Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/uJez_cUllwtuPKMnEwX9Sm7lmh8.roa
File:                     uJez_cUllwtuPKMnEwX9Sm7lmh8.roa (raw, json)
Hash identifier:          TGO0lkqKlkuZ2vNJ8xKWFFphWLbatgLPIyjKkJMYX14=
Subject key identifier:   B8:97:B3:FD:C5:25:97:0B:6E:3C:A3:27:13:05:FD:4A:6E:E5:9A:1F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018B1D5C145E2E613F40CDB9122999CCCB48
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/uJez_cUllwtuPKMnEwX9Sm7lmh8.roa
Signing time:             Wed 11 Oct 2023 06:10:55 +0000
ROA not before:           Wed 11 Oct 2023 06:10:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.147.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 22 Oct 2023 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1d:5c:14:5e:2e:61:3f:40:cd:b9:12:29:99:cc:cb:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 11 06:10:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b897b3fdc525970b6e3ca3271305fd4a6ee59a1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8d:86:02:a4:91:fb:fd:f5:ae:a7:18:60:8c:
                    51:5c:1d:51:dc:95:f3:47:d0:b6:9f:c7:d2:04:a9:
                    ee:54:cf:31:82:03:7b:48:ce:a0:8b:3b:01:78:15:
                    35:96:7f:e9:b0:25:52:d1:c2:ac:57:6f:1b:9c:86:
                    ca:47:38:1d:0d:da:c1:39:9d:e9:1c:77:99:62:54:
                    32:83:80:fd:76:72:c9:5e:86:72:18:c9:6c:b6:95:
                    dd:5a:e0:3d:da:a2:a2:ee:c1:e9:fa:87:a4:44:c7:
                    8d:a3:c9:20:63:d3:4a:b1:a7:b4:b5:dd:d3:70:03:
                    ae:ac:90:9c:d5:f3:77:73:dc:c6:ab:94:3a:e2:22:
                    53:7c:4e:d9:bb:c4:de:70:e3:b8:2e:57:86:36:49:
                    73:f0:c4:88:0b:c2:a5:40:54:11:ee:82:23:85:4c:
                    bd:5b:0d:c0:f0:2e:ca:07:a1:b9:32:60:a5:39:75:
                    39:93:50:1e:f3:62:2b:2d:ff:f7:99:81:eb:44:83:
                    54:e1:3c:18:cd:d5:3f:35:96:fe:2e:8e:84:1d:c9:
                    e0:03:95:e1:78:19:49:19:18:cd:9e:88:b0:6b:00:
                    81:a7:2b:b7:58:b9:3b:63:99:81:66:9c:1a:27:4d:
                    7a:ff:90:d4:fa:2a:2d:9d:5d:5e:f0:79:e8:98:06:
                    aa:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:97:B3:FD:C5:25:97:0B:6E:3C:A3:27:13:05:FD:4A:6E:E5:9A:1F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/uJez_cUllwtuPKMnEwX9Sm7lmh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.142.255
                  62.60.145.0/24
                  62.60.147.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         30:59:43:c7:9d:89:8b:5c:50:99:f6:b9:28:00:ac:e2:4c:cf:
         3b:2f:2b:0f:ae:77:23:69:f1:0b:be:92:6e:34:97:02:d7:a4:
         9b:22:32:38:36:ad:5b:11:39:f9:9a:6f:71:7d:b9:2c:de:e7:
         ae:eb:5d:f8:01:ec:a7:d6:80:b7:c6:75:93:cd:47:4d:38:5d:
         b7:16:22:02:b5:48:3a:82:15:7a:81:d7:9e:8e:79:01:bb:4e:
         02:aa:5e:55:08:cf:79:1a:67:8b:e7:a8:48:cc:0e:1e:d0:90:
         04:e3:34:5d:48:5a:48:dc:d5:8e:0d:52:b2:3b:3e:fb:5f:f5:
         01:28:ff:48:4b:71:fb:03:0e:a4:4b:f4:d3:8b:89:01:8d:47:
         18:76:65:13:9e:26:3a:4e:e2:f0:e0:9d:65:67:55:79:90:e8:
         0f:ca:81:77:c3:93:46:9a:25:7d:d7:15:77:5c:ab:cf:09:ca:
         a5:97:4d:e9:47:77:98:d1:82:99:5c:5c:ef:f8:17:6c:dd:cf:
         29:38:7c:21:49:9d:9c:d7:3d:27:37:f7:4c:09:a2:f1:f1:d9:
         20:c6:cd:e7:dc:6a:af:14:0f:a9:95:b9:1a:84:6e:b9:f9:4a:
         eb:dd:96:c4:1d:70:5c:72:81:2b:c5:03:32:c0:fc:d4:6f:ae:
         03:7a:10:83
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYsdXBReLmE/QM25EimZzMtIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMxMDExMDYxMDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODk3YjNmZGM1MjU5NzBiNmUzY2EzMjcxMzA1ZmQ0YTZlZTU5YTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto2GAqSR+/31rqcYYIxRXB1R3JXz
R9C2n8fSBKnuVM8xggN7SM6gizsBeBU1ln/psCVS0cKsV28bnIbKRzgdDdrBOZ3p
HHeZYlQyg4D9dnLJXoZyGMlstpXdWuA92qKi7sHp+oekRMeNo8kgY9NKsae0td3T
cAOurJCc1fN3c9zGq5Q64iJTfE7Zu8TecOO4LleGNklz8MSIC8KlQFQR7oIjhUy9
Ww3A8C7KB6G5MmClOXU5k1Ae82IrLf/3mYHrRINU4TwYzdU/NZb+Lo6EHcngA5Xh
eBlJGRjNnoiwawCBpyu3WLk7Y5mBZpwaJ016/5DU+iotnV1e8HnomAaqvQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLiXs/3FJZcLbjyjJxMF/Upu5ZofMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvdUplel9jVWxsd3R1UEtNbkV3WDlTbTdsbWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jgMEAD48kQMEAD48kwMEAz48qAMEAdWwBAMEANWw
YDAMAwQB1bB6AwQB1bB8MA0GCSqGSIb3DQEBCwUAA4IBAQAwWUPHnYmLXFCZ9rko
AKziTM87LysPrncjafELvpJuNJcC16SbIjI4Nq1bETn5mm9xfbks3ueu6134Aeyn
1oC3xnWTzUdNOF23FiICtUg6ghV6gdeejnkBu04Cql5VCM95GmeL56hIzA4e0JAE
4zRdSFpI3NWODVKyOz77X/UBKP9IS3H7Aw6kS/TTi4kBjUcYdmUTniY6TuLw4J1l
Z1V5kOgPyoF3w5NGmiV91xV3XKvPCcqll03pR3eY0YKZXFzv+Bds3c8pOHwhSZ2c
1z0nN/dMCaLx8dkgxs3n3GqvFA+plbkahG65+Urr3ZbEHXBccoErxQMywPzUb64D
ehCD
-----END CERTIFICATE-----