Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/5Q-nPmlNF1CiNNxBq9Ol-eFTA6w.roa
File:                     5Q-nPmlNF1CiNNxBq9Ol-eFTA6w.roa (raw, json)
Hash identifier:          4TevnLmQjeI/jXhbjFPbQAwx7siCkmsO+fkpnGi3sXs=
Subject key identifier:   E5:0F:A7:3E:69:4D:17:50:A2:34:DC:41:AB:D3:A5:F9:E1:53:03:AC
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       01865ECE819D6860C18B7FF8CFEF9075A29C
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/5Q-nPmlNF1CiNNxBq9Ol-eFTA6w.roa
Signing time:             Fri 17 Feb 2023 09:57:17 +0000
ROA not before:           Fri 17 Feb 2023 09:57:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        85.153.125.0/24 maxlen: 24
                          85.153.124.0/24 maxlen: 24
                          85.153.120.0/24 maxlen: 24
                          85.153.119.0/24 maxlen: 24
                          85.153.121.0/24 maxlen: 24
                          85.153.123.0/24 maxlen: 24
                          85.153.122.0/24 maxlen: 24
                          85.153.126.0/24 maxlen: 24
                          85.153.68.0/22 maxlen: 22
                          85.153.66.0/24 maxlen: 24
                          85.153.65.0/24 maxlen: 24
                          85.153.67.0/24 maxlen: 24
                          85.153.75.0/24 maxlen: 24
                          85.153.73.0/24 maxlen: 24
                          85.153.72.0/24 maxlen: 24
                          85.153.74.0/24 maxlen: 24
                          85.153.83.0/24 maxlen: 24
                          85.153.82.0/24 maxlen: 24
                          85.153.84.0/22 maxlen: 22
                          85.153.80.0/24 maxlen: 24
                          85.153.81.0/24 maxlen: 24
                          85.153.88.0/22 maxlen: 22
                          85.153.92.0/24 maxlen: 24
                          85.153.93.0/24 maxlen: 24
                          85.153.95.0/24 maxlen: 24
                          85.153.94.0/24 maxlen: 24
                          85.153.104.0/22 maxlen: 22
                          85.153.108.0/22 maxlen: 22
                          85.153.113.0/24 maxlen: 24
                          85.153.118.0/24 maxlen: 24
                          85.153.12.0/22 maxlen: 22
                          85.153.24.0/22 maxlen: 22
                          85.153.29.0/24 maxlen: 24
                          85.153.32.0/24 maxlen: 24
                          85.153.34.0/24 maxlen: 24
                          85.153.36.0/22 maxlen: 22
                          85.153.35.0/24 maxlen: 24
                          85.153.41.0/24 maxlen: 24
                          85.153.42.0/24 maxlen: 24
                          85.153.40.0/24 maxlen: 24
                          85.153.56.0/24 maxlen: 24
                          85.153.52.0/22 maxlen: 22
                          85.153.59.0/24 maxlen: 24
                          85.153.60.0/22 maxlen: 22
                          85.115.204.0/24 maxlen: 24
                          85.115.207.0/24 maxlen: 24
                          85.153.4.0/24 maxlen: 24
                          85.153.7.0/24 maxlen: 24
                          85.153.6.0/24 maxlen: 24
                          85.153.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 08 Aug 2023 20:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:5e:ce:81:9d:68:60:c1:8b:7f:f8:cf:ef:90:75:a2:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Feb 17 09:57:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e50fa73e694d1750a234dc41abd3a5f9e15303ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:80:f2:05:da:cb:cc:cf:cd:25:25:cb:c9:
                    11:dc:83:0a:55:4c:ee:4e:df:75:e3:fa:46:b4:66:
                    5a:0f:34:e2:9a:2a:84:6f:b8:41:1c:20:31:14:d3:
                    66:ec:dc:f4:ec:77:d0:18:62:a0:46:9e:5d:57:3e:
                    bf:4f:fc:fc:47:73:9a:e4:b8:ac:82:af:6a:6a:34:
                    32:9c:bc:4a:ed:f0:cf:d9:b2:e2:dd:75:a2:e5:31:
                    43:76:35:7f:0e:4a:10:d6:30:7e:f9:c4:c2:b5:68:
                    0d:96:f0:6f:11:ea:36:3c:44:ad:1b:0b:57:e5:e0:
                    af:0a:b1:9c:0d:66:f0:6f:6d:cf:08:42:a7:b2:f3:
                    f3:7d:c3:86:e7:db:d0:f9:0d:30:2c:4b:ba:ee:2d:
                    2d:67:79:c4:71:42:8b:d7:d7:0e:73:1f:c4:bb:32:
                    da:8b:f9:76:00:50:9d:1e:2f:a6:33:4a:eb:85:67:
                    81:9d:d1:e1:c0:13:b1:7e:a4:01:02:94:09:45:5d:
                    2a:48:28:ed:9c:fb:7b:39:8c:b6:63:b3:2d:4c:c5:
                    b5:2d:56:66:ac:23:41:a4:44:bc:6a:97:7c:42:cf:
                    4e:2c:ea:1a:a0:f0:02:28:0f:98:36:5a:4a:46:45:
                    4c:4a:04:61:f5:89:18:18:d3:3f:64:28:11:22:3a:
                    13:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0F:A7:3E:69:4D:17:50:A2:34:DC:41:AB:D3:A5:F9:E1:53:03:AC
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/5Q-nPmlNF1CiNNxBq9Ol-eFTA6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.204.0/24
                  85.115.207.0/24
                  85.153.4.0/24
                  85.153.6.0-85.153.8.255
                  85.153.12.0/22
                  85.153.24.0/22
                  85.153.29.0/24
                  85.153.32.0/24
                  85.153.34.0-85.153.42.255
                  85.153.52.0-85.153.56.255
                  85.153.59.0-85.153.63.255
                  85.153.65.0-85.153.75.255
                  85.153.80.0/20
                  85.153.104.0/21
                  85.153.113.0/24
                  85.153.118.0-85.153.126.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:64:a2:0d:1d:c1:c1:f4:2e:72:90:a7:12:52:e8:d5:26:dc:
         64:6d:9b:0e:8c:97:dd:36:95:28:85:0b:5d:44:31:b1:67:fa:
         b8:2e:3a:12:f1:9a:f6:59:44:81:ee:0f:bc:d5:5d:33:2b:49:
         0d:dd:93:bc:12:2f:50:f1:07:3a:bb:f1:4b:a7:34:2d:86:fb:
         95:27:85:a6:7c:cf:1e:01:f5:51:3e:c8:b3:a2:93:a2:30:7c:
         91:ef:42:7b:9b:e4:bc:52:aa:76:86:82:01:e5:84:27:da:c7:
         58:ef:0f:e2:39:26:b2:c3:5d:ef:df:d9:8a:7e:a2:ec:70:24:
         09:fa:3e:8c:20:03:01:de:dd:07:cb:cd:bd:20:45:1c:ae:0a:
         bf:70:69:ff:bb:67:d2:6a:19:c9:da:4d:0d:1a:0b:56:72:36:
         e6:7d:c8:90:bf:e5:b4:b2:7d:c9:57:7e:30:c2:63:4f:92:b6:
         32:e1:23:44:75:35:97:89:eb:08:31:8a:0e:37:60:b4:1d:c5:
         e5:ca:c8:ac:d6:ef:39:db:32:df:21:53:ff:cf:eb:d0:c3:8b:
         89:1e:aa:07:fd:02:8c:e7:d6:b1:fe:6c:5b:46:b5:b1:8e:c2:
         af:d8:d0:15:5e:92:a7:06:09:58:96:a9:51:a4:2f:27:f6:9a:
         00:c4:e1:57
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgISAYZezoGdaGDBi3/4z++QdaKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMwMjE3MDk1NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBmYTczZTY5NGQxNzUwYTIzNGRjNDFhYmQzYTVmOWUxNTMwM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxmA8gXay8zPzSUly8kR3IMKVUzu
Tt914/pGtGZaDzTimiqEb7hBHCAxFNNm7Nz07HfQGGKgRp5dVz6/T/z8R3Oa5Lis
gq9qajQynLxK7fDP2bLi3XWi5TFDdjV/DkoQ1jB++cTCtWgNlvBvEeo2PEStGwtX
5eCvCrGcDWbwb23PCEKnsvPzfcOG59vQ+Q0wLEu67i0tZ3nEcUKL19cOcx/EuzLa
i/l2AFCdHi+mM0rrhWeBndHhwBOxfqQBApQJRV0qSCjtnPt7OYy2Y7MtTMW1LVZm
rCNBpES8apd8Qs9OLOoaoPACKA+YNlpKRkVMSgRh9YkYGNM/ZCgRIjoTrwIDAQAB
o4ICmDCCApQwHQYDVR0OBBYEFOUPpz5pTRdQojTcQavTpfnhUwOsMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvNVEtblBtbE5GMUNpTk54QnE5T2wtZUZUQTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGtBggrBgEFBQcBBwEB/wSBnTCBmjCBlwQCAAEwgZADBABV
c8wDBABVc88DBABVmQQwDAMEAVWZBgMEAFWZCAMEAlWZDAMEAlWZGAMEAFWZHQME
AFWZIDAMAwQBVZkiAwQAVZkqMAwDBAJVmTQDBABVmTgwDAMEAFWZOwMEBlWZADAM
AwQAVZlBAwQCVZlIAwQEVZlQAwQDVZloAwQAVZlxMAwDBAFVmXYDBABVmX4wDQYJ
KoZIhvcNAQELBQADggEBAJxkog0dwcH0LnKQpxJS6NUm3GRtmw6Ml902lSiFC11E
MbFn+rguOhLxmvZZRIHuD7zVXTMrSQ3dk7wSL1DxBzq78UunNC2G+5UnhaZ8zx4B
9VE+yLOik6IwfJHvQnub5LxSqnaGggHlhCfax1jvD+I5JrLDXe/f2Yp+ouxwJAn6
PowgAwHe3QfLzb0gRRyuCr9waf+7Z9JqGcnaTQ0aC1ZyNuZ9yJC/5bSyfclXfjDC
Y0+StjLhI0R1NZeJ6wgxig43YLQdxeXKyKzW7znbMt8hU//P69DDi4keqgf9Aozn
1rH+bFtGtbGOwq/Y0BVekqcGCViWqVGkLyf2mgDE4Vc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:40 2024 by rpki-client on console-ams.rpki-client.org