Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8w5O7psCexx_s44QSb7InMXYkaI.roa
File:                     8w5O7psCexx_s44QSb7InMXYkaI.roa (raw, json)
Hash identifier:          xUMgdIziVUs/gUMLieS2dcGexmzKn+JjDIzjWkHRScU=
Subject key identifier:   F3:0E:4E:EE:9B:02:7B:1C:7F:B3:8E:10:49:BE:C8:9C:C5:D8:91:A2
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018B191D5A4E9480FB99DBE5AB9390EA76B1
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8w5O7psCexx_s44QSb7InMXYkaI.roa
Signing time:             Tue 10 Oct 2023 10:23:55 +0000
ROA not before:           Tue 10 Oct 2023 10:23:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39521
IP address blocks:        85.133.233.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24
                          85.133.236.0/24 maxlen: 24
                          85.133.241.0/24 maxlen: 24
                          85.133.250.0/24 maxlen: 24
                          85.133.199.0/24 maxlen: 24
                          85.133.202.0/24 maxlen: 24
                          85.133.205.0/24 maxlen: 24
                          85.133.208.0/24 maxlen: 24
                          85.133.217.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.219.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 11 Oct 2023 13:23:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:19:1d:5a:4e:94:80:fb:99:db:e5:ab:93:90:ea:76:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Oct 10 10:23:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f30e4eee9b027b1c7fb38e1049bec89cc5d891a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:80:6e:a8:83:20:12:2e:18:68:19:e0:18:30:
                    05:d1:9a:db:af:ab:4f:e6:55:16:c9:ad:69:d4:5c:
                    c7:5a:fb:33:a8:ab:19:a1:8e:41:73:ca:95:a0:51:
                    21:04:07:2b:f2:81:17:c7:cb:c0:1f:b1:c8:34:e6:
                    f7:1e:5f:31:27:f1:16:12:46:51:59:e6:de:7c:54:
                    6e:9b:ce:ed:52:c9:68:55:71:03:97:e5:0c:38:f7:
                    10:5d:c0:f4:f3:52:56:51:ed:fb:f0:e0:5f:44:a7:
                    e3:cd:63:07:b7:e5:1b:75:fb:db:19:a8:c7:3c:00:
                    58:09:5a:92:df:27:66:1b:40:7b:6b:dc:d7:49:75:
                    d0:09:cc:9f:0d:1e:93:13:a5:70:77:e8:8d:64:a6:
                    aa:50:22:2f:88:92:e5:98:ec:d5:51:63:2f:52:d2:
                    4c:b8:ba:37:55:41:66:ad:32:80:64:90:47:fc:c1:
                    22:92:db:f2:6c:11:96:17:3a:a3:d5:a8:7d:2b:d6:
                    6f:96:47:5e:a8:31:a9:6f:0c:f6:5d:19:b8:26:19:
                    82:d6:a1:10:72:57:84:46:dc:36:ec:55:55:ca:9c:
                    eb:16:90:a5:de:8d:21:d7:be:d6:0b:d9:9c:e7:b7:
                    57:fa:2b:a9:13:88:b7:f4:17:45:30:c3:2f:6f:cd:
                    98:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:0E:4E:EE:9B:02:7B:1C:7F:B3:8E:10:49:BE:C8:9C:C5:D8:91:A2
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8w5O7psCexx_s44QSb7InMXYkaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.199.0/24
