Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/OAEuAjAWBBF1hG_V2ihOvn3FOdo.roa
File:                     OAEuAjAWBBF1hG_V2ihOvn3FOdo.roa (raw, json)
Hash identifier:          ZfXaOpbX+q7zmJwt9lHlqTA2LCNp0jLUHO7KuM1BCN8=
Subject key identifier:   38:01:2E:02:30:16:04:11:75:84:6F:D5:DA:28:4E:BE:7D:C5:39:DA
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018FAEED5DC1A1475427634CDDC5AD82C2B7
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/OAEuAjAWBBF1hG_V2ihOvn3FOdo.roa
Signing time:             Sat 25 May 2024 08:45:42 +0000
ROA not before:           Sat 25 May 2024 08:45:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.53.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 26 May 2024 06:46:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ae:ed:5d:c1:a1:47:54:27:63:4c:dd:c5:ad:82:c2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: May 25 08:45:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38012e023016041175846fd5da284ebe7dc539da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d1:c1:69:4a:c6:a3:2c:da:bd:73:37:cf:6b:
                    f2:5f:5c:65:6e:e3:82:b4:1a:e5:12:2c:70:62:b1:
                    19:d2:40:9c:ec:49:2d:fe:a9:1d:c7:35:30:c5:74:
                    ef:05:ef:d6:db:71:e1:f7:fb:cf:42:d5:6e:90:d3:
                    15:7b:1e:db:74:72:df:79:8f:a7:1e:5a:fe:34:46:
                    08:25:c3:0e:76:df:fc:5c:f2:15:40:63:0c:12:c2:
                    9b:e8:e2:5c:50:ff:d5:39:51:f4:8f:1f:5a:19:60:
                    08:75:ea:71:92:fd:c3:ad:32:f4:f7:1a:55:f4:73:
                    2d:80:af:2d:d3:14:da:73:61:1e:a6:7f:8d:15:ab:
                    0f:a9:ec:1d:30:fe:81:30:ad:23:70:bd:e4:dd:f0:
                    41:15:85:83:60:46:92:7e:1f:b6:42:fd:95:f9:88:
                    ae:54:00:39:7a:85:d8:54:4d:9c:3e:4f:44:c9:4f:
                    e5:89:53:7a:ee:e1:2c:8b:b7:84:6c:94:05:2b:fe:
                    eb:0a:62:bd:73:7e:e5:62:06:01:63:b0:ee:7e:2a:
                    ec:81:fa:b6:e1:20:b4:44:f9:21:77:b2:d4:5d:de:
                    b4:b7:1e:58:67:4c:f1:a9:79:bf:b8:93:9a:71:d0:
                    a9:ea:eb:f9:cd:06:4b:9d:49:ac:cc:d6:51:05:e0:
                    49:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:01:2E:02:30:16:04:11:75:84:6F:D5:DA:28:4E:BE:7D:C5:39:DA
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/OAEuAjAWBBF1hG_V2ihOvn3FOdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.53.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:35:cb:43:ee:97:1b:10:83:8d:a8:1d:68:62:ae:b2:ea:ee:
         fa:08:f3:8f:74:bc:af:41:28:4a:20:7e:cb:22:a7:35:af:d3:
         d5:47:2f:a5:33:89:62:06:13:8e:c4:42:b7:65:a7:c3:7d:b9:
         b0:3a:4b:e5:9b:f2:69:f5:fe:89:20:0a:f1:f2:42:44:93:af:
         bb:15:a7:76:d9:1f:60:dd:86:ce:bf:fd:f5:49:bf:8e:ac:d4:
         a7:f1:2d:03:60:1c:65:01:c2:ba:7b:ae:e5:46:90:53:1c:f8:
         f2:7d:ff:04:54:c8:df:34:d7:b5:0b:df:17:bd:cb:41:5c:63:
         ea:6b:2e:89:2d:db:97:29:6a:ba:43:b3:39:5b:22:6a:38:2d:
         52:f9:ba:31:52:d2:fa:fb:3f:4d:49:3d:88:ff:3a:90:60:d8:
         a5:3c:7f:5a:db:b6:0c:2f:a8:bd:cd:e8:9a:9c:25:30:99:b5:
         eb:83:d0:b8:14:69:d5:e1:30:f0:99:b3:9e:6e:04:53:18:36:
         63:be:c2:cb:b6:4b:b9:5e:48:0a:f1:ed:9a:e6:89:9e:76:71:
         a3:6a:73:c0:c9:18:a9:43:e5:7a:c8:b6:87:28:8a:b0:9e:63:
         fc:d7:05:25:37:b1:19:a4:d9:b8:9c:37:ae:99:fb:43:b3:c0:
         9f:d4:58:23
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY+u7V3BoUdUJ2NM3cWtgsK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNTI1MDg0NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAxMmUwMjMwMTYwNDExNzU4NDZmZDVkYTI4NGViZTdkYzUzOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNHBaUrGoyzavXM3z2vyX1xlbuOC
tBrlEixwYrEZ0kCc7Ekt/qkdxzUwxXTvBe/W23Hh9/vPQtVukNMVex7bdHLfeY+n
Hlr+NEYIJcMOdt/8XPIVQGMMEsKb6OJcUP/VOVH0jx9aGWAIdepxkv3DrTL09xpV
9HMtgK8t0xTac2Eepn+NFasPqewdMP6BMK0jcL3k3fBBFYWDYEaSfh+2Qv2V+Yiu
VAA5eoXYVE2cPk9EyU/liVN67uEsi7eEbJQFK/7rCmK9c37lYgYBY7Dufirsgfq2
4SC0RPkhd7LUXd60tx5YZ0zxqXm/uJOacdCp6uv5zQZLnUmszNZRBeBJ1QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFDgBLgIwFgQRdYRv1dooTr59xTnaMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvT0FFdUFqQVdCQkYxaEdfVjJpaE92bjNGT2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5NQMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAHzXLQ+6XGxCDjagdaGKusuru+gjzj3S8r0EoSiB+yyKnNa/T1Ucv
pTOJYgYTjsRCt2Wnw325sDpL5ZvyafX+iSAK8fJCRJOvuxWndtkfYN2Gzr/99Um/
jqzUp/EtA2AcZQHCunuu5UaQUxz48n3/BFTI3zTXtQvfF73LQVxj6msuiS3blylq
ukOzOVsiajgtUvm6MVLS+vs/TUk9iP86kGDYpTx/Wtu2DC+ovc3ompwlMJm164PQ
uBRp1eEw8Jmznm4EUxg2Y77Cy7ZLuV5ICvHtmuaJnnZxo2pzwMkYqUPlesi2hyiK
sJ5j/NcFJTexGaTZuJw3rpn7Q7PAn9RYIw==
-----END CERTIFICATE-----