Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v5iimLrRwh9HWW_Ok9rc7pDTi7c.roa
File:                     v5iimLrRwh9HWW_Ok9rc7pDTi7c.roa (raw, json)
Hash identifier:          bXa9H/Z2kMHg+2t3IlJ+u5iJh2qY+2eFBWVugkdiLlM=
Subject key identifier:   BF:98:A2:98:BA:D1:C2:1F:47:59:6F:CE:93:DA:DC:EE:90:D3:8B:B7
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018DD1430AC7D8016A4246DE7F91ECFB1396
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v5iimLrRwh9HWW_Ok9rc7pDTi7c.roa
Signing time:             Thu 22 Feb 2024 14:40:48 +0000
ROA not before:           Thu 22 Feb 2024 14:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39074
IP address blocks:        85.133.128.0/17 maxlen: 24
                          85.133.128.0/22 maxlen: 22
                          85.133.128.0/24 maxlen: 24
                          85.133.129.0/24 maxlen: 24
                          85.133.130.0/24 maxlen: 24
                          85.133.131.0/24 maxlen: 24
                          85.133.133.0/24 maxlen: 24
                          85.133.134.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.136.0/24 maxlen: 24
                          85.133.138.0/24 maxlen: 24
                          85.133.139.0/24 maxlen: 24
                          85.133.140.0/22 maxlen: 22
                          85.133.140.0/24 maxlen: 24
                          85.133.141.0/24 maxlen: 24
                          85.133.142.0/24 maxlen: 24
                          85.133.144.0/22 maxlen: 22
                          85.133.144.0/24 maxlen: 24
                          85.133.145.0/24 maxlen: 24
                          85.133.147.0/24 maxlen: 24
                          85.133.148.0/22 maxlen: 22
                          85.133.148.0/24 maxlen: 24
                          85.133.149.0/24 maxlen: 24
                          85.133.150.0/24 maxlen: 24
                          85.133.152.0/22 maxlen: 22
                          85.133.152.0/24 maxlen: 24
                          85.133.154.0/24 maxlen: 24
                          85.133.155.0/24 maxlen: 24
                          85.133.157.0/24 maxlen: 24
                          85.133.158.0/24 maxlen: 24
                          85.133.159.0/24 maxlen: 24
                          85.133.164.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24
                          85.133.168.0/22 maxlen: 24
                          85.133.172.0/22 maxlen: 24
                          85.133.172.0/24 maxlen: 24
                          85.133.176.0/22 maxlen: 24
                          85.133.180.0/22 maxlen: 24
                          85.133.184.0/22 maxlen: 24
                          85.133.188.0/22 maxlen: 22
                          85.133.189.0/24 maxlen: 24
                          85.133.192.0/22 maxlen: 22
                          85.133.196.0/22 maxlen: 22
                          85.133.196.0/24 maxlen: 24
                          85.133.197.0/24 maxlen: 24
                          85.133.200.0/22 maxlen: 24
                          85.133.204.0/24 maxlen: 24
                          85.133.206.0/24 maxlen: 24
                          85.133.207.0/24 maxlen: 24
                          85.133.209.0/24 maxlen: 24
                          85.133.210.0/23 maxlen: 24
                          85.133.211.0/24 maxlen: 24
                          85.133.212.0/22 maxlen: 22
                          85.133.212.0/24 maxlen: 24
                          85.133.213.0/24 maxlen: 24
                          85.133.218.0/24 maxlen: 24
                          85.133.220.0/22 maxlen: 22
                          85.133.220.0/24 maxlen: 24
                          85.133.223.0/24 maxlen: 24
                          85.133.224.0/22 maxlen: 22
                          85.133.224.0/24 maxlen: 24
                          85.133.225.0/24 maxlen: 24
                          85.133.226.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24
                          85.133.229.0/24 maxlen: 24
                          85.133.230.0/24 maxlen: 24
                          85.133.231.0/24 maxlen: 24
                          85.133.232.0/22 maxlen: 22
                          85.133.232.0/24 maxlen: 24
                          85.133.235.0/24 maxlen: 24
                          85.133.239.0/24 maxlen: 24
                          85.133.240.0/22 maxlen: 22
                          85.133.240.0/24 maxlen: 24
                          85.133.243.0/24 maxlen: 24
                          85.133.244.0/24 maxlen: 24
                          85.133.245.0/24 maxlen: 24
                          85.133.246.0/24 maxlen: 24
