Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/crb2Ek-VnxgcxeI80ERTC3PbgZ0.roa
File:                     crb2Ek-VnxgcxeI80ERTC3PbgZ0.roa (raw, json)
Hash identifier:          rTJfnYvRfOpZ0DaZIT/eJqJbYkbQCNhPNEvY+Ik9hsE=
Subject key identifier:   72:B6:F6:12:4F:95:9F:18:1C:C5:E2:3C:D0:44:53:0B:73:DB:81:9D
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F772CF42AC885992BF173248CA75F6899
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/crb2Ek-VnxgcxeI80ERTC3PbgZ0.roa
Signing time:             Tue 14 May 2024 12:56:25 +0000
ROA not before:           Tue 14 May 2024 12:56:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 16 May 2024 10:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:2c:f4:2a:c8:85:99:2b:f1:73:24:8c:a7:5f:68:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: May 14 12:56:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b6f6124f959f181cc5e23cd044530b73db819d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8c:34:3d:61:c8:38:b7:02:70:20:94:90:a2:
                    98:32:2f:65:b1:01:78:19:c2:76:0f:60:9d:e6:58:
                    f4:e7:6c:da:11:20:5c:8e:7b:5b:d7:6c:65:6e:2a:
                    ea:5d:47:8d:66:ea:22:b6:85:17:9d:3c:cd:b6:73:
                    3c:f0:3a:87:57:83:05:9a:6b:67:61:e7:38:c5:07:
                    25:cc:fb:fb:b4:5a:c4:64:0a:3f:ff:cc:f9:21:4d:
                    a2:a5:20:b6:ae:14:72:65:2b:ba:7f:99:6d:7d:27:
                    93:bc:bd:95:5c:d8:d3:15:d3:b1:0e:13:83:49:20:
                    6c:65:48:1f:c5:69:63:da:42:34:c2:ae:ce:61:c6:
                    01:07:80:f8:c3:9f:a2:e0:e7:db:d2:5b:9b:d3:67:
                    6f:80:e4:02:ad:11:d2:14:5f:46:ac:48:9f:8d:1a:
                    3d:66:a0:cd:02:9b:5c:96:b7:3b:6d:69:13:1e:b1:
                    d9:18:28:9e:c5:8e:09:5a:6e:ad:7b:51:f3:e8:cd:
                    22:90:be:4a:81:ca:1a:92:19:fc:06:53:4f:1d:ac:
                    b6:55:73:98:27:34:24:b0:65:ff:9c:86:32:87:5a:
                    ee:b0:ce:aa:54:5c:48:f1:18:2f:e9:f0:a0:27:7d:
                    75:2c:c3:da:d6:73:ad:f7:b0:a8:5f:d4:3a:80:f4:
                    1c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B6:F6:12:4F:95:9F:18:1C:C5:E2:3C:D0:44:53:0B:73:DB:81:9D
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/crb2Ek-VnxgcxeI80ERTC3PbgZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0a:d7:0a:99:e7:95:8e:c0:77:36:6d:40:e0:53:15:c5:f6:
         5c:d0:2f:10:ce:11:39:a1:5f:6e:6a:5a:62:97:89:ac:e1:32:
         bf:c0:30:38:69:8a:9d:32:36:be:b4:25:96:e9:e6:e2:83:4c:
         3a:12:93:39:42:4d:0d:9c:b2:c8:80:13:f9:07:ac:28:34:d7:
         cd:d6:9d:0a:ae:c9:47:fd:89:d4:7d:d5:e6:d1:c2:cf:e2:e8:
         2b:df:d5:60:5a:da:cb:b7:9d:bc:b0:eb:35:c0:16:ec:17:0a:
         fb:d2:ca:de:19:12:98:9c:c3:d4:cf:a6:95:88:30:73:c2:04:
         d5:cf:02:63:85:05:4d:b2:ea:26:5e:4b:11:8e:12:55:b5:44:
         4e:59:10:9e:dd:4d:4c:02:86:b4:0b:35:67:a5:38:2a:d4:b3:
         37:58:90:f9:d4:07:5e:ac:ae:2a:2e:db:a8:60:0b:bb:b8:3d:
         48:0e:ca:17:c6:a1:26:dc:a2:cc:4e:bd:d9:9b:f4:52:d8:67:
         b8:0d:cb:1b:c3:80:ba:f6:32:96:df:d9:d3:3d:77:fb:57:d4:
         db:87:17:83:f7:b5:cc:5b:54:d1:a7:31:51:a9:10:c3:a4:11:
         c8:64:a7:90:33:25:8f:2e:9d:66:fa:92:0f:1b:49:d9:de:4f:
         e5:ff:4b:90
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY93LPQqyIWZK/FzJIynX2iZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNTE0MTI1NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI2ZjYxMjRmOTU5ZjE4MWNjNWUyM2NkMDQ0NTMwYjczZGI4MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4w0PWHIOLcCcCCUkKKYMi9lsQF4
GcJ2D2Cd5lj052zaESBcjntb12xlbirqXUeNZuoitoUXnTzNtnM88DqHV4MFmmtn
Yec4xQclzPv7tFrEZAo//8z5IU2ipSC2rhRyZSu6f5ltfSeTvL2VXNjTFdOxDhOD
SSBsZUgfxWlj2kI0wq7OYcYBB4D4w5+i4Ofb0lub02dvgOQCrRHSFF9GrEifjRo9
ZqDNAptclrc7bWkTHrHZGCiexY4JWm6te1Hz6M0ikL5Kgcoakhn8BlNPHay2VXOY
JzQksGX/nIYyh1rusM6qVFxI8Rgv6fCgJ311LMPa1nOt97CoX9Q6gPQcfQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHK29hJPlZ8YHMXiPNBEUwtz24GdMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvY3JiMkVrLVZueGdjeGVJODBFUlRDM1BiZ1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5PzANBgkqhkiG9w0BAQsFAAOC
AQEATArXCpnnlY7AdzZtQOBTFcX2XNAvEM4ROaFfbmpaYpeJrOEyv8AwOGmKnTI2
vrQllunm4oNMOhKTOUJNDZyyyIAT+QesKDTXzdadCq7JR/2J1H3V5tHCz+LoK9/V
YFray7edvLDrNcAW7BcK+9LK3hkSmJzD1M+mlYgwc8IE1c8CY4UFTbLqJl5LEY4S
VbVETlkQnt1NTAKGtAs1Z6U4KtSzN1iQ+dQHXqyuKi7bqGALu7g9SA7KF8ahJtyi
zE692Zv0UthnuA3LG8OAuvYylt/Z0z13+1fU24cXg/e1zFtU0acxUakQw6QRyGSn
kDMljy6dZvqSDxtJ2d5P5f9LkA==
-----END CERTIFICATE-----