99:5e:ac:0a:93:9d:82:8a:6d:28:
                    10:36:8d:60:fc:b4:8f:b8:86:fb:83:f1:59:02:e9:
                    c1:80:b9:e7:82:f3:16:64:77:5b:bb:6d:5e:cc:e3:
                    ab:8d:3f:c9:35:71:1b:36:c7:ac:a2:ac:a0:68:54:
                    39:e9:b7:db:3e:d5:9d:10:1b:bd:a7:d3:c7:07:4d:
                    fb:9a:b5:d0:fb:f0:82:ec:87:25:45:f1:e7:6d:70:
                    48:14:0b:45:43:a4:f7:d3:2b:ab:e0:21:18:05:86:
                    01:af:eb:a9:12:5b:76:18:7f:55:a9:68:0f:d4:e7:
                    cf:2c:b1:55:c1:8b:61:21:c4:a7:f1:12:1d:09:78:
                    0d:cb:cf:0c:02:6b:37:a0:ab:df:2b:d9:12:20:11:
                    33:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:2A:A6:96:96:DF:0A:9D:DE:AD:BB:D8:D3:6C:EB:42:4C:85:7C:BD
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/EyqmlpbfCp3erbvY02zrQkyFfL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.176.0/24
                  62.72.183.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.7.255
                  81.21.9.0-81.21.15.255
                  176.57.59.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b1:08:fc:8c:7b:49:b1:93:f6:ba:82:b7:b2:39:da:cd:e4:
         75:57:ed:34:fe:0e:34:3b:91:45:98:2c:7f:3a:6a:aa:97:95:
         38:d0:33:33:c2:bc:37:ee:68:52:82:0f:a3:c8:d3:06:35:98:
         a5:7c:dc:61:86:ca:66:2a:ab:de:60:ad:2d:6b:35:60:ba:5c:
         a1:b2:8f:31:d6:e4:e5:21:ad:18:06:c2:bb:3b:d2:6a:a2:40:
         70:1f:5e:92:29:b7:46:7c:9b:6b:60:31:e6:b0:0c:d9:aa:46:
         26:24:11:b2:1b:74:04:9b:ee:22:f7:f8:c7:d7:96:14:47:09:
         73:f5:1c:a5:3d:88:a5:53:66:6d:70:d1:fb:b7:f8:28:f4:02:
         f5:bc:1c:a2:6a:78:3a:3d:f0:04:5b:9e:99:ce:68:ef:43:4d:
         35:de:31:78:27:b6:3a:6a:68:a4:eb:be:64:77:69:c1:bf:e9:
         59:a4:e1:07:f6:5b:47:82:1c:fa:69:e3:2a:f8:6c:e2:b4:cc:
         94:c0:16:b1:fe:2f:28:10:ba:58:bf:a4:97:d7:ce:a5:74:24:
         23:56:c8:dc:65:6b:2f:c2:d1:f0:de:12:5a:ed:7d:35:b8:f6:
         a9:ac:53:87:a5:5a:f5:4b:78:43:46:82:f1:68:42:f2:c4:9a:
         26:66:77:b6
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY78OrF6edjnNTVzC9YK0qAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNDIwMTU1ODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzJhYTY5Njk2ZGYwYTlkZGVhZGJiZDhkMzZjZWI0MjRjODU3Y2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5h/pOxYuQZGjd1YLfKXka5szDBM
a+M03FvedDaUJrfRa2nOHlF9UUcOkiyWsZU8PN4546O0tMwIi+fWXwF/tWDIU00o
lpd3RFNEfspZsjBJ10tqOC4ONAI2nBN4br3L92csX8x9pmNyHUw9PZlerAqTnYKK
bSgQNo1g/LSPuIb7g/FZAunBgLnngvMWZHdbu21ezOOrjT/JNXEbNsesoqygaFQ5
6bfbPtWdEBu9p9PHB037mrXQ+/CC7IclRfHnbXBIFAtFQ6T30yur4CEYBYYBr+up
Elt2GH9VqWgP1OfPLLFVwYthIcSn8RIdCXgNy88MAms3oKvfK9kSIBEzbwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBMqppaW3wqd3q272NNs60JMhXy9MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRXlxbWxwYmZDcDNlcmJ2WTAyenJRa3lGZkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBAE+SKID
BAM+SKADBAA+SLADBAA+SLcDBAA+SL0wDAMEAVEVAgMEA1EVADAMAwQAURUJAwQE
URUAAwQAsDk7AwQAsDk/MA0GCSqGSIb3DQEBCwUAA4IBAQBzsQj8jHtJsZP2uoK3
sjnazeR1V+00/g40O5FFmCx/Omqql5U40DMzwrw37mhSgg+jyNMGNZilfNxhhspm
KqveYK0tazVgulyhso8x1uTlIa0YBsK7O9JqokBwH16SKbdGfJtrYDHmsAzZqkYm
JBGyG3QEm+4i9/jH15YURwlz9RylPYilU2ZtcNH7t/go9AL1vByiang6PfAEW56Z
zmjvQ0013jF4J7Y6amik675kd2nBv+lZpOEH9ltHghz6aeMq+GzitMyUwBax/i8o
ELpYv6SX186ldCQjVsjcZWsvwtHw3hJa7X01uPaprFOHpVr1S3hDRoLxaELyxJom
Zne2
-----END CERTIFICATE-----