Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/zZhTonGFNKnTOIveHdmj4Yg0NYY.roa
File:                     zZhTonGFNKnTOIveHdmj4Yg0NYY.roa (raw, json)
Hash identifier:          rMNlOwyOpqtVUt4AP7sVid+fZfAa1gBxovQqd+NP3+s=
Subject key identifier:   CD:98:53:A2:71:85:34:A9:D3:38:8B:DE:1D:D9:A3:E1:88:34:35:86
Certificate issuer:       /CN=f3b5646b360379924cb6d9c3d99669ce7f3b2ca2
Certificate serial:       018CC5DBE380AE96FE53CD619F346385554A
Authority key identifier: F3:B5:64:6B:36:03:79:92:4C:B6:D9:C3:D9:96:69:CE:7F:3B:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87VkazYDeZJMttnD2ZZpzn87LKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/zZhTonGFNKnTOIveHdmj4Yg0NYY.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28968
IP address blocks:        62.181.34.0/23 maxlen: 23
                          62.181.36.0/22 maxlen: 22
                          62.181.38.0/24 maxlen: 24
                          62.181.48.0/23 maxlen: 23
                          62.181.46.0/23 maxlen: 23
                          62.181.56.0/21 maxlen: 21
                          62.181.56.0/22 maxlen: 22
                          212.59.96.0/21 maxlen: 21
                          212.59.96.0/20 maxlen: 20
                          212.59.109.0/24 maxlen: 24
                          77.232.32.0/23 maxlen: 23
                          77.232.35.0/24 maxlen: 24
                          77.232.48.0/23 maxlen: 23
                          2a00:f460::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 11:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e3:80:ae:96:fe:53:cd:61:9f:34:63:85:55:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b5646b360379924cb6d9c3d99669ce7f3b2ca2
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd9853a2718534a9d3388bde1dd9a3e188343586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ec:c3:c8:ad:c9:b6:c2:1c:38:42:82:12:2d:
                    db:2a:fb:38:1f:fb:b8:90:28:4a:60:c8:07:79:09:
                    9b:9e:f1:59:73:5e:0f:44:9e:b9:e2:56:b7:20:9f:
                    3f:e2:57:ab:c6:7c:a2:c3:20:6a:ab:64:71:09:8d:
                    6f:96:10:80:a9:01:ec:f3:80:fe:fd:d3:4f:5f:ae:
                    fc:2a:a5:f0:65:10:0c:bd:12:43:98:eb:5b:85:9a:
                    b8:72:e3:e0:22:9e:67:7a:a0:91:f9:b9:d9:d0:bb:
                    2b:68:e3:3e:92:b9:49:0e:e9:c3:0d:23:af:9b:bc:
                    ce:11:eb:a1:17:d0:b0:2b:a5:47:82:ed:c4:f4:b1:
                    eb:28:24:e2:e0:36:4e:d5:d0:6a:2e:59:5e:03:99:
                    b4:7f:be:08:24:d6:34:d5:b7:f8:8f:86:a6:4a:01:
                    63:77:26:2c:3f:f8:8d:6b:ee:3c:ae:8b:24:27:87:
                    b5:d8:33:85:e7:74:40:1c:31:d7:30:06:87:af:8d:
                    f3:19:6b:e6:2a:e6:8b:50:f9:e3:07:34:e7:1c:77:
                    ba:9a:14:d8:c4:92:a9:8a:16:e3:55:2f:b8:9d:2a:
                    66:6b:cf:20:74:d8:70:99:54:04:36:c8:18:cf:68:
                    ef:80:04:da:0d:90:f1:ee:ea:ce:bc:5f:f6:6e:99:
                    d7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:98:53:A2:71:85:34:A9:D3:38:8B:DE:1D:D9:A3:E1:88:34:35:86
            X509v3 Authority Key Identifier:
