Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vfAIFN8zvHj0kPb5b6kbFc6SD90.roa
File:                     vfAIFN8zvHj0kPb5b6kbFc6SD90.roa (raw, json)
Hash identifier:          LAug1RtMAOop1zkemjIRKJHCeoSrC5xNvgGE8YlPPHc=
Subject key identifier:   BD:F0:08:14:DF:33:BC:78:F4:90:F6:F9:6F:A9:1B:15:CE:92:0F:DD
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018F80C9E390AE03F0B9C60272C0D471D3AE
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vfAIFN8zvHj0kPb5b6kbFc6SD90.roa
Signing time:             Thu 16 May 2024 09:44:25 +0000
ROA not before:           Thu 16 May 2024 09:44:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39074
IP address blocks:        85.133.128.0/17 maxlen: 24
                          85.133.128.0/22 maxlen: 22
                          85.133.128.0/24 maxlen: 24
                          85.133.129.0/24 maxlen: 24
                          85.133.130.0/24 maxlen: 24
                          85.133.131.0/24 maxlen: 24
                          85.133.133.0/24 maxlen: 24
                          85.133.134.0/24 maxlen: 24
                          85.133.135.0/24 maxlen: 24
                          85.133.136.0/24 maxlen: 24
                          85.133.138.0/24 maxlen: 24
                          85.133.139.0/24 maxlen: 24
                          85.133.140.0/22 maxlen: 22
                          85.133.140.0/24 maxlen: 24
                          85.133.141.0/24 maxlen: 24
                          85.133.142.0/24 maxlen: 24
                          85.133.144.0/22 maxlen: 22
                          85.133.144.0/24 maxlen: 24
                          85.133.145.0/24 maxlen: 24
                          85.133.147.0/24 maxlen: 24
                          85.133.148.0/22 maxlen: 22
                          85.133.148.0/24 maxlen: 24
                          85.133.149.0/24 maxlen: 24
                          85.133.150.0/24 maxlen: 24
                          85.133.152.0/22 maxlen: 22
                          85.133.152.0/24 maxlen: 24
                          85.133.154.0/24 maxlen: 24
                          85.133.155.0/24 maxlen: 24
                          85.133.157.0/24 maxlen: 24
                          85.133.158.0/24 maxlen: 24
                          85.133.159.0/24 maxlen: 24
                          85.133.164.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24
                          85.133.168.0/22 maxlen: 24
                          85.133.172.0/22 maxlen: 24
                          85.133.172.0/24 maxlen: 24
                          85.133.176.0/22 maxlen: 24
                          85.133.180.0/22 maxlen: 24
                          85.133.184.0/22 maxlen: 24
                          85.133.188.0/22 maxlen: 22
                          85.133.189.0/24 maxlen: 24
                          85.133.192.0/22 maxlen: 22
                          85.133.196.0/22 maxlen: 22
                          85.133.196.0/24 maxlen: 24
                          85.133.197.0/24 maxlen: 24
                          85.133.204.0/24 maxlen: 24
                          85.133.206.0/24 maxlen: 24
                          85.133.207.0/24 maxlen: 24
                          85.133.209.0/24 maxlen: 24
                          85.133.210.0/23 maxlen: 24
                          85.133.211.0/24 maxlen: 24
                          85.133.212.0/22 maxlen: 22
                          85.133.212.0/24 maxlen: 24
                          85.133.213.0/24 maxlen: 24
                          85.133.220.0/22 maxlen: 22
                          85.133.220.0/24 maxlen: 24
                          85.133.223.0/24 maxlen: 24
                          85.133.224.0/22 maxlen: 22
                          85.133.224.0/24 maxlen: 24
                          85.133.225.0/24 maxlen: 24
                          85.133.226.0/24 maxlen: 24
                          85.133.229.0/24 maxlen: 24
                          85.133.230.0/24 maxlen: 24
                          85.133.231.0/24 maxlen: 24
                          85.133.232.0/22 maxlen: 22
                          85.133.232.0/24 maxlen: 24
                          85.133.235.0/24 maxlen: 24
                          85.133.239.0/24 maxlen: 24
                          85.133.240.0/22 maxlen: 22
                          85.133.240.0/24 maxlen: 24
                          85.133.243.0/24 maxlen: 24
                          85.133.244.0/24 maxlen: 24
                          85.133.245.0/24 maxlen: 24
                          85.133.246.0/24 maxlen: 24
                          85.133.247.0/24 maxlen: 24
