Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/z3uwmymEit3Mo32gp-RbuqcQyso.roa
File:                     z3uwmymEit3Mo32gp-RbuqcQyso.roa (raw, json)
Hash identifier:          XHHXr8OsbVd/rHM3Uwt14qXAKNicrt2TDB+yIwFSocw=
Subject key identifier:   CF:7B:B0:9B:29:84:8A:DD:CC:A3:7D:A0:A7:E4:5B:BA:A7:10:CA:CA
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018F1BDDB98DC31AE3B8677C0434AF15EF54
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/z3uwmymEit3Mo32gp-RbuqcQyso.roa
Signing time:             Fri 26 Apr 2024 19:24:26 +0000
ROA not before:           Fri 26 Apr 2024 19:24:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.188.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.12.0/22 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          176.57.59.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 28 Apr 2024 05:32:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:dd:b9:8d:c3:1a:e3:b8:67:7c:04:34:af:15:ef:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 26 19:24:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7bb09b29848addcca37da0a7e45bbaa710caca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0c:38:2a:66:24:b5:78:2f:3b:3d:f1:97:c7:
                    32:75:6d:9b:ed:37:1a:aa:c6:8a:1e:44:b1:58:fd:
                    84:64:b7:e7:47:ae:1e:e8:79:86:90:ef:c0:8b:7e:
                    e2:b4:94:6f:93:3a:d8:f6:9f:55:c4:15:7c:18:c1:
                    b8:08:19:67:ae:1e:63:a4:75:28:54:48:a1:c4:74:
                    d2:69:20:7e:36:17:43:f9:88:a2:a7:b8:bf:51:cf:
                    1e:de:f2:68:00:00:00:e9:cd:3e:ad:31:7d:1d:3a:
                    7d:17:e2:6a:b5:a3:16:13:e5:9d:a1:f3:cf:4a:c7:
                    b8:7a:93:ae:16:9d:d7:0d:78:35:16:85:1c:c0:8b:
                    12:ad:70:65:1f:9f:89:10:15:25:4b:cc:a2:5f:14:
                    dc:fd:f1:c3:d0:d1:6c:c8:4a:7f:ea:58:43:63:a8:
                    c2:d1:d8:ad:ea:85:a6:3c:8e:a1:52:a1:44:6b:61:
                    2f:0f:54:b0:33:a1:f0:f0:b9:d3:04:45:b3:e8:1e:
                    e2:0b:8a:9e:9a:2e:53:b9:87:d2:3d:12:3d:cf:a8:
                    e9:9b:46:63:45:a1:12:3b:a0:cf:51:2a:fd:f5:d0:
                    91:cb:bd:d1:1e:46:44:6f:00:38:39:d2:ed:5a:08:
                    b9:9c:70:36:c3:ad:3c:cc:0b:f0:7c:b4:67:a7:6b:
                    2d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7B:B0:9B:29:84:8A:DD:CC:A3:7D:A0:A7:E4:5B:BA:A7:10:CA:CA
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/z3uwmymEit3Mo32gp-RbuqcQyso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.188.0/23
                  81.21.2.0-81.21.15.255
                  176.57.59.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c1:bf:e3:67:d3:fb:7b:c0:f0:10:0b:f4:a4:82:7a:33:17:
         3f:8e:c1:48:98:a5:75:7f:f7:4d:05:cd:18:4d:85:9c:70:a4:
         fb:8d:57:76:bd:6d:3f:48:36:0e:5f:c7:15:cc:75:05:f0:43:
         84:aa:df:e9:3a:64:72:f0:1f:00:fe:49:54:23:87:92:fa:b4:
         96:d7:f4:c2:6b:c4:1f:9b:29:9d:c4:cf:ce:ea:80:6c:76:0d:
         dd:0c:8a:6e:ce:89:66:d7:e2:e8:ba:b9:8b:57:0b:d2:14:b4:
         95:12:2f:cb:64:7c:8c:40:01:62:e6:98:06:79:3c:83:86:ba:
         65:78:c4:05:99:dd:4b:e3:70:21:26:bc:a4:cf:55:41:36:f7:
         fd:85:17:81:89:f3:1b:b4:5f:fe:4b:ba:18:b3:38:7a:3a:ac:
         36:8a:ed:db:3b:05:a4:5f:49:da:a3:b6:cd:95:24:41:0c:34:
         c0:ce:2b:1e:85:c0:c7:7d:e4:e0:d9:b2:2d:73:96:5f:fe:4d:
         82:5a:ca:45:62:a5:1f:7d:3d:6f:ad:8b:b7:c5:31:1d:17:87:
         d6:9d:89:57:14:cb:c9:0b:0a:33:68:e0:d1:b4:11:33:71:54:
         05:ff:8a:c9:21:8b:2b:a8:be:18:ab:07:ef:8b:e9:00:16:8d:
         01:0a:57:4b
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY8b3bmNwxrjuGd8BDSvFe9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNDI2MTkyNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdiYjA5YjI5ODQ4YWRkY2NhMzdkYTBhN2U0NWJiYWE3MTBjYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQw4KmYktXgvOz3xl8cydW2b7Tca
qsaKHkSxWP2EZLfnR64e6HmGkO/Ai37itJRvkzrY9p9VxBV8GMG4CBlnrh5jpHUo
VEihxHTSaSB+NhdD+Yiip7i/Uc8e3vJoAAAA6c0+rTF9HTp9F+JqtaMWE+WdofPP
Sse4epOuFp3XDXg1FoUcwIsSrXBlH5+JEBUlS8yiXxTc/fHD0NFsyEp/6lhDY6jC
0dit6oWmPI6hUqFEa2EvD1SwM6Hw8LnTBEWz6B7iC4qemi5TuYfSPRI9z6jpm0Zj
RaESO6DPUSr99dCRy73RHkZEbwA4OdLtWgi5nHA2w608zAvwfLRnp2stvwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFM97sJsphIrdzKN9oKfkW7qnEMrKMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvejN1d215bUVpdDNNbzMyZ3AtUmJ1cWNReXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAE+SKID
BAM+SKADBAE+SLwwDAMEAVEVAgMEBFEVAAMEALA5OwMEALA5PzANBgkqhkiG9w0B
AQsFAAOCAQEAncG/42fT+3vA8BAL9KSCejMXP47BSJildX/3TQXNGE2FnHCk+41X
dr1tP0g2Dl/HFcx1BfBDhKrf6TpkcvAfAP5JVCOHkvq0ltf0wmvEH5spncTPzuqA
bHYN3QyKbs6JZtfi6Lq5i1cL0hS0lRIvy2R8jEABYuaYBnk8g4a6ZXjEBZndS+Nw
ISa8pM9VQTb3/YUXgYnzG7Rf/ku6GLM4ejqsNort2zsFpF9J2qO2zZUkQQw0wM4r
HoXAx33k4NmyLXOWX/5NglrKRWKlH309b62Lt8UxHReH1p2JVxTLyQsKM2jg0bQR
M3FUBf+KySGLK6i+GKsH74vpABaNAQpXSw==
-----END CERTIFICATE-----