Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/d1G1H3PRI5l2X5GBAO8OVUSioFI.roa
File:                     d1G1H3PRI5l2X5GBAO8OVUSioFI.roa (raw, json)
Hash identifier:          krpD4fGt+Ka7kycDeL+Ua9Vc5JwyNZIf61ZYI1ZBBKs=
Subject key identifier:   77:51:B5:1F:73:D1:23:99:76:5F:91:81:00:EF:0E:55:44:A2:A0:52
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0188D7914D83322B1FBAE4709BE764A8B492
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/d1G1H3PRI5l2X5GBAO8OVUSioFI.roa
Signing time:             Tue 20 Jun 2023 06:50:03 +0000
ROA not before:           Tue 20 Jun 2023 06:50:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/24 maxlen: 24
                          62.72.163.0/24 maxlen: 24
                          62.72.161.0/24 maxlen: 24
                          62.72.169.0/24 maxlen: 24
                          62.72.176.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.186.0/24 maxlen: 24
                          62.72.190.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          62.72.187.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sat 24 Jun 2023 15:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d7:91:4d:83:32:2b:1f:ba:e4:70:9b:e7:64:a8:b4:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 20 06:50:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7751b51f73d12399765f918100ef0e5544a2a052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e6:c7:03:5c:26:90:a0:d5:28:19:be:56:09:
                    ce:fc:cb:4d:19:e9:97:2f:20:6c:96:a7:1a:85:13:
                    4f:21:02:1b:76:0a:3a:58:1c:99:92:ff:cc:bb:c7:
                    92:e5:7c:bd:fa:cd:76:81:62:c6:f5:27:e4:c3:7a:
                    38:d1:c6:44:7d:45:c9:98:11:a2:fa:2b:25:12:2f:
                    6b:17:fc:5a:e3:7a:4b:b9:18:63:a7:c3:df:f9:58:
                    18:94:3d:28:d1:a1:38:38:b0:6c:36:43:63:41:b6:
                    54:4c:97:a9:d0:6f:0e:0f:fa:8a:ec:a2:0d:44:08:
                    5f:04:a9:e8:ae:af:f6:f9:69:a6:58:01:6e:d6:1a:
                    2e:cb:b8:2c:47:22:fc:53:e9:cd:6f:03:39:a7:aa:
                    d8:ba:02:92:9c:20:58:57:3a:61:1e:72:15:74:25:
                    fd:4e:98:df:0d:0f:a0:3b:98:1a:26:a9:22:50:96:
                    83:9c:bd:ad:c4:ad:4f:86:85:9e:3f:68:ae:01:a8:
                    49:fb:5c:d7:c4:ea:96:1c:eb:ef:10:6e:ef:8f:9d:
                    de:08:f5:df:65:f6:88:18:dd:f7:2e:a5:a4:f0:22:
                    90:38:b7:4b:7d:14:12:04:6c:54:96:2f:ab:f8:27:
                    ec:2f:d5:67:80:03:6b:67:8c:fd:64:52:12:8d:33:
                    45:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:51:B5:1F:73:D1:23:99:76:5F:91:81:00:EF:0E:55:44:A2:A0:52
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/d1G1H3PRI5l2X5GBAO8OVUSioFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.161.0-62.72.163.255
                  62.72.169.0/24
                  62.72.176.0/24
                  62.72.184.0/24
                  62.72.186.0/23
                  62.72.190.0/23
                  81.21.12.0/22
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0c:f9:ea:22:d4:9c:4a:a4:ed:22:39:4d:63:9e:f2:93:d7:
         f0:6d:b2:ae:87:0f:8a:2b:96:21:84:03:a2:c9:91:72:9d:df:
         03:23:0a:70:ba:81:8a:8e:ec:3a:25:dd:83:d9:fe:76:5b:b1:
         1a:64:ec:75:92:62:61:ea:e8:13:58:c0:9a:4f:ed:f7:df:43:
         12:97:70:38:02:40:89:e5:67:5a:fd:87:84:51:1b:76:dc:79:
         6a:1d:c7:b7:b4:48:5f:72:cf:59:e6:fd:a1:db:de:f5:ba:02:
         c2:4c:fa:9e:7d:8b:c0:e1:0a:83:ac:2a:58:bc:88:7c:95:f3:
         08:b6:13:11:80:a2:ff:8c:f0:82:6e:12:58:cb:ca:ed:e6:d6:
         96:aa:3a:83:3e:86:83:ba:ad:f3:e0:92:fd:86:8c:df:bd:07:
         e4:d9:18:d0:8f:5b:a1:6b:c2:b2:d4:72:85:be:24:3e:1a:69:
         e4:db:49:1b:21:99:b7:f7:39:d4:d8:dc:bb:32:d1:d1:02:47:
         3d:7e:fe:af:19:a9:0f:48:57:22:1f:df:3a:9e:8e:e8:04:ec:
         82:c5:99:27:6b:e1:20:84:f8:6a:9e:08:84:8c:be:10:4e:e6:
         a7:0e:68:50:2f:54:18:7d:7f:13:b7:53:3b:de:53:87:d5:f6:
         30:e8:76:01
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYjXkU2DMisfuuRwm+dkqLSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMwNjIwMDY1MDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzUxYjUxZjczZDEyMzk5NzY1ZjkxODEwMGVmMGU1NTQ0YTJhMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+bHA1wmkKDVKBm+VgnO/MtNGemX
LyBslqcahRNPIQIbdgo6WByZkv/Mu8eS5Xy9+s12gWLG9Sfkw3o40cZEfUXJmBGi
+islEi9rF/xa43pLuRhjp8Pf+VgYlD0o0aE4OLBsNkNjQbZUTJep0G8OD/qK7KIN
RAhfBKnorq/2+WmmWAFu1houy7gsRyL8U+nNbwM5p6rYugKSnCBYVzphHnIVdCX9
TpjfDQ+gO5gaJqkiUJaDnL2txK1PhoWeP2iuAahJ+1zXxOqWHOvvEG7vj53eCPXf
ZfaIGN33LqWk8CKQOLdLfRQSBGxUli+r+CfsL9VngANrZ4z9ZFISjTNFsQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHdRtR9z0SOZdl+RgQDvDlVEoqBSMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZDFHMUgzUFJJNWwyWDVHQkFPOE9WVVNpb0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAA+SKED
BAI+SKADBAA+SKkDBAA+SLADBAA+SLgDBAE+SLoDBAE+SL4DBAJRFQwDBACwOT8w
DQYJKoZIhvcNAQELBQADggEBAKMM+eoi1JxKpO0iOU1jnvKT1/Btsq6HD4orliGE
A6LJkXKd3wMjCnC6gYqO7Dol3YPZ/nZbsRpk7HWSYmHq6BNYwJpP7fffQxKXcDgC
QInlZ1r9h4RRG3bceWodx7e0SF9yz1nm/aHb3vW6AsJM+p59i8DhCoOsKli8iHyV
8wi2ExGAov+M8IJuEljLyu3m1paqOoM+hoO6rfPgkv2GjN+9B+TZGNCPW6FrwrLU
coW+JD4aaeTbSRshmbf3OdTY3Lsy0dECRz1+/q8ZqQ9IVyIf3zqejugE7ILFmSdr
4SCE+GqeCISMvhBO5qcOaFAvVBh9fxO3UzveU4fV9jDodgE=
-----END CERTIFICATE-----