Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hc7GUSdCWywoPMZ42qpLaMcivGg.roa
File:                     Hc7GUSdCWywoPMZ42qpLaMcivGg.roa (raw, json)
Hash identifier:          Vx3DGqUgqDaiw1MimnY7LBWUn0H1DK0357xYceWkID4=
Subject key identifier:   1D:CE:C6:51:27:42:5B:2C:28:3C:C6:78:DA:AA:4B:68:C7:22:BC:68
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0188FC96B97B25CE7EAC48BCC7D6AD327AA5
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hc7GUSdCWywoPMZ42qpLaMcivGg.roa
Signing time:             Tue 27 Jun 2023 11:21:56 +0000
ROA not before:           Tue 27 Jun 2023 11:21:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.184.0/22 maxlen: 24
                          62.60.188.0/22 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.152.0/22 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 09 Jul 2023 05:43:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fc:96:b9:7b:25:ce:7e:ac:48:bc:c7:d6:ad:32:7a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jun 27 11:21:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1dcec65127425b2c283cc678daaa4b68c722bc68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:77:02:ad:7b:39:98:66:53:69:03:b3:af:96:
                    f7:1c:c3:1f:24:49:74:b9:ae:00:12:fc:24:f2:84:
                    65:ed:26:84:f0:08:aa:0e:a7:0b:60:eb:16:eb:0b:
                    45:8b:90:d4:a3:ab:99:35:a3:d6:8a:d1:c5:46:60:
                    26:b5:cd:49:b3:17:08:b1:ec:d7:3d:b7:a5:bd:37:
                    94:97:6f:18:b5:ca:b1:e7:98:f9:81:ce:d3:20:52:
                    69:ae:b3:39:8c:66:2e:84:f6:cd:2f:dd:5b:e0:32:
                    ad:de:99:89:a2:00:c6:52:c1:24:54:b8:c0:bd:8f:
                    50:7a:e6:52:cc:c9:e3:f1:17:6e:a4:35:c1:09:6c:
                    80:18:b6:7a:ff:8f:4b:9c:ae:53:b8:99:c9:89:0f:
                    06:10:ea:17:db:4e:02:47:fd:dd:ec:95:bc:b7:92:
                    e0:2d:09:97:c3:a9:7c:6f:2e:7d:4e:a1:a7:a0:34:
                    3e:45:41:39:a4:86:03:5c:d8:72:f0:db:fa:e8:6e:
                    c6:c7:41:38:1a:7d:08:7b:eb:17:2e:c2:1b:a0:9b:
                    57:f7:89:87:24:c9:0c:2c:25:e5:1b:31:89:0f:76:
                    84:c2:be:da:0b:d2:05:0a:90:70:75:db:12:ae:4c:
                    1e:c4:ff:1b:0a:f2:c7:bd:f6:0e:b5:ae:f6:bf:50:
                    2f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CE:C6:51:27:42:5B:2C:28:3C:C6:78:DA:AA:4B:68:C7:22:BC:68
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Hc7GUSdCWywoPMZ42qpLaMcivGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.142.255
                  62.60.145.0/24
                  62.60.152.0/22
                  62.60.168.0/21
                  62.60.184.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         50:86:ca:db:1f:69:83:57:6e:3c:89:96:4a:93:ef:b9:6d:d0:
         d3:24:a2:f9:ab:cd:4f:82:63:81:f2:e1:af:49:79:2c:33:fe:
         d7:00:80:93:9d:cc:c7:0d:bd:08:5e:74:8e:8b:9e:6f:64:96:
         e5:97:25:94:9d:8c:92:2d:61:fa:8c:74:65:85:98:99:a9:4e:
         06:da:e0:0b:2c:5b:c3:62:0f:7b:76:02:ee:1a:39:e2:0f:8e:
         48:68:9b:49:fd:67:70:c0:e4:76:cf:85:c7:1d:22:81:26:87:
         f2:82:49:e7:22:68:f7:5c:a5:d8:43:ec:cc:f4:a8:49:80:ea:
         e8:07:cc:52:5f:63:c8:47:2f:d9:ac:8a:63:46:30:26:af:f3:
         80:34:0b:cc:e0:e6:34:c9:f9:77:42:a5:e8:4e:66:0a:7e:4d:
         14:19:fd:f1:34:77:57:03:1f:43:78:8d:a2:27:36:54:a8:3f:
         19:62:e0:04:4b:95:83:e4:fa:87:dc:d6:a6:f7:5e:00:6b:04:
         28:8b:37:52:35:95:a1:9d:6d:cd:cd:39:6b:7b:93:13:ec:d7:
         53:48:f7:ed:1c:34:57:82:8d:05:80:76:4d:97:c0:a2:f0:14:
         ff:d3:84:4e:d8:6c:31:36:87:18:9e:70:be:38:40:87:8e:c4:
         eb:c6:03:aa
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYj8lrl7Jc5+rEi8x9atMnqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwNjI3MTEyMTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNlYzY1MTI3NDI1YjJjMjgzY2M2NzhkYWFhNGI2OGM3MjJiYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArncCrXs5mGZTaQOzr5b3HMMfJEl0
ua4AEvwk8oRl7SaE8AiqDqcLYOsW6wtFi5DUo6uZNaPWitHFRmAmtc1JsxcIsezX
PbelvTeUl28Ytcqx55j5gc7TIFJprrM5jGYuhPbNL91b4DKt3pmJogDGUsEkVLjA
vY9QeuZSzMnj8RdupDXBCWyAGLZ6/49LnK5TuJnJiQ8GEOoX204CR/3d7JW8t5Lg
LQmXw6l8by59TqGnoDQ+RUE5pIYDXNhy8Nv66G7Gx0E4Gn0Ie+sXLsIboJtX94mH
JMkMLCXlGzGJD3aEwr7aC9IFCpBwddsSrkwexP8bCvLHvfYOta72v1AvmwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFB3OxlEnQlssKDzGeNqqS2jHIrxoMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSGM3R1VTZENXeXdvUE1aNDJxcExhTWNpdkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jgMEAD48kQMEAj48mAMEAz48qAMEAz48uAMEAdWw
BAMEANWwYDAMAwQB1bB6AwQB1bB8MA0GCSqGSIb3DQEBCwUAA4IBAQBQhsrbH2mD
V248iZZKk++5bdDTJKL5q81PgmOB8uGvSXksM/7XAICTnczHDb0IXnSOi55vZJbl
lyWUnYySLWH6jHRlhZiZqU4G2uALLFvDYg97dgLuGjniD45IaJtJ/WdwwOR2z4XH
HSKBJofygknnImj3XKXYQ+zM9KhJgOroB8xSX2PIRy/ZrIpjRjAmr/OANAvM4OY0
yfl3QqXoTmYKfk0UGf3xNHdXAx9DeI2iJzZUqD8ZYuAES5WD5PqH3Nam914AawQo
izdSNZWhnW3NzTlre5MT7NdTSPftHDRXgo0FgHZNl8Ci8BT/04RO2GwxNocYnnC+
OECHjsTrxgOq
-----END CERTIFICATE-----