Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/x5RFmMwjq66qbG892ff52El3ioo.roa
File:                     x5RFmMwjq66qbG892ff52El3ioo.roa (raw, json)
Hash identifier:          CacgXKiYv0znvC2x4oOOCVdVqLYc8TlR+msuMXWsn2E=
Subject key identifier:   C7:94:45:98:CC:23:AB:AE:AA:6C:6F:3D:D9:F7:F9:D8:49:77:8A:8A
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0189019E46B36ED9EDCBD60CDE29A150DF8A
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/x5RFmMwjq66qbG892ff52El3ioo.roa
Signing time:             Wed 28 Jun 2023 10:48:17 +0000
ROA not before:           Wed 28 Jun 2023 10:48:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/24 maxlen: 24
                          62.72.163.0/24 maxlen: 24
                          62.72.161.0/24 maxlen: 24
                          62.72.169.0/24 maxlen: 24
                          62.72.179.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.181.0/24 maxlen: 24
                          62.72.182.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          62.72.187.0/24 maxlen: 24
                          62.72.188.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 29 Jun 2023 07:20:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:01:9e:46:b3:6e:d9:ed:cb:d6:0c:de:29:a1:50:df:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 28 10:48:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c7944598cc23abaeaa6c6f3dd9f7f9d849778a8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:32:c1:44:22:fc:d3:aa:09:a2:0d:6f:3b:
                    0e:95:91:ed:fb:94:ff:18:d0:e9:88:41:27:cf:0c:
                    45:63:4c:b3:86:6f:ed:6c:e5:dd:40:bc:db:15:74:
                    94:5d:32:eb:d1:4f:2c:5d:3c:f7:52:9f:e9:e0:76:
                    1c:c6:3a:93:f1:cf:a0:88:bd:76:ca:b0:eb:0d:71:
                    8c:48:2e:02:38:26:85:44:8c:79:b3:31:4d:cd:8f:
                    ab:a0:1b:54:8f:6b:86:c3:9c:fc:a4:7f:92:33:12:
                    cb:42:91:7e:24:41:a1:2f:7e:f0:0a:1d:03:b4:19:
                    d9:ab:6e:fa:b8:24:2d:f6:79:66:54:77:fd:3c:b4:
                    41:4a:b7:bb:67:2a:d8:a0:63:be:74:87:c4:64:7e:
                    f9:c9:e5:f2:2b:9d:39:c4:64:b2:c5:6f:78:bc:2e:
                    ca:8c:21:2b:61:55:e7:d8:94:59:1d:03:b0:eb:89:
                    ba:bc:77:ac:a9:77:d7:d2:ce:b3:af:e6:19:84:8d:
                    51:14:13:6e:4f:c8:50:60:91:7f:2d:96:54:d5:5e:
                    fb:86:a2:b7:c4:76:3b:11:5f:d1:9a:fb:00:1e:c4:
                    7b:bb:1e:29:25:9c:6b:17:48:48:9c:be:fb:5d:2a:
                    52:f8:4b:43:4e:d1:e3:55:9f:57:e6:b5:9b:a9:26:
                    a4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:94:45:98:CC:23:AB:AE:AA:6C:6F:3D:D9:F7:F9:D8:49:77:8A:8A
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/x5RFmMwjq66qbG892ff52El3ioo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.161.0-62.72.163.255
                  62.72.169.0/24
                  62.72.179.0/24
                  62.72.181.0-62.72.182.255
                  62.72.184.0/24
                  62.72.187.0-62.72.189.255
                  62.72.191.0/24
                  81.21.12.0/22
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:50:4e:a5:f7:c8:e0:0e:b3:80:41:05:3b:9c:94:08:bb:0b:
         67:aa:eb:7f:4b:26:40:1b:a1:1d:a0:d6:18:78:b4:d2:08:f3:
         c7:70:cd:30:e2:8e:c5:21:a1:7f:7f:4d:85:f0:45:58:6e:29:
         0e:c8:bb:d9:9a:48:ae:fa:f6:24:be:a6:68:72:c1:7e:c3:75:
         8f:06:62:c5:4e:59:27:d6:d3:ea:d7:70:51:3d:d4:f0:cc:8d:
         06:af:09:8c:34:03:cc:9d:4a:a3:5a:66:95:f0:ae:8f:cf:50:
         a4:13:a2:89:55:cb:39:44:e8:a5:3d:cf:0c:e5:47:05:7d:1c:
         f2:17:e2:d8:3e:7d:90:20:03:bd:c6:c8:ba:3b:71:69:78:0f:
         f3:50:32:c4:e3:72:3c:36:fd:dd:30:51:5b:96:25:4e:68:ce:
         02:27:f0:1d:d9:93:3e:66:89:ea:bc:df:db:e8:38:a4:16:fd:
         f5:08:72:5e:c8:f5:f1:33:53:92:66:ee:72:82:f3:bb:30:ac:
         61:aa:a9:47:98:15:17:cc:cb:45:a2:4f:77:d6:b7:64:4d:ad:
         fc:b7:52:d9:fb:ff:17:fe:6b:68:1e:67:20:f8:6e:53:0d:b3:
         44:78:a7:1f:dc:f4:f0:4d:d1:b8:01:7f:19:64:57:54:fc:03:
         92:8a:93:67
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYkBnkazbtnty9YM3imhUN+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMwNjI4MTA0ODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzk0NDU5OGNjMjNhYmFlYWE2YzZmM2RkOWY3ZjlkODQ5Nzc4YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHQywUQi/NOqCaINbzsOlZHt+5T/
GNDpiEEnzwxFY0yzhm/tbOXdQLzbFXSUXTLr0U8sXTz3Up/p4HYcxjqT8c+giL12
yrDrDXGMSC4COCaFRIx5szFNzY+roBtUj2uGw5z8pH+SMxLLQpF+JEGhL37wCh0D
tBnZq276uCQt9nlmVHf9PLRBSre7ZyrYoGO+dIfEZH75yeXyK505xGSyxW94vC7K
jCErYVXn2JRZHQOw64m6vHesqXfX0s6zr+YZhI1RFBNuT8hQYJF/LZZU1V77hqK3
xHY7EV/RmvsAHsR7ux4pJZxrF0hInL77XSpS+EtDTtHjVZ9X5rWbqSakYwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMeURZjMI6uuqmxvPdn3+dhJd4qKMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEveDVSRm1Nd2pxNjZxYkc4OTJmZjUyRWwzaW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAA+SKED
BAI+SKADBAA+SKkDBAA+SLMwDAMEAD5ItQMEAD5ItgMEAD5IuDAMAwQAPki7AwQB
Pki8AwQAPki/AwQCURUMAwQAsDk/MA0GCSqGSIb3DQEBCwUAA4IBAQBYUE6l98jg
DrOAQQU7nJQIuwtnqut/SyZAG6EdoNYYeLTSCPPHcM0w4o7FIaF/f02F8EVYbikO
yLvZmkiu+vYkvqZocsF+w3WPBmLFTlkn1tPq13BRPdTwzI0GrwmMNAPMnUqjWmaV
8K6Pz1CkE6KJVcs5ROilPc8M5UcFfRzyF+LYPn2QIAO9xsi6O3FpeA/zUDLE43I8
Nv3dMFFbliVOaM4CJ/Ad2ZM+ZonqvN/b6DikFv31CHJeyPXxM1OSZu5ygvO7MKxh
qqlHmBUXzMtFok931rdkTa38t1LZ+/8X/mtoHmcg+G5TDbNEeKcf3PTwTdG4AX8Z
ZFdU/AOSipNn
-----END CERTIFICATE-----