Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/v8oE-ZEtK3-RFQeg8IP4uCpY7wI.roa
File:                     v8oE-ZEtK3-RFQeg8IP4uCpY7wI.roa (raw, json)
Hash identifier:          shDbDHxNW3/mNmdtF97QPpYVM1ilLZy9y24yOY7hVQA=
Subject key identifier:   BF:CA:04:F9:91:2D:2B:7F:91:15:07:A0:F0:83:F8:B8:2A:58:EF:02
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       0193907385157FFDF7FFBF333B83B5D5B627
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/v8oE-ZEtK3-RFQeg8IP4uCpY7wI.roa
Signing time:             Wed 04 Dec 2024 06:55:10 +0000
ROA not before:           Wed 04 Dec 2024 06:55:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15611
IP address blocks:        62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          62.60.168.0/21 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          213.176.96.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          2001:790::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:90:73:85:15:7f:fd:f7:ff:bf:33:3b:83:b5:d5:b6:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Dec  4 06:55:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfca04f9912d2b7f911507a0f083f8b82a58ef02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d9:2a:77:6f:a6:0e:32:2f:62:3e:65:b8:04:
                    45:e3:27:3e:80:c2:ed:5e:2a:dc:6b:5a:30:e1:c1:
                    a7:5b:20:15:6c:01:e4:15:15:34:1f:a5:bb:d6:c9:
                    ed:52:e4:e5:4c:47:3e:44:5b:e9:15:56:fc:eb:90:
                    4f:9e:b1:85:c1:3a:59:0e:9c:92:25:40:17:01:bc:
                    97:f4:6a:06:72:78:2f:dd:d9:6e:14:b7:b2:d9:e5:
                    d7:93:4e:e5:8b:04:3d:6d:05:99:90:ec:e4:92:eb:
                    f0:37:80:f6:3a:e4:8d:98:26:19:fd:b5:49:57:ac:
                    20:b0:7b:99:34:7c:b9:d7:77:e3:ed:f5:26:cc:92:
                    bd:28:d7:30:7a:a7:c8:83:2f:d5:81:ba:e1:43:28:
                    32:a6:49:b8:f7:cb:1a:73:a7:f0:22:91:ab:56:3f:
                    0f:fa:b3:36:b5:2c:35:b1:c1:6b:e9:f0:6c:25:b4:
                    e8:b5:cb:fe:70:56:17:cb:61:56:db:a5:4f:ae:c3:
                    7c:94:28:f6:b9:ff:e7:42:61:60:5d:eb:26:d8:32:
                    20:ad:f8:c7:03:b6:ab:b9:ad:0a:9b:93:8d:e5:32:
                    0c:43:61:7c:56:b8:ab:c8:a8:07:29:47:af:e5:74:
                    07:df:25:f7:1a:c6:0f:4e:0e:47:6f:9e:ca:45:6e:
                    c1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:CA:04:F9:91:2D:2B:7F:91:15:07:A0:F0:83:F8:B8:2A:58:EF:02
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/v8oE-ZEtK3-RFQeg8IP4uCpY7wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.140.255
                  62.60.142.0/24
                  62.60.145.0/24
                  62.60.168.0/21
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255
                IPv6:
                  2001:790::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:14:7c:1a:4a:c9:37:91:b8:23:9a:5a:3a:e2:57:33:99:92:
         67:7d:ca:37:ff:a7:bd:6c:1c:e4:66:fb:f6:51:f3:65:a7:f1:
         f2:19:ad:a6:64:74:50:11:c7:a8:23:80:08:55:17:02:8d:47:
         f5:d8:65:42:f3:67:32:1d:8c:c1:e9:41:0b:05:f9:51:8f:be:
         68:0b:34:8b:d5:1b:d7:b2:b9:85:72:a5:f2:7a:0c:34:12:ee:
         d1:58:eb:b5:51:73:23:62:c0:aa:d0:42:15:e9:bc:70:21:a8:
         25:2c:82:95:b7:eb:5d:1e:fe:fc:03:a9:24:5e:ef:5d:40:d5:
         57:93:0f:f1:ba:3d:89:94:64:26:5f:2d:79:59:9a:e7:bc:ea:
         ca:f2:52:37:52:28:63:bc:56:35:3d:e1:db:ed:c8:d1:45:1f:
         93:52:af:ef:f5:43:6a:39:89:1c:80:86:d9:59:53:5f:46:0b:
         c7:fb:c7:fd:e4:fd:fc:e0:ea:f3:dc:d5:75:aa:0c:0c:69:fe:
         9b:b1:d9:6d:01:75:30:b9:58:95:32:1f:89:29:28:fd:3d:4b:
         7b:56:12:d0:c9:63:50:2b:6a:1c:cf:2d:9e:9e:24:0e:aa:f4:
         d6:67:de:62:59:68:1e:6a:85:cb:55:28:6a:de:b3:38:1e:5c:
         2a:04:ac:42
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZOQc4UVf/33/78zO4O11bYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQxMjA0MDY1NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmNhMDRmOTkxMmQyYjdmOTExNTA3YTBmMDgzZjhiODJhNThlZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntkqd2+mDjIvYj5luARF4yc+gMLt
Xirca1ow4cGnWyAVbAHkFRU0H6W71sntUuTlTEc+RFvpFVb865BPnrGFwTpZDpyS
JUAXAbyX9GoGcngv3dluFLey2eXXk07liwQ9bQWZkOzkkuvwN4D2OuSNmCYZ/bVJ
V6wgsHuZNHy513fj7fUmzJK9KNcweqfIgy/VgbrhQygypkm498sac6fwIpGrVj8P
+rM2tSw1scFr6fBsJbTotcv+cFYXy2FW26VPrsN8lCj2uf/nQmFgXesm2DIgrfjH
A7arua0Km5ON5TIMQ2F8VriryKgHKUev5XQH3yX3GsYPTg5Hb57KRW7BSwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFL/KBPmRLSt/kRUHoPCD+LgqWO8CMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvdjhvRS1aRXRLMy1SRlFlZzhJUDR1Q3BZN3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIMAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEAD48jAMEAD48jgMEAD48kQMEAz48qAMEAdWwBAMEANWw
YDAMAwQB1bB6AwQB1bB8MA0EAgACMAcDBQAgAQeQMA0GCSqGSIb3DQEBCwUAA4IB
AQBbFHwaSsk3kbgjmlo64lczmZJnfco3/6e9bBzkZvv2UfNlp/HyGa2mZHRQEceo
I4AIVRcCjUf12GVC82cyHYzB6UELBflRj75oCzSL1RvXsrmFcqXyegw0Eu7RWOu1
UXMjYsCq0EIV6bxwIaglLIKVt+tdHv78A6kkXu9dQNVXkw/xuj2JlGQmXy15WZrn
vOrK8lI3UihjvFY1PeHb7cjRRR+TUq/v9UNqOYkcgIbZWVNfRgvH+8f95P384Orz
3NV1qgwMaf6bsdltAXUwuViVMh+JKSj9PUt7VhLQyWNQK2oczy2eniQOqvTWZ95i
WWgeaoXLVShq3rM4HlwqBKxC
-----END CERTIFICATE-----