Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cufmjGiMOY3Rz380BrZKDuxGXvQ.roa
File:                     cufmjGiMOY3Rz380BrZKDuxGXvQ.roa (raw, json)
Hash identifier:          NasMReaQ7Z5KW+Y6ULl71CGggYk/c76TcMLuwsYfI/o=
Subject key identifier:   72:E7:E6:8C:68:8C:39:8D:D1:CF:7F:34:06:B6:4A:0E:EC:46:5E:F4
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018ACD16C987196F18CB6A46299F1E3DD2A2
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cufmjGiMOY3Rz380BrZKDuxGXvQ.roa
Signing time:             Mon 25 Sep 2023 16:05:37 +0000
ROA not before:           Mon 25 Sep 2023 16:05:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Tue 26 Sep 2023 08:55:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cd:16:c9:87:19:6f:18:cb:6a:46:29:9f:1e:3d:d2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Sep 25 16:05:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72e7e68c688c398dd1cf7f3406b64a0eec465ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c2:9a:a6:94:df:93:f7:e1:3b:84:6b:9a:d4:
                    bc:bc:95:85:30:a0:d8:ad:3d:36:83:15:3d:df:5b:
                    01:10:2f:e5:49:12:d8:a3:cd:40:f2:c9:78:fa:c6:
                    59:e5:55:d9:48:c8:99:e4:7b:de:b4:9b:74:4f:d8:
                    e4:82:e9:d3:5e:3f:5b:c0:f7:95:d7:ec:1a:ba:e7:
                    74:fa:b1:54:73:70:5a:7a:24:5a:c1:76:09:8f:04:
                    35:7c:e7:11:98:cf:e7:d5:69:f4:15:d6:63:c9:56:
                    c6:42:32:f1:b8:86:4c:03:a9:35:d2:c0:0f:42:6c:
                    a0:49:1f:ad:cd:91:de:3e:b4:86:8f:6b:29:4e:82:
                    75:46:ca:c7:0f:5a:37:ea:a7:e7:f4:54:88:40:b4:
                    c7:83:36:8b:5d:6a:7a:78:97:7b:bc:7a:eb:6b:7f:
                    23:8d:e8:7b:d1:8d:a9:24:19:6a:b4:2b:8f:e6:2e:
                    3f:c5:58:c5:c1:d7:3f:e3:76:f7:87:7d:e5:3e:7a:
                    fe:95:60:90:ce:4c:0b:5c:ea:c2:7a:e4:70:80:eb:
                    38:e7:05:39:31:d0:1c:5b:a1:c0:16:4c:67:e3:ac:
                    a5:97:61:fd:a8:8a:05:f2:84:87:af:4b:1a:dc:1d:
                    5c:c0:d3:05:d1:3e:c5:ca:50:03:b5:d3:db:26:de:
                    fc:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E7:E6:8C:68:8C:39:8D:D1:CF:7F:34:06:B6:4A:0E:EC:46:5E:F4
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/cufmjGiMOY3Rz380BrZKDuxGXvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.13.0-185.230.15.255
                  213.209.138.0/24
                  213.209.146.0/24
                  213.209.150.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:0c:eb:fd:e6:01:14:34:59:d5:6f:e7:d5:8f:67:48:b9:46:
         2a:73:7c:ab:4c:82:5b:e6:9d:72:60:c4:9c:4c:11:54:f0:dd:
         4c:ea:20:dc:c6:b3:7b:6e:11:8c:d4:b2:51:f9:65:c0:93:bb:
         40:a9:46:b3:33:3e:1e:9f:41:3b:be:ee:e5:fa:ef:36:ca:57:
         94:8d:18:b8:7b:92:d3:a4:7d:3a:ae:cc:fe:de:3b:a9:c7:d4:
         cd:7d:be:dc:b1:56:11:d1:cf:f9:40:38:eb:b1:a0:7a:4e:6b:
         93:5c:82:e6:d0:aa:9f:3a:5e:f2:c4:e2:70:5b:76:e9:31:6c:
         39:9c:3b:13:9d:64:a1:d3:35:18:81:29:a8:9b:38:1d:2e:bb:
         19:aa:a4:fc:a7:e4:0c:88:ec:b3:4b:27:43:3c:8d:c5:83:a9:
         4c:64:4b:c4:9c:1b:df:f8:df:f1:15:ae:4b:b0:99:f7:4d:2a:
         0d:ce:47:88:08:a6:83:e1:40:76:7c:b1:94:26:9f:2c:12:1e:
         20:ac:34:92:76:c6:93:18:cf:7b:d8:29:bd:e9:ea:63:f5:3f:
         e5:0e:a2:ac:c0:c0:71:bc:9e:b5:07:5d:56:9c:09:43:b9:87:
         29:ff:1c:24:d2:a2:60:4f:1a:63:6e:52:ee:74:e0:ee:2d:bd:
         5b:74:50:92
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgISAYrNFsmHGW8Yy2pGKZ8ePdKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwOTI1MTYwNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU3ZTY4YzY4OGMzOThkZDFjZjdmMzQwNmI2NGEwZWVjNDY1ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMKappTfk/fhO4RrmtS8vJWFMKDY
rT02gxU931sBEC/lSRLYo81A8sl4+sZZ5VXZSMiZ5HvetJt0T9jkgunTXj9bwPeV
1+wauud0+rFUc3BaeiRawXYJjwQ1fOcRmM/n1Wn0FdZjyVbGQjLxuIZMA6k10sAP
QmygSR+tzZHePrSGj2spToJ1RsrHD1o36qfn9FSIQLTHgzaLXWp6eJd7vHrra38j
jeh70Y2pJBlqtCuP5i4/xVjFwdc/43b3h33lPnr+lWCQzkwLXOrCeuRwgOs45wU5
MdAcW6HAFkxn46yll2H9qIoF8oSHr0sa3B1cwNMF0T7FylADtdPbJt78kwIDAQAB
o4IChjCCAoIwHQYDVR0OBBYEFHLn5oxojDmN0c9/NAa2Sg7sRl70MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvY3VmbWpHaU1PWTNSejM4MEJyWktEdXhHWHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGbBggrBgEFBQcBBwEB/wSBizCBiDBwBAIAATBqMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQwDAMEALnmDQMEBLnmAAMEANXRigMEANXRkgMEANXRlgME
ANXRnzAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAIgM
6/3mARQ0WdVv59WPZ0i5RipzfKtMglvmnXJgxJxMEVTw3UzqINzGs3tuEYzUslH5
ZcCTu0CpRrMzPh6fQTu+7uX67zbKV5SNGLh7ktOkfTquzP7eO6nH1M19vtyxVhHR
z/lAOOuxoHpOa5NcgubQqp86XvLE4nBbdukxbDmcOxOdZKHTNRiBKaibOB0uuxmq
pPyn5AyI7LNLJ0M8jcWDqUxkS8ScG9/43/EVrkuwmfdNKg3OR4gIpoPhQHZ8sZQm
nywSHiCsNJJ2xpMYz3vYKb3p6mP1P+UOoqzAwHG8nrUHXVacCUO5hyn/HCTSomBP
GmNuUu504O4tvVt0UJI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org