Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/WmE3w-LGs6zUzMV4P4bvLH1B108.roa
File:                     WmE3w-LGs6zUzMV4P4bvLH1B108.roa (raw, json)
Hash identifier:          hU8lpKjXyCo8Jzgik9fsuAdKFp4W0tTkNtokNYGyhv8=
Subject key identifier:   5A:61:37:C3:E2:C6:B3:AC:D4:CC:C5:78:3F:86:EF:2C:7D:41:D7:4F
Certificate issuer:       /CN=3816e19b24a7e8cff189fabac28852cd8748a380
Certificate serial:       01856CA5E5570F49F756B6C21132D727BF1B
Authority key identifier: 38:16:E1:9B:24:A7:E8:CF:F1:89:FA:BA:C2:88:52:CD:87:48:A3:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBbhmySn6M_xifq6wohSzYdIo4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/WmE3w-LGs6zUzMV4P4bvLH1B108.roa
Signing time:             Sun 01 Jan 2023 09:24:49 +0000
ROA not before:           Sun 01 Jan 2023 09:24:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50597
IP address blocks:        85.194.250.0/24 maxlen: 24
                          85.194.248.0/22 maxlen: 22
                          85.194.249.0/24 maxlen: 24
                          85.194.251.0/24 maxlen: 24
                          85.194.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:a5:e5:57:0f:49:f7:56:b6:c2:11:32:d7:27:bf:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3816e19b24a7e8cff189fabac28852cd8748a380
        Validity
            Not Before: Jan  1 09:24:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5a6137c3e2c6b3acd4ccc5783f86ef2c7d41d74f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e3:99:80:3b:2d:e8:f5:60:dc:68:77:e3:fd:
                    65:6d:61:e8:91:38:23:fa:99:69:4c:ee:62:2b:c7:
                    d2:30:1b:6b:48:90:e5:fe:78:9e:4c:77:4d:1f:a7:
                    22:89:74:18:ac:19:4e:fa:9b:c8:a3:fa:7f:87:e1:
                    bb:28:22:05:03:30:9e:ae:80:72:1f:27:2b:d7:b3:
                    5f:8b:19:91:1b:f4:34:ca:28:18:be:a2:b1:95:21:
                    b3:61:97:3c:88:08:fa:a3:94:37:50:68:39:91:2e:
                    77:a9:7a:99:18:6e:63:4c:c0:3a:8e:d1:20:ed:b6:
                    58:fb:d7:dd:fc:c9:24:16:c0:40:ea:d1:3c:82:2c:
                    de:03:30:2b:d7:18:47:44:43:40:64:f1:e4:91:9b:
                    80:5e:8e:d1:92:dd:65:d1:f2:f6:15:81:76:c1:3c:
                    90:f9:d7:fa:c6:9d:51:1f:ce:7e:70:af:73:7d:f7:
                    b0:84:70:b5:b6:54:f7:2c:70:54:3e:fe:7c:b6:81:
                    7c:ed:4b:32:ad:c3:ed:fe:9e:ad:46:6e:de:c8:7c:
                    df:9f:fb:43:47:b2:af:1d:96:f7:db:20:2a:41:fb:
                    79:80:e5:47:5f:d4:c7:bc:e3:8e:9e:6f:42:ca:fc:
                    73:c8:2a:6b:20:0e:e8:9d:18:99:f7:fd:08:7c:c8:
                    1a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:61:37:C3:E2:C6:B3:AC:D4:CC:C5:78:3F:86:EF:2C:7D:41:D7:4F
            X509v3 Authority Key Identifier:
                keyid:38:16:E1:9B:24:A7:E8:CF:F1:89:FA:BA:C2:88:52:CD:87:48:A3:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBbhmySn6M_xifq6wohSzYdIo4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/WmE3w-LGs6zUzMV4P4bvLH1B108.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/OBbhmySn6M_xifq6wohSzYdIo4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:2b:00:4a:f3:bc:12:99:b9:26:fe:27:ba:bc:41:e9:59:fb:
         e0:18:e1:55:a7:8b:ff:e6:c4:4a:b5:70:1a:31:34:34:b7:73:
         b7:8e:30:49:7c:d9:7d:ec:c6:a0:6e:fa:9d:42:81:86:47:20:
         21:dc:3c:36:9a:87:6e:a2:1a:a3:27:40:ec:09:b9:c4:d7:5b:
         45:fc:43:37:c9:ec:72:f3:9b:23:e9:21:00:6d:40:58:72:60:
         96:13:4d:e4:9f:0b:1b:e4:6e:b3:68:9b:cc:14:ed:33:d7:8d:
         7d:de:3b:7d:fc:a3:dc:ff:af:15:91:8e:4e:c0:e1:90:72:71:
         c6:b8:fd:fd:d8:d5:89:09:ed:86:81:97:a3:b1:f8:b3:e4:a8:
         a9:44:3a:d1:16:89:01:ce:8e:0a:9c:2a:dc:ee:f7:ae:86:db:
         05:3c:e1:92:39:5d:cc:47:66:e6:f4:1b:a4:51:e1:09:ef:d1:
         40:53:c7:dc:cd:fc:5e:ab:1f:82:90:03:80:ae:91:b2:e9:60:
         21:15:33:87:de:6b:5c:42:b2:74:d4:c0:37:e1:be:2f:26:71:
         b6:7e:1e:68:b1:2a:dc:60:68:d3:92:41:2e:2c:23:db:85:0b:
         28:3b:1e:c7:2b:9e:6b:e9:50:ad:fd:ab:dd:76:25:fc:34:ac:
         1f:32:71:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVspeVXD0n3VrbCETLXJ78bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTZlMTliMjRhN2U4Y2ZmMTg5ZmFiYWMyODg1MmNkODc0
OGEzODAwHhcNMjMwMTAxMDkyNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTYxMzdjM2UyYzZiM2FjZDRjY2M1NzgzZjg2ZWYyYzdkNDFkNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOOZgDst6PVg3Gh34/1lbWHokTgj
+plpTO5iK8fSMBtrSJDl/nieTHdNH6ciiXQYrBlO+pvIo/p/h+G7KCIFAzCeroBy
Hycr17NfixmRG/Q0yigYvqKxlSGzYZc8iAj6o5Q3UGg5kS53qXqZGG5jTMA6jtEg
7bZY+9fd/MkkFsBA6tE8gizeAzAr1xhHRENAZPHkkZuAXo7Rkt1l0fL2FYF2wTyQ
+df6xp1RH85+cK9zffewhHC1tlT3LHBUPv58toF87UsyrcPt/p6tRm7eyHzfn/tD
R7KvHZb32yAqQft5gOVHX9THvOOOnm9CyvxzyCprIA7onRiZ9/0IfMgaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFphN8PixrOs1MzFeD+G7yx9QddPMB8GA1UdIwQY
MBaAFDgW4Zskp+jP8Yn6usKIUs2HSKOAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JiaG15U242TV94aWZxNndvaFN6WWRJbzRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kNjEyNzUtZTAwYS00YmZiLWJlOGEt
MTZiMzZkMDgwMWU5LzEvV21FM3ctTEdzNnpVek1WNFA0YnZMSDFCMTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kNjEyNzUtZTAwYS00YmZiLWJlOGEtMTZiMzZkMDgwMWU5
LzEvT0JiaG15U242TV94aWZxNndvaFN6WWRJbzRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcL4MA0G
CSqGSIb3DQEBCwUAA4IBAQBpKwBK87wSmbkm/ie6vEHpWfvgGOFVp4v/5sRKtXAa
MTQ0t3O3jjBJfNl97MagbvqdQoGGRyAh3Dw2moduohqjJ0DsCbnE11tF/EM3yexy
85sj6SEAbUBYcmCWE03knwsb5G6zaJvMFO0z14193jt9/KPc/68VkY5OwOGQcnHG
uP392NWJCe2GgZejsfiz5KipRDrRFokBzo4KnCrc7veuhtsFPOGSOV3MR2bm9Buk
UeEJ79FAU8fczfxeqx+CkAOArpGy6WAhFTOH3mtcQrJ01MA34b4vJnG2fh5osSrc
YGjTkkEuLCPbhQsoOx7HK55r6VCt/avddiX8NKwfMnE7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:01 2024 by rpki-client on console-fra.rpki-client.org