Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZNua-D2GTRhKJnQ0v1wq3-scc7c.roa
File:                     ZNua-D2GTRhKJnQ0v1wq3-scc7c.roa (raw, json)
Hash identifier:          Kre5LLAiElRc5yCLXWggrVGpPKxDqP2bv47vRO+rIAI=
Subject key identifier:   64:DB:9A:F8:3D:86:4D:18:4A:26:74:34:BF:5C:2A:DF:EB:1C:73:B7
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0189FA0E4BFC5C683F9A15C334882C4F2D1B
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZNua-D2GTRhKJnQ0v1wq3-scc7c.roa
Signing time:             Tue 15 Aug 2023 16:36:28 +0000
ROA not before:           Tue 15 Aug 2023 16:36:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Wed 16 Aug 2023 06:51:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:fa:0e:4b:fc:5c:68:3f:9a:15:c3:34:88:2c:4f:2d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 15 16:36:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64db9af83d864d184a267434bf5c2adfeb1c73b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b5:9e:e2:41:05:32:dd:87:e8:2e:6b:e6:3f:
                    65:74:6c:49:78:8d:b6:6d:99:4a:7d:91:e2:77:d8:
                    c6:71:bd:d0:7c:c4:90:6c:3d:05:b8:a8:d9:02:36:
                    31:d2:aa:0e:e1:24:1e:5c:f9:e0:c1:59:fc:d5:0c:
                    3f:34:44:33:9b:b9:0f:1d:8d:a9:45:72:bb:dd:81:
                    20:10:b6:88:b8:e3:a7:e6:1e:6b:23:9b:54:9f:e5:
                    0c:19:e1:28:71:7e:96:4f:de:72:0e:07:5a:e9:98:
                    57:bf:63:37:96:fb:b9:d6:1b:3d:90:d3:cc:c0:a8:
                    25:27:f0:0f:86:d5:c2:d2:72:81:a0:db:da:d9:70:
                    86:08:e1:db:90:6e:26:d0:35:2f:f8:ca:1f:2c:df:
                    56:57:f6:97:dd:c5:67:a1:b7:96:64:98:76:1a:7e:
                    8f:20:bd:21:b1:a4:44:99:3f:ae:9c:fa:26:b6:7d:
                    e5:c0:40:07:49:30:01:89:80:6d:d9:7c:5c:2f:d8:
                    0d:19:a6:dc:40:c5:00:f8:55:36:38:1c:37:a2:ef:
                    54:cc:10:9e:c4:41:72:cd:72:91:2b:6b:21:6c:ba:
                    20:a2:ed:80:d3:b8:66:ad:85:8d:54:f7:95:35:3d:
                    67:3d:10:23:33:12:72:bf:2e:3a:6b:19:0c:ca:bf:
                    6e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DB:9A:F8:3D:86:4D:18:4A:26:74:34:BF:5C:2A:DF:EB:1C:73:B7
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZNua-D2GTRhKJnQ0v1wq3-scc7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  185.230.13.0-185.230.14.255
                  213.209.138.0/24
                  213.209.151.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:c0:e5:cf:97:cf:ea:1e:97:a0:0a:91:a2:11:45:17:dd:b6:
         2a:0a:0a:8d:ad:0f:c1:fd:f7:c3:39:b6:46:46:4e:d3:9e:d0:
         ab:f8:f1:90:ca:07:cc:70:46:fe:ee:4f:12:4c:f2:74:fa:22:
         3d:44:35:09:85:b1:1c:89:16:c0:fe:40:b7:58:28:84:fd:df:
         b8:2e:31:ce:ed:db:00:16:84:86:14:9b:fb:f7:80:13:ee:f0:
         c0:46:bf:16:57:fa:62:22:c5:1b:bf:82:fd:e2:96:92:cf:8c:
         b9:c2:82:75:fc:14:4b:4e:fc:5e:68:82:ad:a7:fd:a3:43:b0:
         4d:ba:74:7c:a3:63:d5:87:72:14:31:d9:d8:ff:6f:13:82:ee:
         82:b3:26:c8:2a:2c:1e:d8:8b:07:67:9e:a3:7a:27:06:87:e4:
         9e:51:e6:1d:0c:27:81:e8:55:c6:20:84:65:81:f5:c6:30:16:
         67:e8:bd:7d:73:93:c2:e7:5a:ce:61:1f:f9:22:f1:9f:9e:cd:
         98:74:be:89:bb:c9:3b:b3:23:98:e5:35:a2:6a:10:21:72:21:
         a8:78:aa:99:36:c2:f8:5b:9d:00:03:6d:69:5e:f4:8b:08:28:
         95:4c:b0:7d:56:75:e9:21:ca:32:e1:b4:b7:93:ed:ad:a2:cd:
         c2:7d:44:c2
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYn6Dkv8XGg/mhXDNIgsTy0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwODE1MTYzNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRiOWFmODNkODY0ZDE4NGEyNjc0MzRiZjVjMmFkZmViMWM3M2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibWe4kEFMt2H6C5r5j9ldGxJeI22
bZlKfZHid9jGcb3QfMSQbD0FuKjZAjYx0qoO4SQeXPngwVn81Qw/NEQzm7kPHY2p
RXK73YEgELaIuOOn5h5rI5tUn+UMGeEocX6WT95yDgda6ZhXv2M3lvu51hs9kNPM
wKglJ/APhtXC0nKBoNva2XCGCOHbkG4m0DUv+MofLN9WV/aX3cVnobeWZJh2Gn6P
IL0hsaREmT+unPomtn3lwEAHSTABiYBt2XxcL9gNGabcQMUA+FU2OBw3ou9UzBCe
xEFyzXKRK2shbLogou2A07hmrYWNVPeVNT1nPRAjMxJyvy46axkMyr9uLwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFGTbmvg9hk0YSiZ0NL9cKt/rHHO3MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvWk51YS1EMkdUUmhLSm5RMHYxd3EzLXNjYzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwZAQCAAEwXjAMAwQHTVqA
AwQATVqCMAwDBAJNWoQDBABNWoYDBAFNWogDBABNWowwDAMEAU1ajgMEAE1alDAM
AwQATVqZAwQATVqaMAwDBAC55g0DBAC55g4DBADV0YoDBADV0ZcwFAQCAAIwDgMF
ACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQAqwOXPl8/qHpegCpGiEUUX
3bYqCgqNrQ/B/ffDObZGRk7TntCr+PGQygfMcEb+7k8STPJ0+iI9RDUJhbEciRbA
/kC3WCiE/d+4LjHO7dsAFoSGFJv794AT7vDARr8WV/piIsUbv4L94paSz4y5woJ1
/BRLTvxeaIKtp/2jQ7BNunR8o2PVh3IUMdnY/28Tgu6CsybIKiwe2IsHZ56jeicG
h+SeUeYdDCeB6FXGIIRlgfXGMBZn6L19c5PC51rOYR/5IvGfns2YdL6Ju8k7syOY
5TWiahAhciGoeKqZNsL4W50AA21pXvSLCCiVTLB9VnXpIcoy4bS3k+2tos3CfUTC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org