Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/XB_dc9UMCQ6rNsPmP8-3v8tdijM.roa
File:                     XB_dc9UMCQ6rNsPmP8-3v8tdijM.roa (raw, json)
Hash identifier:          NqmziweBJBeBF3D/ZyGfSS+pRxXX+40emMogZDk4aKw=
Subject key identifier:   5C:1F:DD:73:D5:0C:09:0E:AB:36:C3:E6:3F:CF:B7:BF:CB:5D:8A:33
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F2330B9D5916285A8429EAB7EDE00F15D
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/XB_dc9UMCQ6rNsPmP8-3v8tdijM.roa
Signing time:             Sun 28 Apr 2024 05:32:26 +0000
ROA not before:           Sun 28 Apr 2024 05:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 May 2024 16:33:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:23:30:b9:d5:91:62:85:a8:42:9e:ab:7e:de:00:f1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 28 05:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c1fdd73d50c090eab36c3e63fcfb7bfcb5d8a33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d8:37:f0:17:1d:83:21:96:9e:57:36:05:8f:
                    b8:53:2d:dd:0a:2d:0f:4d:84:00:07:0b:23:c3:7a:
                    6f:17:9a:a3:03:8e:16:64:df:5a:96:37:ea:51:fc:
                    30:fc:18:22:eb:38:92:d4:bf:65:66:54:15:00:49:
                    96:5a:81:42:cd:09:34:36:7b:79:62:32:0e:0f:a6:
                    88:65:c7:1b:f2:49:7c:ae:6e:02:95:fe:ec:67:10:
                    44:4b:cd:d0:b0:59:13:81:e1:26:90:52:75:2f:ed:
                    6b:64:63:39:9f:c9:ad:54:36:f1:86:b1:2d:da:a8:
                    26:1f:30:29:07:32:ff:3b:91:e2:c6:22:03:4f:b4:
                    98:c6:08:9f:2c:f1:4c:e2:13:6f:f8:0b:c9:38:6a:
                    e2:23:aa:db:9e:13:92:23:d1:cc:96:d9:3c:bf:90:
                    0e:20:fc:92:e5:a2:35:cd:4f:d9:e9:80:62:0a:7e:
                    31:12:ca:b5:2c:3f:ab:16:0c:40:53:6a:db:4d:39:
                    7f:64:81:fe:64:9b:fb:e9:84:e9:b6:65:9b:a0:ff:
                    24:bb:15:41:41:f0:61:5f:67:f6:c6:a9:23:a4:0a:
                    6a:13:45:cb:b9:92:bc:35:a3:f7:a7:d4:b7:5a:0f:
                    d6:b1:f7:1d:e2:e5:65:44:75:da:50:a6:58:b0:9f:
                    cf:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1F:DD:73:D5:0C:09:0E:AB:36:C3:E6:3F:CF:B7:BF:CB:5D:8A:33
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/XB_dc9UMCQ6rNsPmP8-3v8tdijM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.59.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:5f:54:29:5c:2f:c2:bf:b5:0d:be:a6:76:b3:78:b5:2c:6d:
         b5:d2:35:94:90:68:1a:a7:67:c1:19:d2:5b:b2:b4:94:a8:d7:
         23:a3:5a:bf:3a:7d:fa:d7:23:35:c9:92:6c:9a:43:18:e8:20:
         26:45:85:e8:cd:92:ad:9d:3c:c5:5d:ca:c5:02:df:e3:45:fe:
         90:ed:63:5c:49:52:d0:dc:40:ba:c8:8b:b9:93:0d:f7:ab:76:
         a2:9d:fa:82:0d:3d:41:d5:b9:3a:d4:0a:f7:32:28:40:f0:03:
         f2:b1:56:18:0b:5e:58:dc:f8:c8:51:e3:17:61:00:40:da:48:
         7e:87:23:e7:db:75:06:06:ad:fa:90:14:27:44:d8:4c:f8:0f:
         50:2b:c7:da:a4:81:3b:dc:0c:01:73:b6:bd:91:10:16:80:6e:
         57:16:0a:0f:84:e3:f7:f4:19:ef:df:69:2b:98:0d:e6:68:9d:
         0a:1e:e8:4e:a3:d4:6e:5e:45:5e:8a:c0:5a:5f:b5:e4:9c:42:
         6c:ed:54:3f:1e:b5:d8:1b:b1:df:29:ef:9e:a9:49:30:5a:fb:
         d0:59:c3:b8:59:e0:fc:50:73:18:38:67:bc:2d:5d:67:6a:da:
         0a:ed:a2:2c:5f:b6:ec:88:d0:a8:19:5a:5a:99:78:a9:26:fe:
         d1:3a:83:99
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY8jMLnVkWKFqEKeq37eAPFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNDI4MDUzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFmZGQ3M2Q1MGMwOTBlYWIzNmMzZTYzZmNmYjdiZmNiNWQ4YTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtg38BcdgyGWnlc2BY+4Uy3dCi0P
TYQABwsjw3pvF5qjA44WZN9aljfqUfww/Bgi6ziS1L9lZlQVAEmWWoFCzQk0Nnt5
YjIOD6aIZccb8kl8rm4Clf7sZxBES83QsFkTgeEmkFJ1L+1rZGM5n8mtVDbxhrEt
2qgmHzApBzL/O5HixiIDT7SYxgifLPFM4hNv+AvJOGriI6rbnhOSI9HMltk8v5AO
IPyS5aI1zU/Z6YBiCn4xEsq1LD+rFgxAU2rbTTl/ZIH+ZJv76YTptmWboP8kuxVB
QfBhX2f2xqkjpApqE0XLuZK8NaP3p9S3Wg/Wsfcd4uVlRHXaUKZYsJ/PBwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFFwf3XPVDAkOqzbD5j/Pt7/LXYozMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvWEJfZGM5VU1DUTZyTnNQbVA4LTN2OHRkaWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5OwMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAvF9UKVwvwr+1Db6mdrN4tSxttdI1lJBoGqdnwRnSW7K0lKjXI6Na
vzp9+tcjNcmSbJpDGOggJkWF6M2SrZ08xV3KxQLf40X+kO1jXElS0NxAusiLuZMN
96t2op36gg09QdW5OtQK9zIoQPAD8rFWGAteWNz4yFHjF2EAQNpIfocj59t1Bgat
+pAUJ0TYTPgPUCvH2qSBO9wMAXO2vZEQFoBuVxYKD4Tj9/QZ799pK5gN5midCh7o
TqPUbl5FXorAWl+15JxCbO1UPx612Bux3ynvnqlJMFr70FnDuFng/FBzGDhnvC1d
Z2raCu2iLF+27IjQqBlaWpl4qSb+0TqDmQ==
-----END CERTIFICATE-----