Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HCUMH8v5E030JNKagnoYBM7mlfA.roa
File:                     HCUMH8v5E030JNKagnoYBM7mlfA.roa (raw, json)
Hash identifier:          F8DMuxTVLgHKj4pugHGO0ZDM0K4OGoeK6uABrM5keKI=
Subject key identifier:   1C:25:0C:1F:CB:F9:13:4D:F4:24:D2:9A:82:7A:18:04:CE:E6:95:F0
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0189C8CC48EB8F668F82F5B713EFAF1FBD7C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HCUMH8v5E030JNKagnoYBM7mlfA.roa
Signing time:             Sun 06 Aug 2023 03:02:58 +0000
ROA not before:           Sun 06 Aug 2023 03:02:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c8:cc:48:eb:8f:66:8f:82:f5:b7:13:ef:af:1f:bd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Aug  6 03:02:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c250c1fcbf9134df424d29a827a1804cee695f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e3:34:65:d7:fc:10:b2:4e:71:7e:68:84:51:
                    01:09:65:08:1b:6a:2a:07:fa:96:ae:0c:7b:73:50:
                    86:f6:47:c0:4b:5f:8d:f8:b8:90:75:17:7f:ba:f7:
                    fb:4f:4d:55:85:b4:46:f3:2d:7b:05:f5:ee:3f:45:
                    26:48:54:b2:11:11:16:2a:14:88:75:41:16:9c:e7:
                    d9:38:5f:4a:8b:52:e1:d5:78:d7:62:87:ab:2d:12:
                    95:30:23:89:97:f2:92:6d:fe:17:dc:e6:62:f7:2a:
                    45:38:f2:59:09:5b:ed:6c:77:e5:8c:bd:43:6d:3a:
                    c8:7a:f4:3c:b1:b5:51:ba:dd:60:81:74:13:a6:44:
                    2a:4e:9e:03:fc:aa:04:0a:6d:8d:84:18:b3:71:fc:
                    bb:92:72:10:a4:f6:ab:72:73:94:58:5f:5a:e3:01:
                    cb:95:54:fc:c5:8e:96:11:84:f0:03:f3:15:5c:18:
                    d4:1c:ba:b2:dd:a8:1b:c9:c7:c1:66:57:9c:31:88:
                    4c:f3:74:9e:79:f0:d5:bb:d2:fa:11:3a:ff:be:d9:
                    44:c6:39:77:18:cd:dd:98:3e:26:88:97:ba:e2:b7:
                    c0:cb:08:66:8a:ec:66:f2:3f:09:2c:4d:c9:2f:8e:
                    33:0d:cd:c2:6c:fc:36:d7:b2:b9:2e:6e:69:d1:d1:
                    4e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:25:0C:1F:CB:F9:13:4D:F4:24:D2:9A:82:7A:18:04:CE:E6:95:F0
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HCUMH8v5E030JNKagnoYBM7mlfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.142.255
                  62.60.145.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         12:4f:67:ab:5a:0a:d1:b4:5a:8d:17:08:66:02:1e:96:fc:c4:
         92:c2:cc:5c:2f:8b:c2:e3:ce:b9:05:f9:54:27:72:4e:11:18:
         64:56:b4:94:e7:c0:cf:68:41:47:41:20:e8:52:cb:a5:8d:d6:
         f7:9d:5d:b7:25:b5:22:26:ac:a6:70:91:1b:e8:4b:82:ef:e5:
         45:c4:25:7a:0d:cb:e7:84:b0:e9:dd:c8:1c:cb:ca:0d:15:61:
         4b:2f:b7:4a:33:75:a1:fe:88:6d:bc:9f:de:35:26:89:79:a1:
         51:bc:71:9d:eb:54:a5:cc:36:be:9d:ec:e3:dd:85:9b:8a:d9:
         4f:b2:c9:51:61:26:e7:d1:03:4b:0e:31:ba:f0:f7:46:d7:fe:
         36:91:7f:ee:93:ed:00:ac:8f:54:7d:6d:49:53:7d:79:e4:2e:
         7b:65:fa:7e:ba:28:6a:c1:53:7b:3a:b9:a2:f4:3c:d1:7e:f4:
         3a:45:7a:6c:c4:a4:c0:28:51:9f:c7:2b:ac:bc:e7:de:d9:80:
         ea:ad:2c:75:95:b0:72:73:98:bf:71:4a:a3:f9:28:51:51:ac:
         4d:e2:41:6b:ef:d6:d9:e2:91:23:b6:c3:da:35:57:77:6a:b5:
         7f:f9:78:c0:8e:99:00:42:8e:d6:39:7e:5c:47:b2:35:a1:5f:
         3d:84:c7:af
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYnIzEjrj2aPgvW3E++vH718MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwODA2MDMwMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzI1MGMxZmNiZjkxMzRkZjQyNGQyOWE4MjdhMTgwNGNlZTY5NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOM0Zdf8ELJOcX5ohFEBCWUIG2oq
B/qWrgx7c1CG9kfAS1+N+LiQdRd/uvf7T01VhbRG8y17BfXuP0UmSFSyEREWKhSI
dUEWnOfZOF9Ki1Lh1XjXYoerLRKVMCOJl/KSbf4X3OZi9ypFOPJZCVvtbHfljL1D
bTrIevQ8sbVRut1ggXQTpkQqTp4D/KoECm2NhBizcfy7knIQpParcnOUWF9a4wHL
lVT8xY6WEYTwA/MVXBjUHLqy3agbycfBZlecMYhM83SeefDVu9L6ETr/vtlExjl3
GM3dmD4miJe64rfAywhmiuxm8j8JLE3JL44zDc3CbPw217K5Lm5p0dFOlwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBwlDB/L+RNN9CTSmoJ6GATO5pXwMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSENVTUg4djVFMDMwSk5LYWdub1lCTTdtbGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jgMEAD48kQMEAz48qAMEAdWwBAMEANWwYDAMAwQB
1bB6AwQB1bB8MA0GCSqGSIb3DQEBCwUAA4IBAQAST2erWgrRtFqNFwhmAh6W/MSS
wsxcL4vC4865BflUJ3JOERhkVrSU58DPaEFHQSDoUsuljdb3nV23JbUiJqymcJEb
6EuC7+VFxCV6DcvnhLDp3cgcy8oNFWFLL7dKM3Wh/ohtvJ/eNSaJeaFRvHGd61Sl
zDa+nezj3YWbitlPsslRYSbn0QNLDjG68PdG1/42kX/uk+0ArI9UfW1JU3155C57
Zfp+uihqwVN7Ormi9DzRfvQ6RXpsxKTAKFGfxyusvOfe2YDqrSx1lbByc5i/cUqj
+ShRUaxN4kFr79bZ4pEjtsPaNVd3arV/+XjAjpkAQo7WOX5cR7I1oV89hMev
-----END CERTIFICATE-----