Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZSevz01IDSpoKpYX_LyprjwfBzM.roa
File:                     ZSevz01IDSpoKpYX_LyprjwfBzM.roa (raw, json)
Hash identifier:          kt/KLNh9gaUZQRj/hsWQmBOKfxE0LboKh6E0p8GunD4=
Subject key identifier:   65:27:AF:CF:4D:48:0D:2A:68:2A:96:17:FC:BC:A9:AE:3C:1F:07:33
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018B475FDCA27450375E2D33B123FB339E1A
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZSevz01IDSpoKpYX_LyprjwfBzM.roa
Signing time:             Thu 19 Oct 2023 09:59:06 +0000
ROA not before:           Thu 19 Oct 2023 09:59:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Mon 23 Oct 2023 15:15:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:47:5f:dc:a2:74:50:37:5e:2d:33:b1:23:fb:33:9e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Oct 19 09:59:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6527afcf4d480d2a682a9617fcbca9ae3c1f0733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:af:12:34:40:7c:39:b6:8d:5b:51:00:02:0d:
                    16:bd:b7:80:4d:0c:d0:c2:e4:2a:ff:a7:d7:dd:a5:
                    3d:a2:84:11:3f:73:2d:ec:99:e8:af:2a:2b:30:5f:
                    57:75:a1:02:04:8d:1c:a9:ea:af:ab:61:e7:eb:a6:
                    78:b9:16:73:8b:73:c2:2f:50:a6:4d:7f:ea:99:07:
                    bc:e0:e6:79:74:55:ed:69:14:d3:26:7e:fb:65:3d:
                    11:05:cd:99:69:03:e3:8c:78:91:61:9b:db:76:7a:
                    9f:cc:ac:1b:92:df:c9:44:ee:1a:a8:a5:ad:b8:0e:
                    38:7d:04:60:e5:79:8d:85:6f:cf:69:4f:2a:c1:a1:
                    a5:f0:19:aa:d0:70:43:7b:c0:6e:f4:f1:e2:57:aa:
                    03:f5:51:56:29:5b:4b:54:e7:70:74:5e:2d:b8:73:
                    e7:c9:06:65:ea:ae:41:35:99:3c:77:11:af:24:79:
                    bd:78:7b:91:d4:3c:dc:0f:7b:f3:16:c8:0b:59:ec:
                    d6:2c:e1:0a:2b:93:33:6c:a1:fa:a9:c7:c4:73:94:
                    a8:39:99:20:18:4a:13:92:bd:54:43:11:93:49:e7:
                    e0:9e:9a:bc:a7:bb:ab:07:56:19:c2:aa:17:68:af:
                    7a:51:07:e0:96:ab:93:8d:62:92:26:22:79:5a:4d:
                    cd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:27:AF:CF:4D:48:0D:2A:68:2A:96:17:FC:BC:A9:AE:3C:1F:07:33
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZSevz01IDSpoKpYX_LyprjwfBzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.14.0/24
                  213.209.138.0/24
                  213.209.145.0-213.209.146.255
                  213.209.150.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:79:6c:31:c7:63:5d:aa:67:d8:ef:89:98:4c:34:c8:fc:53:
         f0:5b:28:b1:5b:f5:3f:6f:c7:6e:e9:b9:cd:5e:72:98:fc:b1:
         a8:42:8b:89:f7:4c:64:06:d4:ec:c1:dd:0e:b7:f6:e9:6f:68:
         1c:87:10:f4:a9:64:83:91:8d:63:a4:60:8e:0e:a5:87:13:41:
         32:ed:87:96:36:f5:3a:ef:4d:21:33:85:d9:59:6e:ff:ef:5b:
         ea:f9:a4:81:37:3c:aa:95:30:c7:5f:1d:bb:be:53:d3:2a:7f:
         d8:38:bc:5a:7c:db:fb:41:40:02:41:28:5a:79:07:a4:7b:be:
         e9:37:48:ac:44:b9:05:7b:55:89:57:20:30:de:81:fb:72:3a:
         99:9a:0b:02:23:3a:bf:a5:86:0d:e2:1d:4f:97:74:18:64:83:
         ae:4d:ef:5e:bc:ed:83:29:dc:a3:b2:c6:63:f2:32:b3:de:be:
         c3:72:0c:10:ac:43:a7:b0:91:dc:34:4c:d0:3d:c8:a5:7d:62:
         47:01:25:ff:d4:ef:42:1a:38:9c:1d:9b:4e:4b:f7:ce:99:c6:
         97:1f:d4:45:60:f9:ff:25:09:cc:23:5a:6a:ba:33:be:a7:33:
         04:01:78:93:bb:f9:3e:2d:52:cb:39:d2:80:0d:1e:c5:8b:65:
         60:e4:ac:28
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAYtHX9yidFA3Xi0zsSP7M54aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMxMDE5MDk1OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI3YWZjZjRkNDgwZDJhNjgyYTk2MTdmY2JjYTlhZTNjMWYwNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK8SNEB8ObaNW1EAAg0WvbeATQzQ
wuQq/6fX3aU9ooQRP3Mt7JnoryorMF9XdaECBI0cqeqvq2Hn66Z4uRZzi3PCL1Cm
TX/qmQe84OZ5dFXtaRTTJn77ZT0RBc2ZaQPjjHiRYZvbdnqfzKwbkt/JRO4aqKWt
uA44fQRg5XmNhW/PaU8qwaGl8Bmq0HBDe8Bu9PHiV6oD9VFWKVtLVOdwdF4tuHPn
yQZl6q5BNZk8dxGvJHm9eHuR1DzcD3vzFsgLWezWLOEKK5MzbKH6qcfEc5SoOZkg
GEoTkr1UQxGTSefgnpq8p7urB1YZwqoXaK96UQfglquTjWKSJiJ5Wk3NfQIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFGUnr89NSA0qaCqWF/y8qa48HwczMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvWlNldnowMUlEU3BvS3BZWF9MeXByandmQnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBqBAIAATBkMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQDBAC55g4DBADV0YowDAMEANXRkQMEANXRkgMEANXRljAU
BAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBACR5bDHHY12q
Z9jviZhMNMj8U/BbKLFb9T9vx27puc1ecpj8sahCi4n3TGQG1OzB3Q639ulvaByH
EPSpZIORjWOkYI4OpYcTQTLth5Y29TrvTSEzhdlZbv/vW+r5pIE3PKqVMMdfHbu+
U9Mqf9g4vFp82/tBQAJBKFp5B6R7vuk3SKxEuQV7VYlXIDDegftyOpmaCwIjOr+l
hg3iHU+XdBhkg65N71687YMp3KOyxmPyMrPevsNyDBCsQ6ewkdw0TNA9yKV9YkcB
Jf/U70IaOJwdm05L986Zxpcf1EVg+f8lCcwjWmq6M76nMwQBeJO7+T4tUss50oAN
HsWLZWDkrCg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org