Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/xIIxFyYH2H_ZMBrRL-a4j6XituE.roa
File:                     xIIxFyYH2H_ZMBrRL-a4j6XituE.roa (raw, json)
Hash identifier:          z6yk3hHohTX34OD1UAh+q0KZFYpBebij2KTUcU7aVt0=
Subject key identifier:   C4:82:31:17:26:07:D8:7F:D9:30:1A:D1:2F:E6:B8:8F:A5:E2:B6:E1
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0190E3894D59B946D36B2DC7F54DC3C0B56D
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/xIIxFyYH2H_ZMBrRL-a4j6XituE.roa
Signing time:             Wed 24 Jul 2024 06:59:04 +0000
ROA not before:           Wed 24 Jul 2024 06:59:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/23 maxlen: 23
                          62.72.164.0/22 maxlen: 22
                          62.72.164.0/23 maxlen: 23
                          62.72.186.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.2.0/23 maxlen: 23
                          81.21.4.0/22 maxlen: 24
                          81.21.6.0/24 maxlen: 24
                          81.21.8.0/24 maxlen: 24
                          81.21.9.0/24 maxlen: 24
                          81.21.10.0/23 maxlen: 23
                          81.21.11.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.14.0/23 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.57.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 24 Jul 2024 07:13:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:89:4d:59:b9:46:d3:6b:2d:c7:f5:4d:c3:c0:b5:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jul 24 06:59:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48231172607d87fd9301ad12fe6b88fa5e2b6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fb:5a:22:ad:d4:a7:49:a5:b2:9b:b0:4e:44:
                    91:cb:84:e6:6f:de:75:db:3b:74:09:3c:77:15:c7:
                    8d:60:2d:65:f5:1f:83:66:9f:a6:65:93:a5:6d:58:
                    d2:78:40:54:97:e5:55:f9:51:92:3c:0d:5b:ff:17:
                    02:26:d8:15:dd:1d:3e:18:5b:e7:76:51:09:ac:15:
                    2f:09:3e:ff:05:05:99:d6:16:ca:4f:c9:a3:99:f8:
                    b8:a4:65:95:60:7d:5d:06:a2:22:bb:75:72:f2:b0:
                    bd:d6:1a:b5:bf:6b:9e:25:11:f3:d8:50:a5:b3:19:
                    e5:f4:82:ca:7d:b3:93:3c:b4:7e:ef:67:34:d9:b6:
                    64:f4:ec:40:4c:34:ba:e5:13:98:d2:d3:ec:b6:bb:
                    3e:c8:d9:85:a6:70:fb:f6:af:e9:c0:03:ed:5a:ea:
                    31:57:67:77:f3:3f:be:81:94:51:0c:31:3a:07:b4:
                    4a:68:64:10:f3:bc:ab:3f:d1:d2:a0:73:9f:59:5f:
                    b4:76:d6:9b:8e:4b:c5:55:89:c6:c6:95:23:d3:ea:
                    ab:ae:32:e3:0a:cc:a1:ec:c0:bc:a4:c4:26:0a:3d:
                    a9:6e:5f:75:27:9f:d2:65:ae:ec:22:fb:92:53:a1:
                    5a:c6:b1:c4:a5:54:80:ef:ba:2a:44:af:7f:32:5d:
                    2f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:82:31:17:26:07:D8:7F:D9:30:1A:D1:2F:E6:B8:8F:A5:E2:B6:E1
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/xIIxFyYH2H_ZMBrRL-a4j6XituE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.162.0-62.72.167.255
                  62.72.186.0/24
                  62.72.189.0/24
                  81.21.2.0-81.21.15.255
                  176.57.57.0/24
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:4c:ad:11:9e:18:a2:d9:6a:4c:0a:5c:16:f7:37:b2:88:9f:
         a5:8f:18:51:75:dc:32:96:91:db:57:52:c6:79:e7:7e:86:1e:
         38:f3:62:a2:65:08:1a:7a:cd:99:bb:c8:a9:ee:f2:cd:d0:c4:
         4a:ad:c1:47:c7:78:9e:c3:7d:96:9f:be:40:48:28:22:78:6d:
         4e:e3:49:e3:37:f4:99:45:51:f6:5f:43:81:d4:91:2c:91:ec:
         5f:15:01:d9:d9:b0:60:7c:f2:44:7b:ea:53:16:61:ed:01:f0:
         9e:eb:44:92:e6:b8:4c:fd:8d:d1:28:8f:69:a6:9f:4c:ad:4c:
         11:f4:80:3f:17:a4:6d:9b:9b:07:68:db:8c:34:f9:87:12:b1:
         a5:99:8a:16:95:b1:c7:53:1a:36:48:0e:ac:d1:06:03:7f:09:
         b0:1d:83:86:11:b1:1a:02:77:e5:9c:ab:d7:10:da:76:e5:8f:
         07:79:e0:45:52:0c:55:27:04:7f:ff:f6:fe:92:ca:5a:67:03:
         f2:ff:a2:ec:ee:1c:38:56:b3:d4:d6:e2:18:f5:60:fc:66:5d:
         47:bb:66:d8:7b:f3:4b:c8:e9:cc:bf:63:5f:13:1f:cd:7e:e0:
         07:b1:8e:7f:76:74:3e:27:97:4d:7e:2e:9a:1e:cb:34:33:c9:
         38:fb:7c:73
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZDjiU1ZuUbTay3H9U3DwLVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwNzI0MDY1OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDgyMzExNzI2MDdkODdmZDkzMDFhZDEyZmU2Yjg4ZmE1ZTJiNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxftaIq3Up0mlspuwTkSRy4Tmb951
2zt0CTx3FceNYC1l9R+DZp+mZZOlbVjSeEBUl+VV+VGSPA1b/xcCJtgV3R0+GFvn
dlEJrBUvCT7/BQWZ1hbKT8mjmfi4pGWVYH1dBqIiu3Vy8rC91hq1v2ueJRHz2FCl
sxnl9ILKfbOTPLR+72c02bZk9OxATDS65ROY0tPstrs+yNmFpnD79q/pwAPtWuox
V2d38z++gZRRDDE6B7RKaGQQ87yrP9HSoHOfWV+0dtabjkvFVYnGxpUj0+qrrjLj
Csyh7MC8pMQmCj2pbl91J5/SZa7sIvuSU6FaxrHEpVSA77oqRK9/Ml0v/wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMSCMRcmB9h/2TAa0S/muI+l4rbhMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEveElJeEZ5WUgySF9aTUJyUkwtYTRqNlhpdHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAE+SKID
BAM+SKADBAA+SLoDBAA+SL0wDAMEAVEVAgMEBFEVAAMEALA5OQMEALA5PzANBgkq
hkiG9w0BAQsFAAOCAQEAr0ytEZ4YotlqTApcFvc3soifpY8YUXXcMpaR21dSxnnn
foYeOPNiomUIGnrNmbvIqe7yzdDESq3BR8d4nsN9lp++QEgoInhtTuNJ4zf0mUVR
9l9DgdSRLJHsXxUB2dmwYHzyRHvqUxZh7QHwnutEkua4TP2N0SiPaaafTK1MEfSA
PxekbZubB2jbjDT5hxKxpZmKFpWxx1MaNkgOrNEGA38JsB2DhhGxGgJ35Zyr1xDa
duWPB3ngRVIMVScEf//2/pLKWmcD8v+i7O4cOFaz1NbiGPVg/GZdR7tm2HvzS8jp
zL9jXxMfzX7gB7GOf3Z0PieXTX4umh7LNDPJOPt8cw==
-----END CERTIFICATE-----