Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/e5zFsvSAFh-clWIlXBt2DSnGVEU.roa
File:                     e5zFsvSAFh-clWIlXBt2DSnGVEU.roa (raw, json)
Hash identifier:          ac9aNR0K2Dd7tL+s7RxKOx1eKPCzer/jPZXDU6w7LK4=
Subject key identifier:   7B:9C:C5:B2:F4:80:16:1F:9C:95:62:25:5C:1B:76:0D:29:C6:54:45
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01909B772201A44D354F444930D665CB9BAC
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/e5zFsvSAFh-clWIlXBt2DSnGVEU.roa
Signing time:             Wed 10 Jul 2024 07:06:34 +0000
ROA not before:           Wed 10 Jul 2024 07:06:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.53.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 11 Jul 2024 11:10:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:77:22:01:a4:4d:35:4f:44:49:30:d6:65:cb:9b:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jul 10 07:06:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b9cc5b2f480161f9c9562255c1b760d29c65445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:65:2a:b6:cb:8c:37:0e:43:fe:da:43:b8:55:
                    ed:b1:ca:73:fd:35:bd:b5:7f:72:a2:ab:a1:7a:34:
                    87:a7:1f:3a:d1:be:92:2d:2c:83:88:67:1a:62:25:
                    36:10:70:13:04:e0:cf:cd:a6:08:4a:7d:0a:cf:df:
                    12:78:d9:72:48:e0:3a:84:c2:f0:29:5f:a1:2e:a4:
                    e8:80:b9:20:9e:92:24:09:cf:12:e7:b2:72:f9:d6:
                    ed:1d:ff:5c:11:b0:71:af:bb:b5:8b:b8:87:3a:b0:
                    97:c5:04:8b:8c:5a:6f:62:f9:03:b3:53:db:5f:04:
                    ec:65:fd:04:b0:8e:b1:ba:25:f2:3b:b5:37:96:7e:
                    5c:fc:ea:92:aa:7c:94:71:9c:1d:c0:7d:c7:ea:bd:
                    d7:77:ca:fd:b2:67:ea:d1:c0:3a:cb:2e:4f:72:2f:
                    69:c8:5b:a8:52:ae:d8:82:71:b0:9f:02:cb:41:85:
                    a8:c1:00:74:39:96:69:77:b2:48:14:a2:63:27:07:
                    34:06:31:bc:25:da:c5:2e:4d:84:84:39:10:7b:64:
                    92:b1:fe:b6:7d:76:d9:ac:9f:28:4b:01:c6:8a:89:
                    17:da:34:70:4f:f2:e2:8b:b1:6a:98:b2:eb:46:7c:
                    3a:c6:eb:73:9e:b0:35:4f:20:1c:c3:e9:88:b1:8b:
                    5a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9C:C5:B2:F4:80:16:1F:9C:95:62:25:5C:1B:76:0D:29:C6:54:45
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/e5zFsvSAFh-clWIlXBt2DSnGVEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.53.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:fa:d0:68:d9:83:f3:ed:8d:df:d4:c4:e3:10:6d:3f:18:2e:
         b2:93:b8:38:58:a4:b1:e2:9a:fd:d2:18:b0:0d:90:9f:a2:b1:
         f2:d5:f4:d8:8e:ee:9e:9a:2c:0c:f2:e7:00:72:e8:78:b5:76:
         88:ce:e1:3d:e9:6e:40:c1:5b:d3:fa:cb:fd:70:74:ff:e1:d5:
         d5:33:a3:42:c7:9b:4a:3e:86:2a:88:c9:3f:90:2e:c8:f4:0f:
         7f:6f:33:1d:ff:32:21:3f:48:ca:81:50:08:46:67:33:45:20:
         f9:9f:45:9c:3d:67:5d:d2:3d:fc:b5:e0:5d:66:e5:4b:8d:0c:
         f8:77:19:26:f5:09:15:ea:5f:0c:20:d5:35:48:82:ef:e8:cb:
         2c:43:84:4e:f9:50:94:03:62:d0:4c:10:e6:b2:51:62:f7:09:
         96:06:72:49:21:51:3d:df:93:eb:26:bd:23:b6:af:12:e5:56:
         a1:b0:47:a1:a7:e9:f0:bd:c7:bf:b8:47:df:26:4a:fc:18:47:
         b9:a5:3d:c2:4a:b5:e6:5d:a9:44:4b:53:5f:59:b5:62:77:dc:
         50:27:57:04:ee:18:8c:bb:de:42:2d:bb:4e:02:48:db:da:69:
         0c:36:c5:a5:8b:97:c3:1f:53:c8:54:ac:29:b8:c6:57:20:62:
         0d:c8:6b:27
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZCbdyIBpE01T0RJMNZly5usMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNzEwMDcwNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjljYzViMmY0ODAxNjFmOWM5NTYyMjU1YzFiNzYwZDI5YzY1NDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmUqtsuMNw5D/tpDuFXtscpz/TW9
tX9yoquhejSHpx860b6SLSyDiGcaYiU2EHATBODPzaYISn0Kz98SeNlySOA6hMLw
KV+hLqTogLkgnpIkCc8S57Jy+dbtHf9cEbBxr7u1i7iHOrCXxQSLjFpvYvkDs1Pb
XwTsZf0EsI6xuiXyO7U3ln5c/OqSqnyUcZwdwH3H6r3Xd8r9smfq0cA6yy5Pci9p
yFuoUq7YgnGwnwLLQYWowQB0OZZpd7JIFKJjJwc0BjG8JdrFLk2EhDkQe2SSsf62
fXbZrJ8oSwHGiokX2jRwT/Lii7FqmLLrRnw6xutznrA1TyAcw+mIsYtaSwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHucxbL0gBYfnJViJVwbdg0pxlRFMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZTV6RnN2U0FGaC1jbFdJbFhCdDJEU25HVkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5NQMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAhPrQaNmD8+2N39TE4xBtPxguspO4OFikseKa/dIYsA2Qn6Kx8tX0
2I7unposDPLnAHLoeLV2iM7hPeluQMFb0/rL/XB0/+HV1TOjQsebSj6GKojJP5Au
yPQPf28zHf8yIT9IyoFQCEZnM0Ug+Z9FnD1nXdI9/LXgXWblS40M+HcZJvUJFepf
DCDVNUiC7+jLLEOETvlQlANi0EwQ5rJRYvcJlgZySSFRPd+T6ya9I7avEuVWobBH
oafp8L3Hv7hH3yZK/BhHuaU9wkq15l2pREtTX1m1YnfcUCdXBO4YjLveQi27TgJI
29ppDDbFpYuXwx9TyFSsKbjGVyBiDchrJw==
-----END CERTIFICATE-----