Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ks6JpXGP3-CxUG9GRKyNB_zwXJw.roa
File:                     ks6JpXGP3-CxUG9GRKyNB_zwXJw.roa (raw, json)
Hash identifier:          IwPBP/hEa1q+A0mPrbE4MCdUXc6tRUs1gvvEO4j3fuA=
Subject key identifier:   92:CE:89:A5:71:8F:DF:E0:B1:50:6F:46:44:AC:8D:07:FC:F0:5C:9C
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01872CBD80808939DB5C7639532B9B8072C8
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ks6JpXGP3-CxUG9GRKyNB_zwXJw.roa
Signing time:             Wed 29 Mar 2023 09:40:29 +0000
ROA not before:           Wed 29 Mar 2023 09:40:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        85.133.178.0/24 maxlen: 24
                          85.133.179.0/24 maxlen: 24
                          85.133.216.0/24 maxlen: 24
                          85.133.217.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.137.0/24 maxlen: 24
                          85.133.253.0/24 maxlen: 24
                          85.133.146.0/24 maxlen: 24
                          85.133.156.0/24 maxlen: 24
                          185.41.0.0/22 maxlen: 24
                          85.133.165.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 18:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2c:bd:80:80:89:39:db:5c:76:39:53:2b:9b:80:72:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Mar 29 09:40:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=92ce89a5718fdfe0b1506f4644ac8d07fcf05c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:07:2b:93:08:9f:a9:57:1d:3e:63:d9:70:c7:
                    cf:a4:b3:52:46:d5:08:d7:b0:3c:83:8d:fe:c3:2f:
                    a5:db:0e:03:40:03:bf:5d:d0:48:9f:3a:e6:eb:51:
                    b5:21:e6:7d:a9:0f:1f:e2:25:b5:52:d9:3f:8c:a6:
                    23:54:cf:7f:49:4b:68:01:5c:05:57:4b:94:ac:d7:
                    6d:29:d7:c7:49:05:1f:92:d2:52:84:26:8e:86:68:
                    51:5f:d7:a1:31:bf:33:d2:9e:9e:00:9c:57:5d:61:
                    73:c0:b0:de:bf:d8:48:e7:aa:57:ed:98:c5:5a:9d:
                    f5:e7:58:ea:0f:66:eb:ef:9c:8a:5c:88:43:72:e0:
                    51:84:f4:9a:71:d9:52:25:36:ee:70:60:d5:cf:3a:
                    dc:86:83:e7:da:0d:3a:24:d4:71:3f:c4:bb:19:f8:
                    9e:cb:34:71:a6:8b:d0:3c:3b:96:03:5a:47:05:dc:
                    44:8d:e8:6b:1d:ce:9b:8e:a2:01:c2:6a:11:7d:01:
                    0b:79:e7:5f:70:06:82:dd:94:53:55:73:5d:cf:fa:
                    98:4c:1f:78:4a:b9:dd:d5:03:f6:44:b9:a3:ba:36:
                    72:a5:f3:1e:d4:6f:66:59:a5:1f:a0:75:dd:fd:41:
                    cc:23:51:04:17:a3:81:e0:e4:85:98:2d:ad:c8:d4:
                    74:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CE:89:A5:71:8F:DF:E0:B1:50:6F:46:44:AC:8D:07:FC:F0:5C:9C
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ks6JpXGP3-CxUG9GRKyNB_zwXJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.137.0/24
                  85.133.146.0/24
                  85.133.156.0/24
                  85.133.165.0/24
                  85.133.178.0/23
                  85.133.215.0-85.133.217.255
                  85.133.253.0/24
                  185.41.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:68:76:54:79:ea:49:7f:6d:63:e2:37:f9:a3:d5:98:9d:8e:
         2d:9e:f9:01:69:39:cf:86:45:2c:67:9b:77:87:29:f6:b0:e7:
         fb:4d:b3:8f:3d:f0:e9:1b:7b:40:33:45:5c:4d:06:45:d2:bc:
         8a:53:44:c0:99:7f:0c:0b:30:07:a9:6f:a6:01:bb:33:d9:9a:
         c2:6b:06:d1:46:44:46:30:d1:53:2d:48:fe:f5:82:03:49:ac:
         86:e2:02:76:0e:04:38:53:4a:0d:c3:1b:c7:31:fe:bf:8e:3b:
         13:cb:10:54:cf:cb:a0:ba:f5:34:5c:f5:57:82:5c:c5:49:83:
         8a:d8:78:e1:6f:c6:5d:a2:fe:87:3c:d1:f7:62:4f:aa:61:0f:
         e7:ea:06:2c:bb:fe:0d:3e:80:9c:17:f2:76:f7:63:17:db:6d:
         2a:35:fb:54:cb:77:3e:50:13:fd:f1:af:0c:59:97:30:63:d3:
         07:b8:82:89:23:a0:aa:d9:54:6f:a4:4e:9e:81:4e:c1:ea:32:
         9f:a4:f8:d0:ee:54:ee:35:eb:22:94:77:63:52:23:a7:d6:cd:
         a8:4d:15:dd:82:14:84:39:67:63:e7:2c:ec:29:bb:3e:b6:8d:
         19:fa:af:a1:cf:31:7e:35:f6:56:9d:e3:9b:58:46:0f:83:cf:
         38:c4:6b:d7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYcsvYCAiTnbXHY5UyubgHLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMwMzI5MDk0MDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmNlODlhNTcxOGZkZmUwYjE1MDZmNDY0NGFjOGQwN2ZjZjA1YzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwcrkwifqVcdPmPZcMfPpLNSRtUI
17A8g43+wy+l2w4DQAO/XdBInzrm61G1IeZ9qQ8f4iW1Utk/jKYjVM9/SUtoAVwF
V0uUrNdtKdfHSQUfktJShCaOhmhRX9ehMb8z0p6eAJxXXWFzwLDev9hI56pX7ZjF
Wp3151jqD2br75yKXIhDcuBRhPSacdlSJTbucGDVzzrchoPn2g06JNRxP8S7Gfie
yzRxpovQPDuWA1pHBdxEjehrHc6bjqIBwmoRfQELeedfcAaC3ZRTVXNdz/qYTB94
Srnd1QP2RLmjujZypfMe1G9mWaUfoHXd/UHMI1EEF6OB4OSFmC2tyNR0BwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJLOiaVxj9/gsVBvRkSsjQf88FycMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEva3M2SnBYR1AzLUN4VUc5R1JLeU5CX3p3WEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVYWJAwQA
VYWSAwQAVYWcAwQAVYWlAwQBVYWyMAwDBABVhdcDBAFVhdgDBABVhf0DBAK5KQAw
DQYJKoZIhvcNAQELBQADggEBAIVodlR56kl/bWPiN/mj1Zidji2e+QFpOc+GRSxn
m3eHKfaw5/tNs4898Okbe0AzRVxNBkXSvIpTRMCZfwwLMAepb6YBuzPZmsJrBtFG
REYw0VMtSP71ggNJrIbiAnYOBDhTSg3DG8cx/r+OOxPLEFTPy6C69TRc9VeCXMVJ
g4rYeOFvxl2i/oc80fdiT6phD+fqBiy7/g0+gJwX8nb3YxfbbSo1+1TLdz5QE/3x
rwxZlzBj0we4gokjoKrZVG+kTp6BTsHqMp+k+NDuVO416yKUd2NSI6fWzahNFd2C
FIQ5Z2PnLOwpuz62jRn6r6HPMX419lad45tYRg+DzzjEa9c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org