                          85.133.247.0/24 maxlen: 24
                          85.133.248.0/23 maxlen: 24
                          85.133.249.0/24 maxlen: 24
                          85.133.251.0/24 maxlen: 24
                          85.133.252.0/22 maxlen: 22
                          85.133.254.0/24 maxlen: 24
                          85.133.255.0/24 maxlen: 24
                          185.41.0.0/24 maxlen: 24
                          185.41.1.0/24 maxlen: 24
                          185.41.2.0/24 maxlen: 24
                          185.41.3.0/24 maxlen: 24
                          2a04:87c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 08:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:43:0a:c7:d8:01:6a:42:46:de:7f:91:ec:fb:13:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 22 14:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf98a298bad1c21f47596fce93dadcee90d38bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:57:b9:99:e6:c8:48:f9:e5:ac:73:30:66:bf:
                    5c:00:f3:d8:36:74:c3:38:fb:bc:10:84:ac:4f:8e:
                    41:2f:87:95:2e:51:0b:a1:cc:d4:ae:18:fa:fd:2a:
                    d8:c1:1d:ea:ff:ce:b1:b6:1a:af:69:68:e7:2a:f0:
                    a8:45:6c:82:a7:fd:a0:72:96:f7:33:45:e4:2e:ea:
                    24:59:df:59:f0:d3:5c:b0:ab:0d:9d:5a:c0:62:19:
                    7b:e5:5d:d4:07:30:0c:36:a1:3d:74:8b:8f:d8:00:
                    62:f3:1d:75:7f:2b:a9:24:af:a9:3f:7a:41:33:e2:
                    57:96:63:52:f4:2a:eb:3a:47:74:1d:a1:12:fd:47:
                    cf:4c:4f:d6:69:4a:b1:6a:ca:dd:8d:cf:1a:20:10:
                    f4:ec:03:f0:8e:02:28:c8:ae:3b:0c:2f:64:4c:b5:
                    4f:39:2a:2c:84:a5:7c:d8:2f:f7:19:71:99:0c:df:
                    2e:45:eb:59:5b:11:3f:f2:b6:84:de:07:c8:3f:96:
                    ac:cd:b5:8b:15:bc:2c:6f:15:97:fd:61:52:bf:7d:
                    d7:1d:5a:de:03:60:4b:66:3b:02:4f:84:c0:82:68:
                    fc:d0:5b:27:d6:7d:29:8b:3f:d8:c5:b0:00:f9:a9:
                    d9:8b:ac:3d:c9:0e:95:cc:88:b5:73:5c:5a:06:b0:
                    02:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:98:A2:98:BA:D1:C2:1F:47:59:6F:CE:93:DA:DC:EE:90:D3:8B:B7
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v5iimLrRwh9HWW_Ok9rc7pDTi7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.128.0/17
                  185.41.0.0/22
                IPv6:
                  2a04:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:ae:f8:98:19:d2:51:7c:ee:de:ff:9d:95:28:0a:e6:14:42:
         47:ca:46:9d:02:e5:9f:02:a1:c6:c3:f5:4e:ac:92:07:af:29:
         70:60:68:3c:14:28:e1:31:3b:0b:3f:c1:22:cc:34:87:c0:31:
         e6:ff:50:cc:45:ac:31:80:c6:f1:b5:03:3e:5e:54:28:e8:07:
         d2:af:0c:65:2c:58:d0:14:0f:66:51:13:bc:ba:69:bb:7e:b9:
         bf:da:41:65:2c:0b:09:9a:ce:90:09:71:f7:61:87:21:9a:6a:
         c8:b9:20:d2:6e:75:22:cc:a5:2d:bb:df:a6:5e:3c:28:2f:8f:
         1d:fe:4e:b9:e2:80:1d:f1:cc:9c:9e:47:dc:99:13:a6:8c:3e:
         09:45:0a:54:58:23:68:1e:9e:04:52:ff:39:53:a2:36:b0:b4:
         38:88:31:4a:9e:e9:00:2e:00:6e:65:ae:ee:13:3e:93:1d:af:
         bd:56:ac:66:e6:f1:8d:32:54:aa:b4:87:d2:11:b8:12:3e:b9:
         5a:a1:98:8e:09:a0:4e:7f:f4:94:29:25:f3:3e:bd:51:e4:99:
         a0:7d:97:18:35:a0:ed:93:d6:6e:97:4c:3e:74:1e:ea:79:b6:
         82:23:6c:82:ee:26:e8:4c:f2:51:d6:a3:7b:cd:f8:94:77:5e:
         8f:02:ca:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY3RQwrH2AFqQkbef5Hs+xOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjIyMTQ0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjk4YTI5OGJhZDFjMjFmNDc1OTZmY2U5M2RhZGNlZTkwZDM4YmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkle5mebISPnlrHMwZr9cAPPYNnTD
OPu8EISsT45BL4eVLlELoczUrhj6/SrYwR3q/86xthqvaWjnKvCoRWyCp/2gcpb3
M0XkLuokWd9Z8NNcsKsNnVrAYhl75V3UBzAMNqE9dIuP2ABi8x11fyupJK+pP3pB
M+JXlmNS9CrrOkd0HaES/UfPTE/WaUqxasrdjc8aIBD07APwjgIoyK47DC9kTLVP
OSoshKV82C/3GXGZDN8uRetZWxE/8raE3gfIP5aszbWLFbwsbxWX/WFSv33XHVre
A2BLZjsCT4TAgmj80Fsn1n0piz/YxbAA+anZi6w9yQ6VzIi1c1xaBrACoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL+Yopi60cIfR1lvzpPa3O6Q04u3MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdjVpaW1MclJ3aDlIV1dfT2s5cmM3cERUaTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHVYWAAwQC
uSkAMA0EAgACMAcDBQMqBIfAMA0GCSqGSIb3DQEBCwUAA4IBAQATrviYGdJRfO7e
/52VKArmFEJHykadAuWfAqHGw/VOrJIHrylwYGg8FCjhMTsLP8EizDSHwDHm/1DM
RawxgMbxtQM+XlQo6AfSrwxlLFjQFA9mURO8umm7frm/2kFlLAsJms6QCXH3YYch
mmrIuSDSbnUizKUtu9+mXjwoL48d/k654oAd8cycnkfcmROmjD4JRQpUWCNoHp4E
Uv85U6I2sLQ4iDFKnukALgBuZa7uEz6THa+9Vqxm5vGNMlSqtIfSEbgSPrlaoZiO
CaBOf/SUKSXzPr1R5JmgfZcYNaDtk9Zul0w+dB7qebaCI2yC7iboTPJR1qN7zfiU
d16PAspc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org