Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/QGxhf7mguO3y5MGMttRtLN7YSng.roa
File:                     QGxhf7mguO3y5MGMttRtLN7YSng.roa (raw, json)
Hash identifier:          Xim+FYFaoHlhY9SfQGHRYkrxGVrHvya/pAv+8kUtY4U=
Subject key identifier:   40:6C:61:7F:B9:A0:B8:ED:F2:E4:C1:8C:B6:D4:6D:2C:DE:D8:4A:78
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018DFF5309142D92090903F542D3717FBEC2
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/QGxhf7mguO3y5MGMttRtLN7YSng.roa
Signing time:             Sat 02 Mar 2024 13:20:48 +0000
ROA not before:           Sat 02 Mar 2024 13:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.180.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 13:52:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ff:53:09:14:2d:92:09:09:03:f5:42:d3:71:7f:be:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  2 13:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=406c617fb9a0b8edf2e4c18cb6d46d2cded84a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7a:fc:60:6d:31:ea:a6:41:9d:0e:7e:f2:06:
                    50:9b:5b:40:09:41:d2:02:7d:96:36:d0:ef:b4:08:
                    01:6c:f2:ca:43:24:25:d1:4c:a2:11:a8:97:10:de:
                    e9:12:80:5d:8a:09:20:0f:41:21:3a:1b:e6:c2:7d:
                    1e:7e:e1:d6:6a:ca:9e:37:b7:5f:a6:f5:fe:ae:6f:
                    01:a1:da:5d:5a:e7:e8:4d:80:f5:f0:de:30:ce:64:
                    ad:4d:3c:cf:5b:85:07:46:d5:6c:cd:11:ef:a0:5e:
                    3c:83:13:e1:ec:9d:48:46:ed:21:2d:3c:95:5a:67:
                    6f:9c:21:5c:bf:40:2c:23:9f:23:a4:5d:a5:2e:04:
                    55:42:c7:5d:59:12:31:45:b7:d4:2b:d1:03:ca:e3:
                    db:ba:4e:7a:3d:56:7c:71:c4:89:b3:5b:52:71:c4:
                    9a:91:55:2c:17:21:35:05:42:85:07:ba:20:e4:6a:
                    31:90:1b:32:75:6f:1a:fd:24:d4:81:c0:a0:5e:49:
                    80:b9:6e:14:c2:97:aa:5b:b9:05:42:46:b3:fb:8b:
                    54:d0:04:e5:83:5b:60:50:99:88:55:19:95:28:33:
                    2f:63:2c:16:98:d1:06:62:63:73:df:58:b0:bb:58:
                    fa:13:25:43:86:95:28:c8:44:5e:db:9e:ce:5f:77:
                    c7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6C:61:7F:B9:A0:B8:ED:F2:E4:C1:8C:B6:D4:6D:2C:DE:D8:4A:78
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/QGxhf7mguO3y5MGMttRtLN7YSng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.180.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:3d:25:4e:1e:3c:0b:b6:6d:c1:2e:63:ce:e8:1b:ef:40:1e:
         8f:2e:e1:2f:c6:2e:ad:f8:cb:4c:d9:d4:a0:75:18:78:56:b3:
         5a:ec:2e:d6:71:d6:81:0e:b1:f2:5c:94:f5:34:99:7d:2d:52:
         b0:48:b4:22:61:38:d4:49:74:66:76:dd:11:84:ad:b8:51:84:
         38:26:a6:9c:d4:a6:a1:73:3a:3d:6c:d0:6d:c5:99:e0:af:8f:
         f6:2e:99:7f:ce:1e:70:54:46:9f:e3:66:0d:0f:0c:9e:52:7d:
         7d:20:22:cf:69:f0:14:75:11:f9:bb:b6:78:29:ac:43:37:4c:
         7e:64:46:00:c2:f1:5f:f6:d3:11:e9:6f:94:9f:85:2d:b5:4c:
         81:61:4b:3f:ab:ce:b6:5c:60:5d:d8:73:b8:54:ae:a4:40:4c:
         56:fe:85:77:ac:03:03:88:b9:45:09:ab:86:36:07:89:b3:0e:
         5b:b4:e0:3e:dd:4e:fb:00:2d:3a:ea:43:d3:4c:ef:a5:71:69:
         2d:0d:77:79:41:15:cb:6b:b4:0e:80:79:73:91:db:80:08:56:
         7f:ce:12:82:be:88:0f:9e:b8:17:07:65:c5:c0:c9:e9:1f:d0:
         cf:e4:a3:9e:6d:8d:a7:bc:27:10:77:24:1a:41:59:86:b5:5a:
         dd:c6:98:58
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY3/UwkULZIJCQP1QtNxf77CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMzAyMTMyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZjNjE3ZmI5YTBiOGVkZjJlNGMxOGNiNmQ0NmQyY2RlZDg0YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHr8YG0x6qZBnQ5+8gZQm1tACUHS
An2WNtDvtAgBbPLKQyQl0UyiEaiXEN7pEoBdigkgD0EhOhvmwn0efuHWasqeN7df
pvX+rm8BodpdWufoTYD18N4wzmStTTzPW4UHRtVszRHvoF48gxPh7J1IRu0hLTyV
WmdvnCFcv0AsI58jpF2lLgRVQsddWRIxRbfUK9EDyuPbuk56PVZ8ccSJs1tSccSa
kVUsFyE1BUKFB7og5GoxkBsydW8a/STUgcCgXkmAuW4UwpeqW7kFQkaz+4tU0ATl
g1tgUJmIVRmVKDMvYywWmNEGYmNz31iwu1j6EyVDhpUoyERe257OX3fHAQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEBsYX+5oLjt8uTBjLbUbSze2Ep4MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUUd4aGY3bWd1TzN5NU1HTXR0UnRMTjdZU25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAE+SKID
BAM+SKADBAA+SLQDBAA+SL0wDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQB
sDk6AwQAsDk/MA0GCSqGSIb3DQEBCwUAA4IBAQCSPSVOHjwLtm3BLmPO6BvvQB6P
LuEvxi6t+MtM2dSgdRh4VrNa7C7WcdaBDrHyXJT1NJl9LVKwSLQiYTjUSXRmdt0R
hK24UYQ4Jqac1Kahczo9bNBtxZngr4/2Lpl/zh5wVEaf42YNDwyeUn19ICLPafAU
dRH5u7Z4KaxDN0x+ZEYAwvFf9tMR6W+Un4UttUyBYUs/q862XGBd2HO4VK6kQExW
/oV3rAMDiLlFCauGNgeJsw5btOA+3U77AC066kPTTO+lcWktDXd5QRXLa7QOgHlz
kduACFZ/zhKCvogPnrgXB2XFwMnpH9DP5KOebY2nvCcQdyQaQVmGtVrdxphY
-----END CERTIFICATE-----