Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3hp3IYqHv6CxhwzQ6NmnVbA7L5c.roa
File:                     3hp3IYqHv6CxhwzQ6NmnVbA7L5c.roa (raw, json)
Hash identifier:          ksmlz5nOIJBNPNiqp1CvDbW4xudGEUfUmV9MmbGKqSU=
Subject key identifier:   DE:1A:77:21:8A:87:BF:A0:B1:87:0C:D0:E8:D9:A7:55:B0:3B:2F:97
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018DA8C50A2F10AE69F8F110493475C79B43
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3hp3IYqHv6CxhwzQ6NmnVbA7L5c.roa
Signing time:             Wed 14 Feb 2024 17:58:21 +0000
ROA not before:           Wed 14 Feb 2024 17:58:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.128.0/24 maxlen: 24
                          77.90.129.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 21:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:c5:0a:2f:10:ae:69:f8:f1:10:49:34:75:c7:9b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Feb 14 17:58:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de1a77218a87bfa0b1870cd0e8d9a755b03b2f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6f:11:ea:c8:77:d8:c8:dc:fe:1d:52:9b:6e:
                    46:3e:d1:a2:ad:b3:85:95:98:b9:e7:be:fa:13:6a:
                    4b:b1:9e:5e:60:2d:84:6f:d9:bb:a4:2a:3a:c0:66:
                    42:3b:51:50:b5:62:56:dd:40:f0:80:b0:51:25:9b:
                    a1:5e:d1:9d:f1:52:8c:87:75:94:b8:b9:56:9a:0b:
                    f6:5e:e6:0b:81:af:d3:5a:8c:8e:0b:ff:d2:d1:b7:
                    b4:69:10:9c:dc:2f:9e:3f:dd:cc:2f:c3:bd:3e:cd:
                    cc:da:99:87:2c:b4:36:65:dd:51:5c:09:89:83:d7:
                    f4:c1:3e:e3:72:b4:0e:5f:06:e6:d6:44:35:26:d1:
                    04:10:67:b0:eb:c6:83:9d:26:23:23:c9:1a:d2:1d:
                    7a:07:ec:c9:f5:3f:b1:f5:95:d7:cf:8d:ed:b2:a5:
                    b3:f7:ac:28:d6:f2:e4:57:01:59:83:8d:2f:7a:84:
                    74:75:82:a3:93:00:4a:ca:61:94:c4:4b:d1:0c:64:
                    01:dc:2c:08:d2:55:37:e7:9a:71:21:5e:28:8e:db:
                    63:f9:44:5e:11:c8:0c:06:34:e2:d5:9f:b8:3f:3a:
                    28:67:b9:ac:80:6b:25:9c:2c:0c:7c:6c:ad:25:55:
                    dd:2f:8e:78:7e:be:aa:46:ea:89:85:e2:08:f9:27:
                    70:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:1A:77:21:8A:87:BF:A0:B1:87:0C:D0:E8:D9:A7:55:B0:3B:2F:97
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3hp3IYqHv6CxhwzQ6NmnVbA7L5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.138.0/24
                  213.209.143.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:2b:cb:c3:8d:fd:57:d2:ce:42:20:3a:84:5a:02:cc:1e:83:
         06:28:3c:cd:5a:48:fc:7d:f4:9e:2f:d9:89:0b:f0:af:8a:f4:
         4f:53:c2:6a:6f:38:6d:6e:ac:19:2a:e6:2a:d7:2f:43:f4:e5:
         0a:02:c6:bd:c6:58:72:e9:33:62:ac:ee:c3:95:cb:25:65:39:
         d5:5c:92:57:8d:6c:bf:49:07:ec:eb:19:69:89:9d:02:e1:77:
         75:b8:b7:93:a2:d4:8e:06:cd:af:dc:11:04:f3:f7:ba:de:b4:
         a9:12:39:a1:f5:a6:7c:9e:6f:78:cb:b2:ec:b9:20:73:9d:98:
         15:31:56:5d:21:8d:e0:46:86:e7:65:7c:e6:57:bc:35:8c:38:
         c7:6e:6b:7c:9a:a1:33:67:77:3d:d0:61:18:bf:0e:2a:76:8e:
         b7:02:48:12:66:4a:39:f6:1c:56:bc:9b:7a:e2:fb:c3:18:71:
         e5:17:a4:78:6e:71:25:e2:d9:51:ea:27:ff:a7:92:49:e2:76:
         58:53:f7:84:3a:12:8f:15:66:3b:2c:48:65:47:de:4f:e7:12:
         d0:af:76:3e:3c:59:ce:40:e6:6e:9d:53:f6:1c:74:f0:a3:95:
         5e:2f:08:99:3e:53:ea:6a:fc:c0:38:b5:e6:50:f3:fa:5c:c8:
         b8:f8:63:e0
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAY2oxQovEK5p+PEQSTR1x5tDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMjE0MTc1ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTFhNzcyMThhODdiZmEwYjE4NzBjZDBlOGQ5YTc1NWIwM2IyZjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG8R6sh32Mjc/h1Sm25GPtGirbOF
lZi55776E2pLsZ5eYC2Eb9m7pCo6wGZCO1FQtWJW3UDwgLBRJZuhXtGd8VKMh3WU
uLlWmgv2XuYLga/TWoyOC//S0be0aRCc3C+eP93ML8O9Ps3M2pmHLLQ2Zd1RXAmJ
g9f0wT7jcrQOXwbm1kQ1JtEEEGew68aDnSYjI8ka0h16B+zJ9T+x9ZXXz43tsqWz
96wo1vLkVwFZg40veoR0dYKjkwBKymGUxEvRDGQB3CwI0lU355pxIV4ojttj+URe
EcgMBjTi1Z+4PzooZ7msgGslnCwMfGytJVXdL454fr6qRuqJheII+SdwtwIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFN4adyGKh7+gsYcM0OjZp1WwOy+XMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvM2hwM0lZcUh2NkN4aHd6UTZObW5WYkE3TDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBqBAIAATBkMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQwDAMEALnmDQMEALnmDgMEANXRgQMEANXRigMEANXRjzAU
BAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAIkry8ON/VfS
zkIgOoRaAswegwYoPM1aSPx99J4v2YkL8K+K9E9TwmpvOG1urBkq5irXL0P05QoC
xr3GWHLpM2Ks7sOVyyVlOdVckleNbL9JB+zrGWmJnQLhd3W4t5Oi1I4Gza/cEQTz
97retKkSOaH1pnyeb3jLsuy5IHOdmBUxVl0hjeBGhudlfOZXvDWMOMdua3yaoTNn
dz3QYRi/Dip2jrcCSBJmSjn2HFa8m3ri+8MYceUXpHhucSXi2VHqJ/+nkknidlhT
94Q6Eo8VZjssSGVH3k/nEtCvdj48Wc5A5m6dU/YcdPCjlV4vCJk+U+pq/MA4teZQ
8/pcyLj4Y+A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:24 2024 by rpki-client on console-ams.rpki-client.org