Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hXZwok2SOKrD1VlCJtmMtaVlAVA.roa
File:                     hXZwok2SOKrD1VlCJtmMtaVlAVA.roa (raw, json)
Hash identifier:          GDovx/JRkS52oAhMumSKmdifIVkA40p3BDkS5CO2uNk=
Subject key identifier:   85:76:70:A2:4D:92:38:AA:C3:D5:59:42:26:D9:8C:B5:A5:65:01:50
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01879ED87FFC8A70430AF8329F6E3FE3F47B
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hXZwok2SOKrD1VlCJtmMtaVlAVA.roa
Signing time:             Thu 20 Apr 2023 13:26:41 +0000
ROA not before:           Thu 20 Apr 2023 13:26:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.128.0/21 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.143.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.152.0/22 maxlen: 24
                          62.60.146.0/23 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 20 May 2023 07:26:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9e:d8:7f:fc:8a:70:43:0a:f8:32:9f:6e:3f:e3:f4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Apr 20 13:26:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=857670a24d9238aac3d5594226d98cb5a5650150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8d:99:90:23:b4:85:d6:88:2d:a2:42:87:b4:
                    a0:79:4a:fb:0a:84:e8:fd:1f:7c:90:c6:f7:67:23:
                    fe:8a:43:b0:c2:59:b7:a0:8c:63:14:9d:64:88:64:
                    ce:75:b0:4d:47:a0:e9:66:0c:73:ec:2f:a8:55:a7:
                    4a:d7:68:78:3a:28:b6:45:0d:55:8b:34:04:18:e7:
                    98:cb:65:1c:99:d2:3c:87:23:df:7b:8b:4c:56:d2:
                    1d:25:ec:0b:39:d7:3b:b1:31:4a:00:7e:c9:5b:6d:
                    67:43:e6:e5:4d:8d:9a:1a:a1:cb:24:0c:d6:57:bb:
                    eb:fe:77:a5:f2:ad:88:5f:51:72:5e:ef:05:dc:f7:
                    39:97:a0:6c:ec:b5:41:04:52:49:6a:08:71:6b:34:
                    45:d6:0d:d6:31:f6:91:07:f4:ec:55:ed:50:7a:df:
                    43:4a:58:30:c6:0a:ab:d4:5e:fe:4c:ae:c7:e8:3e:
                    c4:d1:ff:f1:7d:e9:c7:a5:72:6b:d5:d7:89:d6:df:
                    24:8e:18:f8:7f:c6:e6:51:02:dc:8f:79:30:4a:c1:
                    fc:6c:59:a0:13:53:0c:72:19:c0:ed:f8:1e:82:af:
                    47:88:86:dd:e1:bc:a0:88:ef:d1:87:60:ca:f6:34:
                    15:36:99:63:ba:b2:e0:9f:67:aa:33:90:bb:8e:68:
                    0f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:76:70:A2:4D:92:38:AA:C3:D5:59:42:26:D9:8C:B5:A5:65:01:50
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hXZwok2SOKrD1VlCJtmMtaVlAVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.128.0-62.60.137.255
                  62.60.139.0-62.60.143.255
                  62.60.145.0-62.60.147.255
                  62.60.152.0/22
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:ad:2d:47:db:34:fb:c4:ab:10:d5:c6:0b:f3:f5:a2:a1:c0:
         5e:2f:6c:91:b8:8b:73:67:b1:46:99:f3:79:3c:70:fe:69:32:
         44:dd:be:4e:9e:fd:8c:21:b9:6e:f5:34:8c:11:41:5a:45:bc:
         93:94:30:2c:18:36:7b:87:dd:e1:08:26:61:be:e4:65:17:9c:
         3f:67:9a:07:03:b9:e9:5e:34:f8:00:77:56:41:25:47:c4:76:
         f0:c1:67:49:09:4d:cd:07:eb:44:bb:79:6d:e2:35:93:19:a4:
         a1:8d:bd:a4:77:c5:9d:76:80:11:50:c7:48:41:8c:54:6e:cf:
         3f:85:b4:d0:75:30:0d:76:3d:65:dd:f6:b5:a1:08:7c:ac:a4:
         8c:c3:92:e7:d5:79:ea:4b:f1:7a:c9:33:61:05:81:d7:2f:71:
         1b:19:3c:ef:83:45:5f:43:d8:58:c2:d2:14:68:cf:66:af:2b:
         70:0e:7d:5b:be:22:6a:f1:46:d0:b5:85:8f:46:04:fa:17:5b:
         45:e5:31:22:74:27:67:40:69:a6:1c:e7:61:03:08:af:01:23:
         17:4b:ab:0f:b9:99:fb:61:7a:95:c3:d9:15:49:dc:06:6f:f3:
         18:15:f6:57:49:99:4f:16:94:07:41:08:6d:f6:f5:da:8a:ea:
         9e:af:6f:62
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYee2H/8inBDCvgyn24/4/R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwNDIwMTMyNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTc2NzBhMjRkOTIzOGFhYzNkNTU5NDIyNmQ5OGNiNWE1NjUwMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgY2ZkCO0hdaILaJCh7SgeUr7CoTo
/R98kMb3ZyP+ikOwwlm3oIxjFJ1kiGTOdbBNR6DpZgxz7C+oVadK12h4Oii2RQ1V
izQEGOeYy2UcmdI8hyPfe4tMVtIdJewLOdc7sTFKAH7JW21nQ+blTY2aGqHLJAzW
V7vr/nel8q2IX1FyXu8F3Pc5l6Bs7LVBBFJJaghxazRF1g3WMfaRB/TsVe1Qet9D
Slgwxgqr1F7+TK7H6D7E0f/xfenHpXJr1deJ1t8kjhj4f8bmUQLcj3kwSsH8bFmg
E1MMchnA7fgegq9HiIbd4bygiO/Rh2DK9jQVNpljurLgn2eqM5C7jmgPswIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFIV2cKJNkjiqw9VZQibZjLWlZQFQMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaFhad29rMlNPS3JEMVZsQ0p0bU10YVZsQVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAc+PIAD
BAE+PIgwDAMEAD48iwMEBD48gDAMAwQAPjyRAwQCPjyQAwQCPjyYAwQB1bAEAwQA
1bBgMAwDBAHVsHoDBAHVsHwwDQYJKoZIhvcNAQELBQADggEBAJ+tLUfbNPvEqxDV
xgvz9aKhwF4vbJG4i3NnsUaZ83k8cP5pMkTdvk6e/YwhuW71NIwRQVpFvJOUMCwY
NnuH3eEIJmG+5GUXnD9nmgcDueleNPgAd1ZBJUfEdvDBZ0kJTc0H60S7eW3iNZMZ
pKGNvaR3xZ12gBFQx0hBjFRuzz+FtNB1MA12PWXd9rWhCHyspIzDkufVeepL8XrJ
M2EFgdcvcRsZPO+DRV9D2FjC0hRoz2avK3AOfVu+ImrxRtC1hY9GBPoXW0XlMSJ0
J2dAaaYc52EDCK8BIxdLqw+5mfthepXD2RVJ3AZv8xgV9ldJmU8WlAdBCG329dqK
6p6vb2I=
-----END CERTIFICATE-----