Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bYOyG3J05jHOAuZwJOuLfU9Z-Sk.roa
File:                     bYOyG3J05jHOAuZwJOuLfU9Z-Sk.roa (raw, json)
Hash identifier:          idQEvDeHtPq/Ui3S1+I4Tg7Qtc97owGAfBfnIVkZMGM=
Subject key identifier:   6D:83:B2:1B:72:74:E6:31:CE:02:E6:70:24:EB:8B:7D:4F:59:F9:29
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019210AD0AED3AC5F76FE8B0839E6AB3317C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bYOyG3J05jHOAuZwJOuLfU9Z-Sk.roa
Signing time:             Fri 20 Sep 2024 18:23:48 +0000
ROA not before:           Fri 20 Sep 2024 18:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.52.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 23 Sep 2024 07:28:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:10:ad:0a:ed:3a:c5:f7:6f:e8:b0:83:9e:6a:b3:31:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Sep 20 18:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d83b21b7274e631ce02e67024eb8b7d4f59f929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:84:fc:6d:14:71:b8:04:47:5f:9d:e4:dc:ea:
                    8d:fd:66:84:26:f6:d9:1e:08:d7:1b:67:60:e5:36:
                    2b:d6:57:48:36:26:61:61:52:aa:5d:3f:c0:52:74:
                    b3:67:9c:a9:11:9a:bd:19:5c:bd:8e:30:ab:99:b1:
                    c1:28:14:13:1d:95:5b:56:95:e9:17:75:71:ad:5c:
                    a7:66:5c:83:78:bc:85:cf:59:d9:54:2c:0c:93:34:
                    fa:69:06:1e:5a:0a:e5:17:15:61:e3:2b:aa:97:41:
                    8a:72:ce:b1:60:0c:83:80:e3:f7:b2:db:ce:57:2c:
                    89:42:bd:26:79:e0:e1:f8:ca:70:23:eb:f4:5c:46:
                    38:3f:25:9d:d4:91:82:9e:fe:3e:70:69:b6:77:2a:
                    c9:6c:5c:a1:f7:e4:a3:7d:62:3e:96:85:37:88:45:
                    84:ad:65:4b:7b:39:1d:23:63:60:b5:08:c4:50:8c:
                    de:a1:c6:e3:90:6b:6d:48:7b:a4:b0:1f:e7:97:1c:
                    88:0f:c2:3f:f8:fb:66:94:8a:1e:cb:ea:43:48:6e:
                    5f:cb:69:d4:7f:8d:ef:42:97:2a:c2:69:8e:5c:9a:
                    5b:9a:8d:8e:39:a8:35:16:67:5c:83:c1:30:4b:17:
                    4e:f4:d1:d3:9c:97:ce:49:cf:ee:33:de:c7:5f:01:
                    b9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:83:B2:1B:72:74:E6:31:CE:02:E6:70:24:EB:8B:7D:4F:59:F9:29
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/bYOyG3J05jHOAuZwJOuLfU9Z-Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.51.0-176.57.52.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7c:27:e3:b9:fa:f1:db:ad:0a:b8:9c:f5:c8:3a:ca:46:06:
         e0:bc:18:4e:45:41:dc:93:b4:7f:3e:91:da:ce:69:01:cb:a3:
         80:f5:c4:c0:3b:48:ee:4d:46:e2:f9:eb:69:a1:04:3d:fd:93:
         62:26:ad:06:21:c1:b6:be:5c:fc:a0:dc:b9:b7:08:ad:9a:3d:
         6a:89:d2:b8:d3:39:6b:30:4f:04:b5:54:1e:1f:94:c5:be:6a:
         f6:93:b9:ec:39:6f:d5:f2:7b:28:19:5d:5c:80:5b:0a:9f:0d:
         f5:89:0f:8b:b3:29:4e:bb:f3:52:cd:68:ca:4c:dc:98:0c:a6:
         44:9c:ab:57:fe:4d:40:10:9f:38:15:fa:4c:88:d1:c7:78:cf:
         55:ec:55:f6:cf:8c:88:10:3d:0d:a9:16:02:50:db:b9:e2:83:
         54:5c:79:ef:0f:64:73:6c:3e:9f:17:cb:fe:1c:5f:3d:f8:c2:
         ce:53:ac:6b:02:ff:13:07:7c:f7:8b:cb:49:c6:71:06:74:41:
         3d:6a:75:33:a7:56:d7:f9:ec:d5:bd:64:90:4c:66:ac:b0:5a:
         47:d6:c4:54:6b:bc:94:27:3e:51:fb:c8:77:ac:f1:4e:75:09:
         07:39:af:2c:c1:ab:d4:07:1d:66:46:c6:87:19:b9:58:8d:21:
         f7:cb:a0:37
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZIQrQrtOsX3b+iwg55qszF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwOTIwMTgyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDgzYjIxYjcyNzRlNjMxY2UwMmU2NzAyNGViOGI3ZDRmNTlmOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIT8bRRxuARHX53k3OqN/WaEJvbZ
HgjXG2dg5TYr1ldINiZhYVKqXT/AUnSzZ5ypEZq9GVy9jjCrmbHBKBQTHZVbVpXp
F3VxrVynZlyDeLyFz1nZVCwMkzT6aQYeWgrlFxVh4yuql0GKcs6xYAyDgOP3stvO
VyyJQr0meeDh+MpwI+v0XEY4PyWd1JGCnv4+cGm2dyrJbFyh9+SjfWI+loU3iEWE
rWVLezkdI2NgtQjEUIzeocbjkGttSHuksB/nlxyID8I/+PtmlIoey+pDSG5fy2nU
f43vQpcqwmmOXJpbmo2OOag1Fmdcg8EwSxdO9NHTnJfOSc/uM97HXwG5WQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFG2DshtydOYxzgLmcCTri31PWfkpMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvYllPeUczSjA1akhPQXVad0pPdUxmVTlaLVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVADAMAwQAsDkzAwQAsDk0AwQAsDk/MA0G
CSqGSIb3DQEBCwUAA4IBAQCSfCfjufrx260KuJz1yDrKRgbgvBhORUHck7R/PpHa
zmkBy6OA9cTAO0juTUbi+etpoQQ9/ZNiJq0GIcG2vlz8oNy5twitmj1qidK40zlr
ME8EtVQeH5TFvmr2k7nsOW/V8nsoGV1cgFsKnw31iQ+LsylOu/NSzWjKTNyYDKZE
nKtX/k1AEJ84FfpMiNHHeM9V7FX2z4yIED0NqRYCUNu54oNUXHnvD2RzbD6fF8v+
HF89+MLOU6xrAv8TB3z3i8tJxnEGdEE9anUzp1bX+ezVvWSQTGassFpH1sRUa7yU
Jz5R+8h3rPFOdQkHOa8swavUBx1mRsaHGblYjSH3y6A3
-----END CERTIFICATE-----