Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/994Z3P0pfdi114ePkGfnGgcoysk.roa
File:                     994Z3P0pfdi114ePkGfnGgcoysk.roa (raw, json)
Hash identifier:          zQ23807kd3YiIU6EJ/lh2TMW3AO47M8BxEL2u3Nt4mc=
Subject key identifier:   F7:DE:19:DC:FD:29:7D:D8:B5:D7:87:8F:90:67:E7:1A:07:28:CA:C9
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018AB222CF7BA2C48F1829044F489C5865DC
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/994Z3P0pfdi114ePkGfnGgcoysk.roa
Signing time:             Wed 20 Sep 2023 10:29:00 +0000
ROA not before:           Wed 20 Sep 2023 10:29:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 17:46:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b2:22:cf:7b:a2:c4:8f:18:29:04:4f:48:9c:58:65:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 20 10:29:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f7de19dcfd297dd8b5d7878f9067e71a0728cac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c6:36:74:d8:4f:9f:b7:50:c9:d3:4f:b9:8c:
                    62:11:96:f1:0e:e5:97:da:d8:c8:fa:7d:5b:04:d7:
                    9d:a0:47:60:38:38:ee:4d:1f:d2:af:a8:34:6f:bc:
                    05:8e:da:42:1b:3b:7f:5b:b5:ff:d2:dd:80:3a:70:
                    77:ef:6a:0a:04:84:b7:76:55:db:57:74:d9:19:9f:
                    33:5a:65:cb:dd:4b:a6:cb:cf:26:09:1c:88:a0:be:
                    a1:85:c4:92:1a:06:be:31:60:26:ed:db:be:b1:93:
                    ed:8e:23:d5:fc:e8:79:31:6e:d5:8a:a4:d0:ed:85:
                    a7:60:72:94:35:4a:65:9e:2a:12:5c:53:33:55:a7:
                    ee:aa:0c:0f:ca:de:5f:49:53:d6:6d:78:4a:69:d2:
                    d0:55:19:74:88:15:d1:64:15:b8:88:9c:27:56:1c:
                    66:38:ab:43:9f:80:02:5a:cc:19:0f:2c:93:c3:d0:
                    39:bb:a0:4e:b6:0d:4b:80:e6:c2:06:36:15:8a:c1:
                    05:c5:46:ac:61:c2:27:88:88:05:03:94:93:4e:8d:
                    08:f9:21:4a:e0:8a:fd:f7:6d:76:23:6c:52:1f:d6:
                    4b:39:6a:74:4d:70:03:91:f4:4b:c6:d9:f3:f5:00:
                    84:df:5d:68:0b:7b:1d:10:e3:71:bc:b7:5d:41:f7:
                    36:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DE:19:DC:FD:29:7D:D8:B5:D7:87:8F:90:67:E7:1A:07:28:CA:C9
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/994Z3P0pfdi114ePkGfnGgcoysk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.146.0/24
                  213.209.150.0/24
                  213.209.157.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:5f:1d:81:c5:17:ec:81:e8:1f:19:4f:79:d5:c0:e4:9f:f8:
         5d:d3:28:bf:c7:a8:b1:4b:0a:f3:d7:f0:1d:3e:0c:76:25:eb:
         54:91:dc:fd:d1:4a:59:0e:5f:cb:3d:43:0c:30:20:50:1b:0a:
         e6:71:d9:5d:4c:5d:7c:ab:69:8a:4c:aa:c9:af:5f:51:e8:d2:
         e2:8b:56:3f:bb:92:29:5e:e8:a1:47:fb:d7:64:c2:cd:32:88:
         12:cd:1b:da:b6:84:3b:69:34:ac:f2:a9:b1:c6:23:97:eb:87:
         29:1b:60:52:fa:87:eb:f9:17:15:59:38:8e:c4:02:ed:93:a0:
         1c:08:19:18:ed:64:44:38:3f:be:2c:51:4c:c9:12:d9:de:f2:
         fb:db:91:ad:17:5b:aa:e7:d7:7e:9e:21:d5:f7:c6:79:87:92:
         40:ed:25:ab:40:ad:a4:d2:93:00:4b:ed:93:5d:a1:d5:73:0a:
         ec:35:57:a3:99:55:3a:18:ba:11:75:32:a4:11:a0:24:66:86:
         08:28:ec:3b:ec:2f:fc:05:5f:09:71:3a:b3:8b:60:b7:29:26:
         69:c0:de:ee:05:70:26:d5:1b:0d:a4:9d:01:0c:12:09:66:92:
         36:55:b6:24:06:aa:63:2d:35:b5:47:61:dc:fd:bc:33:e9:83:
         98:3b:83:65
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYqyIs97osSPGCkET0icWGXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwOTIwMTAyOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RlMTlkY2ZkMjk3ZGQ4YjVkNzg3OGY5MDY3ZTcxYTA3MjhjYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisY2dNhPn7dQydNPuYxiEZbxDuWX
2tjI+n1bBNedoEdgODjuTR/Sr6g0b7wFjtpCGzt/W7X/0t2AOnB372oKBIS3dlXb
V3TZGZ8zWmXL3Uumy88mCRyIoL6hhcSSGga+MWAm7du+sZPtjiPV/Oh5MW7ViqTQ
7YWnYHKUNUplnioSXFMzVafuqgwPyt5fSVPWbXhKadLQVRl0iBXRZBW4iJwnVhxm
OKtDn4ACWswZDyyTw9A5u6BOtg1LgObCBjYVisEFxUasYcIniIgFA5STTo0I+SFK
4Ir99212I2xSH9ZLOWp0TXADkfRLxtnz9QCE311oC3sdEONxvLddQfc2uwIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFPfeGdz9KX3YtdeHj5Bn5xoHKMrJMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvOTk0WjNQMHBmZGkxMTRlUGtHZm5HZ2NveXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGuBggrBgEFBQcBBwEB/wSBnjCBmzCBggQCAAEwfDAMAwQH
TVqAAwQATVqCMAwDBAJNWoQDBABNWoYDBAFNWogDBABNWowwDAMEAU1ajgMEAE1a
kDAMAwQBTVqSAwQATVqUMAwDBAC55g0DBAC55g4DBADV0YEDBADV0YoDBADV0Y8D
BADV0ZIDBADV0ZYDBADV0Z0DBADV0Z8wFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0G
CSqGSIb3DQEBCwUAA4IBAQCHXx2BxRfsgegfGU951cDkn/hd0yi/x6ixSwrz1/Ad
Pgx2JetUkdz90UpZDl/LPUMMMCBQGwrmcdldTF18q2mKTKrJr19R6NLii1Y/u5Ip
XuihR/vXZMLNMogSzRvatoQ7aTSs8qmxxiOX64cpG2BS+ofr+RcVWTiOxALtk6Ac
CBkY7WREOD++LFFMyRLZ3vL725GtF1uq59d+niHV98Z5h5JA7SWrQK2k0pMAS+2T
XaHVcwrsNVejmVU6GLoRdTKkEaAkZoYIKOw77C/8BV8JcTqzi2C3KSZpwN7uBXAm
1RsNpJ0BDBIJZpI2VbYkBqpjLTW1R2Hc/bwz6YOYO4Nl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:24 2024 by rpki-client on console-ams.rpki-client.org