Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/OTjLb-aaTCs0LAacMiG1vuFzDsI.roa
File:                     OTjLb-aaTCs0LAacMiG1vuFzDsI.roa (raw, json)
Hash identifier:          eolQCMPFFmV5pCqqbVQlcFnc4Ol5+Mmu1Kq2967//KA=
Subject key identifier:   39:38:CB:6F:E6:9A:4C:2B:34:2C:06:9C:32:21:B5:BE:E1:73:0E:C2
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018B8AD598E1923E762BA903E742679A71BF
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/OTjLb-aaTCs0LAacMiG1vuFzDsI.roa
Signing time:             Wed 01 Nov 2023 12:22:15 +0000
ROA not before:           Wed 01 Nov 2023 12:22:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39074
IP address blocks:        85.133.231.0/24 maxlen: 24
                          85.133.232.0/24 maxlen: 24
                          85.133.232.0/22 maxlen: 22
                          85.133.229.0/24 maxlen: 24
                          85.133.230.0/24 maxlen: 24
                          85.133.239.0/24 maxlen: 24
                          85.133.240.0/24 maxlen: 24
                          85.133.235.0/24 maxlen: 24
                          85.133.240.0/22 maxlen: 22
                          85.133.245.0/24 maxlen: 24
                          85.133.246.0/24 maxlen: 24
                          85.133.243.0/24 maxlen: 24
                          85.133.244.0/24 maxlen: 24
                          85.133.247.0/24 maxlen: 24
                          85.133.248.0/23 maxlen: 24
                          85.133.249.0/24 maxlen: 24
                          85.133.251.0/24 maxlen: 24
                          85.133.252.0/22 maxlen: 22
                          85.133.254.0/24 maxlen: 24
                          85.133.255.0/24 maxlen: 24
                          85.133.179.0/24 maxlen: 24
                          85.133.176.0/22 maxlen: 24
                          85.133.184.0/22 maxlen: 24
                          85.133.180.0/22 maxlen: 24
                          85.133.189.0/24 maxlen: 24
                          85.133.188.0/22 maxlen: 22
                          85.133.192.0/22 maxlen: 22
                          85.133.196.0/24 maxlen: 24
                          85.133.197.0/24 maxlen: 24
                          85.133.196.0/22 maxlen: 22
                          85.133.203.0/24 maxlen: 24
                          85.133.204.0/24 maxlen: 24
                          85.133.200.0/22 maxlen: 22
                          85.133.206.0/24 maxlen: 24
                          85.133.200.0/24 maxlen: 24
                          85.133.201.0/24 maxlen: 24
                          85.133.204.0/22 maxlen: 22
                          85.133.210.0/23 maxlen: 24
                          85.133.211.0/24 maxlen: 24
                          85.133.212.0/24 maxlen: 24
                          85.133.213.0/24 maxlen: 24
                          85.133.207.0/24 maxlen: 24
                          85.133.212.0/22 maxlen: 22
                          85.133.208.0/24 maxlen: 24
                          85.133.209.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.220.0/24 maxlen: 24
                          85.133.220.0/22 maxlen: 22
                          85.133.225.0/24 maxlen: 24
                          85.133.226.0/24 maxlen: 24
                          85.133.223.0/24 maxlen: 24
                          85.133.224.0/22 maxlen: 22
                          85.133.130.0/24 maxlen: 24
                          85.133.131.0/24 maxlen: 24
                          85.133.128.0/17 maxlen: 24
                          85.133.128.0/24 maxlen: 24
                          85.133.129.0/24 maxlen: 24
                          85.133.128.0/22 maxlen: 22
                          85.133.134.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.136.0/24 maxlen: 24
                          85.133.133.0/24 maxlen: 24
                          85.133.138.0/24 maxlen: 24
                          85.133.139.0/24 maxlen: 24
                          85.133.144.0/22 maxlen: 22
                          85.133.144.0/24 maxlen: 24
                          85.133.145.0/24 maxlen: 24
                          85.133.140.0/22 maxlen: 22
                          85.133.141.0/24 maxlen: 24
                          85.133.142.0/24 maxlen: 24
                          85.133.140.0/24 maxlen: 24
                          85.133.148.0/24 maxlen: 24
                          85.133.149.0/24 maxlen: 24
                          85.133.150.0/24 maxlen: 24
                          85.133.148.0/22 maxlen: 22
                          85.133.147.0/24 maxlen: 24
                          85.133.152.0/22 maxlen: 22
                          85.133.152.0/24 maxlen: 24
                          85.133.158.0/24 maxlen: 24
                          85.133.159.0/24 maxlen: 24
                          85.133.155.0/24 maxlen: 24
                          85.133.156.0/24 maxlen: 24