                          85.133.248.0/23 maxlen: 24
                          85.133.249.0/24 maxlen: 24
                          85.133.251.0/24 maxlen: 24
                          85.133.252.0/22 maxlen: 22
                          85.133.254.0/24 maxlen: 24
                          85.133.255.0/24 maxlen: 24
                          185.41.1.0/24 maxlen: 24
                          185.41.2.0/24 maxlen: 24
                          185.41.3.0/24 maxlen: 24
                          2a04:87c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 18 May 2024 16:15:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:c9:e3:90:ae:03:f0:b9:c6:02:72:c0:d4:71:d3:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: May 16 09:44:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdf00814df33bc78f490f6f96fa91b15ce920fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a2:e2:95:1e:46:9f:b7:23:fb:25:b7:30:89:
                    74:dd:cc:fd:83:e4:7f:42:07:fd:ea:90:d1:fa:d1:
                    26:c4:b3:6f:1a:3f:59:29:f3:78:9f:e2:ef:e2:51:
                    cf:04:86:5a:4a:bc:31:78:c2:fa:1e:de:b8:5a:36:
                    f3:dc:58:b4:10:4f:bd:07:ee:27:c9:d4:71:58:6f:
                    5d:ee:ed:ca:f7:9b:41:ed:e4:7d:be:da:26:bf:48:
                    41:8e:9b:9f:9f:d8:d5:dc:f0:84:99:0f:f3:5e:c8:
                    fa:0e:48:3a:36:cc:fc:9c:db:1c:c9:d8:ed:fb:3d:
                    ca:05:5b:1e:95:dc:b7:b2:4e:81:e7:12:1f:c8:1b:
                    a7:02:d2:12:f9:f4:02:4e:59:ad:b1:83:21:d6:b3:
                    10:6f:65:4d:3c:1f:2f:d7:e8:e8:03:d9:1b:f6:c6:
                    29:e4:49:27:1f:69:1d:c3:d2:69:f2:bc:34:18:bd:
                    b8:f1:08:15:ac:f3:e1:91:19:dc:eb:9a:db:2a:f0:
                    77:36:d6:d2:7b:f9:18:21:e8:d9:2c:5e:19:a9:c6:
                    45:df:24:ce:6e:43:d2:b0:01:b7:48:72:3f:02:0e:
                    2d:5e:7d:ee:bb:38:7a:96:e0:7f:37:ac:2d:dc:85:
                    bc:70:6e:9b:5e:b7:6c:e7:4b:3a:e5:76:9f:c1:b9:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F0:08:14:DF:33:BC:78:F4:90:F6:F9:6F:A9:1B:15:CE:92:0F:DD
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/vfAIFN8zvHj0kPb5b6kbFc6SD90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.128.0/17
                  185.41.1.0-185.41.3.255
                IPv6:
                  2a04:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:bd:a8:8c:20:7b:12:5f:dd:74:e7:bd:cb:44:95:b1:4c:3f:
         d3:e4:59:9e:e7:1c:cb:a5:b5:a7:49:c0:83:b3:35:ee:58:56:
         3e:6f:29:2d:fb:b5:cf:ea:cb:fa:49:2e:7b:07:cf:47:8f:88:
         53:72:7f:48:f7:92:82:14:74:07:f2:8e:51:e9:cc:e7:cd:42:
         c5:64:cc:37:ee:e8:b3:5e:08:a8:18:87:cf:85:bd:8d:82:66:
         b2:6d:d0:74:71:3a:2f:69:9f:3c:c3:5d:b7:b7:e2:e4:8d:0e:
         63:bb:69:0b:7e:e4:6a:e9:c9:9c:a2:1a:74:b3:77:3c:7c:6a:
         fd:46:07:c2:66:75:0b:a0:d7:b3:36:fd:9c:06:7b:e1:59:44:
         fc:fb:9f:f6:9f:68:c7:c4:84:37:25:e0:7e:0a:b8:44:0d:84:
         79:89:33:51:0c:79:71:2e:10:ce:a0:b1:87:d3:88:ff:ef:9e:
         f0:20:df:e6:aa:cd:06:37:dd:ff:3b:b4:5a:ef:f8:44:37:53:
         22:0d:d4:90:74:f5:08:9a:f0:83:76:d9:21:66:83:6d:8e:ae:
         07:97:94:1c:74:45:9b:63:8f:15:96:00:22:3b:de:ab:b9:b7:
         ca:71:e4:10:31:03:93:0b:d5:de:4b:04:33:33:1d:fb:02:b5:
         82:81:e4:0e
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY+AyeOQrgPwucYCcsDUcdOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwNTE2MDk0NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGYwMDgxNGRmMzNiYzc4ZjQ5MGY2Zjk2ZmE5MWIxNWNlOTIwZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqLilR5Gn7cj+yW3MIl03cz9g+R/
Qgf96pDR+tEmxLNvGj9ZKfN4n+Lv4lHPBIZaSrwxeML6Ht64Wjbz3Fi0EE+9B+4n
ydRxWG9d7u3K95tB7eR9vtomv0hBjpufn9jV3PCEmQ/zXsj6Dkg6Nsz8nNscydjt
+z3KBVseldy3sk6B5xIfyBunAtIS+fQCTlmtsYMh1rMQb2VNPB8v1+joA9kb9sYp
5EknH2kdw9Jp8rw0GL248QgVrPPhkRnc65rbKvB3NtbSe/kYIejZLF4ZqcZF3yTO
bkPSsAG3SHI/Ag4tXn3uuzh6luB/N6wt3IW8cG6bXrds50s65XafwbnMpwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFL3wCBTfM7x49JD2+W+pGxXOkg/dMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdmZBSUZOOHp2SGowa1BiNWI2a2JGYzZTRDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQHVYWAMAwD
BAC5KQEDBAK5KQAwDQQCAAIwBwMFAyoEh8AwDQYJKoZIhvcNAQELBQADggEBAJe9
qIwgexJf3XTnvctElbFMP9PkWZ7nHMultadJwIOzNe5YVj5vKS37tc/qy/pJLnsH
z0ePiFNyf0j3koIUdAfyjlHpzOfNQsVkzDfu6LNeCKgYh8+FvY2CZrJt0HRxOi9p
nzzDXbe34uSNDmO7aQt+5GrpyZyiGnSzdzx8av1GB8JmdQug17M2/ZwGe+FZRPz7
n/afaMfEhDcl4H4KuEQNhHmJM1EMeXEuEM6gsYfTiP/vnvAg3+aqzQY33f87tFrv
+EQ3UyIN1JB09Qia8IN22SFmg22OrgeXlBx0RZtjjxWWACI73qu5t8px5BAxA5ML
1d5LBDMzHfsCtYKB5A4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org