Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/tMO5EuLKAuCus3Rezqypn5MBurY.roa
File:                     tMO5EuLKAuCus3Rezqypn5MBurY.roa (raw, json)
Hash identifier:          8HkjtJmXvU9oiy6RbnW0NpbG4I8jfu6m6Cd+vyAXbJ4=
Subject key identifier:   B4:C3:B9:12:E2:CA:02:E0:AE:B3:74:5E:CE:AC:A9:9F:93:01:BA:B6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0191A3BBD930CE218D45F37D91233D6A46DF
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/tMO5EuLKAuCus3Rezqypn5MBurY.roa
Signing time:             Fri 30 Aug 2024 14:41:22 +0000
ROA not before:           Fri 30 Aug 2024 14:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.52.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Sep 2024 18:23:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:bb:d9:30:ce:21:8d:45:f3:7d:91:23:3d:6a:46:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 30 14:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4c3b912e2ca02e0aeb3745eceaca99f9301bab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cd:e8:cc:a9:f5:d2:79:fb:fd:3f:bb:7a:b3:
                    2f:ee:02:63:a7:78:a1:ce:6d:cc:45:a4:ca:8d:2e:
                    25:11:9e:ca:b4:ef:85:3c:32:9a:3d:82:85:40:de:
                    0d:b9:0b:5a:56:a2:af:b7:3f:e2:71:76:c2:c2:17:
                    c3:24:9d:99:05:ef:54:b0:ef:3c:aa:be:07:27:46:
                    1b:89:f4:d7:cc:12:da:9e:2d:33:83:24:7c:96:bf:
                    b6:d9:0f:96:a5:86:6c:4e:2e:a2:e4:81:c7:d0:04:
                    b9:fb:77:f3:f2:46:48:bc:1f:fb:80:05:42:71:d8:
                    70:fc:f9:e7:e9:1c:c6:37:7c:07:9e:9e:50:47:de:
                    d1:c9:1a:7a:5f:61:53:1a:cf:5e:29:7c:76:70:b6:
                    3f:5d:ff:ad:1a:ef:b7:d2:17:04:02:a4:4f:3c:01:
                    f1:36:69:b5:a7:a9:c3:06:a1:30:b4:0a:22:21:16:
                    0c:ef:4c:04:59:59:68:71:39:2b:31:bb:5e:ee:f8:
                    9a:60:91:1b:2b:00:af:a6:ae:7a:3e:25:34:6b:04:
                    e1:7f:61:72:6c:ca:b7:6f:c1:4b:a9:bc:ac:43:ed:
                    12:74:f7:82:ea:04:43:85:cb:21:1d:70:75:19:c8:
                    cf:86:fa:ce:b8:86:25:ba:4d:ca:e4:11:9d:b7:1d:
                    24:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C3:B9:12:E2:CA:02:E0:AE:B3:74:5E:CE:AC:A9:9F:93:01:BA:B6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/tMO5EuLKAuCus3Rezqypn5MBurY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.52.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:6d:68:af:6a:bf:d2:06:95:73:4d:e1:1e:de:a1:93:2a:f4:
         76:51:81:a1:84:b7:60:d2:7a:10:2b:1a:d5:8a:bd:31:2e:bb:
         96:db:76:dc:e2:5c:4c:a4:96:34:df:10:b3:4e:47:50:59:61:
         75:5d:bc:8e:64:76:03:db:4b:df:9a:3f:db:ec:61:9b:a5:7a:
         09:c4:95:42:47:6c:d8:73:ba:4e:e7:27:ff:ff:d2:a0:a2:be:
         a9:16:f9:05:94:67:f9:fd:12:f8:55:43:ec:58:4a:79:21:e8:
         15:38:0e:e0:cd:9a:32:8b:3e:eb:ba:1b:1b:b2:1b:99:5b:c1:
         1f:dc:6c:f8:ea:83:73:72:3e:e8:c4:f4:11:b1:bb:45:29:4e:
         09:83:90:f6:75:35:c1:e5:aa:fb:db:a6:8c:84:a2:3c:8b:ad:
         30:33:c3:10:93:df:df:ca:80:36:10:f7:99:d9:69:01:4e:84:
         1e:5f:be:31:a9:20:f4:51:a1:76:a2:d6:2e:a1:95:39:2c:94:
         3c:a2:39:0b:12:29:ec:70:13:6e:be:ca:c1:78:e1:06:27:d7:
         e2:15:a3:ed:54:bf:0d:21:14:91:e4:69:01:99:a5:8d:64:53:
         7f:3c:b6:20:70:9d:f2:80:f5:f1:97:3a:43:9f:d5:05:ef:95:
         72:44:09:f3
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZGju9kwziGNRfN9kSM9akbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwODMwMTQ0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGMzYjkxMmUyY2EwMmUwYWViMzc0NWVjZWFjYTk5ZjkzMDFiYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu83ozKn10nn7/T+7erMv7gJjp3ih
zm3MRaTKjS4lEZ7KtO+FPDKaPYKFQN4NuQtaVqKvtz/icXbCwhfDJJ2ZBe9UsO88
qr4HJ0YbifTXzBLani0zgyR8lr+22Q+WpYZsTi6i5IHH0AS5+3fz8kZIvB/7gAVC
cdhw/Pnn6RzGN3wHnp5QR97RyRp6X2FTGs9eKXx2cLY/Xf+tGu+30hcEAqRPPAHx
Nmm1p6nDBqEwtAoiIRYM70wEWVlocTkrMbte7viaYJEbKwCvpq56PiU0awThf2Fy
bMq3b8FLqbysQ+0SdPeC6gRDhcshHXB1GcjPhvrOuIYluk3K5BGdtx0kDwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFLTDuRLiygLgrrN0Xs6sqZ+TAbq2MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvdE1PNUV1TEtBdUN1czNSZXpxeXBuNU1CdXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5NAMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEApm1or2q/0gaVc03hHt6hkyr0dlGBoYS3YNJ6ECsa1Yq9MS67ltt2
3OJcTKSWNN8Qs05HUFlhdV28jmR2A9tL35o/2+xhm6V6CcSVQkds2HO6Tucn///S
oKK+qRb5BZRn+f0S+FVD7FhKeSHoFTgO4M2aMos+67obG7IbmVvBH9xs+OqDc3I+
6MT0EbG7RSlOCYOQ9nU1weWq+9umjISiPIutMDPDEJPf38qANhD3mdlpAU6EHl++
Makg9FGhdqLWLqGVOSyUPKI5CxIp7HATbr7KwXjhBifX4hWj7VS/DSEUkeRpAZml
jWRTfzy2IHCd8oD18Zc6Q5/VBe+VckQJ8w==