Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/_zrERVhruKP42axcrTnc4bax7to.roa
File:                     _zrERVhruKP42axcrTnc4bax7to.roa (raw, json)
Hash identifier:          nNTjEbkvXDP2o8aWTcs1qGO+s9/C/uZ0vmeH4IX1zg0=
Subject key identifier:   FF:3A:C4:45:58:6B:B8:A3:F8:D9:AC:5C:AD:39:DC:E1:B6:B1:EE:DA
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018DCA54A88C9F796FDEAEF6D27180F30190
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/_zrERVhruKP42axcrTnc4bax7to.roa
Signing time:             Wed 21 Feb 2024 06:22:42 +0000
ROA not before:           Wed 21 Feb 2024 06:22:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          213.176.96.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.127.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sat 24 Feb 2024 06:15:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ca:54:a8:8c:9f:79:6f:de:ae:f6:d2:71:80:f3:01:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Feb 21 06:22:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff3ac445586bb8a3f8d9ac5cad39dce1b6b1eeda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:48:0a:34:1c:cb:60:97:10:90:9a:7a:cd:be:
                    b3:68:0f:9e:93:1a:27:9c:2e:a4:56:20:e7:dd:b7:
                    6e:6a:8d:44:8a:d3:3c:40:77:e1:5d:52:38:b0:a4:
                    25:c0:19:53:d9:91:5a:1f:40:d5:3e:9b:19:72:d7:
                    d7:93:02:4d:08:8a:88:93:a4:19:4f:f4:57:be:fd:
                    0b:fc:fe:de:58:3a:b3:a8:11:48:fa:03:c1:fd:0a:
                    dd:25:4a:eb:f6:39:2e:86:3f:d8:bc:b1:dd:8c:8b:
                    eb:73:86:42:5d:ef:f7:a3:01:ce:65:f9:bd:43:6c:
                    43:ef:ee:f8:42:66:e0:9d:ca:a5:87:00:f3:28:6f:
                    66:7f:93:a9:ae:9f:34:d2:e7:14:0d:92:43:d2:5b:
                    cb:a0:09:35:51:dc:e3:ed:f9:f4:1b:cb:32:99:33:
                    11:9e:6e:cf:cd:6d:0a:2f:01:72:8c:1a:e1:ab:65:
                    79:de:d6:8e:bc:e7:13:fd:2b:a6:3a:53:90:fc:23:
                    2c:81:14:0f:68:52:bc:69:56:f4:9c:c0:25:4b:e1:
                    ee:e5:b5:31:24:79:53:8e:4b:1d:fd:ff:f6:1e:2c:
                    9d:fd:e5:ce:34:e5:17:3f:a8:99:65:ae:a5:4d:2b:
                    dc:7b:58:0d:e5:fb:b6:e1:7a:c8:db:04:b1:f7:39:
                    7f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3A:C4:45:58:6B:B8:A3:F8:D9:AC:5C:AD:39:DC:E1:B6:B1:EE:DA
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/_zrERVhruKP42axcrTnc4bax7to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                  213.176.127.0/24
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:56:da:a9:81:84:5f:c2:c2:e0:11:78:66:6e:d1:70:8f:41:
         d6:f2:36:13:82:84:1a:14:61:03:9c:1e:53:a8:2d:dd:e1:87:
         c6:bc:f3:f6:58:dd:68:01:86:2a:ad:2c:fa:de:ee:bf:92:9e:
         0c:2d:fc:c4:eb:80:19:69:e3:b2:23:be:71:13:77:60:ea:00:
         61:95:36:5f:98:eb:1d:34:a3:6d:a4:74:28:1d:b4:9d:95:7a:
         5d:3b:6a:4d:be:ee:bf:87:2c:9c:af:c5:4d:5f:00:e3:1b:ec:
         83:a9:11:6a:f1:b6:d3:3f:13:76:dd:0b:2f:14:8f:03:d8:3c:
         45:5a:e4:37:50:fc:f3:a7:83:f1:be:55:71:66:ec:69:4a:38:
         9b:1d:1e:d7:5a:97:98:ae:e6:38:25:e3:6c:43:94:9e:05:0d:
         20:97:0e:12:7f:a3:61:2c:b3:d3:4a:a5:ef:41:20:a4:e0:e6:
         43:03:9b:d2:b8:38:85:8d:82:c2:2a:fc:8b:b6:07:e1:bb:ef:
         26:02:ec:f3:96:89:62:7d:32:28:4b:e6:db:cf:4f:af:78:e1:
         a4:ae:dd:7c:22:86:30:c8:7c:6d:db:bd:57:dd:04:6b:e6:61:
         23:38:12:49:bf:6f:2e:74:f5:7c:08:ac:c5:00:95:08:9b:95:
         13:2f:27:52
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAY3KVKiMn3lv3q720nGA8wGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMjIxMDYyMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNhYzQ0NTU4NmJiOGEzZjhkOWFjNWNhZDM5ZGNlMWI2YjFlZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEgKNBzLYJcQkJp6zb6zaA+ekxon
nC6kViDn3bduao1EitM8QHfhXVI4sKQlwBlT2ZFaH0DVPpsZctfXkwJNCIqIk6QZ
T/RXvv0L/P7eWDqzqBFI+gPB/QrdJUrr9jkuhj/YvLHdjIvrc4ZCXe/3owHOZfm9
Q2xD7+74QmbgncqlhwDzKG9mf5Oprp800ucUDZJD0lvLoAk1Udzj7fn0G8symTMR
nm7PzW0KLwFyjBrhq2V53taOvOcT/SumOlOQ/CMsgRQPaFK8aVb0nMAlS+Hu5bUx
JHlTjksd/f/2Hiyd/eXONOUXP6iZZa6lTSvce1gN5fu24XrI2wSx9zl/5wIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFP86xEVYa7ij+NmsXK053OG2se7aMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvX3pyRVJWaHJ1S1A0MmF4Y3JUbmM0YmF4N3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jAMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAdWw
BAMEANWwYDAMAwQB1bB6AwQB1bB8AwQA1bB/MA0EAgACMAcDBQAgAQeQMA0GCSqG
SIb3DQEBCwUAA4IBAQA3VtqpgYRfwsLgEXhmbtFwj0HW8jYTgoQaFGEDnB5TqC3d
4YfGvPP2WN1oAYYqrSz63u6/kp4MLfzE64AZaeOyI75xE3dg6gBhlTZfmOsdNKNt
pHQoHbSdlXpdO2pNvu6/hyycr8VNXwDjG+yDqRFq8bbTPxN23QsvFI8D2DxFWuQ3
UPzzp4PxvlVxZuxpSjibHR7XWpeYruY4JeNsQ5SeBQ0glw4Sf6NhLLPTSqXvQSCk
4OZDA5vSuDiFjYLCKvyLtgfhu+8mAuzzlolifTIoS+bbz0+veOGkrt18IoYwyHxt
271X3QRr5mEjOBJJv28udPV8CKzFAJUIm5UTLydS
-----END CERTIFICATE-----