Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZOH_V5ukLO4cOs-5TgG94UJeVUk.roa
File:                     ZOH_V5ukLO4cOs-5TgG94UJeVUk.roa (raw, json)
Hash identifier:          fFLWzCo0SqVnbX6hYoBVhQMwZurdJWRB0i+GCjooShU=
Subject key identifier:   64:E1:FF:57:9B:A4:2C:EE:1C:3A:CF:B9:4E:01:BD:E1:42:5E:55:49
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018A9DB529E2211E4D3D361AAA3CED28815E
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZOH_V5ukLO4cOs-5TgG94UJeVUk.roa
Signing time:             Sat 16 Sep 2023 11:16:50 +0000
ROA not before:           Sat 16 Sep 2023 11:16:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 10:29:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:9d:b5:29:e2:21:1e:4d:3d:36:1a:aa:3c:ed:28:81:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 16 11:16:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64e1ff579ba42cee1c3acfb94e01bde1425e5549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a6:9c:c3:89:91:b3:84:8c:ba:2a:86:0d:b0:
                    e9:39:b7:1a:58:d5:89:82:fb:07:88:12:71:65:4d:
                    bf:60:83:3c:e0:2c:c2:86:fd:c3:56:1d:fc:78:e6:
                    f8:d3:3b:4e:aa:f4:3d:a0:7e:ed:82:f1:3d:c3:c3:
                    ef:0d:0b:2e:4c:0b:6d:d2:dd:67:6c:61:91:15:88:
                    ff:73:32:53:a5:15:75:5c:ef:b7:45:e9:94:a1:44:
                    0a:01:d8:79:6f:94:a9:4c:8d:d3:9a:0f:30:b9:4a:
                    a1:95:6d:92:65:34:61:0b:ac:6b:cc:99:ce:87:fc:
                    86:cf:0e:b4:28:05:c7:f7:74:e1:c4:b4:2f:ea:ac:
                    69:14:8f:72:74:b7:40:c4:81:56:0f:ee:96:ac:39:
                    f6:d4:2f:1f:8b:60:fb:68:18:4c:c6:25:49:c9:6e:
                    97:37:08:9b:f2:02:06:2b:46:d4:d7:bf:1d:de:7a:
                    a8:af:86:e6:d8:8b:49:75:27:47:6d:54:c3:da:6c:
                    a1:96:09:5d:d3:d5:aa:8a:29:a6:13:88:f3:02:96:
                    7f:c2:fa:91:09:e9:84:c1:ae:d2:ad:aa:3b:a1:3f:
                    48:f6:17:6c:17:98:b5:53:51:87:95:e0:62:da:3c:
                    52:41:8a:2e:70:b6:d2:02:02:b6:52:33:c0:3c:52:
                    04:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E1:FF:57:9B:A4:2C:EE:1C:3A:CF:B9:4E:01:BD:E1:42:5E:55:49
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZOH_V5ukLO4cOs-5TgG94UJeVUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.13.0-185.230.14.255
                  213.209.138.0/24
                  213.209.143.0/24
                  213.209.146.0/24
                  213.209.150.0/24
                  213.209.157.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:18:6c:17:3b:cd:79:3b:dc:f8:e6:e0:0e:70:05:30:04:26:
         99:a2:ac:ad:e4:89:b2:a7:06:14:00:4c:39:bd:68:67:c2:1e:
         bf:a8:41:35:a0:b9:33:c6:05:e9:0d:05:1e:c2:1f:4c:73:ee:
         5c:0e:48:4b:94:eb:10:f1:93:62:21:85:f7:37:2b:fc:5e:88:
         fc:e6:04:cb:3e:96:7a:a2:f2:a7:96:af:3d:71:8b:e4:04:9b:
         93:13:7f:ff:3d:e2:98:a4:de:09:4b:f9:fa:a3:51:41:ca:95:
         28:b7:1b:e1:37:56:ce:78:29:38:05:2b:7d:a2:4d:2a:e0:71:
         98:2b:00:a5:71:18:a2:17:4e:aa:ea:c9:50:26:07:f3:bc:d4:
         d0:6c:96:8b:17:b6:f6:99:f1:fb:82:e4:8c:dc:30:9f:97:ec:
         b7:0e:a7:1a:76:39:5d:53:f9:c0:fa:3e:0e:f1:40:81:8e:32:
         a3:5e:3e:07:b5:84:f9:1b:d8:cb:cc:b8:13:b8:66:71:90:17:
         f9:e6:88:94:93:eb:b0:95:e9:1d:21:9c:b2:f9:dc:7e:bf:16:
         90:84:4c:40:d4:d6:6f:b8:85:7c:4f:19:5b:15:3e:ee:fb:66:
         cf:3b:11:d5:82:04:13:40:fa:98:99:da:8e:a2:4c:64:fe:01:
         9d:b3:af:47
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAYqdtSniIR5NPTYaqjztKIFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwOTE2MTExNjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGUxZmY1NzliYTQyY2VlMWMzYWNmYjk0ZTAxYmRlMTQyNWU1NTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaacw4mRs4SMuiqGDbDpObcaWNWJ
gvsHiBJxZU2/YIM84CzChv3DVh38eOb40ztOqvQ9oH7tgvE9w8PvDQsuTAtt0t1n
bGGRFYj/czJTpRV1XO+3RemUoUQKAdh5b5SpTI3Tmg8wuUqhlW2SZTRhC6xrzJnO
h/yGzw60KAXH93ThxLQv6qxpFI9ydLdAxIFWD+6WrDn21C8fi2D7aBhMxiVJyW6X
Nwib8gIGK0bU178d3nqor4bm2ItJdSdHbVTD2myhlgld09WqiimmE4jzApZ/wvqR
CemEwa7Srao7oT9I9hdsF5i1U1GHleBi2jxSQYoucLbSAgK2UjPAPFIELwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFGTh/1ebpCzuHDrPuU4BveFCXlVJMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvWk9IX1Y1dWtMTzRjT3MtNVRnRzk0VUplVlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDB8BAIAATB2MAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQwDAMEALnmDQMEALnmDgMEANXRigMEANXRjwMEANXRkgME
ANXRlgMEANXRnQMEANXRnzAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcN
AQELBQADggEBALEYbBc7zXk73Pjm4A5wBTAEJpmirK3kibKnBhQATDm9aGfCHr+o
QTWguTPGBekNBR7CH0xz7lwOSEuU6xDxk2Ihhfc3K/xeiPzmBMs+lnqi8qeWrz1x
i+QEm5MTf/894pik3glL+fqjUUHKlSi3G+E3Vs54KTgFK32iTSrgcZgrAKVxGKIX
TqrqyVAmB/O81NBslosXtvaZ8fuC5IzcMJ+X7LcOpxp2OV1T+cD6Pg7xQIGOMqNe
Pge1hPkb2MvMuBO4ZnGQF/nmiJST67CV6R0hnLL53H6/FpCETEDU1m+4hXxPGVsV
Pu77Zs87EdWCBBNA+piZ2o6iTGT+AZ2zr0c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org