Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_7xdm6V8zRHC_mTnIFqzB_m0FXQ.roa
File:                     _7xdm6V8zRHC_mTnIFqzB_m0FXQ.roa (raw, json)
Hash identifier:          KzZtvgMoPdW9Dy06hL3W/8VN+GyMycyPXKcIHCNF+No=
Subject key identifier:   FF:BC:5D:9B:A5:7C:CD:11:C2:FE:64:E7:20:5A:B3:07:F9:B4:15:74
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CCEA12DBA723D920801E180C7DCA1E442
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_7xdm6V8zRHC_mTnIFqzB_m0FXQ.roa
Signing time:             Wed 03 Jan 2024 09:21:58 +0000
ROA not before:           Wed 03 Jan 2024 09:21:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.182.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          81.21.10.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Jan 2024 12:27:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:a1:2d:ba:72:3d:92:08:01:e1:80:c7:dc:a1:e4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  3 09:21:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffbc5d9ba57ccd11c2fe64e7205ab307f9b41574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6b:d4:14:57:eb:86:cc:74:8d:2e:2b:53:fc:
                    0d:55:b9:58:4b:7b:a0:fa:ed:e4:6f:de:08:57:cd:
                    c7:24:92:d2:57:b6:45:6e:0a:3e:71:a3:7e:ce:8f:
                    7d:c9:40:c7:5d:7b:a0:3c:50:f4:ec:63:23:43:7a:
                    fd:0c:2d:d4:4f:b3:3a:1b:da:2a:23:d6:9f:4d:9d:
                    8c:68:08:46:7b:01:26:08:04:32:d6:5a:c5:0d:6a:
                    e5:43:12:f7:f5:24:37:a4:d6:e3:9a:68:06:7c:dd:
                    05:7c:a0:13:47:ca:2e:d5:bc:f5:16:b0:98:ac:55:
                    ed:02:eb:54:83:84:41:d1:71:f7:6a:93:ba:9d:bf:
                    06:47:93:d8:e1:a8:44:93:04:41:5a:58:87:42:e8:
                    0f:ac:70:e0:e9:2a:c3:de:f8:19:f0:5c:67:85:d2:
                    1b:0c:57:7d:16:9d:32:f7:2b:cb:7e:44:ae:41:39:
                    d2:95:2d:8c:a0:89:65:13:85:c1:9d:e1:df:1b:a5:
                    9c:13:c2:f0:d7:58:03:14:ff:40:26:97:b6:c5:8e:
                    3f:98:67:8a:29:57:89:26:2e:84:fa:64:4c:79:e7:
                    07:ec:8f:47:33:fa:4f:76:e8:69:6e:be:f2:c4:b3:
                    74:94:e4:d7:59:2e:f7:05:66:c2:d0:6f:96:48:1e:
                    11:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:BC:5D:9B:A5:7C:CD:11:C2:FE:64:E7:20:5A:B3:07:F9:B4:15:74
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_7xdm6V8zRHC_mTnIFqzB_m0FXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.182.0/24
                  62.72.191.0/24
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:73:5d:c7:9f:6a:34:8f:3d:e3:b8:e9:5b:5a:5c:53:56:4b:
         98:55:c0:57:92:35:2d:5b:a8:38:83:0a:15:31:20:54:fe:5b:
         43:8f:fe:75:3b:00:4a:48:4f:79:f2:84:34:b2:92:24:f3:04:
         d8:1a:0b:2c:f2:b1:7d:a3:10:f1:a4:f0:b7:b9:37:7d:1c:b9:
         52:73:f9:1b:93:45:a6:2a:c4:4b:b3:8a:4a:ac:a3:9f:f9:ed:
         8c:6b:f9:78:eb:7e:4e:40:34:c7:32:ac:2f:aa:fa:2c:0a:9a:
         4f:a3:e4:b8:f6:b0:0d:c7:e1:71:4c:a2:b5:e7:02:eb:a6:85:
         9b:c3:8d:32:53:d1:44:85:70:6b:83:02:63:40:61:a9:05:5d:
         4e:37:af:42:c1:2e:26:0f:08:44:d9:db:2c:12:5d:77:8e:67:
         f0:5c:ad:9b:83:ea:0d:d4:7f:e8:21:0e:4a:f6:cd:3b:94:40:
         81:78:fa:d8:50:33:f5:35:ce:0f:68:2b:8d:d8:e5:aa:a2:d7:
         ef:30:fb:97:bd:fd:11:d0:86:d7:fa:6d:20:21:67:3f:0f:b7:
         9f:7d:1b:90:15:04:d6:53:e5:93:ec:25:e4:2e:27:ca:ba:ca:
         00:b1:2c:30:37:f1:52:99:b1:91:a5:26:6a:2d:90:7f:4f:1e:
         db:60:cf:07
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzOoS26cj2SCAHhgMfcoeRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAzMDkyMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmJjNWQ5YmE1N2NjZDExYzJmZTY0ZTcyMDVhYjMwN2Y5YjQxNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimvUFFfrhsx0jS4rU/wNVblYS3ug
+u3kb94IV83HJJLSV7ZFbgo+caN+zo99yUDHXXugPFD07GMjQ3r9DC3UT7M6G9oq
I9afTZ2MaAhGewEmCAQy1lrFDWrlQxL39SQ3pNbjmmgGfN0FfKATR8ou1bz1FrCY
rFXtAutUg4RB0XH3apO6nb8GR5PY4ahEkwRBWliHQugPrHDg6SrD3vgZ8FxnhdIb
DFd9Fp0y9yvLfkSuQTnSlS2MoIllE4XBneHfG6WcE8Lw11gDFP9AJpe2xY4/mGeK
KVeJJi6E+mRMeecH7I9HM/pPduhpbr7yxLN0lOTXWS73BWbC0G+WSB4RNQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFP+8XZulfM0Rwv5k5yBaswf5tBV0MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvXzd4ZG02Vjh6UkhDX21UbklGcXpCX20wRlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAE+SKID
BAM+SKADBAA+SLYDBAA+SL8wDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQB
sDk6AwQAsDk/MA0GCSqGSIb3DQEBCwUAA4IBAQBCc13Hn2o0jz3juOlbWlxTVkuY
VcBXkjUtW6g4gwoVMSBU/ltDj/51OwBKSE958oQ0spIk8wTYGgss8rF9oxDxpPC3
uTd9HLlSc/kbk0WmKsRLs4pKrKOf+e2Ma/l4635OQDTHMqwvqvosCppPo+S49rAN
x+FxTKK15wLrpoWbw40yU9FEhXBrgwJjQGGpBV1ON69CwS4mDwhE2dssEl13jmfw
XK2bg+oN1H/oIQ5K9s07lECBePrYUDP1Nc4PaCuN2OWqotfvMPuXvf0R0IbX+m0g
IWc/D7effRuQFQTWU+WT7CXkLifKusoAsSwwN/FSmbGRpSZqLZB/Tx7bYM8H
-----END CERTIFICATE-----