                          85.133.157.0/24 maxlen: 24
                          85.133.154.0/24 maxlen: 24
                          85.133.162.0/24 maxlen: 24
                          85.133.163.0/24 maxlen: 24
                          85.133.164.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24
                          85.133.172.0/24 maxlen: 24
                          85.133.172.0/22 maxlen: 24
                          85.133.168.0/22 maxlen: 24
                          185.41.0.0/24 maxlen: 24
                          185.41.1.0/24 maxlen: 24
                          185.41.2.0/24 maxlen: 24
                          185.41.3.0/24 maxlen: 24
                          2a04:87c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 12:27:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8a:d5:98:e1:92:3e:76:2b:a9:03:e7:42:67:9a:71:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Nov  1 12:22:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3938cb6fe69a4c2b342c069c3221b5bee1730ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fb:56:e5:61:54:9b:03:62:da:29:6d:6f:2e:
                    cb:25:2d:6e:6f:52:c5:47:28:2a:a8:0f:80:09:3c:
                    cd:12:c3:53:b5:34:3d:f7:49:df:16:87:e6:4c:88:
                    fb:2d:7d:06:ad:e5:93:c7:d7:fd:82:98:f9:b6:f9:
                    45:34:61:9a:ff:31:fe:2e:60:cb:b0:a5:04:1a:86:
                    33:81:2d:aa:9f:7e:59:28:48:5c:32:33:af:07:87:
                    f7:14:8d:10:fc:e3:39:df:18:28:53:95:ab:7b:dd:
                    cb:81:10:b5:0c:eb:ea:45:13:ff:08:31:1a:63:7f:
                    6f:2d:e6:e4:3f:e2:b6:59:b5:08:f8:6e:85:70:31:
                    78:09:39:35:48:ac:45:9c:c2:4c:86:66:98:2b:47:
                    97:a1:32:e6:be:e7:f7:f4:1e:6a:91:2e:a2:69:fb:
                    4a:22:de:be:aa:34:a7:80:76:75:e9:31:09:a2:63:
                    6d:44:63:b9:64:81:7d:3c:46:66:07:2a:c4:9f:1f:
                    d4:14:47:3c:9a:4d:51:9e:09:e7:59:3b:7a:d9:8d:
                    ff:5d:ec:d4:c0:2b:46:36:64:73:24:09:74:3b:23:
                    2d:9a:f7:a2:d1:e7:b1:76:e0:9f:ef:cf:d8:1e:a1:
                    34:34:65:67:7d:4f:2c:80:13:21:74:fd:79:9f:47:
                    01:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:38:CB:6F:E6:9A:4C:2B:34:2C:06:9C:32:21:B5:BE:E1:73:0E:C2
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/OTjLb-aaTCs0LAacMiG1vuFzDsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.128.0/17
                  185.41.0.0/22
                IPv6:
                  2a04:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:02:85:38:2e:f8:68:f7:81:17:e5:45:0a:83:49:f7:e6:61:
         60:76:af:44:04:08:df:25:ca:9c:6a:9a:ed:42:61:89:ca:af:
         fe:ed:ec:ba:17:33:ec:85:48:ec:7a:a0:56:33:26:e6:cf:c8:
         a6:f5:01:86:a0:b7:b1:bb:db:1e:b0:f0:f8:a1:22:18:0d:3f:
         6e:90:c0:9e:c6:c6:f7:22:e5:17:5e:ab:3c:3e:07:92:07:9b:
         69:2b:c3:1a:f0:08:d9:73:b5:8e:4f:1c:ab:b8:af:b9:0f:34:
         ee:75:d7:cc:48:77:82:a6:b8:14:70:7e:d8:51:c4:f2:9a:a1:
         ed:a5:af:3e:b0:86:dc:40:8a:89:5b:ed:c6:db:05:eb:d2:93:
         cc:0b:1a:3f:b0:23:ae:71:54:3c:ea:c5:0f:f9:75:f8:b4:d6:
         91:fc:46:ff:1b:29:35:f9:1e:e9:aa:fe:ff:2e:ce:81:3f:d0:
         83:c6:5e:32:04:d5:c5:7a:57:f4:eb:b4:b1:1b:75:2a:d1:37:
         a2:c1:91:e5:f1:41:5b:46:4e:3e:37:e4:54:2d:71:48:64:ab:
         47:26:8e:62:bd:25:48:c8:2b:e2:13:cd:ed:d9:b4:26:0a:7b:
         b0:ee:34:4e:62:dd:70:bd:fb:b6:1f:4d:6c:5e:0d:95:48:f7:
         4e:d6:f9:81
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYuK1Zjhkj52K6kD50JnmnG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMxMTAxMTIyMjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM4Y2I2ZmU2OWE0YzJiMzQyYzA2OWMzMjIxYjViZWUxNzMwZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/tW5WFUmwNi2iltby7LJS1ub1LF
RygqqA+ACTzNEsNTtTQ990nfFofmTIj7LX0GreWTx9f9gpj5tvlFNGGa/zH+LmDL
sKUEGoYzgS2qn35ZKEhcMjOvB4f3FI0Q/OM53xgoU5Wre93LgRC1DOvqRRP/CDEa
Y39vLebkP+K2WbUI+G6FcDF4CTk1SKxFnMJMhmaYK0eXoTLmvuf39B5qkS6iaftK
It6+qjSngHZ16TEJomNtRGO5ZIF9PEZmByrEnx/UFEc8mk1RngnnWTt62Y3/XezU
wCtGNmRzJAl0OyMtmvei0eexduCf78/YHqE0NGVnfU8sgBMhdP15n0cBpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDk4y2/mmkwrNCwGnDIhtb7hcw7CMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvT1RqTGItYWFUQ3MwTEFhY01pRzF2dUZ6RHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHVYWAAwQC
uSkAMA0EAgACMAcDBQMqBIfAMA0GCSqGSIb3DQEBCwUAA4IBAQCiAoU4Lvho94EX
5UUKg0n35mFgdq9EBAjfJcqcaprtQmGJyq/+7ey6FzPshUjseqBWMybmz8im9QGG
oLexu9sesPD4oSIYDT9ukMCexsb3IuUXXqs8PgeSB5tpK8Ma8AjZc7WOTxyruK+5
DzTuddfMSHeCprgUcH7YUcTymqHtpa8+sIbcQIqJW+3G2wXr0pPMCxo/sCOucVQ8
6sUP+XX4tNaR/Eb/Gyk1+R7pqv7/Ls6BP9CDxl4yBNXFelf067SxG3Uq0TeiwZHl
8UFbRk4+N+RULXFIZKtHJo5ivSVIyCviE83t2bQmCnuw7jROYt1wvfu2H01sXg2V
SPdO1vmB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:01 2024 by rpki-client on console-ams.rpki-client.org