Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0JuZFnKi5VlJBog8UpRpdJSA0JU.roa
File:                     0JuZFnKi5VlJBog8UpRpdJSA0JU.roa (raw, json)
Hash identifier:          93hr5b/0UNF8LEWJFQ63b/tR2YVMSut9TfuWQLQ1e/4=
Subject key identifier:   D0:9B:99:16:72:A2:E5:59:49:06:88:3C:52:94:69:74:94:80:D0:95
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0186FA1B7E9AC875EEADCDC37A5E75960855
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0JuZFnKi5VlJBog8UpRpdJSA0JU.roa
Signing time:             Sun 19 Mar 2023 13:42:31 +0000
ROA not before:           Sun 19 Mar 2023 13:42:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.128.0/21 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.143.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.152.0/22 maxlen: 24
                          62.60.146.0/23 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 08 Apr 2023 06:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:fa:1b:7e:9a:c8:75:ee:ad:cd:c3:7a:5e:75:96:08:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Mar 19 13:42:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d09b991672a2e5594906883c529469749480d095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:db:2e:d5:04:25:75:87:75:68:a7:34:9c:
                    a5:62:97:55:11:73:a7:97:cb:9c:e2:fa:b0:03:47:
                    94:5f:46:c8:f7:51:e6:69:cc:6a:3a:05:a7:a9:cd:
                    09:38:a9:57:b0:97:c5:98:af:55:d9:1c:10:d0:ac:
                    68:e3:91:12:f3:b1:f4:aa:bb:39:1e:12:31:15:b8:
                    fb:52:ee:e1:7e:c5:b1:d2:97:25:79:4c:e3:8b:bc:
                    45:ba:a9:d3:b8:24:80:7b:41:f6:18:b6:7b:74:43:
                    53:5a:70:06:df:66:2b:97:c2:58:34:2b:a3:9f:aa:
                    9a:92:47:dc:12:87:26:00:04:c3:9e:4b:d5:35:35:
                    4d:8a:df:15:39:c4:5d:15:b2:98:87:92:84:cb:4e:
                    36:cc:34:24:19:e1:a1:61:cf:c3:5f:a9:ae:aa:53:
                    b7:a2:5d:cc:b7:42:31:2f:a4:78:a4:89:af:d3:51:
                    eb:d9:20:eb:b7:fb:87:45:5e:d3:06:5f:41:0d:87:
                    1f:da:13:a6:9a:19:3d:81:d9:8f:d8:ee:4c:10:da:
                    56:52:23:1f:bc:92:01:c5:d0:33:4f:a0:77:7f:c1:
                    f2:59:03:9c:2a:59:9b:a9:b7:b4:46:d0:d2:80:40:
                    e0:90:ca:a2:04:ce:0d:f9:75:93:fe:b6:c7:41:ae:
                    b8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9B:99:16:72:A2:E5:59:49:06:88:3C:52:94:69:74:94:80:D0:95
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/0JuZFnKi5VlJBog8UpRpdJSA0JU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.128.0-62.60.137.255
                  62.60.139.0-62.60.143.255
                  62.60.145.0-62.60.147.255
                  62.60.152.0/22
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         13:0a:79:40:96:34:2e:12:4d:d0:dd:2c:8a:ad:25:7c:f3:84:
         c2:1b:90:90:53:dd:76:1f:98:d8:b2:36:ad:59:84:e6:f9:fb:
         44:1a:50:cb:bf:3a:c0:b6:66:de:e5:d6:bf:44:fc:7b:cb:5e:
         61:02:21:3b:84:b4:56:34:b7:01:f9:5d:29:df:84:a0:1a:90:
         43:ef:ec:bf:ef:3b:20:51:7c:74:d7:b1:8f:b1:c6:eb:be:a2:
         71:25:16:ef:7c:a5:49:f1:86:fc:6e:32:c1:8b:3b:80:a6:72:
         5d:b4:14:a8:77:82:44:00:da:3f:f1:c9:25:e8:e0:47:bc:08:
         92:1e:37:a2:86:94:73:f4:10:99:3b:91:76:c0:c6:f5:d0:10:
         02:f8:21:18:d8:1b:e4:a2:53:26:e0:c9:05:46:50:1c:cf:90:
         dc:21:de:db:69:8f:1f:12:9e:c5:bd:a1:4d:9a:e6:69:ba:24:
         ab:ac:32:da:64:bf:54:e7:7d:00:10:ef:86:e5:3f:0f:f7:7b:
         43:78:3f:47:f5:72:14:63:fd:f7:7e:d0:30:09:40:ff:be:e0:
         02:f0:59:6d:00:c2:2c:d8:62:34:2e:57:db:0f:37:b1:48:07:
         ca:fb:ef:34:5d:ae:ce:a6:f1:46:85:70:87:22:10:ed:43:10:
         ad:a5:0f:4c
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYb6G36ayHXurc3Del51lghVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwMzE5MTM0MjMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDliOTkxNjcyYTJlNTU5NDkwNjg4M2M1Mjk0Njk3NDk0ODBkMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimHbLtUEJXWHdWinNJylYpdVEXOn
l8uc4vqwA0eUX0bI91HmacxqOgWnqc0JOKlXsJfFmK9V2RwQ0Kxo45ES87H0qrs5
HhIxFbj7Uu7hfsWx0pcleUzji7xFuqnTuCSAe0H2GLZ7dENTWnAG32Yrl8JYNCuj
n6qakkfcEocmAATDnkvVNTVNit8VOcRdFbKYh5KEy042zDQkGeGhYc/DX6muqlO3
ol3Mt0IxL6R4pImv01Hr2SDrt/uHRV7TBl9BDYcf2hOmmhk9gdmP2O5MENpWUiMf
vJIBxdAzT6B3f8HyWQOcKlmbqbe0RtDSgEDgkMqiBM4N+XWT/rbHQa64xwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNCbmRZyouVZSQaIPFKUaXSUgNCVMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvMEp1WkZuS2k1VmxKQm9nOFVwUnBkSlNBMEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAc+PIAD
BAE+PIgwDAMEAD48iwMEBD48gDAMAwQAPjyRAwQCPjyQAwQCPjyYAwQB1bAEAwQA
1bBgMAwDBAHVsHoDBAHVsHwwDQYJKoZIhvcNAQELBQADggEBABMKeUCWNC4STdDd
LIqtJXzzhMIbkJBT3XYfmNiyNq1ZhOb5+0QaUMu/OsC2Zt7l1r9E/HvLXmECITuE
tFY0twH5XSnfhKAakEPv7L/vOyBRfHTXsY+xxuu+onElFu98pUnxhvxuMsGLO4Cm
cl20FKh3gkQA2j/xySXo4Ee8CJIeN6KGlHP0EJk7kXbAxvXQEAL4IRjYG+SiUybg
yQVGUBzPkNwh3ttpjx8SnsW9oU2a5mm6JKusMtpkv1TnfQAQ74blPw/3e0N4P0f1
chRj/fd+0DAJQP++4ALwWW0AwizYYjQuV9sPN7FIB8r77zRdrs6m8UaFcIciEO1D
EK2lD0w=
-----END CERTIFICATE-----