Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yBGkg-VN6wt06ARXCeV6RDKPYJE.roa
File:                     yBGkg-VN6wt06ARXCeV6RDKPYJE.roa (raw, json)
Hash identifier:          Npt0NFK3FqSqJymdhnhG88vjGeYzEZFOnN/hkpsKzgk=
Subject key identifier:   C8:11:A4:83:E5:4D:EB:0B:74:E8:04:57:09:E5:7A:44:32:8F:60:91
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01904117C4183A681DA69AA75A827D6F1BED
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yBGkg-VN6wt06ARXCeV6RDKPYJE.roa
Signing time:             Sat 22 Jun 2024 17:56:34 +0000
ROA not before:           Sat 22 Jun 2024 17:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.164.0/24 maxlen: 24
                          62.72.168.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 23 Jun 2024 13:55:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:41:17:c4:18:3a:68:1d:a6:9a:a7:5a:82:7d:6f:1b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 22 17:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c811a483e54deb0b74e8045709e57a44328f6091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a1:53:fd:96:db:85:6f:e5:26:9e:6d:9b:78:
                    b3:0c:d5:25:20:e5:ca:b3:e3:ba:3b:a4:93:3d:a1:
                    b8:23:61:93:7a:b2:18:18:79:77:16:60:69:ec:d2:
                    d6:2d:23:05:7b:3c:80:98:97:32:4a:be:c8:94:5c:
                    16:5e:fc:76:de:0d:1a:a8:5a:bb:e2:b0:5e:3e:c3:
                    8a:d0:41:11:c5:40:17:14:6c:f9:00:a4:37:6a:09:
                    1f:6a:60:cb:41:52:de:d9:fd:2f:8a:10:68:07:7a:
                    35:65:00:85:d8:ec:49:15:df:89:71:ca:9d:6f:48:
                    ba:b3:62:ad:2e:14:7f:8f:a1:4f:3f:d9:32:e3:f2:
                    29:93:bb:0b:37:9a:56:8c:75:e6:d1:3e:ac:12:06:
                    4f:10:8e:e8:63:9a:cc:25:63:a0:04:88:4a:e9:bf:
                    f9:3b:9e:88:35:92:80:60:14:16:1f:af:5b:56:04:
                    50:da:b4:ed:f8:94:99:ca:d7:25:3a:3a:1f:3d:19:
                    d8:10:15:13:94:c2:64:5f:f4:f9:89:6a:ba:54:65:
                    e4:cf:b3:fd:96:2d:db:45:81:20:4d:c3:ac:b5:c6:
                    ae:0d:6e:e9:f4:fd:25:e6:53:68:1d:ec:e2:c7:c3:
                    29:55:ef:2d:06:58:0a:67:2f:9b:fc:31:31:79:0b:
                    63:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:11:A4:83:E5:4D:EB:0B:74:E8:04:57:09:E5:7A:44:32:8F:60:91
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yBGkg-VN6wt06ARXCeV6RDKPYJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.168.255
                  62.72.184.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:18:1f:dd:d5:ee:ce:1c:be:72:11:c1:2f:a7:cd:8d:02:1c:
         40:8a:a7:39:d2:17:af:6b:f5:a5:21:f4:3e:51:16:e1:4d:8f:
         8a:cb:9e:1f:5c:29:46:df:68:46:0f:94:82:8f:03:e9:9a:6f:
         62:2a:de:f2:58:55:e7:74:79:3b:09:66:2f:34:80:f9:47:33:
         ce:72:e2:6c:14:0c:db:4a:aa:9b:1e:4e:57:e0:1f:8d:19:40:
         cb:ad:3b:3a:90:b1:75:44:43:1d:28:81:2f:7c:f2:5d:77:7d:
         06:ef:8a:60:71:3c:5d:3f:d7:b3:1e:7d:b4:90:e1:96:42:ca:
         9b:61:1a:f0:5a:23:f6:ef:4a:ec:ad:b2:db:97:11:b2:21:e7:
         71:d0:d5:30:d7:a0:18:c7:b9:3d:0a:fe:2d:49:4a:43:a4:43:
         c6:78:67:d8:35:7d:c6:f6:23:7a:76:75:fb:35:d6:16:f3:0c:
         9e:89:87:44:fd:4b:d4:7b:0c:a7:6b:ce:c2:97:e1:54:ba:ec:
         15:6b:b9:3f:8d:68:55:70:52:ce:05:d3:c3:79:3b:d7:5e:36:
         03:d3:fa:9a:08:85:d8:d7:c8:84:e2:9a:ab:bd:23:ca:04:a9:
         f3:84:a6:6c:04:d7:fb:f9:3b:4e:67:01:61:2c:50:91:67:2e:
         77:c1:77:ef
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZBBF8QYOmgdppqnWoJ9bxvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNjIyMTc1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODExYTQ4M2U1NGRlYjBiNzRlODA0NTcwOWU1N2E0NDMyOGY2MDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6FT/ZbbhW/lJp5tm3izDNUlIOXK
s+O6O6STPaG4I2GTerIYGHl3FmBp7NLWLSMFezyAmJcySr7IlFwWXvx23g0aqFq7
4rBePsOK0EERxUAXFGz5AKQ3agkfamDLQVLe2f0vihBoB3o1ZQCF2OxJFd+Jccqd
b0i6s2KtLhR/j6FPP9ky4/Ipk7sLN5pWjHXm0T6sEgZPEI7oY5rMJWOgBIhK6b/5
O56INZKAYBQWH69bVgRQ2rTt+JSZytclOjofPRnYEBUTlMJkX/T5iWq6VGXkz7P9
li3bRYEgTcOstcauDW7p9P0l5lNoHezix8MpVe8tBlgKZy+b/DExeQtjFwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMgRpIPlTesLdOgEVwnlekQyj2CRMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEveUJHa2ctVk42d3QwNkFSWENlVjZSREtQWUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAA+SKgDBAA+SLgDBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAVhgf3dXuzhy+chHBL6fNjQIcQIqnOdIXr2v1pSH0PlEW4U2Pisue
H1wpRt9oRg+Ugo8D6ZpvYire8lhV53R5OwlmLzSA+UczznLibBQM20qqmx5OV+Af
jRlAy607OpCxdURDHSiBL3zyXXd9Bu+KYHE8XT/Xsx59tJDhlkLKm2Ea8Foj9u9K
7K2y25cRsiHncdDVMNegGMe5PQr+LUlKQ6RDxnhn2DV9xvYjenZ1+zXWFvMMnomH
RP1L1HsMp2vOwpfhVLrsFWu5P41oVXBSzgXTw3k71142A9P6mgiF2NfIhOKaq70j
ygSp84SmbATX+/k7TmcBYSxQkWcud8F37w==
-----END CERTIFICATE-----