Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/MCx7haMdX4k58jvcrSdUVanJ4rI.roa
File:                     MCx7haMdX4k58jvcrSdUVanJ4rI.roa (raw, json)
Hash identifier:          rc9alp0Qlg497mCedmIhrN4PyA9QbFBdKIn7ocdNCsE=
Subject key identifier:   30:2C:7B:85:A3:1D:5F:89:39:F2:3B:DC:AD:27:54:55:A9:C9:E2:B2
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018EF15643050D72E3F6F79EAA13A0E35115
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/MCx7haMdX4k58jvcrSdUVanJ4rI.roa
Signing time:             Thu 18 Apr 2024 13:12:26 +0000
ROA not before:           Thu 18 Apr 2024 13:12:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.128.0/24 maxlen: 24
                          77.90.129.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 19 Apr 2024 18:05:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f1:56:43:05:0d:72:e3:f6:f7:9e:aa:13:a0:e3:51:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Apr 18 13:12:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=302c7b85a31d5f8939f23bdcad275455a9c9e2b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:53:1a:16:86:f0:b7:f3:fa:e4:a0:c2:63:7d:
                    a2:2c:3b:69:82:ec:38:ed:18:a0:8f:55:51:16:65:
                    dd:ef:62:a8:7f:2b:f6:66:50:fa:c6:06:93:19:2b:
                    7b:5b:91:f8:a4:90:d1:10:60:59:85:0b:5f:dd:92:
                    e6:75:4b:d5:09:66:7c:06:95:9b:5a:1f:d6:f5:81:
                    96:69:06:2d:02:16:57:44:ce:a8:60:ac:89:d3:c5:
                    01:16:bb:dd:3a:dc:20:26:96:1d:78:29:df:64:88:
                    c5:7a:09:1c:0c:c6:f3:7b:cf:33:9d:bb:c5:8b:8a:
                    d5:ac:6f:ad:5a:33:8d:e7:fb:23:a1:c3:b7:bf:fb:
                    7e:d7:8b:ed:e1:9f:c2:64:10:80:b2:e0:52:c0:87:
                    2c:5c:56:f3:8a:d4:d1:50:c9:69:a6:ab:17:75:25:
                    e4:a3:0f:80:80:78:75:f4:42:33:ad:8f:49:96:26:
                    7d:1f:41:eb:4b:93:66:38:5c:1b:94:59:12:62:75:
                    87:ed:c8:b2:2f:8a:c3:37:37:21:28:83:01:88:62:
                    10:1c:a8:69:8b:11:9a:54:38:66:84:d4:b8:03:0f:
                    c6:6a:7e:41:4f:ac:9f:d6:8a:c0:fe:51:8d:0e:c5:
                    f7:34:9d:68:76:24:74:de:3d:e2:22:ac:b8:97:c4:
                    b9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2C:7B:85:A3:1D:5F:89:39:F2:3B:DC:AD:27:54:55:A9:C9:E2:B2
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/MCx7haMdX4k58jvcrSdUVanJ4rI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.145.0/24
                  213.209.157.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:c3:72:a1:a4:a8:7b:ec:f3:8e:52:42:18:bf:43:ac:5b:9b:
         ca:3f:b9:9d:c4:34:d6:e4:0a:ee:7e:04:c8:a5:66:e4:5c:89:
         fe:59:8d:a4:1e:db:d5:cf:10:84:a5:eb:04:8d:80:2d:bf:ae:
         a6:75:e8:ae:a7:da:0c:e0:98:0a:b0:3f:e3:d3:6c:98:3a:ab:
         da:77:50:5f:0d:36:56:49:11:8f:4b:51:4d:18:27:a0:a6:8a:
         48:a0:35:b2:66:e7:39:85:2f:f0:77:7d:8a:ab:fa:b0:e8:5c:
         10:3f:82:5f:66:96:bd:8a:cc:f5:5c:43:31:84:4b:df:61:71:
         6a:98:33:bd:e8:6a:1d:00:b9:af:7b:dc:96:c9:79:8d:ae:10:
         4d:d3:e2:e2:da:ce:0c:16:8a:9b:62:b7:58:ba:4b:c3:cc:b8:
         98:00:de:30:00:52:14:b0:cf:de:e6:95:09:8f:7e:a8:15:65:
         2d:6c:ce:5b:21:0e:aa:6c:87:1e:9f:42:a3:a2:fb:a5:65:fa:
         92:07:57:e4:45:05:c6:79:9a:72:75:de:1a:84:e2:fb:3a:dc:
         47:df:28:cf:dc:57:e7:f9:f6:3e:80:c7:b8:10:e3:a0:df:ba:
         f7:06:19:b9:cd:5a:8d:27:4e:78:84:fd:a2:2f:b9:cf:5c:26:
         a0:ce:cb:20
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAY7xVkMFDXLj9veeqhOg41EVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwNDE4MTMxMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDJjN2I4NWEzMWQ1Zjg5MzlmMjNiZGNhZDI3NTQ1NWE5YzllMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlMaFobwt/P65KDCY32iLDtpguw4
7Rigj1VRFmXd72Kofyv2ZlD6xgaTGSt7W5H4pJDREGBZhQtf3ZLmdUvVCWZ8BpWb
Wh/W9YGWaQYtAhZXRM6oYKyJ08UBFrvdOtwgJpYdeCnfZIjFegkcDMbze88znbvF
i4rVrG+tWjON5/sjocO3v/t+14vt4Z/CZBCAsuBSwIcsXFbzitTRUMlppqsXdSXk
ow+AgHh19EIzrY9JliZ9H0HrS5NmOFwblFkSYnWH7ciyL4rDNzchKIMBiGIQHKhp
ixGaVDhmhNS4Aw/Gan5BT6yf1orA/lGNDsX3NJ1odiR03j3iIqy4l8S5CwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFDAse4WjHV+JOfI73K0nVFWpyeKyMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvTUN4N2hhTWRYNGs1OGp2Y3JTZFVWYW5KNHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjB2BAIAATBwMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQwDAMEALnmDQMEALnmDgMEANXRgQMEANXRigMEANXRjwME
ANXRkQMEANXRnTAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQAD
ggEBADLDcqGkqHvs845SQhi/Q6xbm8o/uZ3ENNbkCu5+BMilZuRcif5ZjaQe29XP
EISl6wSNgC2/rqZ16K6n2gzgmAqwP+PTbJg6q9p3UF8NNlZJEY9LUU0YJ6Cmikig
NbJm5zmFL/B3fYqr+rDoXBA/gl9mlr2KzPVcQzGES99hcWqYM73oah0Aua973JbJ
eY2uEE3T4uLazgwWiptit1i6S8PMuJgA3jAAUhSwz97mlQmPfqgVZS1szlshDqps
hx6fQqOi+6Vl+pIHV+RFBcZ5mnJ13hqE4vs63EffKM/cV+f59j6Ax7gQ46DfuvcG
GbnNWo0nTniE/aIvuc9cJqDOyyA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org