Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HTobgJ3OioZQ927Fmusvtd-p9yo.roa
File:                     HTobgJ3OioZQ927Fmusvtd-p9yo.roa (raw, json)
Hash identifier:          WL3/iH6BQZdtMw7CkHuhzf8DlrY6rOsdXQka3kxShZk=
Subject key identifier:   1D:3A:1B:80:9D:CE:8A:86:50:F7:6E:C5:9A:EB:2F:B5:DF:A9:F7:2A
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CE2BD07CDAF1036E2F8F0877EB4D84053
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HTobgJ3OioZQ927Fmusvtd-p9yo.roa
Signing time:             Sun 07 Jan 2024 07:04:48 +0000
ROA not before:           Sun 07 Jan 2024 07:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.173.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          176.57.63.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 06:41:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e2:bd:07:cd:af:10:36:e2:f8:f0:87:7e:b4:d8:40:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  7 07:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d3a1b809dce8a8650f76ec59aeb2fb5dfa9f72a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:48:19:52:65:bd:d4:fc:f8:2b:0c:43:c8:b0:
                    e6:f9:36:d6:8c:c7:de:08:be:0e:c1:08:70:0b:f8:
                    07:0e:5e:9d:d9:0b:9c:ba:d5:e9:66:30:b6:16:43:
                    3f:14:1b:e5:55:32:6b:8a:30:1b:24:73:51:94:d6:
                    c0:a8:65:15:e8:d1:60:66:7a:e0:1b:ab:0a:16:ff:
                    22:81:9a:8b:15:73:9c:a6:1b:73:12:45:c6:89:cc:
                    ae:a4:87:49:c3:b3:83:d5:95:cf:6d:9c:4a:a1:3e:
                    d1:de:e7:74:f8:04:22:d4:30:c7:77:2c:0a:2f:a0:
                    d2:14:5e:6b:13:ca:a3:14:27:a8:c1:12:3e:7b:19:
                    fa:9d:0c:a9:49:b7:86:39:ce:d3:61:99:c7:23:db:
                    cf:94:55:96:cf:3d:44:b8:18:b1:e6:07:d2:82:37:
                    30:b6:13:b3:99:c8:38:b3:76:1a:fe:3a:c8:5a:67:
                    44:b5:94:14:d8:3a:7d:0e:c2:33:8e:3e:f3:f2:7f:
                    a1:27:53:9b:d6:d6:f0:49:57:56:6f:da:b7:3a:0a:
                    c4:35:c2:dc:10:47:01:3c:5c:d1:08:d0:29:5f:c3:
                    0c:6e:9b:51:bd:08:3d:95:8c:b9:94:a9:e1:2a:71:
                    5d:df:9a:b9:6d:d2:76:b9:24:6a:74:13:c6:4e:6a:
                    c4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:3A:1B:80:9D:CE:8A:86:50:F7:6E:C5:9A:EB:2F:B5:DF:A9:F7:2A
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HTobgJ3OioZQ927Fmusvtd-p9yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.173.0/24
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:22:5c:c6:91:3b:67:27:70:f6:c8:f2:db:17:0a:83:14:c6:
         e6:ee:6e:85:0c:27:35:71:d4:dc:1b:78:bb:db:c4:c8:84:8c:
         bc:bc:5c:fd:8d:d5:17:b1:0d:d6:0a:5b:ab:da:01:3b:6a:41:
         ad:5a:e8:3b:85:b3:98:b9:03:f3:4a:9c:03:9f:1a:97:ea:e3:
         f2:83:dd:d6:52:83:b2:c3:aa:48:f4:81:cb:31:b2:4d:58:54:
         ab:fd:6e:8d:89:44:66:fd:ff:eb:3c:80:7e:74:9a:db:81:31:
         26:aa:b9:19:72:5b:11:5c:a4:cf:e5:6c:b4:c9:ea:bb:19:ad:
         86:a9:91:91:ed:ef:c6:57:f8:2a:19:8c:6a:6c:7a:72:cf:37:
         ec:4d:bb:fb:1e:61:43:88:7f:74:c9:c7:5f:e1:9a:b5:37:52:
         a8:8f:ac:bc:79:c8:32:49:e3:94:72:ca:23:dc:28:08:b6:08:
         03:81:0b:ba:46:49:6f:5b:a7:ec:0a:7f:36:c5:44:a0:e8:d3:
         d0:73:6d:2c:ea:bc:d9:33:25:fe:f0:3a:c2:59:f7:bc:0b:9f:
         65:2b:f1:9b:ad:26:32:a0:63:dd:fb:20:4d:8d:0c:c4:40:80:
         71:48:21:e8:30:dd:b0:02:64:da:ec:0b:3d:ad:a8:73:0f:96:
         7b:61:15:67
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzivQfNrxA24vjwh3602EBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTA3MDcwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDNhMWI4MDlkY2U4YTg2NTBmNzZlYzU5YWViMmZiNWRmYTlmNzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0gZUmW91Pz4KwxDyLDm+TbWjMfe
CL4OwQhwC/gHDl6d2QucutXpZjC2FkM/FBvlVTJrijAbJHNRlNbAqGUV6NFgZnrg
G6sKFv8igZqLFXOcphtzEkXGicyupIdJw7OD1ZXPbZxKoT7R3ud0+AQi1DDHdywK
L6DSFF5rE8qjFCeowRI+exn6nQypSbeGOc7TYZnHI9vPlFWWzz1EuBix5gfSgjcw
thOzmcg4s3Ya/jrIWmdEtZQU2Dp9DsIzjj7z8n+hJ1Ob1tbwSVdWb9q3OgrENcLc
EEcBPFzRCNApX8MMbptRvQg9lYy5lKnhKnFd35q5bdJ2uSRqdBPGTmrE4wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFB06G4CdzoqGUPduxZrrL7XfqfcqMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSFRvYmdKM09pb1pROTI3Rm11c3Z0ZC1wOXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+SKID
BAM+SKADBAA+SK0wDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQBsDk6AwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQCuIlzGkTtnJ3D2yPLbFwqDFMbm7m6FDCc1
cdTcG3i728TIhIy8vFz9jdUXsQ3WClur2gE7akGtWug7hbOYuQPzSpwDnxqX6uPy
g93WUoOyw6pI9IHLMbJNWFSr/W6NiURm/f/rPIB+dJrbgTEmqrkZclsRXKTP5Wy0
yeq7Ga2GqZGR7e/GV/gqGYxqbHpyzzfsTbv7HmFDiH90ycdf4Zq1N1Koj6y8ecgy
SeOUcsoj3CgItggDgQu6RklvW6fsCn82xUSg6NPQc20s6rzZMyX+8DrCWfe8C59l
K/GbrSYyoGPd+yBNjQzEQIBxSCHoMN2wAmTa7As9rahzD5Z7YRVn
-----END CERTIFICATE-----