Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Iq1pLJuXb5SsHAGnUK4eyP5f6wQ.roa
File:                     Iq1pLJuXb5SsHAGnUK4eyP5f6wQ.roa (raw, json)
Hash identifier:          eqDA5sCZgXDKiFduk3O0sQ5pE56Hnp3D/DE5ovESpVM=
Subject key identifier:   22:AD:69:2C:9B:97:6F:94:AC:1C:01:A7:50:AE:1E:C8:FE:5F:EB:04
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018C68558C8E62C8BBA193A0E8F10B5E4902
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Iq1pLJuXb5SsHAGnUK4eyP5f6wQ.roa
Signing time:             Thu 14 Dec 2023 12:38:06 +0000
ROA not before:           Thu 14 Dec 2023 12:38:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.148.0/23 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.127.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:68:55:8c:8e:62:c8:bb:a1:93:a0:e8:f1:0b:5e:49:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Dec 14 12:38:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22ad692c9b976f94ac1c01a750ae1ec8fe5feb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:16:e9:0c:c6:87:7a:7d:54:1a:ba:59:76:3a:
                    f8:b6:02:61:60:12:d6:52:09:46:a9:62:f5:27:f4:
                    54:33:cc:af:2f:17:d6:b4:d5:29:66:2b:92:44:78:
                    fb:f5:b4:76:d2:07:43:0c:5c:c1:55:76:7a:a5:2b:
                    81:78:c1:e2:9a:e8:e6:02:49:f7:18:15:bd:36:18:
                    b3:bd:e6:fd:79:83:69:cd:39:cc:df:3f:ba:63:41:
                    e7:37:fe:f3:40:a9:17:8e:09:f1:8c:9d:5a:d1:7b:
                    89:93:2b:17:bf:42:0d:18:a4:a5:8a:f6:58:d1:cc:
                    51:f2:7c:f8:bd:30:24:53:b0:71:bc:27:7a:a1:4c:
                    d7:45:8d:76:8e:67:0f:6f:bc:21:6c:f7:32:11:53:
                    54:45:06:34:8c:41:ca:63:04:71:6d:4b:ec:9e:8c:
                    7c:43:9f:72:ef:a0:a7:61:9e:a0:2c:d2:1b:64:da:
                    ef:34:b4:27:39:c8:20:04:19:47:76:e6:a2:e2:42:
                    eb:96:9c:9c:45:a9:1c:09:3b:12:f9:60:5d:ab:27:
                    d4:b6:6c:2e:3c:1b:28:68:a5:1f:ac:52:ba:9f:05:
                    3f:6a:62:ec:04:12:70:e7:1a:77:39:6b:d4:01:b2:
                    25:5d:02:e4:c2:f3:5c:8a:37:23:2a:ee:9f:14:eb:
                    3e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AD:69:2C:9B:97:6F:94:AC:1C:01:A7:50:AE:1E:C8:FE:5F:EB:04
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Iq1pLJuXb5SsHAGnUK4eyP5f6wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0-62.60.149.255
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                  213.176.127.0/24
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:71:7e:a7:97:05:ba:68:2c:4c:a8:60:5e:ad:9e:a7:fc:fb:
         80:d8:a3:bc:ce:a4:97:9a:de:f3:3a:43:ca:a1:41:87:9f:b2:
         fe:08:c7:55:d4:d7:4a:62:82:4d:22:45:b5:82:7f:01:9c:ac:
         e7:d2:ab:74:a4:b3:0e:cf:c7:2a:f6:30:bf:15:48:55:ca:eb:
         7f:33:a1:c7:5f:76:aa:ce:de:c9:04:60:11:75:e2:ee:27:f1:
         e9:0d:4c:9b:4b:04:20:69:cf:81:ff:e0:b9:8a:4b:6e:c3:76:
         74:e3:f3:50:c3:91:69:97:53:85:83:41:82:0b:a7:03:d6:fe:
         bb:f1:22:fc:70:94:f2:74:93:fb:47:7b:7d:f3:29:55:4a:d2:
         b0:66:02:39:b2:0a:b6:2e:67:ce:f3:35:bd:3a:99:44:f7:98:
         d8:c6:ac:22:d0:98:1d:d0:ef:57:7e:6b:3c:6f:17:ae:68:98:
         35:2c:c5:31:1f:fe:61:e9:13:f4:b1:81:fa:65:36:58:cf:04:
         2e:7e:7b:02:38:27:09:45:90:b1:45:76:88:39:49:f4:e3:19:
         8e:cc:51:d8:19:34:46:d2:ed:30:f4:20:83:26:93:45:a4:05:
         35:f4:e7:cf:d3:b5:a0:17:7a:e9:93:03:04:b4:55:61:c8:a1:
         86:c0:aa:7c
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYxoVYyOYsi7oZOg6PELXkkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMxMjE0MTIzODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFkNjkyYzliOTc2Zjk0YWMxYzAxYTc1MGFlMWVjOGZlNWZlYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhbpDMaHen1UGrpZdjr4tgJhYBLW
UglGqWL1J/RUM8yvLxfWtNUpZiuSRHj79bR20gdDDFzBVXZ6pSuBeMHimujmAkn3
GBW9Nhizveb9eYNpzTnM3z+6Y0HnN/7zQKkXjgnxjJ1a0XuJkysXv0INGKSlivZY
0cxR8nz4vTAkU7BxvCd6oUzXRY12jmcPb7whbPcyEVNURQY0jEHKYwRxbUvsnox8
Q59y76CnYZ6gLNIbZNrvNLQnOcggBBlHduai4kLrlpycRakcCTsS+WBdqyfUtmwu
PBsoaKUfrFK6nwU/amLsBBJw5xp3OWvUAbIlXQLkwvNcijcjKu6fFOs+FwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFCKtaSybl2+UrBwBp1CuHsj+X+sEMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSXExcExKdVhiNVNzSEFHblVLNGV5UDVmNndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXDAMAwQCPjyE
AwQBPjyIMAwDBAA+PIsDBAA+PIwDBAA+PI4DBAA+PJEwDAMEAD48kwMEAT48lAME
Az48qAMEAdWwBAMEANWwYDAMAwQB1bB6AwQB1bB8AwQA1bB/MA0EAgACMAcDBQAg
AQeQMA0GCSqGSIb3DQEBCwUAA4IBAQCecX6nlwW6aCxMqGBerZ6n/PuA2KO8zqSX
mt7zOkPKoUGHn7L+CMdV1NdKYoJNIkW1gn8BnKzn0qt0pLMOz8cq9jC/FUhVyut/
M6HHX3aqzt7JBGARdeLuJ/HpDUybSwQgac+B/+C5iktuw3Z04/NQw5Fpl1OFg0GC
C6cD1v678SL8cJTydJP7R3t98ylVStKwZgI5sgq2LmfO8zW9OplE95jYxqwi0Jgd
0O9Xfms8bxeuaJg1LMUxH/5h6RP0sYH6ZTZYzwQufnsCOCcJRZCxRXaIOUn04xmO
zFHYGTRG0u0w9CCDJpNFpAU19OfP07WgF3rpkwMEtFVhyKGGwKp8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:39 2024 by rpki-client on console-fra.rpki-client.org