Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PqNDDDhToiF0pXZhjo6oKInWbDA.roa
File:                     PqNDDDhToiF0pXZhjo6oKInWbDA.roa (raw, json)
Hash identifier:          5HCZDmf57yzsSya0y4GFtXRpP0hI/hXOm4v8NNgLSkY=
Subject key identifier:   3E:A3:43:0C:38:53:A2:21:74:A5:76:61:8E:8E:A8:28:89:D6:6C:30
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018FC449D03C85FC18BEE1F7D2C83DBA88A4
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PqNDDDhToiF0pXZhjo6oKInWbDA.roa
Signing time:             Wed 29 May 2024 12:18:42 +0000
ROA not before:           Wed 29 May 2024 12:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          213.176.96.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sun 07 Jul 2024 07:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:49:d0:3c:85:fc:18:be:e1:f7:d2:c8:3d:ba:88:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 29 12:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ea3430c3853a22174a576618e8ea82889d66c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:15:49:ff:fd:e1:c8:ec:06:9b:77:04:ac:31:
                    5c:ba:0b:16:95:58:87:1c:7c:5b:47:9f:04:90:a8:
                    0a:f6:ae:8a:12:d9:05:97:90:c9:4c:44:3c:a8:7e:
                    bc:3c:c1:66:1e:68:ef:1d:35:21:35:08:18:8c:e4:
                    50:8e:ba:71:0b:6c:72:46:19:45:f2:5e:e6:be:9e:
                    08:b3:1f:7f:8e:f1:ee:94:5f:90:95:16:c4:4e:28:
                    84:ad:2f:3b:a4:1b:a2:ca:ce:ff:c6:39:c4:d2:02:
                    59:61:68:d2:a1:65:fa:b4:31:27:3b:89:25:d2:6a:
                    4e:12:40:2e:d6:2f:c2:44:38:74:c4:da:bb:66:80:
                    83:42:64:21:20:76:c8:9b:8c:12:5a:fc:c6:53:52:
                    be:78:f0:0d:ac:29:cb:52:39:98:ff:b9:a7:db:59:
                    8e:fb:d0:61:8e:93:ea:5c:92:64:99:7d:58:08:db:
                    d3:5a:17:1e:07:42:08:c6:d9:5e:67:ac:4a:9e:52:
                    c4:02:05:c1:3b:43:fc:5f:5b:14:94:0f:b0:52:e8:
                    56:49:bb:51:88:78:93:9a:08:62:60:50:f1:5e:50:
                    e9:3c:f1:f1:af:fa:42:b3:f6:f8:69:f4:bb:62:3a:
                    44:1c:fc:1a:3b:48:c3:1d:39:65:84:cb:30:1f:6b:
                    c7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A3:43:0C:38:53:A2:21:74:A5:76:61:8E:8E:A8:28:89:D6:6C:30
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/PqNDDDhToiF0pXZhjo6oKInWbDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:41:1b:fe:e2:3b:69:45:7c:16:35:25:b0:2a:99:80:60:1a:
         6b:ad:91:29:30:1e:ee:40:c5:04:7e:54:40:4e:7a:44:3f:8a:
         0d:05:be:d3:18:34:63:24:cf:3a:cc:88:20:e5:20:de:fd:5f:
         76:82:db:a8:da:c5:ae:58:2a:e8:8a:dd:5e:7a:86:a0:26:f5:
         36:54:6e:4b:d1:e5:e6:16:14:34:72:7e:b3:aa:03:bb:39:85:
         cf:6a:ab:a6:8c:42:59:d3:7c:2e:45:c1:5f:c3:3b:45:10:bd:
         8d:35:b8:e4:09:79:ee:90:c3:b3:29:57:ae:19:c8:c8:03:7c:
         db:68:bf:c9:c8:ec:74:59:8f:a6:95:2f:0f:20:a1:94:56:04:
         4b:ed:ea:e7:dd:b0:df:30:69:a3:7f:89:6d:19:bf:46:1a:46:
         ac:d8:21:10:d9:6e:6c:bc:a9:14:4a:31:49:04:d3:89:0a:d7:
         05:8b:68:18:87:aa:89:0a:a6:33:58:06:8a:c6:3b:15:bb:92:
         00:f8:6e:42:8b:52:b2:5a:61:bf:4f:3c:46:11:19:92:7a:6c:
         df:86:78:dc:d2:c4:25:05:0c:bf:3e:59:cc:d5:bd:70:80:29:
         45:c3:ab:97:e0:52:85:a6:f7:41:4c:70:a7:bd:27:49:6e:2a:
         04:8c:41:5d
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAY/ESdA8hfwYvuH30sg9uoikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNTI5MTIxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWEzNDMwYzM4NTNhMjIxNzRhNTc2NjE4ZThlYTgyODg5ZDY2YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxVJ//3hyOwGm3cErDFcugsWlViH
HHxbR58EkKgK9q6KEtkFl5DJTEQ8qH68PMFmHmjvHTUhNQgYjORQjrpxC2xyRhlF
8l7mvp4Isx9/jvHulF+QlRbETiiErS87pBuiys7/xjnE0gJZYWjSoWX6tDEnO4kl
0mpOEkAu1i/CRDh0xNq7ZoCDQmQhIHbIm4wSWvzGU1K+ePANrCnLUjmY/7mn21mO
+9BhjpPqXJJkmX1YCNvTWhceB0IIxtleZ6xKnlLEAgXBO0P8X1sUlA+wUuhWSbtR
iHiTmghiYFDxXlDpPPHxr/pCs/b4afS7YjpEHPwaO0jDHTllhMswH2vHVQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFD6jQww4U6IhdKV2YY6OqCiJ1mwwMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvUHFOREREaFRvaUYwcFhaaGpvNm9LSW5XYkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jAMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAdWw
BAMEANWwYDAMAwQB1bB6AwQB1bB8MA0EAgACMAcDBQAgAQeQMA0GCSqGSIb3DQEB
CwUAA4IBAQBxQRv+4jtpRXwWNSWwKpmAYBprrZEpMB7uQMUEflRATnpEP4oNBb7T
GDRjJM86zIgg5SDe/V92gtuo2sWuWCroit1eeoagJvU2VG5L0eXmFhQ0cn6zqgO7
OYXPaqumjEJZ03wuRcFfwztFEL2NNbjkCXnukMOzKVeuGcjIA3zbaL/JyOx0WY+m
lS8PIKGUVgRL7ern3bDfMGmjf4ltGb9GGkas2CEQ2W5svKkUSjFJBNOJCtcFi2gY
h6qJCqYzWAaKxjsVu5IA+G5Ci1KyWmG/TzxGERmSemzfhnjc0sQlBQy/PlnM1b1w
gClFw6uX4FKFpvdBTHCnvSdJbioEjEFd
-----END CERTIFICATE-----