Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/lnQGrG_LMcF-WRNmKebr_z1y5XI.roa
File:                     lnQGrG_LMcF-WRNmKebr_z1y5XI.roa (raw, json)
Hash identifier:          fphYvixTlaIT/qhmVbvQB78bkMQtE4p9BFv7VBDjKMw=
Subject key identifier:   96:74:06:AC:6F:CB:31:C1:7E:59:13:66:29:E6:EB:FF:3D:72:E5:72
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       01856EAFC0AEA87A8C3D5B26F96964E92C8F
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/lnQGrG_LMcF-WRNmKebr_z1y5XI.roa
Signing time:             Sun 01 Jan 2023 18:54:49 +0000
ROA not before:           Sun 01 Jan 2023 18:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        85.153.125.0/24 maxlen: 24
                          85.153.124.0/24 maxlen: 24
                          85.153.120.0/24 maxlen: 24
                          85.153.119.0/24 maxlen: 24
                          85.153.121.0/24 maxlen: 24
                          85.153.123.0/24 maxlen: 24
                          85.153.122.0/24 maxlen: 24
                          85.153.126.0/24 maxlen: 24
                          85.153.68.0/22 maxlen: 22
                          85.153.66.0/24 maxlen: 24
                          85.153.65.0/24 maxlen: 24
                          85.153.67.0/24 maxlen: 24
                          85.153.75.0/24 maxlen: 24
                          85.153.73.0/24 maxlen: 24
                          85.153.72.0/24 maxlen: 24
                          85.153.74.0/24 maxlen: 24
                          85.153.83.0/24 maxlen: 24
                          85.153.82.0/24 maxlen: 24
                          85.153.84.0/22 maxlen: 22
                          85.153.80.0/24 maxlen: 24
                          85.153.81.0/24 maxlen: 24
                          85.153.88.0/22 maxlen: 22
                          85.153.92.0/24 maxlen: 24
                          85.153.93.0/24 maxlen: 24
                          85.153.95.0/24 maxlen: 24
                          85.153.94.0/24 maxlen: 24
                          85.153.112.0/24 maxlen: 24
                          85.153.108.0/22 maxlen: 22
                          85.153.113.0/24 maxlen: 24
                          85.153.114.0/24 maxlen: 24
                          85.153.116.0/24 maxlen: 24
                          85.153.115.0/24 maxlen: 24
                          85.153.118.0/24 maxlen: 24
                          85.153.117.0/24 maxlen: 24
                          85.153.16.0/22 maxlen: 22
                          85.153.12.0/22 maxlen: 22
                          85.153.24.0/22 maxlen: 22
                          85.153.29.0/24 maxlen: 24
                          85.153.28.0/24 maxlen: 24
                          85.153.30.0/24 maxlen: 24
                          85.153.32.0/24 maxlen: 24
                          85.153.34.0/24 maxlen: 24
                          85.153.36.0/22 maxlen: 22
                          85.153.35.0/24 maxlen: 24
                          85.153.41.0/24 maxlen: 24
                          85.153.42.0/24 maxlen: 24
                          85.153.40.0/24 maxlen: 24
                          85.153.47.0/24 maxlen: 24
                          85.153.46.0/24 maxlen: 24
                          85.153.56.0/24 maxlen: 24
                          85.153.52.0/22 maxlen: 22
                          85.153.59.0/24 maxlen: 24
                          85.153.60.0/22 maxlen: 22
                          85.115.204.0/24 maxlen: 24
                          85.115.206.0/24 maxlen: 24
                          85.115.205.0/24 maxlen: 24
                          85.115.207.0/24 maxlen: 24
                          85.153.4.0/24 maxlen: 24
                          85.153.7.0/24 maxlen: 24
                          85.153.6.0/24 maxlen: 24
                          85.153.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 19 Jan 2023 17:27:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:af:c0:ae:a8:7a:8c:3d:5b:26:f9:69:64:e9:2c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jan  1 18:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=967406ac6fcb31c17e59136629e6ebff3d72e572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7d:20:8f:db:a9:54:7c:73:48:ca:91:4b:f1:
                    12:1d:42:be:45:c0:77:1c:cb:e8:7b:17:aa:aa:c7:
