Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vHgEMZyoY9wewBywGJhXMg0951s.roa
File:                     vHgEMZyoY9wewBywGJhXMg0951s.roa (raw, json)
Hash identifier:          6WXLfLDMzHa9UVq1xjN3QGDDQ3zoeW7eXXU8YyB5Zk4=
Subject key identifier:   BC:78:04:31:9C:A8:63:DC:1E:C0:1C:B0:18:98:57:32:0D:3D:E7:5B
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018DBB23301FB919CC562C5D1477A600FED7
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vHgEMZyoY9wewBywGJhXMg0951s.roa
Signing time:             Sun 18 Feb 2024 07:34:21 +0000
ROA not before:           Sun 18 Feb 2024 07:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39074
IP address blocks:        85.133.128.0/17 maxlen: 24
                          85.133.128.0/22 maxlen: 22
                          85.133.128.0/24 maxlen: 24
                          85.133.129.0/24 maxlen: 24
                          85.133.130.0/24 maxlen: 24
                          85.133.131.0/24 maxlen: 24
                          85.133.133.0/24 maxlen: 24
                          85.133.134.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.136.0/24 maxlen: 24
                          85.133.138.0/24 maxlen: 24
                          85.133.139.0/24 maxlen: 24
                          85.133.140.0/22 maxlen: 22
                          85.133.140.0/24 maxlen: 24
                          85.133.141.0/24 maxlen: 24
                          85.133.142.0/24 maxlen: 24
                          85.133.144.0/22 maxlen: 22
                          85.133.144.0/24 maxlen: 24
                          85.133.145.0/24 maxlen: 24
                          85.133.147.0/24 maxlen: 24
                          85.133.148.0/22 maxlen: 22
                          85.133.148.0/24 maxlen: 24
                          85.133.149.0/24 maxlen: 24
                          85.133.150.0/24 maxlen: 24
                          85.133.152.0/22 maxlen: 22
                          85.133.152.0/24 maxlen: 24
                          85.133.154.0/24 maxlen: 24
                          85.133.155.0/24 maxlen: 24
                          85.133.157.0/24 maxlen: 24
                          85.133.158.0/24 maxlen: 24
                          85.133.159.0/24 maxlen: 24
                          85.133.164.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24
                          85.133.168.0/22 maxlen: 24
                          85.133.172.0/22 maxlen: 24
                          85.133.172.0/24 maxlen: 24
                          85.133.176.0/22 maxlen: 24
                          85.133.180.0/22 maxlen: 24
                          85.133.184.0/22 maxlen: 24
                          85.133.188.0/22 maxlen: 22
                          85.133.189.0/24 maxlen: 24
                          85.133.192.0/22 maxlen: 22
                          85.133.196.0/22 maxlen: 22
                          85.133.196.0/24 maxlen: 24
                          85.133.197.0/24 maxlen: 24
                          85.133.204.0/24 maxlen: 24
                          85.133.206.0/24 maxlen: 24
                          85.133.207.0/24 maxlen: 24
                          85.133.209.0/24 maxlen: 24
                          85.133.210.0/23 maxlen: 24
                          85.133.211.0/24 maxlen: 24
                          85.133.212.0/22 maxlen: 22
                          85.133.212.0/24 maxlen: 24
                          85.133.213.0/24 maxlen: 24
                          85.133.218.0/24 maxlen: 24
                          85.133.220.0/22 maxlen: 22
                          85.133.220.0/24 maxlen: 24
                          85.133.223.0/24 maxlen: 24
                          85.133.224.0/22 maxlen: 22
                          85.133.224.0/24 maxlen: 24
                          85.133.225.0/24 maxlen: 24
                          85.133.226.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24
                          85.133.229.0/24 maxlen: 24
                          85.133.230.0/24 maxlen: 24
                          85.133.231.0/24 maxlen: 24
                          85.133.232.0/22 maxlen: 22
                          85.133.232.0/24 maxlen: 24
                          85.133.235.0/24 maxlen: 24
                          85.133.239.0/24 maxlen: 24
                          85.133.240.0/22 maxlen: 22
                          85.133.240.0/24 maxlen: 24
                          85.133.243.0/24 maxlen: 24
                          85.133.244.0/24 maxlen: 24
                          85.133.245.0/24 maxlen: 24
                          85.133.246.0/24 maxlen: 24
                          85.133.247.0/24 maxlen: 24
