Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_CyCdEX6wDgC0TKU7F5s3t6gAHU.roa
File:                     _CyCdEX6wDgC0TKU7F5s3t6gAHU.roa (raw, json)
Hash identifier:          ALaYORIPzGFpCXDgF20WllQQd8LV2fgkABrThwarRws=
Subject key identifier:   FC:2C:82:74:45:FA:C0:38:02:D1:32:94:EC:5E:6C:DE:DE:A0:00:75
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CF2206E394ECE983B6BDECD1EA8BF43E2
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_CyCdEX6wDgC0TKU7F5s3t6gAHU.roa
Signing time:             Wed 10 Jan 2024 06:47:40 +0000
ROA not before:           Wed 10 Jan 2024 06:47:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.189.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          176.57.63.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 10:37:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:20:6e:39:4e:ce:98:3b:6b:de:cd:1e:a8:bf:43:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 10 06:47:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc2c827445fac03802d13294ec5e6cdedea00075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:51:d4:6b:19:ae:f2:6f:df:b5:b9:82:b1:2b:
                    95:04:ae:6a:44:f7:aa:ed:ab:18:aa:73:3f:33:44:
                    bc:b2:5a:56:a3:20:ca:c2:24:d8:fd:db:e3:1d:29:
                    2e:56:30:5a:a5:47:1d:70:1b:a8:27:15:22:9e:74:
                    75:d2:1e:a1:70:1f:96:35:14:ce:9a:1b:34:64:43:
                    d2:46:49:c9:60:a6:c1:e0:93:f5:b8:d9:bc:69:c0:
                    be:50:1d:ab:fd:85:87:69:a5:74:59:d3:e4:ae:55:
                    91:0e:9d:70:7f:0d:d5:1b:c5:8a:0c:2b:2c:6a:03:
                    c7:94:46:8f:f5:d0:28:0d:e1:19:75:51:c9:a3:6c:
                    d3:c3:39:9d:68:b2:19:e1:e2:84:49:31:89:c5:b3:
                    38:c1:06:6e:3b:43:dc:f0:d9:b1:7e:1a:bd:87:2b:
                    55:52:0a:50:80:92:fa:95:b4:7c:fc:6c:ed:4a:c8:
                    c9:a0:ef:1f:ba:4c:b9:4c:36:13:64:f9:78:07:43:
                    2e:ea:0f:40:e2:91:8d:50:25:40:41:e4:47:36:36:
                    7d:7e:f0:18:74:c8:5d:f8:96:34:a1:18:54:05:e7:
                    b3:48:49:4f:a2:4f:4a:e7:a7:50:f4:7b:16:3a:16:
                    23:24:54:b0:b1:2f:13:cd:7d:ca:4c:07:02:02:8d:
                    92:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:2C:82:74:45:FA:C0:38:02:D1:32:94:EC:5E:6C:DE:DE:A0:00:75
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_CyCdEX6wDgC0TKU7F5s3t6gAHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:2b:15:b0:7c:d8:c4:1d:c6:af:c2:50:7f:38:87:aa:d1:fb:
         e6:fb:ab:d3:72:e6:d2:9d:b6:9c:e7:06:d7:e8:42:1c:f3:73:
         ed:7e:7f:a3:50:2b:36:10:a4:5e:b7:c8:93:01:29:53:ec:4c:
         7c:7f:9d:88:a2:74:19:ca:02:b5:43:ec:6f:a5:8f:d8:8e:c5:
         7f:2f:be:b6:d8:0a:15:06:9e:22:10:f8:19:ba:13:9e:fb:cd:
         58:62:ac:57:d3:45:44:f9:f1:13:f3:e8:40:8a:d4:4f:d6:57:
         4a:9e:f5:7e:b7:c1:0d:a6:65:77:0e:f4:51:41:b0:1a:32:28:
         b8:85:22:6e:e4:c0:94:68:42:af:67:a8:7b:ba:c6:c4:11:c7:
         a6:55:89:3e:6e:df:5d:6f:57:47:ab:3a:ec:3f:74:18:9b:10:
         da:bf:e2:d4:cf:e2:15:98:ab:f7:4a:47:01:fd:72:fc:66:e1:
         04:d1:04:d1:fd:b3:06:74:5d:a0:ec:94:75:f0:1e:b1:18:f1:
         89:ef:32:ae:82:9b:2f:b3:32:16:7c:f9:2b:19:42:05:5b:b2:
         d3:0e:eb:79:96:17:00:3c:92:83:3a:90:22:e2:5c:55:e0:61:
         b3:50:b5:73:49:db:ee:6b:03:80:db:38:50:59:5e:44:b9:cb:
         37:84:c6:aa
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzyIG45Ts6YO2vezR6ov0PiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTEwMDY0NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzJjODI3NDQ1ZmFjMDM4MDJkMTMyOTRlYzVlNmNkZWRlYTAwMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1HUaxmu8m/ftbmCsSuVBK5qRPeq
7asYqnM/M0S8slpWoyDKwiTY/dvjHSkuVjBapUcdcBuoJxUinnR10h6hcB+WNRTO
mhs0ZEPSRknJYKbB4JP1uNm8acC+UB2r/YWHaaV0WdPkrlWRDp1wfw3VG8WKDCss
agPHlEaP9dAoDeEZdVHJo2zTwzmdaLIZ4eKESTGJxbM4wQZuO0Pc8Nmxfhq9hytV
UgpQgJL6lbR8/GztSsjJoO8fuky5TDYTZPl4B0Mu6g9A4pGNUCVAQeRHNjZ9fvAY
dMhd+JY0oRhUBeezSElPok9K56dQ9HsWOhYjJFSwsS8TzX3KTAcCAo2SNwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPwsgnRF+sA4AtEylOxebN7eoAB1MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvX0N5Q2RFWDZ3RGdDMFRLVTdGNXMzdDZnQUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQBsDk6AwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQC2KxWwfNjEHcavwlB/OIeq0fvm+6vTcubS
nbac5wbX6EIc83Ptfn+jUCs2EKRet8iTASlT7Ex8f52IonQZygK1Q+xvpY/YjsV/
L7622AoVBp4iEPgZuhOe+81YYqxX00VE+fET8+hAitRP1ldKnvV+t8ENpmV3DvRR
QbAaMii4hSJu5MCUaEKvZ6h7usbEEcemVYk+bt9db1dHqzrsP3QYmxDav+LUz+IV
mKv3SkcB/XL8ZuEE0QTR/bMGdF2g7JR18B6xGPGJ7zKugpsvszIWfPkrGUIFW7LT
Dut5lhcAPJKDOpAi4lxV4GGzULVzSdvuawOA2zhQWV5Eucs3hMaq
-----END CERTIFICATE-----