                  85.133.202.0/24
                  85.133.205.0/24
                  85.133.208.0/24
                  85.133.215.0/24
                  85.133.217.0/24
                  85.133.219.0/24
                  85.133.221.0/24
                  85.133.227.0-85.133.228.255
                  85.133.233.0/24
                  85.133.236.0/24
                  85.133.241.0/24
                  85.133.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:0c:e8:3c:b5:58:69:bc:5c:20:19:d8:9b:04:f4:f0:38:c4:
         d6:65:e1:fc:34:e8:e0:48:c1:44:a4:32:67:71:64:55:90:b7:
         e1:2a:d2:18:69:da:19:25:af:15:a2:0a:33:7e:d9:51:9e:03:
         77:ab:9b:33:77:8a:c9:eb:dc:68:84:e8:b7:f2:6a:40:26:96:
         3c:f8:61:b9:a2:55:5c:18:53:39:77:4e:fb:d7:78:da:6b:60:
         72:65:35:28:b9:63:6a:e3:25:d1:73:b3:5d:6f:e3:e5:2d:ee:
         52:6d:01:2b:13:5a:4e:5a:02:ac:4b:57:80:0b:11:3a:26:65:
         f3:7e:a6:56:8f:23:59:02:b7:41:03:bc:d1:80:d6:44:21:f1:
         35:84:19:0a:d3:bd:00:10:39:52:74:b9:01:11:ed:69:3d:e0:
         91:fb:44:08:db:ef:1b:9d:5f:4b:aa:5a:ad:d5:ee:c6:f7:4d:
         61:6c:0c:fd:9d:bd:38:ae:b4:a6:9a:ec:b1:31:4c:7b:6a:47:
         9d:2b:86:ae:f8:0b:64:d1:b7:58:8d:9c:f5:c9:3d:70:c9:a3:
         57:28:97:29:42:15:94:90:43:58:5b:a2:dc:16:cc:4f:b6:20:
         bf:38:58:6a:d2:4b:d1:5e:7e:8e:b6:05:2c:e3:73:57:59:6f:
         a4:37:8d:56
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYsZHVpOlID7mdvlq5OQ6naxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMxMDEwMTAyMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzBlNGVlZTliMDI3YjFjN2ZiMzhlMTA0OWJlYzg5Y2M1ZDg5MWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBuqIMgEi4YaBngGDAF0Zrbr6tP
5lUWya1p1FzHWvszqKsZoY5Bc8qVoFEhBAcr8oEXx8vAH7HINOb3Hl8xJ/EWEkZR
WebefFRum87tUsloVXEDl+UMOPcQXcD081JWUe378OBfRKfjzWMHt+UbdfvbGajH
PABYCVqS3ydmG0B7a9zXSXXQCcyfDR6TE6Vwd+iNZKaqUCIviJLlmOzVUWMvUtJM
uLo3VUFmrTKAZJBH/MEiktvybBGWFzqj1ah9K9ZvlkdeqDGpbwz2XRm4JhmC1qEQ
cleERtw27FVVypzrFpCl3o0h177WC9mc57dX+iupE4i39BdFMMMvb82YnwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPMOTu6bAnscf7OOEEm+yJzF2JGiMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvOHc1Tzdwc0NleHhfczQ0UVNiN0luTVhZa2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAVYXHAwQA
VYXKAwQAVYXNAwQAVYXQAwQAVYXXAwQAVYXZAwQAVYXbAwQAVYXdMAwDBABVheMD
BABVheQDBABVhekDBABVhewDBABVhfEDBABVhfowDQYJKoZIhvcNAQELBQADggEB
AA8M6Dy1WGm8XCAZ2JsE9PA4xNZl4fw06OBIwUSkMmdxZFWQt+Eq0hhp2hklrxWi
CjN+2VGeA3ermzN3isnr3GiE6LfyakAmljz4YbmiVVwYUzl3TvvXeNprYHJlNSi5
Y2rjJdFzs11v4+Ut7lJtASsTWk5aAqxLV4ALETomZfN+plaPI1kCt0EDvNGA1kQh
8TWEGQrTvQAQOVJ0uQER7Wk94JH7RAjb7xudX0uqWq3V7sb3TWFsDP2dvTiutKaa
7LExTHtqR50rhq74C2TRt1iNnPXJPXDJo1colylCFZSQQ1hbotwWzE+2IL84WGrS
S9Fefo62BSzjc1dZb6Q3jVY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:12 2024 by rpki-client on console-fra.rpki-client.org