Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/rdEAZoVgZg7CcGEF4nIAStk5kQc.roa
File:                     rdEAZoVgZg7CcGEF4nIAStk5kQc.roa (raw, json)
Hash identifier:          6FQqICXU9IJ5aYmQxhhtXmIGiaN7ZlzlAl4VmvyUv4g=
Subject key identifier:   AD:D1:00:66:85:60:66:0E:C2:70:61:05:E2:72:00:4A:D9:39:91:07
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01884D81B0D93F39A5D80C372B882D357BEC
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/rdEAZoVgZg7CcGEF4nIAStk5kQc.roa
Signing time:             Wed 24 May 2023 11:25:24 +0000
ROA not before:           Wed 24 May 2023 11:25:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        62.60.220.0/22 maxlen: 24
                          62.60.146.0/23 maxlen: 24
                          62.60.148.0/22 maxlen: 24
                          62.60.152.0/22 maxlen: 24
                          62.60.172.0/22 maxlen: 24
                          62.60.176.0/22 maxlen: 24
                          62.60.184.0/22 maxlen: 24
                          62.60.192.0/22 maxlen: 24
                          62.60.196.0/24 maxlen: 24
                          62.60.208.0/22 maxlen: 24
                          62.60.212.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 May 2023 05:22:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4d:81:b0:d9:3f:39:a5:d8:0c:37:2b:88:2d:35:7b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 24 11:25:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=add100668560660ec2706105e272004ad9399107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ef:ae:63:d9:9a:d6:de:b0:90:57:0b:88:ec:
                    62:a6:cb:de:3d:d2:b5:d7:8f:b4:dd:7d:22:e6:02:
                    a9:25:2e:6f:52:c3:9c:53:a0:e4:a5:f7:cf:22:42:
                    76:66:e7:c1:aa:ac:21:f2:d6:46:57:0f:da:02:ce:
                    56:14:34:47:90:a0:37:52:6b:bb:00:16:66:e4:06:
                    37:3d:48:98:8b:af:9e:36:d3:2e:c0:b4:30:b8:ce:
                    f9:22:f8:01:d9:94:9b:fa:c2:91:7d:13:c7:5a:4e:
                    f1:29:55:42:2a:d7:4f:6e:7d:47:70:04:da:1d:d2:
                    7d:09:dd:31:10:36:f6:4f:82:c6:cd:a8:63:ec:29:
                    15:d9:c7:88:4f:6d:2b:b4:f3:49:ec:96:8e:61:14:
                    17:35:84:82:70:2f:3a:d7:fb:11:4d:7f:a3:07:c3:
                    d6:5d:b7:37:3b:df:97:59:bb:6c:29:0a:d7:20:cd:
                    67:a1:cf:33:ca:74:87:de:9b:1d:17:50:4c:8a:99:
                    6b:27:19:cd:ac:8a:9b:67:4a:fd:0c:16:36:3f:40:
                    42:e5:ef:7f:61:00:a2:fc:5c:99:8d:b5:80:4c:92:
                    89:b0:ab:0e:1d:37:cf:cd:a6:41:d9:03:3b:7a:ab:
                    e8:65:62:22:38:ff:fc:4d:e1:83:8a:12:26:5c:7d:
                    1f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D1:00:66:85:60:66:0E:C2:70:61:05:E2:72:00:4A:D9:39:91:07
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/rdEAZoVgZg7CcGEF4nIAStk5kQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.146.0-62.60.155.255
                  62.60.172.0-62.60.179.255
                  62.60.184.0/22
                  62.60.192.0-62.60.196.255
                  62.60.208.0/21
                  62.60.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:ab:43:b8:3d:20:f5:ec:db:0e:15:4d:c4:5f:d0:8b:bb:8f:
         12:e2:67:b9:82:08:dd:3a:65:31:a1:ab:9d:7c:d1:70:44:60:
         12:e0:d6:ee:a9:c1:dd:dc:0c:ac:35:65:ea:80:19:7e:22:41:
         3b:1a:0b:74:df:81:c6:c0:96:ea:55:cd:87:4a:cf:77:02:7f:
         52:df:ad:44:e4:c0:42:80:18:e7:f9:fb:bf:b5:73:9f:5a:3b:
         de:7d:70:b7:a3:ff:d7:d7:43:97:d4:b6:b8:81:78:e8:40:98:
         06:cb:64:a8:4d:03:c2:ee:c0:89:e5:f7:df:17:13:f4:43:5d:
         50:61:84:64:47:e7:3c:65:2b:89:be:02:32:12:06:68:85:33:
         0a:b9:37:6e:ee:84:b7:f3:02:36:2f:69:d8:71:5d:8c:40:53:
         95:a9:22:48:a2:c1:e1:00:c2:f2:9c:d6:78:1d:ca:d1:49:bd:
         cf:1c:27:10:31:25:54:77:67:47:99:7a:f4:07:01:9e:46:b4:
         da:44:d9:7b:e3:dc:51:26:10:5c:b7:75:03:53:01:c2:84:c0:
         c7:81:27:e1:9e:c4:e5:10:23:7d:69:e8:69:54:d1:c2:61:1a:
         c6:84:12:fe:db:9c:08:89:89:7f:32:9d:39:1f:52:a9:a2:36:
         7a:5b:f4:d4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYhNgbDZPzml2Aw3K4gtNXvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwNTI0MTEyNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQxMDA2Njg1NjA2NjBlYzI3MDYxMDVlMjcyMDA0YWQ5Mzk5MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu+uY9ma1t6wkFcLiOxipsvePdK1
14+03X0i5gKpJS5vUsOcU6DkpffPIkJ2ZufBqqwh8tZGVw/aAs5WFDRHkKA3Umu7
ABZm5AY3PUiYi6+eNtMuwLQwuM75IvgB2ZSb+sKRfRPHWk7xKVVCKtdPbn1HcATa
HdJ9Cd0xEDb2T4LGzahj7CkV2ceIT20rtPNJ7JaOYRQXNYSCcC861/sRTX+jB8PW
Xbc3O9+XWbtsKQrXIM1noc8zynSH3psdF1BMiplrJxnNrIqbZ0r9DBY2P0BC5e9/
YQCi/FyZjbWATJKJsKsOHTfPzaZB2QM7eqvoZWIiOP/8TeGDihImXH0fmQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFK3RAGaFYGYOwnBhBeJyAErZOZEHMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvcmRFQVpvVmdaZzdDY0dFRjRuSUFTdGs1a1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAE+PJID
BAI+PJgwDAMEAj48rAMEAj48sAMEAj48uDAMAwQGPjzAAwQAPjzEAwQDPjzQAwQC
PjzcMA0GCSqGSIb3DQEBCwUAA4IBAQAMq0O4PSD17NsOFU3EX9CLu48S4me5ggjd
OmUxoaudfNFwRGAS4NbuqcHd3AysNWXqgBl+IkE7Ggt034HGwJbqVc2HSs93An9S
361E5MBCgBjn+fu/tXOfWjvefXC3o//X10OX1La4gXjoQJgGy2SoTQPC7sCJ5fff
FxP0Q11QYYRkR+c8ZSuJvgIyEgZohTMKuTdu7oS38wI2L2nYcV2MQFOVqSJIosHh
AMLynNZ4HcrRSb3PHCcQMSVUd2dHmXr0BwGeRrTaRNl749xRJhBct3UDUwHChMDH
gSfhnsTlECN9aehpVNHCYRrGhBL+25wIiYl/Mp05H1KpojZ6W/TU
-----END CERTIFICATE-----