Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/locFm8_cCtjrcUb0Y1n3qz3Ddpo.roa
File:                     locFm8_cCtjrcUb0Y1n3qz3Ddpo.roa (raw, json)
Hash identifier:          Hr1lX+a1ANrbEipukDma/oLEUZ4OqFZKnRmnRhHxLwc=
Subject key identifier:   96:87:05:9B:CF:DC:0A:D8:EB:71:46:F4:63:59:F7:AB:3D:C3:76:9A
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018DC5AB14E425A32F549D7572DA0E8D079C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/locFm8_cCtjrcUb0Y1n3qz3Ddpo.roa
Signing time:             Tue 20 Feb 2024 08:39:00 +0000
ROA not before:           Tue 20 Feb 2024 08:39:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.168.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.52.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Feb 2024 13:43:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:ab:14:e4:25:a3:2f:54:9d:75:72:da:0e:8d:07:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Feb 20 08:39:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9687059bcfdc0ad8eb7146f46359f7ab3dc3769a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:47:5f:59:1a:0c:4f:83:1b:52:ba:91:23:48:
                    8d:52:b5:6c:cd:18:4f:4f:58:7d:95:ee:5a:f4:4b:
                    2a:5a:60:77:a0:80:4a:e8:cf:cd:e1:e4:5e:03:eb:
                    73:8f:1e:55:51:88:54:0d:7f:36:10:cf:82:92:e3:
                    ef:a8:6f:8f:b7:21:44:97:d3:cd:57:e3:4c:a6:4f:
                    f7:f3:56:e3:93:6f:68:d5:01:54:7b:2e:3b:8f:dc:
                    a4:ba:69:6f:37:b9:d4:2f:22:3c:05:05:7b:5c:93:
                    3d:4c:69:50:8b:3b:2b:48:c1:e5:72:e2:30:1c:10:
                    52:15:1d:89:e3:8c:93:74:e7:4a:ce:af:c5:e1:83:
                    f5:ed:1e:81:ed:eb:85:33:9a:67:a2:1e:59:1d:d6:
                    17:fb:fa:2b:ae:9a:81:ce:c5:b2:0d:b7:03:aa:62:
                    ca:2c:8e:e8:03:51:dc:a0:42:3c:a2:8c:93:3e:06:
                    69:d6:dd:70:ea:e8:72:d2:3e:dd:c7:ae:29:81:1f:
                    0d:ed:eb:0d:3f:3f:06:a9:ee:00:50:c5:95:0f:ad:
                    df:b3:2f:50:ac:29:af:3f:80:2c:f5:06:5f:1b:58:
                    c8:3e:64:d9:4c:5a:51:70:f1:7d:39:1c:16:fa:8f:
                    b3:c7:e8:6f:35:ea:8c:05:9e:4d:f6:69:96:da:ff:
                    f7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:87:05:9B:CF:DC:0A:D8:EB:71:46:F4:63:59:F7:AB:3D:C3:76:9A
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/locFm8_cCtjrcUb0Y1n3qz3Ddpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.168.255
                  62.72.189.0/24
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.52.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:01:0f:60:9a:30:a4:ca:2e:76:d6:82:eb:f9:0a:dc:b2:ff:
         97:53:26:72:3c:7f:5b:18:0f:00:ff:94:1d:23:90:fd:56:68:
         47:d6:72:9d:fc:3d:4e:ac:64:aa:09:10:61:ad:bb:1b:99:5b:
         10:ea:1f:fd:86:6c:bd:17:61:6b:a2:4c:66:38:3d:c8:4a:6a:
         6c:8a:e6:b4:d9:67:28:9f:32:c2:df:61:65:7f:0d:c4:c8:a2:
         d5:05:4c:e2:1c:57:41:32:1e:5a:8b:6b:26:1c:ac:04:ce:86:
         0e:78:2d:3e:09:89:71:89:52:99:d9:fb:3c:ba:e3:25:88:3c:
         66:4b:1b:e9:a3:96:14:08:52:0f:77:50:31:7c:b9:d1:d1:a9:
         b2:06:75:3b:f3:bb:e7:ef:84:9b:fe:4f:ab:e4:77:83:1e:ac:
         43:50:8f:29:e2:91:c5:18:8b:f1:76:0f:92:d8:04:3b:e4:84:
         3e:e1:12:04:14:0e:70:49:30:8a:6e:28:6a:8b:4b:9d:bf:47:
         97:b2:f1:06:34:24:aa:10:d2:e5:51:99:a2:47:6b:d2:a4:1b:
         7c:d7:85:11:af:22:cf:f3:32:4c:51:d5:a7:86:b2:70:22:f8:
         c0:33:80:9c:fb:17:9b:32:23:d6:a5:bb:9a:8f:5f:a9:a2:65:
         91:a8:0f:ff
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY3FqxTkJaMvVJ11ctoOjQecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMjIwMDgzOTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njg3MDU5YmNmZGMwYWQ4ZWI3MTQ2ZjQ2MzU5ZjdhYjNkYzM3NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0dfWRoMT4MbUrqRI0iNUrVszRhP
T1h9le5a9EsqWmB3oIBK6M/N4eReA+tzjx5VUYhUDX82EM+CkuPvqG+PtyFEl9PN
V+NMpk/381bjk29o1QFUey47j9ykumlvN7nULyI8BQV7XJM9TGlQizsrSMHlcuIw
HBBSFR2J44yTdOdKzq/F4YP17R6B7euFM5pnoh5ZHdYX+/orrpqBzsWyDbcDqmLK
LI7oA1HcoEI8ooyTPgZp1t1w6uhy0j7dx64pgR8N7esNPz8Gqe4AUMWVD63fsy9Q
rCmvP4As9QZfG1jIPmTZTFpRcPF9ORwW+o+zx+hvNeqMBZ5N9mmW2v/3eQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJaHBZvP3ArY63FG9GNZ96s9w3aaMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvbG9jRm04X2NDdGpyY1ViMFkxbjNxejNEZHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+SKID
BAA+SKgDBAA+SL0wDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQAsDk0AwQA
sDk/MA0GCSqGSIb3DQEBCwUAA4IBAQAJAQ9gmjCkyi521oLr+Qrcsv+XUyZyPH9b
GA8A/5QdI5D9VmhH1nKd/D1OrGSqCRBhrbsbmVsQ6h/9hmy9F2FrokxmOD3ISmps
iua02WconzLC32Flfw3EyKLVBUziHFdBMh5ai2smHKwEzoYOeC0+CYlxiVKZ2fs8
uuMliDxmSxvpo5YUCFIPd1AxfLnR0amyBnU787vn74Sb/k+r5HeDHqxDUI8p4pHF
GIvxdg+S2AQ75IQ+4RIEFA5wSTCKbihqi0udv0eXsvEGNCSqENLlUZmiR2vSpBt8
14URryLP8zJMUdWnhrJwIvjAM4Cc+xebMiPWpbuaj1+pomWRqA//
-----END CERTIFICATE-----