Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7JKz9qkuf6mBE6uzNqLkzWUfjqo.roa
File:                     7JKz9qkuf6mBE6uzNqLkzWUfjqo.roa (raw, json)
Hash identifier:          CeIYy0fC1D5GjrFRwTbn4xQc8Imjp+66xDLdroeuwkM=
Subject key identifier:   EC:92:B3:F6:A9:2E:7F:A9:81:13:AB:B3:36:A2:E4:CD:65:1F:8E:AA
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CB0F3583836FF95CA6F355AF2B7B4ABB6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7JKz9qkuf6mBE6uzNqLkzWUfjqo.roa
Signing time:             Thu 28 Dec 2023 15:03:06 +0000
ROA not before:           Thu 28 Dec 2023 15:03:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:58:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b0:f3:58:38:36:ff:95:ca:6f:35:5a:f2:b7:b4:ab:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Dec 28 15:03:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec92b3f6a92e7fa98113abb336a2e4cd651f8eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:11:4c:5f:2a:35:1a:8e:e5:75:69:2b:57:03:
                    6e:8e:0a:04:8e:8f:6b:83:4d:12:12:25:b3:c0:a4:
                    4e:27:d2:1e:77:e1:9c:69:57:54:08:9e:0a:7b:f1:
                    48:e8:e3:71:72:9e:4a:ce:64:d5:9d:42:25:0c:68:
                    57:63:e4:34:17:a8:15:59:ce:ff:88:71:ba:ff:83:
                    80:9e:02:32:22:64:f1:55:74:ee:ff:2e:84:7b:bb:
                    77:cf:e9:38:e2:68:93:19:ee:7d:0b:50:71:ac:ad:
                    5c:99:4e:d4:9e:d3:c0:49:8f:ce:06:34:f2:a0:9b:
                    4c:e9:39:43:f1:e2:c3:6d:f8:35:f5:41:f5:3f:4f:
                    41:88:aa:70:21:31:53:8a:97:81:1a:ef:4f:d4:95:
                    67:b5:91:ee:cf:c8:17:0e:e6:2c:82:c2:72:09:12:
                    cb:9b:f3:f9:0c:27:fd:95:43:20:62:3b:0d:ad:43:
                    7a:99:6f:37:91:6c:b4:6a:8a:3a:ed:4b:0f:ac:27:
                    b1:98:2d:ba:9a:97:5f:1e:0d:f5:d2:1b:85:6d:47:
                    5b:96:3b:41:eb:42:52:e2:0a:72:39:95:5a:fc:18:
                    57:e4:e2:89:f2:cb:6a:8d:89:0f:23:cf:2d:07:ba:
                    c4:1e:cc:31:c4:a9:05:c9:72:50:0d:94:30:bf:70:
                    66:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:92:B3:F6:A9:2E:7F:A9:81:13:AB:B3:36:A2:E4:CD:65:1F:8E:AA
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7JKz9qkuf6mBE6uzNqLkzWUfjqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.188.0/24
                  185.230.13.0-185.230.15.255
                  213.209.129.0/24
                  213.209.138.0/24
                  213.209.145.0-213.209.146.255
                  213.209.150.0/24
                  213.209.157.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:b6:ab:18:31:57:c0:fc:19:4e:da:d1:0d:18:31:7a:c4:bc:
         21:35:a2:fd:8d:ca:92:d1:ef:50:8d:c4:10:bc:8d:53:2b:45:
         65:f8:17:ff:ad:ec:ad:bc:5c:3a:a2:0f:45:35:6b:5e:08:08:
         e6:c0:9e:0e:d7:1a:e6:ce:31:d8:09:fa:46:84:2b:d1:3c:65:
         bb:3f:8c:5d:24:a0:29:5e:7a:7a:b2:5f:b2:b7:5a:2d:dc:c2:
         fc:81:43:14:57:64:d9:ba:f7:a6:54:f3:ae:ad:a9:40:b0:27:
         4d:38:f7:0c:b7:39:8b:31:11:1f:41:5a:eb:c1:ab:16:ba:79:
         e0:d5:74:24:62:c2:47:67:47:8f:07:a4:22:05:64:6e:2d:62:
         f9:ec:97:b3:a1:f2:8a:00:9f:19:e0:ed:14:7c:59:81:b8:c9:
         e4:ef:18:f5:fe:ee:2d:5b:65:cd:85:d8:36:4f:16:2b:73:8b:
         f1:7a:7d:25:fc:88:47:c0:97:88:84:2d:22:15:19:51:17:07:
         09:7a:a2:b3:76:a8:c3:df:a5:65:b5:ac:cf:5b:3a:27:4f:38:
         c9:23:32:32:34:7e:7d:fa:96:90:fc:26:7a:ee:d6:6f:a0:41:
         38:f8:d1:66:ba:f8:b1:a5:7b:fd:3c:b2:a0:a1:87:ba:be:b0:
         ea:6e:89:dc
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYyw81g4Nv+Vym81WvK3tKu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMxMjI4MTUwMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzkyYjNmNmE5MmU3ZmE5ODExM2FiYjMzNmEyZTRjZDY1MWY4ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxFMXyo1Go7ldWkrVwNujgoEjo9r
g00SEiWzwKROJ9Ied+GcaVdUCJ4Ke/FI6ONxcp5KzmTVnUIlDGhXY+Q0F6gVWc7/
iHG6/4OAngIyImTxVXTu/y6Ee7t3z+k44miTGe59C1BxrK1cmU7UntPASY/OBjTy
oJtM6TlD8eLDbfg19UH1P09BiKpwITFTipeBGu9P1JVntZHuz8gXDuYsgsJyCRLL
m/P5DCf9lUMgYjsNrUN6mW83kWy0aoo67UsPrCexmC26mpdfHg310huFbUdbljtB
60JS4gpyOZVa/BhX5OKJ8stqjYkPI88tB7rEHswxxKkFyXJQDZQwv3Bm2wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFOySs/apLn+pgROrszai5M1lH46qMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvN0pLejlxa3VmNm1CRTZ1ek5xTGt6V1VmanFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGwBggrBgEFBQcBBwEB/wSBoDCBnTCBhAQCAAEwfjAMAwQH
TVqAAwQATVqCMAwDBAJNWoQDBABNWoYDBAFNWogDBABNWowwDAMEAU1ajgMEAE1a
lDAMAwQATVqZAwQATVqaAwQATVq8MAwDBAC55g0DBAS55gADBADV0YEDBADV0Yow
DAMEANXRkQMEANXRkgMEANXRlgMEANXRnTAUBAIAAjAOAwUAKgQpwgMFACoEKccw
DQYJKoZIhvcNAQELBQADggEBAES2qxgxV8D8GU7a0Q0YMXrEvCE1ov2NypLR71CN
xBC8jVMrRWX4F/+t7K28XDqiD0U1a14ICObAng7XGubOMdgJ+kaEK9E8Zbs/jF0k
oCleenqyX7K3Wi3cwvyBQxRXZNm696ZU866tqUCwJ0049wy3OYsxER9BWuvBqxa6
eeDVdCRiwkdnR48HpCIFZG4tYvnsl7Oh8ooAnxng7RR8WYG4yeTvGPX+7i1bZc2F
2DZPFitzi/F6fSX8iEfAl4iELSIVGVEXBwl6orN2qMPfpWW1rM9bOidPOMkjMjI0
fn36lpD8Jnru1m+gQTj40Wa6+LGle/08sqChh7q+sOpuidw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:02 2024 by rpki-client on console-fra.rpki-client.org