Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2Ss8Du6VRJJZ65V5gyAHFYDQlts.roa
File:                     2Ss8Du6VRJJZ65V5gyAHFYDQlts.roa (raw, json)
Hash identifier:          hRdcl41istBGouZvio5L6KDU04CuLjIZIH1fxwzNb30=
Subject key identifier:   D9:2B:3C:0E:EE:95:44:92:59:EB:95:79:83:20:07:15:80:D0:96:DB
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018DEEDAE24D35F869A4FE4ACEA4FC6577B7
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2Ss8Du6VRJJZ65V5gyAHFYDQlts.roa
Signing time:             Wed 28 Feb 2024 08:35:38 +0000
ROA not before:           Wed 28 Feb 2024 08:35:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        85.133.200.0/22 maxlen: 24
                          85.133.204.0/24 maxlen: 24
                          85.133.218.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 09 Mar 2024 06:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:da:e2:4d:35:f8:69:a4:fe:4a:ce:a4:fc:65:77:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 28 08:35:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d92b3c0eee95449259eb95798320071580d096db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bb:5c:c7:81:5a:8c:b5:75:4b:4c:ad:7d:0e:
                    30:0d:7e:3f:3a:33:00:83:d4:87:43:59:9e:f0:ae:
                    88:8c:ab:d6:4a:db:f6:eb:0e:ee:4a:9a:23:f4:8f:
                    f1:89:52:a0:51:42:21:52:8d:fe:60:04:93:5f:4a:
                    05:e2:e1:59:43:10:d7:58:b8:4c:4f:4c:45:e3:49:
                    8d:a5:79:79:b7:5e:15:28:41:93:70:4f:7a:18:be:
                    80:f2:cb:64:37:8c:73:ee:04:28:8b:87:7f:29:1f:
                    20:0e:bf:c5:a6:b4:25:2c:7e:6d:e6:1f:2a:26:a6:
                    62:a5:6d:a5:0b:09:47:19:00:a9:01:95:79:40:5b:
                    4d:90:ce:11:15:d5:3b:a3:d5:1b:c0:ec:71:06:b0:
                    ba:38:ce:4b:e0:6b:a6:6c:d3:f3:61:1d:26:82:c4:
                    a2:e9:a3:2c:01:d7:7f:bd:51:0e:6e:14:ca:b1:be:
                    5c:bd:99:06:e7:68:94:28:3b:b3:e5:0e:21:5d:89:
                    d5:33:3a:db:1c:7d:1a:64:d4:6e:b8:28:b5:c6:eb:
                    70:b5:2f:44:f5:4b:e9:e0:6f:16:4e:d4:e7:39:cc:
                    a9:00:59:cb:21:85:5e:92:55:f0:ff:09:69:db:db:
                    08:30:4b:84:ce:e0:8b:ff:38:5d:d7:f4:d5:e6:88:
                    92:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:2B:3C:0E:EE:95:44:92:59:EB:95:79:83:20:07:15:80:D0:96:DB
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/2Ss8Du6VRJJZ65V5gyAHFYDQlts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.200.0-85.133.204.255
                  85.133.218.0/24
                  85.133.227.0-85.133.228.255

    Signature Algorithm: sha256WithRSAEncryption
         4d:20:b7:24:a7:db:c1:c0:7e:30:c5:33:e0:c8:c2:50:b7:5c:
         35:cc:06:c0:dd:6a:da:03:4d:a5:6a:b6:ed:8a:16:40:d9:2d:
         84:71:8d:d9:6d:fc:72:a2:c9:ce:63:08:fe:82:61:5a:fd:c5:
         e6:d5:d3:19:c0:b8:9e:ae:0f:a0:b6:15:5e:f4:af:90:cb:d8:
         b3:62:38:90:4c:6f:58:c8:92:95:99:72:e1:18:64:c3:b2:63:
         56:cd:27:a8:40:38:e6:ba:81:47:3a:5e:9a:de:a3:a1:cc:3c:
         b7:e2:dd:ed:4f:dc:41:31:09:3c:13:d8:ca:ac:d0:1d:24:9d:
         f9:35:a1:04:db:aa:fe:95:bb:56:0c:3a:e9:d8:87:a0:89:3b:
         f8:e0:f8:2a:43:87:2e:f3:80:9a:0f:14:c4:4a:c6:f3:38:9d:
         0a:52:1f:7c:a7:4a:09:f9:3e:1b:8e:2d:08:26:54:1d:f3:b4:
         89:90:89:48:74:79:9c:9c:7e:88:84:ae:60:02:2a:f2:39:93:
         9a:88:a0:fd:3a:19:7f:1e:20:44:fe:87:f1:7e:20:d7:32:10:
         9d:fd:d1:59:c9:49:a1:67:6a:96:1d:c5:50:cf:94:49:b8:48:
         f2:d3:22:2f:c9:23:ab:c5:45:52:f9:aa:df:96:7e:59:10:5c:
         d6:03:17:0e
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY3u2uJNNfhppP5KzqT8ZXe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjI4MDgzNTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTJiM2MwZWVlOTU0NDkyNTllYjk1Nzk4MzIwMDcxNTgwZDA5NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7tcx4FajLV1S0ytfQ4wDX4/OjMA
g9SHQ1me8K6IjKvWStv26w7uSpoj9I/xiVKgUUIhUo3+YASTX0oF4uFZQxDXWLhM
T0xF40mNpXl5t14VKEGTcE96GL6A8stkN4xz7gQoi4d/KR8gDr/FprQlLH5t5h8q
JqZipW2lCwlHGQCpAZV5QFtNkM4RFdU7o9UbwOxxBrC6OM5L4GumbNPzYR0mgsSi
6aMsAdd/vVEObhTKsb5cvZkG52iUKDuz5Q4hXYnVMzrbHH0aZNRuuCi1xutwtS9E
9Uvp4G8WTtTnOcypAFnLIYVeklXw/wlp29sIMEuEzuCL/zhd1/TV5oiSkQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFNkrPA7ulUSSWeuVeYMgBxWA0JbbMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvMlNzOER1NlZSSkpaNjVWNWd5QUhGWURRbHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBANVhcgD
BABVhcwDBABVhdowDAMEAFWF4wMEAFWF5DANBgkqhkiG9w0BAQsFAAOCAQEATSC3
JKfbwcB+MMUz4MjCULdcNcwGwN1q2gNNpWq27YoWQNkthHGN2W38cqLJzmMI/oJh
Wv3F5tXTGcC4nq4PoLYVXvSvkMvYs2I4kExvWMiSlZly4Rhkw7JjVs0nqEA45rqB
Rzpemt6jocw8t+Ld7U/cQTEJPBPYyqzQHSSd+TWhBNuq/pW7Vgw66diHoIk7+OD4
KkOHLvOAmg8UxErG8zidClIffKdKCfk+G44tCCZUHfO0iZCJSHR5nJx+iISuYAIq
8jmTmoig/ToZfx4gRP6H8X4g1zIQnf3RWclJoWdqlh3FUM+USbhI8tMiL8kjq8VF
Uvmq35Z+WRBc1gMXDg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:01 2024 by rpki-client on console-ams.rpki-client.org