Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KrFyZy0ysJPpVy69vRa7rILwB54.roa
File:                     KrFyZy0ysJPpVy69vRa7rILwB54.roa (raw, json)
Hash identifier:          ro7n6/YUhmOG657ryKly3HVy375o6bcRsDogrDyxJqs=
Subject key identifier:   2A:B1:72:67:2D:32:B0:93:E9:57:2E:BD:BD:16:BB:AC:82:F0:07:9E
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D161F1C9D1DF2A05C6486083E1BE33698
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KrFyZy0ysJPpVy69vRa7rILwB54.roa
Signing time:             Wed 17 Jan 2024 06:32:34 +0000
ROA not before:           Wed 17 Jan 2024 06:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.162.0/24 maxlen: 24
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.167.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 10:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:1f:1c:9d:1d:f2:a0:5c:64:86:08:3e:1b:e3:36:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 17 06:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ab172672d32b093e9572ebdbd16bbac82f0079e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:4c:da:dc:5b:7e:b7:ef:fe:e4:02:f0:2b:
                    d4:e6:db:ef:56:71:f0:4b:39:ac:c5:5d:81:0e:ac:
                    1f:61:bd:70:72:db:fb:80:47:e5:88:1d:21:b8:63:
                    b0:7f:8e:90:d8:ad:32:01:17:37:a1:90:ba:3e:f3:
                    4f:e8:b4:c4:8c:ae:1a:b6:bb:75:ca:32:db:ac:ff:
                    2e:28:7f:71:a7:ed:06:7e:ab:e7:e9:7a:2c:9f:4e:
                    6e:32:c5:f3:fa:d4:95:db:d2:1c:66:be:e8:8e:18:
                    20:2e:4f:e7:4a:1b:20:6e:94:32:d0:2f:9b:d7:c7:
                    15:d6:de:33:3d:74:82:d5:28:93:3c:4f:c4:aa:6f:
                    34:c2:17:c7:28:3a:90:35:4c:d8:8c:a7:2d:7a:d3:
                    a0:f4:e9:76:6a:e9:24:21:01:26:ec:ff:fe:57:79:
                    a0:5d:6a:78:35:05:3c:b1:b9:82:7e:5c:81:be:7f:
                    d5:e8:b3:c7:1c:82:bb:be:9d:61:2c:f3:7a:d8:88:
                    a5:ee:4f:f1:26:2f:b1:82:42:bd:2b:78:aa:2d:01:
                    8c:da:51:9a:6e:6f:67:74:46:f8:c2:00:6c:be:2b:
                    dd:e3:5b:75:97:3f:7b:98:f8:83:bd:27:87:b8:d2:
                    68:66:fa:f6:d5:bb:af:24:66:52:cf:3a:93:9f:dc:
                    b5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B1:72:67:2D:32:B0:93:E9:57:2E:BD:BD:16:BB:AC:82:F0:07:9E
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/KrFyZy0ysJPpVy69vRa7rILwB54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:45:fb:f4:b8:3b:f0:94:c7:30:f7:0c:35:b3:6c:f2:f3:87:
         b5:d8:fb:5b:c7:61:18:52:ab:36:9f:e0:21:15:c9:11:5f:bc:
         98:ea:d8:e7:df:6b:85:40:53:74:cb:83:5c:41:e6:29:8d:f4:
         cb:39:95:ce:80:25:cd:55:df:02:f9:72:1d:2f:1d:74:b0:88:
         76:51:57:65:6f:59:ef:08:02:df:21:c3:5c:f1:88:55:fe:1e:
         f9:94:fa:31:f9:40:e7:f7:6b:b9:a2:d1:b8:b0:e5:ad:d2:db:
         fb:1e:96:70:a4:e8:8c:62:c6:c3:8b:85:ad:fa:49:1d:66:5c:
         11:c4:77:21:8f:a1:5b:70:d8:21:ab:f1:f3:15:2a:7d:d2:f0:
         e1:2d:2f:e3:56:c8:8b:08:0c:be:56:d2:54:a3:ed:95:a7:f3:
         54:c7:79:fb:ca:19:08:12:ea:c7:af:92:a2:94:d7:73:50:e5:
         69:50:ea:f8:87:fd:86:5c:e8:54:9d:12:0d:2e:9a:57:8a:25:
         6b:3a:3a:74:30:79:3c:1d:40:bb:37:e0:c9:5a:2c:c3:22:15:
         c9:ed:2e:8c:37:cc:22:f4:b3:64:66:34:d9:3c:26:17:c5:19:
         76:aa:89:fa:7d:22:be:ee:73:02:cf:d9:91:cf:13:b9:c3:66:
         75:43:06:14
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY0WHxydHfKgXGSGCD4b4zaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTE3MDYzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWIxNzI2NzJkMzJiMDkzZTk1NzJlYmRiZDE2YmJhYzgyZjAwNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMJM2txbfrfv/uQC8CvU5tvvVnHw
SzmsxV2BDqwfYb1wctv7gEfliB0huGOwf46Q2K0yARc3oZC6PvNP6LTEjK4atrt1
yjLbrP8uKH9xp+0Gfqvn6Xosn05uMsXz+tSV29IcZr7ojhggLk/nShsgbpQy0C+b
18cV1t4zPXSC1SiTPE/Eqm80whfHKDqQNUzYjKctetOg9Ol2aukkIQEm7P/+V3mg
XWp4NQU8sbmCflyBvn/V6LPHHIK7vp1hLPN62Iil7k/xJi+xgkK9K3iqLQGM2lGa
bm9ndEb4wgBsvivd41t1lz97mPiDvSeHuNJoZvr21buvJGZSzzqTn9y1oQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCqxcmctMrCT6Vcuvb0Wu6yC8AeeMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvS3JGeVp5MHlzSlBwVnk2OXZSYTdySUx3QjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAE+SKID
BAM+SKAwDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQBsDk6AwQAsDk/MA0G
CSqGSIb3DQEBCwUAA4IBAQByRfv0uDvwlMcw9ww1s2zy84e12Ptbx2EYUqs2n+Ah
FckRX7yY6tjn32uFQFN0y4NcQeYpjfTLOZXOgCXNVd8C+XIdLx10sIh2UVdlb1nv
CALfIcNc8YhV/h75lPox+UDn92u5otG4sOWt0tv7HpZwpOiMYsbDi4Wt+kkdZlwR
xHchj6FbcNghq/HzFSp90vDhLS/jVsiLCAy+VtJUo+2Vp/NUx3n7yhkIEurHr5Ki
lNdzUOVpUOr4h/2GXOhUnRINLppXiiVrOjp0MHk8HUC7N+DJWizDIhXJ7S6MN8wi
9LNkZjTZPCYXxRl2qon6fSK+7nMCz9mRzxO5w2Z1QwYU
-----END CERTIFICATE-----