Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/JbCp1pYBKEPhCBka-82spPYREMU.roa
File:                     JbCp1pYBKEPhCBka-82spPYREMU.roa (raw, json)
Hash identifier:          C+ZlnT0oYWv8TX8ETlLM7shlQPu2DtBp4mNf+KfkoXg=
Subject key identifier:   25:B0:A9:D6:96:01:28:43:E1:08:19:1A:FB:CD:AC:A4:F6:11:10:C5
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01950D89FFF36749570399BD31BBB2E98453
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/JbCp1pYBKEPhCBka-82spPYREMU.roa
Signing time:             Sun 16 Feb 2025 06:55:02 +0000
ROA not before:           Sun 16 Feb 2025 06:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.184.0/24 maxlen: 24
                          62.72.185.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.5.0/24 maxlen: 24
                          81.21.6.0/24 maxlen: 24
                          81.21.7.0/24 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.56.0/24 maxlen: 24
                          176.57.57.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 20 Feb 2025 07:07:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:0d:89:ff:f3:67:49:57:03:99:bd:31:bb:b2:e9:84:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Feb 16 06:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25b0a9d696012843e108191afbcdaca4f61110c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9a:13:60:25:75:16:15:55:19:8e:c2:b9:d8:
                    e7:f1:94:2f:a8:c9:b1:20:05:fb:56:6e:d7:09:4b:
                    54:fd:f7:f4:f9:c2:40:dd:dc:d6:58:4b:d0:28:0b:
                    5d:fc:03:7a:2c:ce:95:51:7a:4b:90:43:c7:bf:2d:
                    4f:86:02:af:77:8c:74:90:78:af:88:ec:3e:89:19:
                    3d:c0:9e:32:e0:bd:6b:ff:e3:7e:01:f2:31:65:b5:
                    99:51:a9:93:95:5e:4e:1f:01:6a:ad:28:5d:b8:35:
                    26:17:73:5b:f4:d0:c3:6e:20:ed:33:1d:fb:fc:f0:
                    86:98:9d:58:1e:db:14:6d:13:65:be:fb:34:36:3b:
                    c7:eb:b8:2c:de:27:cf:d1:34:19:96:3b:73:43:e1:
                    a2:92:ef:e9:b3:a1:84:77:2f:9d:bb:a2:13:1c:c0:
                    c0:23:cb:47:9c:b3:c1:c1:d4:19:b8:4b:a0:2a:8a:
                    4c:2d:ae:87:43:e4:25:77:93:24:5f:54:83:ac:b1:
                    6b:03:93:8e:70:99:a4:81:15:ee:81:e3:0e:7a:b9:
                    7f:b3:ff:e6:34:0d:9e:d6:fd:42:0e:ff:c1:a9:f5:
                    c4:69:1c:c6:bc:c5:da:93:d3:6c:ed:2a:b9:93:9c:
                    b0:7b:32:1c:8d:b1:aa:87:0e:2d:1d:34:30:f2:0f:
                    68:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B0:A9:D6:96:01:28:43:E1:08:19:1A:FB:CD:AC:A4:F6:11:10:C5
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/JbCp1pYBKEPhCBka-82spPYREMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.184.0/23
                  62.72.191.0/24
                  81.21.2.0-81.21.7.255
                  176.57.51.0/24
                  176.57.56.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f8:ba:b5:83:51:7b:ae:a7:fd:6c:cf:36:6b:6c:1d:c7:e7:
         97:ba:54:35:4c:49:9f:ec:1d:17:a2:d0:e8:9e:61:b0:ce:1e:
         0a:26:56:1d:b9:34:c1:21:30:c7:8a:b4:2e:06:53:0f:2e:7a:
         72:bb:50:41:6e:2b:e8:11:90:b9:30:ef:e3:71:ae:eb:95:3b:
         de:72:7c:59:5f:8a:b6:19:fe:c0:62:53:39:a8:74:de:25:6d:
         b6:42:b7:f6:fd:50:b0:84:65:80:d9:a2:23:be:d9:be:7f:1b:
         a0:bf:7c:ba:10:d8:16:25:83:06:1e:d3:70:fc:95:d1:0b:51:
         b2:c6:8f:50:b4:a1:12:03:11:53:19:55:6e:08:f9:2d:a6:68:
         11:38:cb:84:d4:52:d2:a2:c6:8c:94:14:0d:aa:17:81:9f:88:
         26:4e:04:8d:4a:ab:62:de:ba:85:eb:f1:cd:85:5f:41:66:f8:
         b7:60:d8:4d:04:c5:af:3a:65:c9:d2:4c:b4:26:ce:1a:d4:7c:
         20:21:d2:26:34:3a:24:db:6b:3d:28:29:36:d4:87:a6:a9:f4:
         74:25:40:a7:58:e9:10:22:d5:f2:f7:a3:19:22:3e:e9:eb:e0:
         95:4a:4b:2a:cc:71:56:b7:91:b6:9d:d9:97:fa:40:80:55:58:
         db:d4:b2:5c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZUNif/zZ0lXA5m9Mbuy6YRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMjE2MDY1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWIwYTlkNjk2MDEyODQzZTEwODE5MWFmYmNkYWNhNGY2MTExMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5oTYCV1FhVVGY7Cudjn8ZQvqMmx
IAX7Vm7XCUtU/ff0+cJA3dzWWEvQKAtd/AN6LM6VUXpLkEPHvy1PhgKvd4x0kHiv
iOw+iRk9wJ4y4L1r/+N+AfIxZbWZUamTlV5OHwFqrShduDUmF3Nb9NDDbiDtMx37
/PCGmJ1YHtsUbRNlvvs0NjvH67gs3ifP0TQZljtzQ+Giku/ps6GEdy+du6ITHMDA
I8tHnLPBwdQZuEugKopMLa6HQ+Qld5MkX1SDrLFrA5OOcJmkgRXugeMOerl/s//m
NA2e1v1CDv/BqfXEaRzGvMXak9Ns7Sq5k5ywezIcjbGqhw4tHTQw8g9o5QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFCWwqdaWAShD4QgZGvvNrKT2ERDFMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSmJDcDFwWUJLRVBoQ0JrYS04MnNwUFlSRU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAE+SKID
BAM+SKADBAE+SLgDBAA+SL8wDAMEAVEVAgMEA1EVAAMEALA5MwMEAbA5OAMEALA5
PzANBgkqhkiG9w0BAQsFAAOCAQEAWPi6tYNRe66n/WzPNmtsHcfnl7pUNUxJn+wd
F6LQ6J5hsM4eCiZWHbk0wSEwx4q0LgZTDy56crtQQW4r6BGQuTDv43Gu65U73nJ8
WV+Kthn+wGJTOah03iVttkK39v1QsIRlgNmiI77Zvn8boL98uhDYFiWDBh7TcPyV
0QtRssaPULShEgMRUxlVbgj5LaZoETjLhNRS0qLGjJQUDaoXgZ+IJk4EjUqrYt66
hevxzYVfQWb4t2DYTQTFrzplydJMtCbOGtR8ICHSJjQ6JNtrPSgpNtSHpqn0dCVA
p1jpECLV8vejGSI+6evglUpLKsxxVreRtp3Zl/pAgFVY29SyXA==
-----END CERTIFICATE-----