Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/NTlqa4GiylqZX7bUU44wVfQHYm8.roa
File:                     NTlqa4GiylqZX7bUU44wVfQHYm8.roa (raw, json)
Hash identifier:          eSuaOGN/qydrfkclf8mwL/0Gt2oNUhAymftXAjQ2AMw=
Subject key identifier:   35:39:6A:6B:81:A2:CA:5A:99:5F:B6:D4:53:8E:30:55:F4:07:62:6F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CD10A158CED019225D2B7849DE4C99466
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/NTlqa4GiylqZX7bUU44wVfQHYm8.roa
Signing time:             Wed 03 Jan 2024 20:35:48 +0000
ROA not before:           Wed 03 Jan 2024 20:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35372
IP address blocks:        62.60.138.0/24 maxlen: 24
                          62.60.144.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.160.0/22 maxlen: 24
                          213.176.0.0/24 maxlen: 24
                          213.176.7.0/24 maxlen: 24
                          213.176.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Feb 2024 06:22:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:0a:15:8c:ed:01:92:25:d2:b7:84:9d:e4:c9:94:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  3 20:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35396a6b81a2ca5a995fb6d4538e3055f407626f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e1:9d:dc:52:a0:9e:12:54:08:f8:94:f6:01:
                    ec:17:96:ef:e8:b3:60:f0:d8:24:bb:a4:59:c0:fd:
                    22:22:29:c7:67:fe:60:99:f5:0b:d7:c9:09:8e:be:
                    50:11:b2:5e:c3:a4:1f:25:12:12:8b:44:d7:a4:51:
                    fb:b5:75:de:9b:6e:09:d6:81:89:1c:43:9b:9b:87:
                    71:62:fd:a7:ec:fa:6c:11:4c:00:dc:24:9e:a5:76:
                    69:de:33:94:79:10:d0:2a:12:24:af:98:fb:e7:65:
                    0a:a9:84:1d:af:8c:65:fa:de:bb:ca:5f:ba:d9:18:
                    ab:e7:ac:e6:31:3c:c3:63:37:55:75:0f:9a:0b:72:
                    57:9e:28:68:9d:35:84:df:6f:82:20:74:ef:40:2c:
                    80:03:55:d0:09:b2:8d:22:9e:79:4c:e5:08:28:f0:
                    0b:66:49:53:de:31:97:e5:84:d3:cd:51:06:19:b2:
                    97:c2:07:e7:a7:70:15:dc:1f:09:26:ff:0c:2c:ce:
                    06:6f:92:31:98:f2:9d:a9:49:bc:7e:1d:ad:3f:f4:
                    34:66:6c:a8:ce:cb:52:c8:3d:88:30:33:dc:e2:e7:
                    9d:d2:4b:ea:87:ce:ab:a1:ec:77:2e:94:89:a9:8a:
                    27:67:83:43:f8:e3:29:33:cb:eb:98:af:81:d7:43:
                    0a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:39:6A:6B:81:A2:CA:5A:99:5F:B6:D4:53:8E:30:55:F4:07:62:6F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/NTlqa4GiylqZX7bUU44wVfQHYm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.138.0/24
                  62.60.144.0/24
                  62.60.147.0/24
                  62.60.160.0/22
                  213.176.0.0/24
                  213.176.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:6b:d6:33:33:8b:71:55:0a:87:92:09:69:37:5e:e7:e2:94:
         7c:0d:98:e8:7a:53:7f:82:1c:c1:8e:26:13:08:05:93:79:37:
         c1:0c:ab:d5:43:95:66:6f:bb:7e:df:8d:68:ef:0c:b7:fe:3b:
         47:2e:fb:4e:bf:08:a5:d4:39:98:3c:29:64:d8:34:ab:1e:84:
         4d:3d:34:66:3a:55:db:10:a5:32:0e:1e:47:bb:9a:b3:fb:e2:
         cc:3c:fe:4c:cb:01:a4:6e:13:eb:35:e8:ce:51:2a:e2:c3:b9:
         13:4f:8a:85:26:92:bf:08:09:55:1b:94:79:c7:f0:8f:63:fb:
         37:67:97:93:71:21:19:91:67:06:7d:7e:57:39:62:f0:8f:b4:
         c9:44:69:89:e1:7a:c5:1c:0c:a6:c6:37:a9:b7:47:6f:26:c8:
         fd:35:22:ee:f0:89:65:c8:fb:c7:bf:cf:f1:c2:9b:21:7c:93:
         7d:c6:d6:0e:2b:7c:bd:70:2b:69:bf:5e:35:6f:c9:4c:5d:77:
         28:e7:93:d4:42:fe:e9:99:59:3d:0b:ba:47:42:37:5a:6c:eb:
         c6:27:47:ae:65:bb:af:0e:c8:88:83:ec:e3:d7:47:d2:46:a2:
         7e:c5:1e:40:65:b7:c1:f8:4c:23:23:78:f5:fe:82:41:c5:10:
         32:df:8c:6b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzRChWM7QGSJdK3hJ3kyZRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTAzMjAzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM5NmE2YjgxYTJjYTVhOTk1ZmI2ZDQ1MzhlMzA1NWY0MDc2MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOGd3FKgnhJUCPiU9gHsF5bv6LNg
8Ngku6RZwP0iIinHZ/5gmfUL18kJjr5QEbJew6QfJRISi0TXpFH7tXXem24J1oGJ
HEObm4dxYv2n7PpsEUwA3CSepXZp3jOUeRDQKhIkr5j752UKqYQdr4xl+t67yl+6
2Rir56zmMTzDYzdVdQ+aC3JXnihonTWE32+CIHTvQCyAA1XQCbKNIp55TOUIKPAL
ZklT3jGX5YTTzVEGGbKXwgfnp3AV3B8JJv8MLM4Gb5IxmPKdqUm8fh2tP/Q0Zmyo
zstSyD2IMDPc4ued0kvqh86roex3LpSJqYonZ4ND+OMpM8vrmK+B10MKrwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDU5amuBospamV+21FOOMFX0B2JvMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvTlRscWE0R2l5bHFaWDdiVVU0NHdWZlFIWW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAPjyKAwQA
PjyQAwQAPjyTAwQCPjygAwQA1bAAAwQB1bAGMA0GCSqGSIb3DQEBCwUAA4IBAQCX
a9YzM4txVQqHkglpN17n4pR8DZjoelN/ghzBjiYTCAWTeTfBDKvVQ5Vmb7t+341o
7wy3/jtHLvtOvwil1DmYPClk2DSrHoRNPTRmOlXbEKUyDh5Hu5qz++LMPP5MywGk
bhPrNejOUSriw7kTT4qFJpK/CAlVG5R5x/CPY/s3Z5eTcSEZkWcGfX5XOWLwj7TJ
RGmJ4XrFHAymxjept0dvJsj9NSLu8IllyPvHv8/xwpshfJN9xtYOK3y9cCtpv141
b8lMXXco55PUQv7pmVk9C7pHQjdabOvGJ0euZbuvDsiIg+zj10fSRqJ+xR5AZbfB
+EwjI3j1/oJBxRAy34xr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:29 2024 by rpki-client on console-ams.rpki-client.org