Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Y5TPTIPEmS_DjMV4djcwemzv6WM.roa
File:                     Y5TPTIPEmS_DjMV4djcwemzv6WM.roa (raw, json)
Hash identifier:          FTZN5ksCsPEjmn80CouIAB4ulkOVBJS7uBrL97mp1l4=
Subject key identifier:   63:94:CF:4C:83:C4:99:2F:C3:8C:C5:78:76:37:30:7A:6C:EF:E9:63
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018B55F914D25892E8FDC0A3244FF46D0B97
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Y5TPTIPEmS_DjMV4djcwemzv6WM.roa
Signing time:             Sun 22 Oct 2023 06:01:09 +0000
ROA not before:           Sun 22 Oct 2023 06:01:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Oct 2023 06:37:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:55:f9:14:d2:58:92:e8:fd:c0:a3:24:4f:f4:6d:0b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 22 06:01:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6394cf4c83c4992fc38cc5787637307a6cefe963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4e:f8:97:c9:49:ee:68:80:42:41:59:10:4d:
                    a0:01:fc:2f:ec:5d:5c:82:e0:4e:8d:d1:05:5f:fa:
                    f5:8a:b6:f6:ee:35:ed:b1:38:75:11:90:3f:51:dd:
                    39:c1:47:fb:66:54:12:30:7f:38:1c:fd:4d:6a:46:
                    ae:4d:c9:ca:ea:17:21:7e:ed:b1:51:18:a8:c6:4f:
                    1d:48:44:bf:4e:b1:23:20:db:9d:b2:36:e6:6b:6e:
                    72:34:34:a5:7e:23:c6:7a:64:93:07:d9:6e:b4:90:
                    43:ee:65:a6:53:11:ec:29:a7:07:3c:a6:12:a9:9b:
                    c6:fd:ed:b9:0c:f9:29:49:fc:36:bd:9f:77:5b:ee:
                    bd:f0:fa:07:86:d8:4e:07:6e:f2:c1:dc:c5:b2:b9:
                    00:31:2e:08:a3:e8:0b:6a:67:4f:87:75:b8:48:de:
                    ae:b2:c3:55:39:5c:c2:65:2f:c2:35:17:d6:ea:b0:
                    b4:58:a3:8d:ff:39:da:b7:e7:02:f1:6e:01:85:f3:
                    86:9f:21:32:83:a4:32:80:fe:62:a1:42:2a:52:c7:
                    21:41:17:ae:d7:af:e6:a9:1d:a7:c2:96:6d:34:2a:
                    09:85:05:e3:e5:47:72:df:26:ad:6f:63:df:c0:af:
                    b1:1c:ca:04:6e:90:56:7a:f4:f6:27:f7:38:c8:9b:
                    9d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:94:CF:4C:83:C4:99:2F:C3:8C:C5:78:76:37:30:7A:6C:EF:E9:63
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Y5TPTIPEmS_DjMV4djcwemzv6WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.142.255
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         c8:08:6c:86:64:b2:0b:c6:bf:80:c0:6c:39:b6:56:55:8b:77:
         8d:b4:b7:53:36:18:3d:37:78:b4:a0:50:38:85:af:51:b8:96:
         28:22:62:2d:24:04:7e:1b:e4:b6:c7:d9:04:0c:e0:b8:e6:2d:
         79:f1:14:84:8c:55:23:2d:0b:7b:17:1f:90:20:85:57:52:53:
         d6:bf:c2:72:45:43:c7:c8:da:81:5a:21:52:f4:1d:a2:19:ed:
         bf:4c:09:20:8f:ef:87:e7:69:5f:7a:40:05:2f:3b:19:a5:15:
         ed:75:f2:d0:cd:34:a8:5e:ff:62:5e:cb:d9:b0:7f:52:5d:99:
         94:ba:88:1a:66:53:e2:14:73:19:2e:24:13:1e:da:33:95:af:
         2e:43:60:6d:78:1a:df:14:05:69:5a:a2:82:a3:52:fb:d2:40:
         69:99:ae:b1:c0:6d:aa:02:fb:3e:72:99:ce:4d:79:05:e5:18:
         ab:25:d2:16:15:74:ba:63:6b:c4:f4:da:ba:98:e5:c2:a0:dd:
         74:20:02:10:97:70:c9:b6:85:56:e7:76:85:c3:6c:70:55:a9:
         01:60:09:d4:f4:84:fe:34:b6:45:90:fa:9e:45:db:31:2c:32:
         f3:34:2c:00:6e:53:99:06:b9:8c:3b:8a:8d:92:b7:fa:07:5a:
         03:1a:3d:37
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYtV+RTSWJLo/cCjJE/0bQuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMxMDIyMDYwMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzk0Y2Y0YzgzYzQ5OTJmYzM4Y2M1Nzg3NjM3MzA3YTZjZWZlOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E74l8lJ7miAQkFZEE2gAfwv7F1c
guBOjdEFX/r1irb27jXtsTh1EZA/Ud05wUf7ZlQSMH84HP1NakauTcnK6hchfu2x
URioxk8dSES/TrEjINudsjbma25yNDSlfiPGemSTB9lutJBD7mWmUxHsKacHPKYS
qZvG/e25DPkpSfw2vZ93W+698PoHhthOB27ywdzFsrkAMS4Io+gLamdPh3W4SN6u
ssNVOVzCZS/CNRfW6rC0WKON/znat+cC8W4BhfOGnyEyg6QygP5ioUIqUschQReu
16/mqR2nwpZtNCoJhQXj5Udy3yatb2PfwK+xHMoEbpBWevT2J/c4yJud+QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFGOUz0yDxJkvw4zFeHY3MHps7+ljMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvWTVUUFRJUEVtU19Eak1WNGRqY3dlbXp2NldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAdWwBAMEANWw
YDAMAwQB1bB6AwQB1bB8MA0EAgACMAcDBQAgAQeQMA0GCSqGSIb3DQEBCwUAA4IB
AQDICGyGZLILxr+AwGw5tlZVi3eNtLdTNhg9N3i0oFA4ha9RuJYoImItJAR+G+S2
x9kEDOC45i158RSEjFUjLQt7Fx+QIIVXUlPWv8JyRUPHyNqBWiFS9B2iGe2/TAkg
j++H52lfekAFLzsZpRXtdfLQzTSoXv9iXsvZsH9SXZmUuogaZlPiFHMZLiQTHtoz
la8uQ2BteBrfFAVpWqKCo1L70kBpma6xwG2qAvs+cpnOTXkF5RirJdIWFXS6Y2vE
9Nq6mOXCoN10IAIQl3DJtoVW53aFw2xwVakBYAnU9IT+NLZFkPqeRdsxLDLzNCwA
blOZBrmMO4qNkrf6B1oDGj03
-----END CERTIFICATE-----