Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Vd36m9JDVdns2-pQLYtxD_HJMs0.roa
File:                     Vd36m9JDVdns2-pQLYtxD_HJMs0.roa (raw, json)
Hash identifier:          7OpGbKOJxnuNgnJ2/YYkwUjfkV8vz36/dypOl9nlF4s=
Subject key identifier:   55:DD:FA:9B:D2:43:55:D9:EC:DB:EA:50:2D:8B:71:0F:F1:C9:32:CD
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0188380D711546C92D731CB52CC86FF57BC8
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Vd36m9JDVdns2-pQLYtxD_HJMs0.roa
Signing time:             Sat 20 May 2023 07:26:24 +0000
ROA not before:           Sat 20 May 2023 07:26:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        62.60.220.0/22 maxlen: 24
                          62.60.172.0/22 maxlen: 24
                          62.60.176.0/22 maxlen: 24
                          62.60.184.0/22 maxlen: 24
                          62.60.192.0/22 maxlen: 24
                          62.60.196.0/24 maxlen: 24
                          62.60.200.0/21 maxlen: 24
                          62.60.204.0/22 maxlen: 24
                          62.60.208.0/22 maxlen: 24
                          62.60.212.0/22 maxlen: 24
                          62.60.128.0/22 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.146.0/23 maxlen: 24
                          62.60.148.0/22 maxlen: 24
                          62.60.152.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sun 21 May 2023 10:19:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:38:0d:71:15:46:c9:2d:73:1c:b5:2c:c8:6f:f5:7b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 20 07:26:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=55ddfa9bd24355d9ecdbea502d8b710ff1c932cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:eb:03:3e:54:80:ff:d5:56:65:89:d2:72:fa:
                    12:67:99:4c:48:09:19:b1:d7:f1:67:f7:65:2d:ce:
                    5c:cd:61:05:32:24:f8:f1:0e:5e:db:b6:87:55:02:
                    d7:46:8e:37:c9:62:ba:c9:6c:fb:1b:e4:74:6a:bc:
                    28:fa:5b:8b:96:e3:6b:91:35:6d:45:ee:46:59:8a:
                    35:b6:e8:c2:f6:d4:0b:69:dc:9e:f3:d0:63:b1:fc:
                    16:96:86:fc:af:5f:0d:67:72:1f:04:86:1d:67:9a:
                    05:15:61:dd:93:cd:c0:ad:23:34:fe:aa:91:39:c4:
                    38:86:d0:e2:d6:59:64:51:b1:61:0c:b8:4e:6a:45:
                    b5:4a:5f:1b:03:a4:cd:0d:f8:fe:c7:61:2b:e6:21:
                    d6:2f:47:23:2e:70:1d:18:f5:84:24:ed:ca:c1:c4:
                    b6:64:ab:db:53:71:4d:64:ad:25:80:86:51:c5:3d:
                    e5:a4:53:87:2f:02:e5:45:7e:75:ee:fe:43:b8:89:
                    6c:c9:8a:df:a4:22:23:a1:23:96:0f:7c:3d:f5:59:
                    3b:e5:f5:f5:8e:ba:62:54:8c:0d:fa:57:88:60:26:
                    6d:65:36:96:29:85:8f:71:f3:4a:83:1d:c8:f3:e0:
                    d8:3d:44:10:87:f5:9e:45:2e:57:69:c3:1d:f1:8e:
                    7f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DD:FA:9B:D2:43:55:D9:EC:DB:EA:50:2D:8B:71:0F:F1:C9:32:CD
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Vd36m9JDVdns2-pQLYtxD_HJMs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.128.0/21
                  62.60.146.0-62.60.155.255
                  62.60.172.0-62.60.179.255
                  62.60.184.0/22
                  62.60.192.0-62.60.196.255
                  62.60.200.0-62.60.215.255
                  62.60.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:b8:61:e0:03:92:5c:ea:a4:ab:bc:32:f9:7f:86:17:c5:98:
         2e:f9:77:ed:01:8c:c9:c6:a2:ba:eb:92:0a:38:75:0f:b6:b6:
         98:74:df:b5:a2:d1:fe:f4:40:08:b9:e8:a9:95:00:cf:6e:31:
         78:59:3a:6b:96:39:da:37:cb:44:ff:49:5d:19:d5:72:f8:01:
         45:cc:c6:25:77:f4:a1:23:3f:ec:d9:ac:ce:d2:6b:50:03:d8:
         75:d6:a8:ac:50:15:e7:fc:08:3c:49:a9:0b:38:05:f3:08:9d:
         d5:00:c3:58:91:79:f8:75:34:f4:92:92:bb:e8:0e:2f:dd:b5:
         58:64:bf:cd:32:47:ed:1a:9a:8b:1f:34:ff:9a:08:3e:ff:fb:
         ee:5c:59:70:e4:63:76:83:ed:00:f2:5b:1d:09:7a:a2:64:d4:
         fc:89:03:53:82:61:99:f2:4a:31:d9:b6:81:84:0f:cf:72:3e:
         9e:46:9c:08:66:50:c3:0a:ae:6b:88:fb:18:c8:a7:6a:cb:29:
         8f:12:b1:54:a5:23:79:8e:c6:04:5f:30:c6:87:2b:d0:1e:28:
         e4:3e:dc:0f:ff:45:1d:31:11:9b:d3:b4:e8:18:af:79:a5:a4:
         a4:17:5b:ad:eb:af:d4:e7:78:7b:e4:8f:97:dd:7e:45:0d:e3:
         6e:e6:5f:00
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYg4DXEVRsktcxy1LMhv9XvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwNTIwMDcyNjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRkZmE5YmQyNDM1NWQ5ZWNkYmVhNTAyZDhiNzEwZmYxYzkzMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOsDPlSA/9VWZYnScvoSZ5lMSAkZ
sdfxZ/dlLc5czWEFMiT48Q5e27aHVQLXRo43yWK6yWz7G+R0arwo+luLluNrkTVt
Re5GWYo1tujC9tQLadye89BjsfwWlob8r18NZ3IfBIYdZ5oFFWHdk83ArSM0/qqR
OcQ4htDi1llkUbFhDLhOakW1Sl8bA6TNDfj+x2Er5iHWL0cjLnAdGPWEJO3KwcS2
ZKvbU3FNZK0lgIZRxT3lpFOHLwLlRX517v5DuIlsyYrfpCIjoSOWD3w99Vk75fX1
jrpiVIwN+leIYCZtZTaWKYWPcfNKgx3I8+DYPUQQh/WeRS5XacMd8Y5/ewIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFFXd+pvSQ1XZ7NvqUC2LcQ/xyTLNMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvVmQzNm05SkRWZG5zMi1wUUxZdHhEX0hKTXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQDPjyAMAwD
BAE+PJIDBAI+PJgwDAMEAj48rAMEAj48sAMEAj48uDAMAwQGPjzAAwQAPjzEMAwD
BAM+PMgDBAM+PNADBAI+PNwwDQYJKoZIhvcNAQELBQADggEBACO4YeADklzqpKu8
Mvl/hhfFmC75d+0BjMnGorrrkgo4dQ+2tph037Wi0f70QAi56KmVAM9uMXhZOmuW
Odo3y0T/SV0Z1XL4AUXMxiV39KEjP+zZrM7Sa1AD2HXWqKxQFef8CDxJqQs4BfMI
ndUAw1iRefh1NPSSkrvoDi/dtVhkv80yR+0amosfNP+aCD7/++5cWXDkY3aD7QDy
Wx0JeqJk1PyJA1OCYZnySjHZtoGED89yPp5GnAhmUMMKrmuI+xjIp2rLKY8SsVSl
I3mOxgRfMMaHK9AeKOQ+3A//RR0xEZvTtOgYr3mlpKQXW63rr9TneHvkj5fdfkUN
427mXwA=
-----END CERTIFICATE-----