Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/airCcJWNN8u8fx_Gl4QmWEIHFv0.roa
File:                     airCcJWNN8u8fx_Gl4QmWEIHFv0.roa (raw, json)
Hash identifier:          9BV0gYNdhtol+u5pwe44O8GQoJkjSkpL5S92iCmPMxE=
Subject key identifier:   6A:2A:C2:70:95:8D:37:CB:BC:7F:1F:C6:97:84:26:58:42:07:16:FD
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018EE6DE8412A648AAA627F907D2D2E9BAA1
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/airCcJWNN8u8fx_Gl4QmWEIHFv0.roa
Signing time:             Tue 16 Apr 2024 12:25:26 +0000
ROA not before:           Tue 16 Apr 2024 12:25:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.220.0/22 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          213.176.96.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.127.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 06:08:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:de:84:12:a6:48:aa:a6:27:f9:07:d2:d2:e9:ba:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Apr 16 12:25:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a2ac270958d37cbbc7f1fc697842658420716fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:50:f1:95:39:99:34:f7:15:2e:f4:bf:0f:ff:
                    e7:fb:61:28:e5:b7:fa:54:9f:f4:0a:6d:fd:3e:2f:
                    2c:c6:ee:c5:47:49:37:0e:86:ed:a5:55:7a:0a:64:
                    f2:0a:13:e1:43:77:ea:35:d7:a2:36:f0:46:de:4b:
                    27:57:5c:ad:99:1d:d8:9c:c8:9f:76:81:43:6c:8b:
                    e3:b5:02:3d:74:46:27:7a:0c:4b:3d:55:8c:8d:ea:
                    f8:e5:5b:6d:8c:e6:27:b1:24:cb:9d:8b:4f:7a:f2:
                    2a:53:53:7b:b9:49:29:a7:bd:d9:fe:3e:25:ec:52:
                    76:e1:bc:88:69:c3:05:72:2a:12:f7:ee:93:3d:48:
                    e5:b3:90:9a:68:90:ec:ae:9b:a3:9d:bb:9c:84:66:
                    57:fd:c6:cd:49:26:88:f3:8f:c3:7e:65:12:55:67:
                    be:88:f2:8c:47:fe:40:ff:81:5b:7a:99:8c:e3:58:
                    df:6b:1b:d1:ff:96:cd:db:82:38:e8:7b:4b:40:a5:
                    6c:91:be:c7:41:cf:9e:50:62:58:85:f6:a8:24:0c:
                    7a:e4:a8:5d:e3:5f:c0:d1:2b:2a:25:0c:53:c1:0e:
                    45:59:ea:c7:7b:b0:fd:fc:16:15:51:ff:ce:17:8c:
                    bf:43:db:27:e3:7a:44:d3:c4:14:f0:40:e9:b9:9e:
                    08:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:2A:C2:70:95:8D:37:CB:BC:7F:1F:C6:97:84:26:58:42:07:16:FD
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/airCcJWNN8u8fx_Gl4QmWEIHFv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  62.60.220.0/22
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                  213.176.127.0/24
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:26:36:6b:11:e4:41:35:4d:94:2c:24:55:39:eb:1d:67:f9:
         81:c9:b7:4b:09:91:da:1f:ac:5c:aa:87:f9:0e:3d:56:e8:a8:
         ee:4f:2b:c6:42:d3:be:41:5e:41:90:a7:9b:0f:29:fa:60:1a:
         6b:e9:1f:06:3a:c4:1b:8d:38:6a:46:df:f2:f0:95:c4:40:6e:
         ea:31:67:32:c1:8c:06:57:ad:b6:79:0c:5d:d7:ff:3c:e8:0d:
         89:07:70:e0:05:aa:2e:91:b1:48:db:dc:65:58:c6:eb:b9:68:
         b5:a0:2b:c9:ea:8a:3c:34:73:4f:f1:a5:67:ae:26:01:ae:4e:
         8f:7b:e6:68:0b:5a:a5:2d:8e:21:64:d7:b1:7f:45:4b:c7:9b:
         08:9c:92:72:f9:72:bf:de:05:f2:7c:99:fb:81:90:04:72:38:
         7b:b9:b6:5c:53:85:48:e2:8b:56:33:29:7a:3d:5a:28:59:f5:
         38:bb:47:04:e4:33:6c:4d:fd:e6:e3:f9:30:86:de:ab:3d:f3:
         52:62:ad:15:f5:4f:90:de:29:5e:63:4e:b1:5a:8a:df:f2:f5:
         4c:af:30:42:60:62:f8:d3:9f:c6:65:ea:62:62:0b:58:2f:c4:
         d5:0d:07:cd:9c:32:49:2d:f0:bb:46:27:84:57:99:99:7d:a1:
         46:11:35:77
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAY7m3oQSpkiqpif5B9LS6bqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwNDE2MTIyNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTJhYzI3MDk1OGQzN2NiYmM3ZjFmYzY5Nzg0MjY1ODQyMDcxNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFDxlTmZNPcVLvS/D//n+2Eo5bf6
VJ/0Cm39Pi8sxu7FR0k3DobtpVV6CmTyChPhQ3fqNdeiNvBG3ksnV1ytmR3YnMif
doFDbIvjtQI9dEYnegxLPVWMjer45VttjOYnsSTLnYtPevIqU1N7uUkpp73Z/j4l
7FJ24byIacMFcioS9+6TPUjls5CaaJDsrpujnbuchGZX/cbNSSaI84/DfmUSVWe+
iPKMR/5A/4FbepmM41jfaxvR/5bN24I46HtLQKVskb7HQc+eUGJYhfaoJAx65Khd
41/A0SsqJQxTwQ5FWerHe7D9/BYVUf/OF4y/Q9sn43pE08QU8EDpuZ4IvQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFGoqwnCVjTfLvH8fxpeEJlhCBxb9MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvYWlyQ2NKV05OOHU4ZnhfR2w0UW1XRUlIRnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWjAMAwQCPjyE
AwQBPjyIMAwDBAA+PIsDBAA+PIwDBAA+PI4DBAA+PJEDBAA+PJMDBAM+PKgDBAI+
PNwDBAHVsAQDBADVsGAwDAMEAdWwegMEAdWwfAMEANWwfzANBAIAAjAHAwUAIAEH
kDANBgkqhkiG9w0BAQsFAAOCAQEAbCY2axHkQTVNlCwkVTnrHWf5gcm3SwmR2h+s
XKqH+Q49Vuio7k8rxkLTvkFeQZCnmw8p+mAaa+kfBjrEG404akbf8vCVxEBu6jFn
MsGMBlettnkMXdf/POgNiQdw4AWqLpGxSNvcZVjG67lotaAryeqKPDRzT/GlZ64m
Aa5Oj3vmaAtapS2OIWTXsX9FS8ebCJyScvlyv94F8nyZ+4GQBHI4e7m2XFOFSOKL
VjMpej1aKFn1OLtHBOQzbE395uP5MIbeqz3zUmKtFfVPkN4pXmNOsVqK3/L1TK8w
QmBi+NOfxmXqYmILWC/E1Q0HzZwySS3wu0YnhFeZmX2hRhE1dw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:29 2024 by rpki-client on console-ams.rpki-client.org