Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/DDjRAinM1mVBegkpu9UApyTC9LA.roa
File:                     DDjRAinM1mVBegkpu9UApyTC9LA.roa (raw, json)
Hash identifier:          uXDIZ8VF9eJrTEp1TE4kebxSllSF6uPcKhfnFQzlcHA=
Subject key identifier:   0C:38:D1:02:29:CC:D6:65:41:7A:09:29:BB:D5:00:A7:24:C2:F4:B0
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0190BF732C9710DF4B109834E47C294AEDEA
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/DDjRAinM1mVBegkpu9UApyTC9LA.roa
Signing time:             Wed 17 Jul 2024 06:48:34 +0000
ROA not before:           Wed 17 Jul 2024 06:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.225.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          213.176.96.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 20 Aug 2024 08:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:73:2c:97:10:df:4b:10:98:34:e4:7c:29:4a:ed:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jul 17 06:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c38d10229ccd665417a0929bbd500a724c2f4b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:8d:06:b9:53:7f:71:67:fb:fc:ba:17:49:
                    7e:57:9d:a8:cf:b3:cb:c1:ae:92:f3:ab:bb:03:4b:
                    dd:08:24:eb:11:3c:b6:66:fd:38:c5:c0:aa:44:86:
                    f5:69:48:4c:92:75:85:35:33:91:13:b2:49:38:95:
                    e1:b8:52:a2:f1:d3:f9:b1:bd:1b:e4:19:77:2d:b6:
                    e4:41:c2:c9:27:58:f2:c5:98:22:82:88:7a:93:69:
                    5a:5b:ce:3b:4f:83:b8:4b:01:ba:89:dc:1c:4e:5b:
                    6b:e5:8b:25:84:5c:94:18:99:ff:50:15:a4:36:16:
                    ff:e5:a2:db:c4:b5:61:2f:27:52:e7:d6:04:78:7a:
                    18:f4:eb:75:78:be:bf:b8:30:c1:87:e6:25:4d:b8:
                    a8:60:46:10:9c:c3:2f:73:8b:3c:f6:2f:a6:16:f7:
                    4e:ec:a1:c6:2c:f7:b1:d6:dd:1f:83:05:2e:63:cd:
                    28:9a:fa:31:b8:3e:1a:96:14:05:3f:8e:44:4a:7a:
                    0b:cb:74:e0:f0:b5:bc:51:8d:47:46:b8:b4:39:c4:
                    82:8a:85:0f:73:58:5a:b1:7c:33:33:e6:61:6c:00:
                    fc:d4:24:bf:da:a6:ad:27:55:d7:f0:4a:65:61:e1:
                    2b:e1:9c:01:fc:75:04:d2:5f:14:21:f4:1d:93:75:
                    73:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:38:D1:02:29:CC:D6:65:41:7A:09:29:BB:D5:00:A7:24:C2:F4:B0
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/DDjRAinM1mVBegkpu9UApyTC9LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  62.60.225.0/24
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:d7:cf:48:26:b2:10:c4:84:30:1e:25:87:57:e6:57:3f:18:
         b4:6c:1b:0d:c1:e9:e5:38:89:76:05:2a:94:6f:91:18:04:4c:
         7d:ec:cd:72:7b:8d:e8:47:1c:0e:a2:83:0b:7d:e6:70:79:29:
         e1:35:06:8d:bb:2d:b6:a7:38:c6:84:12:d1:d9:aa:32:a0:f4:
         b0:ad:30:f0:4c:e1:44:31:a1:7a:62:35:ba:88:da:a0:c7:6f:
         2f:77:27:f5:21:36:5e:4c:0c:8d:7a:c4:84:47:e7:87:86:96:
         23:f8:f7:63:80:2d:ca:32:50:f9:09:3e:a6:0c:5e:d4:a9:a7:
         09:82:82:a4:4e:80:a2:81:c8:36:70:35:bc:0b:03:16:e8:fc:
         5b:42:ef:77:29:85:3d:fd:2c:8e:04:2d:7c:05:0d:dd:cd:d5:
         e4:95:19:69:27:29:1f:e4:b7:b7:62:aa:e6:0e:44:31:5a:fe:
         fe:1e:bd:9f:1f:62:2e:68:dc:3f:f5:27:91:2d:e9:aa:cb:c4:
         f9:a6:35:b8:80:9c:eb:c5:22:0f:73:23:65:93:4e:4a:6f:f0:
         79:ea:10:a4:36:cf:40:3c:34:8a:39:88:85:31:13:58:a9:5a:
         da:d8:0f:e8:5b:eb:1f:c6:1a:5a:12:a5:c6:d3:da:c8:93:62:
         f2:60:11:6e
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZC/cyyXEN9LEJg05HwpSu3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNzE3MDY0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM4ZDEwMjI5Y2NkNjY1NDE3YTA5MjliYmQ1MDBhNzI0YzJmNGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknSNBrlTf3Fn+/y6F0l+V52oz7PL
wa6S86u7A0vdCCTrETy2Zv04xcCqRIb1aUhMknWFNTORE7JJOJXhuFKi8dP5sb0b
5Bl3LbbkQcLJJ1jyxZgigoh6k2laW847T4O4SwG6idwcTltr5YslhFyUGJn/UBWk
Nhb/5aLbxLVhLydS59YEeHoY9Ot1eL6/uDDBh+YlTbioYEYQnMMvc4s89i+mFvdO
7KHGLPex1t0fgwUuY80omvoxuD4alhQFP45ESnoLy3Tg8LW8UY1HRri0OcSCioUP
c1hasXwzM+ZhbAD81CS/2qatJ1XX8EplYeEr4ZwB/HUE0l8UIfQdk3VzpQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFAw40QIpzNZlQXoJKbvVAKckwvSwMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvRERqUkFpbk0xbVZCZWdrcHU5VUFweVRDOUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jAMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAD48
4QMEAdWwBAMEANWwYDAMAwQB1bB6AwQB1bB8MA0EAgACMAcDBQAgAQeQMA0GCSqG
SIb3DQEBCwUAA4IBAQCy189IJrIQxIQwHiWHV+ZXPxi0bBsNwenlOIl2BSqUb5EY
BEx97M1ye43oRxwOooMLfeZweSnhNQaNuy22pzjGhBLR2aoyoPSwrTDwTOFEMaF6
YjW6iNqgx28vdyf1ITZeTAyNesSER+eHhpYj+PdjgC3KMlD5CT6mDF7UqacJgoKk
ToCigcg2cDW8CwMW6PxbQu93KYU9/SyOBC18BQ3dzdXklRlpJykf5Le3YqrmDkQx
Wv7+Hr2fH2IuaNw/9SeRLemqy8T5pjW4gJzrxSIPcyNlk05Kb/B56hCkNs9APDSK
OYiFMRNYqVra2A/oW+sfxhpaEqXG09rIk2LyYBFu
-----END CERTIFICATE-----