                    b8:9f:bf:a2:42:0f:a8:c6:ba:d6:30:23:e3:ee:78:
                    70:98:ee:a4:fa:db:26:aa:07:a5:c9:8c:2e:e3:91:
                    2c:19:68:07:cc:bd:c4:07:eb:ab:b1:1d:b7:5e:81:
                    37:96:20:bf:3a:26:c6:4a:83:18:72:86:3f:42:02:
                    d8:36:2b:a0:56:61:57:12:a4:9f:4f:28:32:e5:4e:
                    a6:e7:0e:0a:f8:d6:3b:b5:e9:59:d1:d1:b0:17:6b:
                    97:53:a6:a2:66:cd:fe:6f:6e:6b:76:84:01:04:69:
                    bf:0f:fa:2c:ae:3c:dc:d5:1c:78:08:cb:7e:50:2b:
                    cd:ad:d4:81:83:74:08:53:4e:94:24:7a:8c:fe:a6:
                    92:4f:2f:6b:7a:f7:36:80:29:7c:84:99:85:85:3c:
                    7a:67:14:18:2e:d1:60:48:d4:a1:05:d6:45:77:89:
                    c0:aa:61:1f:5d:c1:39:ee:ba:06:02:d8:d4:01:3a:
                    73:d2:92:ac:ba:e5:72:51:46:84:a7:d1:4f:39:e5:
                    51:66:21:5a:7d:6f:f7:7c:b2:c2:3e:f7:28:b9:3c:
                    04:1c:82:5f:f4:48:9d:50:cf:dc:a9:4d:64:61:f9:
                    be:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:74:06:AC:6F:CB:31:C1:7E:59:13:66:29:E6:EB:FF:3D:72:E5:72
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/lnQGrG_LMcF-WRNmKebr_z1y5XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.204.0/22
                  85.153.4.0/24
                  85.153.6.0-85.153.8.255
                  85.153.12.0-85.153.19.255
                  85.153.24.0-85.153.30.255
                  85.153.32.0/24
                  85.153.34.0-85.153.42.255
                  85.153.46.0/23
                  85.153.52.0-85.153.56.255
                  85.153.59.0-85.153.63.255
                  85.153.65.0-85.153.75.255
                  85.153.80.0/20
                  85.153.108.0-85.153.126.255

    Signature Algorithm: sha256WithRSAEncryption
         67:82:37:dd:a8:dd:33:b3:02:5d:ba:54:3d:ef:a3:76:22:e5:
         fd:36:a9:ac:57:8d:74:79:17:63:71:65:30:cb:dd:0e:bf:59:
         27:bd:eb:d1:f1:ef:71:13:65:e0:80:f7:c1:86:4b:53:da:61:
         2e:0c:ad:dc:73:fb:74:71:d1:f3:a2:5e:5b:1b:91:1e:98:b6:
         c4:44:6e:51:60:4f:1b:e2:f2:ec:c3:8b:ab:02:dc:87:ce:97:
         3d:ba:ed:bb:6e:2f:e2:0f:17:8e:89:d5:6f:4d:00:fe:b7:91:
         07:c4:1e:e3:40:f9:c8:70:90:31:76:ef:cd:e8:5f:76:ea:4e:
         3e:ac:d9:ed:1f:6e:cc:85:20:20:4f:f5:b6:3b:44:8a:bd:66:
         c0:12:cb:dd:50:6d:4f:86:58:01:39:f7:ad:b1:30:1f:d7:5a:
         64:7d:6e:97:58:8e:90:e2:ca:e8:a9:d1:fb:ab:91:48:1a:a9:
         b7:0d:6e:b7:49:dc:19:1d:78:47:80:2f:37:8d:2b:c6:de:72:
         c9:6b:94:12:29:2c:45:ae:3a:e3:22:9d:fe:6e:89:29:13:9c:
         a2:8e:59:3a:7c:ab:b8:5d:68:bd:b1:95:c6:4d:ae:a7:e5:b4:
         2a:ee:fc:be:db:cd:07:4e:2f:11:4e:5b:97:59:2d:6e:24:d1:
         a8:83:18:72
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYVur8CuqHqMPVsm+Wlk6SyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMwMTAxMTg1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc0MDZhYzZmY2IzMWMxN2U1OTEzNjYyOWU2ZWJmZjNkNzJlNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgn0gj9upVHxzSMqRS/ESHUK+RcB3
HMvoexeqqse4n7+iQg+oxrrWMCPj7nhwmO6k+tsmqgelyYwu45EsGWgHzL3EB+ur
sR23XoE3liC/OibGSoMYcoY/QgLYNiugVmFXEqSfTygy5U6m5w4K+NY7telZ0dGw
F2uXU6aiZs3+b25rdoQBBGm/D/osrjzc1Rx4CMt+UCvNrdSBg3QIU06UJHqM/qaS
Ty9revc2gCl8hJmFhTx6ZxQYLtFgSNShBdZFd4nAqmEfXcE57roGAtjUATpz0pKs
uuVyUUaEp9FPOeVRZiFafW/3fLLCPvcouTwEHIJf9EidUM/cqU1kYfm+owIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFJZ0BqxvyzHBflkTZinm6/89cuVyMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvbG5RR3JHX0xNY0YtV1JObUtlYnJfejF5NVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAJV
c8wDBABVmQQwDAMEAVWZBgMEAFWZCDAMAwQCVZkMAwQCVZkQMAwDBANVmRgDBABV
mR4DBABVmSAwDAMEAVWZIgMEAFWZKgMEAVWZLjAMAwQCVZk0AwQAVZk4MAwDBABV
mTsDBAZVmQAwDAMEAFWZQQMEAlWZSAMEBFWZUDAMAwQCVZlsAwQAVZl+MA0GCSqG
SIb3DQEBCwUAA4IBAQBngjfdqN0zswJdulQ976N2IuX9NqmsV410eRdjcWUwy90O
v1knvevR8e9xE2XggPfBhktT2mEuDK3cc/t0cdHzol5bG5EemLbERG5RYE8b4vLs
w4urAtyHzpc9uu27bi/iDxeOidVvTQD+t5EHxB7jQPnIcJAxdu/N6F926k4+rNnt
H27MhSAgT/W2O0SKvWbAEsvdUG1PhlgBOfetsTAf11pkfW6XWI6Q4sroqdH7q5FI
Gqm3DW63SdwZHXhHgC83jSvG3nLJa5QSKSxFrjrjIp3+bokpE5yijlk6fKu4XWi9
sZXGTa6n5bQq7vy+280HTi8RTluXWS1uJNGogxhy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:43 2024 by rpki-client on console-fra.rpki-client.org