Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/BM3dlmbzI5GU2pAph-aVWalTsiU.roa
File:                     BM3dlmbzI5GU2pAph-aVWalTsiU.roa (raw, json)
Hash identifier:          8Lo2N3q6BWBnXlONF4nzkl43Eto5pOYR0vWVBhM2q34=
Subject key identifier:   04:CD:DD:96:66:F3:23:91:94:DA:90:29:87:E6:95:59:A9:53:B2:25
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0189B0C9E06C4213A9222B495542217F7A05
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/BM3dlmbzI5GU2pAph-aVWalTsiU.roa
Signing time:             Tue 01 Aug 2023 11:09:27 +0000
ROA not before:           Tue 01 Aug 2023 11:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Sat 12 Aug 2023 08:32:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b0:c9:e0:6c:42:13:a9:22:2b:49:55:42:21:7f:7a:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug  1 11:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04cddd9666f3239194da902987e69559a953b225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b2:c7:6d:40:78:68:5d:e4:b7:0e:30:1c:5c:
                    65:8b:39:64:18:a9:0f:c6:1d:94:78:96:98:d4:9e:
                    25:ff:4b:f7:98:8b:1b:b5:9e:5f:31:78:c6:4c:81:
                    e6:9c:92:31:d3:36:eb:d6:1c:49:64:8c:ae:b3:ad:
                    8d:74:52:9d:58:f4:e2:4e:12:0f:87:88:53:1a:75:
                    2d:b0:ab:60:18:fe:4f:c2:41:dc:32:5a:94:50:22:
                    3f:11:7b:a6:b3:c3:c9:c7:68:55:dd:c8:de:da:7d:
                    4b:34:b9:11:1c:f2:fb:e4:98:02:98:81:c6:08:21:
                    5c:90:56:33:9a:70:fd:d5:6e:d3:e8:d2:32:5f:40:
                    e4:21:2e:c5:80:58:bf:dc:d1:bb:ee:aa:ed:aa:18:
                    32:24:64:44:09:2b:50:5d:ad:af:c6:ed:df:8e:66:
                    6f:83:c7:d3:90:23:e0:77:29:13:5a:09:b3:bd:ee:
                    f8:fe:64:ae:0b:6d:6c:35:7e:61:35:6d:01:06:5f:
                    f9:c0:b7:86:9d:d9:56:08:b8:f7:2b:76:37:74:46:
                    d1:fe:3f:94:51:28:0d:b9:92:cd:cf:90:f4:d6:ee:
                    e2:33:3a:c8:f8:1a:79:f9:01:b7:7d:1c:c4:d8:6e:
                    ef:25:a6:d1:1e:cb:10:73:6a:66:f0:15:90:03:84:
                    8a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:CD:DD:96:66:F3:23:91:94:DA:90:29:87:E6:95:59:A9:53:B2:25
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/BM3dlmbzI5GU2pAph-aVWalTsiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0/24
                  213.209.138.0/24
                  213.209.151.0/24
                  213.209.157.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:27:65:9f:38:4d:c8:f2:a4:2e:d5:8e:88:aa:d6:45:5b:f6:
         d6:5c:80:c3:99:f8:c0:0d:1f:fc:ab:91:50:ed:c4:29:a5:b0:
         a8:4c:6c:59:ae:2e:4c:9a:46:e0:15:16:d2:76:25:ed:e0:cc:
         05:41:29:e1:74:14:de:79:c4:c8:cf:21:86:ea:db:d9:a3:56:
         28:18:ab:9a:cc:6a:e7:e6:6d:4a:43:d4:3d:b2:74:b7:61:e9:
         45:32:41:af:18:a1:ef:52:7e:b7:03:2c:34:a5:c1:2f:04:c7:
         68:53:67:69:49:dc:23:1f:e1:d2:85:a6:41:ca:2e:2d:00:fd:
         0b:dd:bf:3e:24:5c:f5:b4:2a:f3:a8:ee:05:37:58:27:df:c4:
         bb:82:76:dd:1d:b3:25:73:6f:da:af:10:64:ee:7e:ce:bc:27:
         2c:46:16:bd:3f:e3:97:5b:6e:d3:51:82:ac:75:e3:0d:41:8f:
         bf:5d:54:a1:ee:79:59:ec:03:5f:c1:7e:32:4f:97:d9:6d:9d:
         4f:e5:a1:e6:50:17:eb:f2:22:23:e8:bb:11:97:0e:c0:29:0b:
         bf:bd:90:81:50:31:2c:27:60:ef:1c:e0:22:42:71:c7:dd:fb:
         de:02:7a:d1:93:2d:62:4a:e3:d3:ba:63:27:b9:cf:78:b9:fa:
         51:8f:12:c2
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYmwyeBsQhOpIitJVUIhf3oFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwODAxMTEwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNkZGQ5NjY2ZjMyMzkxOTRkYTkwMjk4N2U2OTU1OWE5NTNiMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubLHbUB4aF3ktw4wHFxlizlkGKkP
xh2UeJaY1J4l/0v3mIsbtZ5fMXjGTIHmnJIx0zbr1hxJZIyus62NdFKdWPTiThIP
h4hTGnUtsKtgGP5PwkHcMlqUUCI/EXums8PJx2hV3cje2n1LNLkRHPL75JgCmIHG
CCFckFYzmnD91W7T6NIyX0DkIS7FgFi/3NG77qrtqhgyJGRECStQXa2vxu3fjmZv
g8fTkCPgdykTWgmzve74/mSuC21sNX5hNW0BBl/5wLeGndlWCLj3K3Y3dEbR/j+U
USgNuZLNz5D01u7iMzrI+Bp5+QG3fRzE2G7vJabRHssQc2pm8BWQA4SKbQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFATN3ZZm8yORlNqQKYfmlVmpU7IlMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvQk0zZGxtYnpJNUdVMnBBcGgtYVZXYWxUc2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowYgQCAAEwXDAMAwQHTVqA
AwQATVqCMAwDBAJNWoQDBABNWoYDBAFNWogDBABNWowwDAMEAU1ajgMEAE1akDAM
AwQBTVqSAwQATVqUAwQATVqZAwQA1dGKAwQA1dGXAwQA1dGdMBQEAgACMA4DBQAq
BCnCAwUAKgQpxzANBgkqhkiG9w0BAQsFAAOCAQEAnidlnzhNyPKkLtWOiKrWRVv2
1lyAw5n4wA0f/KuRUO3EKaWwqExsWa4uTJpG4BUW0nYl7eDMBUEp4XQU3nnEyM8h
hurb2aNWKBirmsxq5+ZtSkPUPbJ0t2HpRTJBrxih71J+twMsNKXBLwTHaFNnaUnc
Ix/h0oWmQcouLQD9C92/PiRc9bQq86juBTdYJ9/Eu4J23R2zJXNv2q8QZO5+zrwn
LEYWvT/jl1tu01GCrHXjDUGPv11Uoe55WewDX8F+Mk+X2W2dT+Wh5lAX6/IiI+i7
EZcOwCkLv72QgVAxLCdg7xzgIkJxx9373gJ60ZMtYkrj07pjJ7nPeLn6UY8Swg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org