                          85.133.248.0/23 maxlen: 24
                          85.133.249.0/24 maxlen: 24
                          85.133.251.0/24 maxlen: 24
                          85.133.252.0/22 maxlen: 22
                          85.133.254.0/24 maxlen: 24
                          85.133.255.0/24 maxlen: 24
                          185.41.0.0/24 maxlen: 24
                          185.41.1.0/24 maxlen: 24
                          185.41.2.0/24 maxlen: 24
                          185.41.3.0/24 maxlen: 24
                          2a04:87c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 22 Feb 2024 14:40:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bb:23:30:1f:b9:19:cc:56:2c:5d:14:77:a6:00:fe:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 18 07:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc7804319ca863dc1ec01cb0189857320d3de75b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:88:9a:9e:b2:59:b1:4b:69:ec:7a:46:5c:56:
                    f5:f6:f7:bb:5c:d0:35:21:33:73:38:2d:52:08:82:
                    4c:77:03:a7:3a:f7:05:dd:68:24:2d:ef:b5:eb:11:
                    c6:95:52:27:a7:4b:25:e7:11:e1:9c:97:db:c0:d5:
                    93:1c:dc:e1:5c:41:89:af:08:71:a0:b2:45:ee:0c:
                    62:10:3e:d1:6d:62:bd:f5:f6:c8:9b:cf:70:09:bc:
                    3a:37:f5:8b:a4:96:c4:5f:df:21:98:ad:2c:f0:5e:
                    84:11:9d:05:e4:1f:e0:cb:cb:a9:1d:77:90:2e:13:
                    17:28:b5:1d:62:06:f0:4b:df:06:d1:59:bc:02:27:
                    c7:64:9c:6c:34:34:46:bf:ca:3b:7d:b5:e1:a5:8a:
                    d1:37:fc:b2:d1:17:30:e9:06:3a:70:31:41:9c:ae:
                    ad:e2:32:d1:52:64:99:f7:31:14:a7:c5:c2:52:f4:
                    3d:35:09:98:65:d2:d3:ec:f1:e6:c4:d5:12:8b:7b:
                    b4:f7:4c:12:0f:3a:7c:31:c4:35:7d:24:ff:e5:e1:
                    bc:1b:8a:60:dc:b9:46:cb:a8:f5:21:c3:4c:5f:73:
                    76:5b:66:73:14:1f:a6:09:67:03:28:1a:7d:2f:42:
                    3b:8b:b0:90:58:7b:06:de:a2:aa:12:88:df:a3:5b:
                    2e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:78:04:31:9C:A8:63:DC:1E:C0:1C:B0:18:98:57:32:0D:3D:E7:5B
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vHgEMZyoY9wewBywGJhXMg0951s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.128.0/17
                  185.41.0.0/22
                IPv6:
                  2a04:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:d6:71:05:c7:c5:99:b2:15:3d:be:3e:16:d5:f7:59:2c:87:
         cf:59:20:a3:cb:07:f8:c4:e9:1d:05:0b:31:2c:22:ce:b9:23:
         f0:dc:63:8b:a3:08:96:25:a7:f9:c0:05:78:67:48:69:da:a2:
         24:34:4f:bf:03:9c:8e:10:e4:87:b3:bd:da:1b:c0:55:3b:5a:
         72:1f:02:db:6c:cf:dd:e6:e7:8a:b1:23:4a:96:a0:69:6c:73:
         0f:35:df:a2:2b:82:ef:26:1b:38:15:df:21:4c:aa:d6:42:35:
         77:d7:63:88:ce:47:e8:6f:7c:d6:1c:b1:10:aa:aa:08:46:a6:
         72:cc:e2:0b:3d:a1:43:8e:38:b5:2d:0c:a8:35:00:28:55:6e:
         b4:ac:f9:d8:88:b2:04:d2:f7:50:93:ad:81:d2:9c:03:23:08:
         f0:58:5d:6a:dc:2a:c2:5f:2c:a6:2e:d9:1c:b9:11:44:6b:9c:
         61:d0:dc:43:53:4a:ec:9b:b7:4f:7e:b2:b4:41:42:9f:f3:4b:
         49:b5:6a:9c:66:bc:08:02:30:11:fe:37:be:6d:89:85:a8:37:
         45:45:43:e4:69:d7:91:df:a5:fb:b5:28:91:0c:a6:36:2f:86:
         51:5f:6b:dc:37:cc:81:5f:4f:d1:8a:8f:3d:38:21:83:34:51:
         60:20:80:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY27IzAfuRnMVixdFHemAP7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjE4MDczNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzc4MDQzMTljYTg2M2RjMWVjMDFjYjAxODk4NTczMjBkM2RlNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoianrJZsUtp7HpGXFb19ve7XNA1
ITNzOC1SCIJMdwOnOvcF3WgkLe+16xHGlVInp0sl5xHhnJfbwNWTHNzhXEGJrwhx
oLJF7gxiED7RbWK99fbIm89wCbw6N/WLpJbEX98hmK0s8F6EEZ0F5B/gy8upHXeQ
LhMXKLUdYgbwS98G0Vm8AifHZJxsNDRGv8o7fbXhpYrRN/yy0Rcw6QY6cDFBnK6t
4jLRUmSZ9zEUp8XCUvQ9NQmYZdLT7PHmxNUSi3u090wSDzp8McQ1fST/5eG8G4pg
3LlGy6j1IcNMX3N2W2ZzFB+mCWcDKBp9L0I7i7CQWHsG3qKqEojfo1suZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLx4BDGcqGPcHsAcsBiYVzINPedbMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdkhnRU1aeW9ZOXdld0J5d0dKaFhNZzA5NTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHVYWAAwQC
uSkAMA0EAgACMAcDBQMqBIfAMA0GCSqGSIb3DQEBCwUAA4IBAQBV1nEFx8WZshU9
vj4W1fdZLIfPWSCjywf4xOkdBQsxLCLOuSPw3GOLowiWJaf5wAV4Z0hp2qIkNE+/
A5yOEOSHs73aG8BVO1pyHwLbbM/d5ueKsSNKlqBpbHMPNd+iK4LvJhs4Fd8hTKrW
QjV312OIzkfob3zWHLEQqqoIRqZyzOILPaFDjji1LQyoNQAoVW60rPnYiLIE0vdQ
k62B0pwDIwjwWF1q3CrCXyymLtkcuRFEa5xh0NxDU0rsm7dPfrK0QUKf80tJtWqc
ZrwIAjAR/je+bYmFqDdFRUPkadeR36X7tSiRDKY2L4ZRX2vcN8yBX0/Rio89OCGD
NFFgIIBc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org