Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/rTwiU6VFWifHmlxNksxr0QC6PO0.roa
File:                     rTwiU6VFWifHmlxNksxr0QC6PO0.roa (raw, json)
Hash identifier:          96PMwASPbdhKaT/hN+K0y0AefXsW/IWJogHW3wdzdNw=
Subject key identifier:   AD:3C:22:53:A5:45:5A:27:C7:9A:5C:4D:92:CC:6B:D1:00:BA:3C:ED
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018D16EEEFA607806C020AC904FADF08CC52
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/rTwiU6VFWifHmlxNksxr0QC6PO0.roa
Signing time:             Wed 17 Jan 2024 10:19:34 +0000
ROA not before:           Wed 17 Jan 2024 10:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.162.0/24 maxlen: 24
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.58.0/24 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 11:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:ee:ef:a6:07:80:6c:02:0a:c9:04:fa:df:08:cc:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan 17 10:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3c2253a5455a27c79a5c4d92cc6bd100ba3ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:40:f6:3c:9f:d5:af:18:46:cd:72:9a:95:c1:
                    de:41:97:12:84:0e:b2:9e:46:06:ca:55:24:6e:07:
                    58:70:e2:b6:dc:81:3e:c7:36:b2:82:5b:ce:1d:a2:
                    c7:e2:11:8b:7b:12:64:ac:2f:16:fd:41:ab:d7:cb:
                    98:b9:36:46:8d:bc:2f:87:51:f3:14:17:16:dd:a8:
                    f3:c4:47:57:2c:97:62:14:74:23:a1:19:0f:89:12:
                    f4:ab:31:69:d2:f7:d9:b5:38:e8:57:a7:f7:3f:f7:
                    98:b1:c0:c8:b7:cf:0c:7a:5f:84:e4:95:41:ee:33:
                    3e:33:b6:bb:8b:cb:92:8b:a9:6a:82:6e:06:c9:e8:
                    f7:0e:97:0b:75:a2:0c:74:65:e8:28:ec:7d:df:72:
                    48:4f:b6:9e:a4:36:cd:9a:b7:dc:8c:2a:de:0b:ea:
                    5b:8e:27:51:d3:eb:7f:ac:55:ed:2f:95:a9:12:67:
                    26:f5:71:0b:59:7a:70:aa:53:8d:80:7b:00:f8:c7:
                    4d:bf:e7:31:0d:ae:26:c5:7c:9c:d3:d8:61:ae:b8:
                    55:93:7b:69:df:80:8d:e3:75:40:d0:a2:8a:3b:98:
                    0e:0f:dc:f3:1a:ea:a3:24:1a:a5:b9:0a:bd:cd:fc:
                    e9:c7:4c:d6:f5:8e:7c:9c:d0:75:5a:ea:0f:70:7d:
                    09:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3C:22:53:A5:45:5A:27:C7:9A:5C:4D:92:CC:6B:D1:00:BA:3C:ED
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/rTwiU6VFWifHmlxNksxr0QC6PO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  81.21.2.0-81.21.7.255
                  81.21.10.0-81.21.15.255
                  176.57.58.0/23
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:20:a1:e1:aa:8d:e6:23:d1:d9:4c:ea:a1:89:35:c3:a6:23:
         14:6c:b0:0f:59:a1:29:97:ea:ad:e6:a5:60:25:45:19:08:a7:
         f2:75:e0:7a:7b:f0:aa:75:47:f2:5e:0a:1c:77:b6:98:1b:59:
         d3:a2:be:c6:07:d9:fb:b9:54:d4:68:63:75:aa:48:22:d9:93:
         14:86:e2:22:93:89:cb:40:2e:f3:9f:7b:b8:69:16:e4:57:a8:
         70:f7:6d:e9:3f:02:e7:78:92:60:0f:7b:da:99:93:31:e2:5c:
         d3:d4:83:6d:96:de:0b:a9:de:29:72:13:5d:f1:32:da:a4:8c:
         f3:81:0f:e3:50:5c:c1:9d:48:e9:94:a0:47:29:6f:3b:cd:fd:
         6b:33:49:f0:b5:0b:05:93:4b:02:ab:f1:0a:67:b1:36:f7:77:
         ea:ad:c3:c6:7b:1e:2b:67:0c:90:71:7f:f7:6f:6f:59:77:a8:
         07:a5:22:25:2f:bb:97:8a:91:34:bb:a7:61:3a:95:51:8d:34:
         45:46:db:b7:08:67:3c:ea:38:11:19:d8:d5:f2:45:04:a0:6d:
         be:f5:e4:41:84:25:e3:cf:aa:fe:ff:8a:35:dc:11:62:4b:4b:
         0b:31:38:f4:7c:d6:0d:bb:ca:e4:6a:f8:83:5f:68:a9:eb:c4:
         8e:e0:e0:c7
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY0W7u+mB4BsAgrJBPrfCMxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTE3MTAxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNjMjI1M2E1NDU1YTI3Yzc5YTVjNGQ5MmNjNmJkMTAwYmEzY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkD2PJ/VrxhGzXKalcHeQZcShA6y
nkYGylUkbgdYcOK23IE+xzayglvOHaLH4hGLexJkrC8W/UGr18uYuTZGjbwvh1Hz
FBcW3ajzxEdXLJdiFHQjoRkPiRL0qzFp0vfZtTjoV6f3P/eYscDIt88Mel+E5JVB
7jM+M7a7i8uSi6lqgm4Gyej3DpcLdaIMdGXoKOx933JIT7aepDbNmrfcjCreC+pb
jidR0+t/rFXtL5WpEmcm9XELWXpwqlONgHsA+MdNv+cxDa4mxXyc09hhrrhVk3tp
34CN43VA0KKKO5gOD9zzGuqjJBqluQq9zfzpx0zW9Y58nNB1WuoPcH0JZwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFK08IlOlRVonx5pcTZLMa9EAujztMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvclR3aVU2VkZXaWZIbWx4TmtzeHIwUUM2UE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAE+SKID
BAM+SKAwDAMEAVEVAgMEA1EVADAMAwQBURUKAwQEURUAAwQBsDk6AwQAsDk/MA0G
CSqGSIb3DQEBCwUAA4IBAQB/IKHhqo3mI9HZTOqhiTXDpiMUbLAPWaEpl+qt5qVg
JUUZCKfydeB6e/CqdUfyXgocd7aYG1nTor7GB9n7uVTUaGN1qkgi2ZMUhuIik4nL
QC7zn3u4aRbkV6hw923pPwLneJJgD3vamZMx4lzT1INtlt4Lqd4pchNd8TLapIzz
gQ/jUFzBnUjplKBHKW87zf1rM0nwtQsFk0sCq/EKZ7E293fqrcPGex4rZwyQcX/3
b29Zd6gHpSIlL7uXipE0u6dhOpVRjTRFRtu3CGc86jgRGdjV8kUEoG2+9eRBhCXj
z6r+/4o13BFiS0sLMTj0fNYNu8rkaviDX2ip68SO4ODH
-----END CERTIFICATE-----