                keyid:F3:B5:64:6B:36:03:79:92:4C:B6:D9:C3:D9:96:69:CE:7F:3B:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87VkazYDeZJMttnD2ZZpzn87LKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/zZhTonGFNKnTOIveHdmj4Yg0NYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/87VkazYDeZJMttnD2ZZpzn87LKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.181.34.0-62.181.39.255
                  62.181.46.0-62.181.49.255
                  62.181.56.0/21
                  77.232.32.0/23
                  77.232.35.0/24
                  77.232.48.0/23
                  212.59.96.0/20
                IPv6:
                  2a00:f460::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:fc:73:45:84:58:80:85:bc:4c:95:22:c6:55:9e:20:05:8f:
         18:24:e3:ff:3c:0f:1e:e4:26:db:52:ef:32:c0:44:b1:8e:dd:
         dd:23:46:79:e8:b3:9a:c1:6f:0d:4a:ed:12:25:4b:c3:27:a6:
         fb:52:0a:40:6e:73:87:8d:f9:5c:2d:45:28:2c:5d:29:4f:e8:
         91:b6:e6:96:8a:88:ed:cf:9d:0f:e3:f9:0e:b8:15:4f:95:7e:
         74:4b:a2:6b:8d:1a:11:f6:74:51:f1:b7:c9:08:c8:a7:23:23:
         6e:db:bd:0a:d9:e7:4e:ea:f4:40:a6:a8:dd:4b:c7:13:b9:58:
         4a:13:cd:2f:41:ed:51:cb:08:7d:d4:a9:b0:7a:88:d6:3f:23:
         31:29:8c:32:66:bd:95:ec:75:61:cd:3a:8f:54:24:9d:b2:7a:
         11:68:f8:95:85:d3:c5:9e:7f:b5:73:9e:37:b9:42:b0:b0:8e:
         5c:e5:73:e4:a8:4d:5c:0f:b6:7b:eb:6e:f5:97:46:7e:ef:cc:
         9a:8a:82:42:f6:e2:3b:c6:7a:29:f9:a7:15:29:ec:89:23:63:
         47:73:21:b5:36:4b:68:e9:0b:67:a6:e8:61:22:58:9b:b2:c9:
         1f:e3:2d:ee:f4:5d:3f:c4:4a:c0:94:19:44:5e:20:12:25:2a:
         bd:5f:2c:5c
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYzF2+OArpb+U81hnzRjhVVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjU2NDZiMzYwMzc5OTI0Y2I2ZDljM2Q5OTY2OWNlN2Yz
YjJjYTIwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk4NTNhMjcxODUzNGE5ZDMzODhiZGUxZGQ5YTNlMTg4MzQzNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uzDyK3JtsIcOEKCEi3bKvs4H/u4
kChKYMgHeQmbnvFZc14PRJ654la3IJ8/4lerxnyiwyBqq2RxCY1vlhCAqQHs84D+
/dNPX678KqXwZRAMvRJDmOtbhZq4cuPgIp5neqCR+bnZ0LsraOM+krlJDunDDSOv
m7zOEeuhF9CwK6VHgu3E9LHrKCTi4DZO1dBqLlleA5m0f74IJNY01bf4j4amSgFj
dyYsP/iNa+48roskJ4e12DOF53RAHDHXMAaHr43zGWvmKuaLUPnjBzTnHHe6mhTY
xJKpihbjVS+4nSpma88gdNhwmVQENsgYz2jvgATaDZDx7urOvF/2bpnXKQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFM2YU6JxhTSp0ziL3h3Zo+GINDWGMB8GA1UdIwQY
MBaAFPO1ZGs2A3mSTLbZw9mWac5/OyyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdWa2F6WURlWkpNdHRuRDJaWnB6bjg3TEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81NzJlYTYtMTQzNi00ZjI2LWFmNTct
NTk3NTkxM2Y1MmM1LzEvelpoVG9uR0ZOS25UT0l2ZUhkbWo0WWcwTllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81NzJlYTYtMTQzNi00ZjI2LWFmNTctNTk3NTkxM2Y1MmM1
LzEvODdWa2F6WURlWkpNdHRuRDJaWnB6bjg3TEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6MAwDBAE+tSID
BAM+tSAwDAMEAT61LgMEAT61MAMEAz61OAMEAU3oIAMEAE3oIwMEAU3oMAMEBNQ7
YDANBAIAAjAHAwUAKgD0YDANBgkqhkiG9w0BAQsFAAOCAQEAhPxzRYRYgIW8TJUi
xlWeIAWPGCTj/zwPHuQm21LvMsBEsY7d3SNGeeizmsFvDUrtEiVLwyem+1IKQG5z
h435XC1FKCxdKU/okbbmloqI7c+dD+P5DrgVT5V+dEuia40aEfZ0UfG3yQjIpyMj
btu9CtnnTur0QKao3UvHE7lYShPNL0HtUcsIfdSpsHqI1j8jMSmMMma9lex1Yc06
j1QknbJ6EWj4lYXTxZ5/tXOeN7lCsLCOXOVz5KhNXA+2e+tu9ZdGfu/MmoqCQvbi
O8Z6KfmnFSnsiSNjR3MhtTZLaOkLZ6boYSJYm7LJH+Mt7vRdP8RKwJQZRF4gEiUq
vV8sXA==
-----END CERTIFICATE-----