Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lz-XMKOBjeOOgxoVnvCe8fqmXKY.roa
File:                     lz-XMKOBjeOOgxoVnvCe8fqmXKY.roa (raw, json)
Hash identifier:          BT0sk9pzSVrLMZSu7jpP+6EqFHmQxA7iPOGbr/tgAmg=
Subject key identifier:   97:3F:97:30:A3:81:8D:E3:8E:83:1A:15:9E:F0:9E:F1:FA:A6:5C:A6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018C769503177EEC1C06806929007F32C62E
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lz-XMKOBjeOOgxoVnvCe8fqmXKY.roa
Signing time:             Sun 17 Dec 2023 07:02:06 +0000
ROA not before:           Sun 17 Dec 2023 07:02:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.184.0/22 maxlen: 22
                          62.72.181.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.51.0/24 maxlen: 24
                          176.57.53.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 06:30:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:76:95:03:17:7e:ec:1c:06:80:69:29:00:7f:32:c6:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Dec 17 07:02:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=973f9730a3818de38e831a159ef09ef1faa65ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:30:e9:96:08:10:52:65:65:d8:62:cf:8f:52:
                    b5:e9:5b:65:7f:85:53:de:da:3a:b7:ba:52:2a:a8:
                    ba:93:09:6e:fe:b8:24:60:d9:5e:dd:12:9c:b8:e3:
                    b6:52:e9:2d:3e:df:1e:8f:6b:ec:8c:c6:a9:b4:35:
                    01:11:74:a3:b8:0f:4a:ea:de:75:b2:8d:3f:83:d3:
                    74:08:10:8c:c8:30:e5:f2:9e:86:44:53:e5:94:c5:
                    f7:d8:4f:07:db:fe:b5:f4:9f:65:57:dc:d9:17:25:
                    36:99:6e:50:4f:87:af:ac:87:e0:57:63:bf:35:10:
                    50:48:e5:6e:4c:d7:ee:6f:31:07:64:fd:65:13:11:
                    87:65:b8:e9:ad:4a:09:ff:d4:b3:a2:24:db:52:5a:
                    ea:61:b4:48:a6:08:e0:e1:07:3d:41:9f:08:31:09:
                    a8:5e:a0:51:b1:51:7a:22:a2:50:ef:e7:11:4a:7d:
                    08:5e:3d:bb:e0:16:db:84:78:72:97:e4:46:25:b6:
                    50:60:ed:39:72:ed:36:48:12:8d:60:a4:97:8f:05:
                    4b:69:aa:2a:24:60:5c:55:eb:44:e4:6f:d0:fe:2c:
                    27:58:eb:5b:52:26:0a:12:3b:31:c3:a6:bc:b4:fc:
                    49:fc:e0:ed:d8:eb:25:3d:51:8e:23:f7:88:cc:09:
                    b8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:3F:97:30:A3:81:8D:E3:8E:83:1A:15:9E:F0:9E:F1:FA:A6:5C:A6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lz-XMKOBjeOOgxoVnvCe8fqmXKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.181.0/24
                  62.72.184.0/22
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.51.0/24
                  176.57.53.0/24
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d5:70:db:7d:27:ca:d8:d6:84:fa:5d:6b:1a:67:14:3c:d9:
         59:39:fd:fd:86:ad:da:00:29:9f:12:ca:7d:1f:d1:24:62:bd:
         7b:f4:d1:c3:8d:1e:7d:f5:91:8c:82:e8:30:84:36:ea:3c:7b:
         65:f9:c6:83:db:b2:d4:fb:1c:49:c9:79:bd:5e:06:ed:03:e5:
         27:36:4b:6c:d2:4d:6e:61:bb:c1:5c:ef:14:ff:7a:a8:34:0d:
         7b:2e:df:aa:6a:83:e3:37:2d:dd:52:a1:59:75:1e:13:1f:f8:
         73:68:f8:3c:b8:73:db:86:76:20:a0:a8:93:f5:83:8d:b7:5f:
         54:25:e0:a7:10:73:47:3a:be:9c:9b:cc:02:cc:54:51:0c:27:
         e1:f5:c1:85:61:89:35:55:26:0e:fa:ba:0b:80:1a:aa:b0:ed:
         d2:94:33:68:97:0d:66:57:32:5f:64:99:27:ff:db:db:f4:13:
         83:11:ca:3f:03:77:67:65:20:c4:93:87:5a:f1:1b:3d:1b:2a:
         1b:82:53:14:a0:93:25:a0:c3:d9:4d:9e:3f:71:2f:39:c4:08:
         55:2a:2b:b4:01:2e:db:78:7a:bc:69:a5:c3:6a:cb:ef:21:1b:
         14:fb:02:01:b2:95:71:5a:56:f8:20:b6:80:5c:f0:9c:ad:14:
         bd:4e:3d:b7
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYx2lQMXfuwcBoBpKQB/MsYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMxMjE3MDcwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzNmOTczMGEzODE4ZGUzOGU4MzFhMTU5ZWYwOWVmMWZhYTY1Y2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjDplggQUmVl2GLPj1K16Vtlf4VT
3to6t7pSKqi6kwlu/rgkYNle3RKcuOO2UuktPt8ej2vsjMaptDUBEXSjuA9K6t51
so0/g9N0CBCMyDDl8p6GRFPllMX32E8H2/619J9lV9zZFyU2mW5QT4evrIfgV2O/
NRBQSOVuTNfubzEHZP1lExGHZbjprUoJ/9SzoiTbUlrqYbRIpgjg4Qc9QZ8IMQmo
XqBRsVF6IqJQ7+cRSn0IXj274BbbhHhyl+RGJbZQYO05cu02SBKNYKSXjwVLaaoq
JGBcVetE5G/Q/iwnWOtbUiYKEjsxw6a8tPxJ/ODt2OslPVGOI/eIzAm4kQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJc/lzCjgY3jjoMaFZ7wnvH6plymMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvbHotWE1LT0JqZU9PZ3hvVm52Q2U4ZnFtWEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAE+SKID
BAM+SKADBAA+SLUDBAI+SLgwDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQA
sDkzAwQAsDk1AwQBsDk6AwQAsDk/MA0GCSqGSIb3DQEBCwUAA4IBAQCa1XDbfSfK
2NaE+l1rGmcUPNlZOf39hq3aACmfEsp9H9EkYr179NHDjR599ZGMgugwhDbqPHtl
+caD27LU+xxJyXm9XgbtA+UnNkts0k1uYbvBXO8U/3qoNA17Lt+qaoPjNy3dUqFZ
dR4TH/hzaPg8uHPbhnYgoKiT9YONt19UJeCnEHNHOr6cm8wCzFRRDCfh9cGFYYk1
VSYO+roLgBqqsO3SlDNolw1mVzJfZJkn/9vb9BODEco/A3dnZSDEk4da8Rs9Gyob
glMUoJMloMPZTZ4/cS85xAhVKiu0AS7beHq8aaXDasvvIRsU+wIBspVxWlb4ILaA
XPCcrRS9Tj23
-----END CERTIFICATE-----