Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4toX06tLmyp_2r8-fBxtq1EOhcQ.roa
File:                     4toX06tLmyp_2r8-fBxtq1EOhcQ.roa (raw, json)
Hash identifier:          AcyGTA5+yAzhcbtwQE0w7VMunIv8+DvQUV2M6EJK5kc=
Subject key identifier:   E2:DA:17:D3:AB:4B:9B:2A:7F:DA:BF:3E:7C:1C:6D:AB:51:0E:85:C4
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CE6EA5F81FA5C7F3D2376AFCD5C0DD9F1
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4toX06tLmyp_2r8-fBxtq1EOhcQ.roa
Signing time:             Mon 08 Jan 2024 02:32:48 +0000
ROA not before:           Mon 08 Jan 2024 02:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.127.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 07:20:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e6:ea:5f:81:fa:5c:7f:3d:23:76:af:cd:5c:0d:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  8 02:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2da17d3ab4b9b2a7fdabf3e7c1c6dab510e85c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:29:d2:f2:00:f8:b7:1e:9a:b4:dd:be:53:ec:
                    dc:a7:4b:a1:86:af:03:a9:3e:fb:bd:d4:cd:af:95:
                    33:3a:a5:d8:5c:28:e8:68:94:90:c2:bd:e2:01:34:
                    f9:4c:87:3e:35:ce:f0:5a:1d:6b:16:7d:b0:85:c5:
                    93:28:46:24:6b:91:8e:cd:49:bf:95:12:e9:a3:bb:
                    36:ec:5e:dc:9d:40:e2:62:6d:d9:6f:c4:8c:19:d0:
                    00:51:0e:df:64:26:21:0c:91:a1:dc:54:8f:6b:bc:
                    c3:ea:4b:fc:35:4a:0d:25:72:fc:0d:59:d8:d5:70:
                    ff:eb:2a:4c:fb:77:13:6e:0d:d9:0d:ca:57:69:48:
                    11:7d:78:c0:4c:0f:f6:87:d9:ae:e1:dc:3b:64:73:
                    b6:2b:6a:58:03:01:c4:03:e5:43:b2:c1:04:41:d9:
                    79:e8:a7:36:af:89:01:37:81:1c:7b:56:a5:14:cc:
                    e7:a7:8b:bf:04:b0:5b:7e:0b:60:7d:5e:94:63:82:
                    7f:5b:8f:48:75:30:03:2a:80:99:65:50:ed:c0:7c:
                    9d:bd:81:ff:60:4b:24:b9:d8:82:d1:40:c9:8d:d4:
                    4d:f5:f6:6c:80:4a:e8:58:5c:3a:b8:54:1e:c0:a1:
                    e0:98:f4:44:da:9d:c9:75:7f:1f:e0:d4:27:61:ae:
                    ce:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DA:17:D3:AB:4B:9B:2A:7F:DA:BF:3E:7C:1C:6D:AB:51:0E:85:C4
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/4toX06tLmyp_2r8-fBxtq1EOhcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                  213.176.127.0/24
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:60:d2:82:e6:3f:cb:5e:5a:68:c2:7e:5f:19:1b:09:a1:27:
         47:25:6c:4a:dd:59:7d:1d:30:dc:6d:05:08:9e:f0:ec:df:4f:
         d5:b3:4a:24:6b:15:01:88:04:6b:60:e1:8c:76:e0:0c:90:da:
         b6:dd:8f:35:ab:9e:93:0d:40:df:a8:ed:e1:1a:45:b5:1a:d2:
         74:55:37:7f:ae:42:8c:a6:df:21:8e:2a:88:01:4c:ad:e6:fa:
         8f:f0:ce:83:42:aa:a8:4a:57:98:c7:a8:73:21:fd:81:37:17:
         d0:a3:2b:e7:2a:2f:0b:57:cc:0c:0b:ef:1f:d7:41:74:6d:d8:
         52:de:9e:a0:7c:ea:97:39:68:c5:2f:20:2c:56:0c:9a:0a:93:
         e0:00:5d:d4:16:a5:85:91:70:7b:d0:b7:f3:70:88:1b:90:15:
         ae:30:c1:c2:fc:f3:94:02:7a:fa:88:d8:bc:26:aa:c4:ed:2f:
         1c:1a:22:30:64:13:de:59:18:a5:c0:50:30:0f:c5:55:85:c1:
         22:46:5a:ea:bd:e9:ff:2b:56:e5:3b:8f:be:51:8c:56:a0:3a:
         b5:bf:b9:e8:d1:90:8e:3f:9e:65:2f:9a:c9:51:37:b0:16:cf:
         d4:3d:39:30:61:c7:82:6a:df:c1:66:c2:06:54:43:56:91:04:
         5a:ef:44:2e
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYzm6l+B+lx/PSN2r81cDdnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTA4MDIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRhMTdkM2FiNGI5YjJhN2ZkYWJmM2U3YzFjNmRhYjUxMGU4NWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzinS8gD4tx6atN2+U+zcp0uhhq8D
qT77vdTNr5UzOqXYXCjoaJSQwr3iATT5TIc+Nc7wWh1rFn2whcWTKEYka5GOzUm/
lRLpo7s27F7cnUDiYm3Zb8SMGdAAUQ7fZCYhDJGh3FSPa7zD6kv8NUoNJXL8DVnY
1XD/6ypM+3cTbg3ZDcpXaUgRfXjATA/2h9mu4dw7ZHO2K2pYAwHEA+VDssEEQdl5
6Kc2r4kBN4Ece1alFMznp4u/BLBbfgtgfV6UY4J/W49IdTADKoCZZVDtwHydvYH/
YEskudiC0UDJjdRN9fZsgEroWFw6uFQewKHgmPRE2p3JdX8f4NQnYa7O+wIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFOLaF9OrS5sqf9q/PnwcbatRDoXEMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvNHRvWDA2dExteXBfMnI4LWZCeHRxMUVPaGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jAMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAdWw
BAMEANWwYDAMAwQB1bB6AwQB1bB8AwQA1bB/MA0EAgACMAcDBQAgAQeQMA0GCSqG
SIb3DQEBCwUAA4IBAQBJYNKC5j/LXlpown5fGRsJoSdHJWxK3Vl9HTDcbQUInvDs
30/Vs0okaxUBiARrYOGMduAMkNq23Y81q56TDUDfqO3hGkW1GtJ0VTd/rkKMpt8h
jiqIAUyt5vqP8M6DQqqoSleYx6hzIf2BNxfQoyvnKi8LV8wMC+8f10F0bdhS3p6g
fOqXOWjFLyAsVgyaCpPgAF3UFqWFkXB70LfzcIgbkBWuMMHC/POUAnr6iNi8JqrE
7S8cGiIwZBPeWRilwFAwD8VVhcEiRlrqven/K1blO4++UYxWoDq1v7no0ZCOP55l
L5rJUTewFs/UPTkwYceCat/BZsIGVENWkQRa70Qu
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:39 2024 by rpki-client on console-fra.rpki-client.org