Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/d9hdQ_MKRtY5xHbnzOCrfo-sORU.roa
File:                     d9hdQ_MKRtY5xHbnzOCrfo-sORU.roa (raw, json)
Hash identifier:          QA3P6Sb47j4G0z3TTHwE4abhtVeSs8WXVbgoTBbsJN4=
Subject key identifier:   77:D8:5D:43:F3:0A:46:D6:39:C4:76:E7:CC:E0:AB:7E:8F:AC:39:15
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01856F825E81D0FCF6887FC15250FCC99414
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/d9hdQ_MKRtY5xHbnzOCrfo-sORU.roa
Signing time:             Sun 01 Jan 2023 22:44:52 +0000
ROA not before:           Sun 01 Jan 2023 22:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209372
IP address blocks:        213.209.131.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.137.0/24 maxlen: 24
                          213.209.135.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          213.209.154.0/24 maxlen: 24
                          213.209.155.0/24 maxlen: 24
                          213.209.153.0/24 maxlen: 24
                          77.90.159.0/24 maxlen: 24
                          77.90.158.0/24 maxlen: 24
                          77.90.165.0/24 maxlen: 24
                          77.90.160.0/24 maxlen: 24
                          77.90.163.0/24 maxlen: 24
                          77.90.161.0/24 maxlen: 24
                          77.90.162.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.167.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.182.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:82:5e:81:d0:fc:f6:88:7f:c1:52:50:fc:c9:94:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  1 22:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77d85d43f30a46d639c476e7cce0ab7e8fac3915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ba:7b:33:f3:7d:c3:a4:7f:0d:bc:bd:e4:cd:
                    be:6d:9f:c0:ce:7a:6f:53:8f:32:a7:00:f6:be:d3:
                    fe:a5:fd:d6:30:c5:ea:54:2c:b5:2a:37:35:af:2c:
                    53:a3:aa:8f:9c:a6:f9:f3:b1:92:cb:62:1d:db:9c:
                    28:8f:3a:4e:59:71:8c:ef:f7:ca:1e:fd:68:31:b3:
                    f1:c3:1a:df:a2:0f:e7:b9:ce:fa:52:29:26:cc:dc:
                    f0:49:0d:d7:4e:3b:8a:83:b7:22:87:b6:e8:ff:a3:
                    85:0f:23:67:e6:15:7a:9c:41:62:3d:b9:e3:fc:ba:
                    ee:40:ab:61:8c:b3:7a:38:a3:52:cb:c7:66:e8:56:
                    3a:d7:38:69:9a:b5:4e:40:16:a7:7b:c9:8a:6c:7e:
                    13:cf:1b:65:1c:57:d9:93:ea:2d:5d:1b:28:93:37:
                    bb:ce:d5:ea:62:f7:f7:0e:3e:0e:b9:8e:de:d8:4f:
                    6f:11:5b:a9:fb:5b:cc:d2:e4:5d:87:09:34:38:e6:
                    0d:0d:2f:59:cc:84:5f:4f:69:d3:b1:af:5b:f0:d5:
                    43:71:39:cb:a3:39:d3:9c:bc:d9:e0:5c:f9:15:73:
                    cf:69:dd:39:57:6a:75:fa:a0:2f:e8:d3:93:93:d0:
                    ba:c6:47:6b:9c:ee:42:f1:52:37:e2:4c:56:ff:1b:
                    91:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D8:5D:43:F3:0A:46:D6:39:C4:76:E7:CC:E0:AB:7E:8F:AC:39:15
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/d9hdQ_MKRtY5xHbnzOCrfo-sORU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.158.0-77.90.163.255
                  77.90.165.0/24
                  77.90.167.0/24
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.177.0/24
                  77.90.182.0/24
                  77.90.186.0/24
                  213.209.131.0/24
                  213.209.135.0/24
                  213.209.137.0/24
                  213.209.139.0/24
                  213.209.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:52:63:7b:59:ce:d7:d7:28:4b:87:ca:dd:e9:cd:03:29:85:
         bf:45:74:4d:d7:a1:b5:37:1b:92:c1:d3:b8:a9:3f:f3:1b:24:
         b6:6a:b8:9d:d3:1d:98:86:6d:8a:42:e4:a2:85:1a:31:74:10:
         51:0d:41:19:03:4c:d3:bf:31:4c:4b:fd:56:50:0a:33:66:d3:
         4a:d8:72:92:74:b3:3c:f0:b3:3d:75:a6:1d:a0:de:21:5a:ca:
         31:41:5f:35:3d:29:c2:bc:71:5d:54:06:ef:ab:10:5e:07:69:
         fb:21:d1:a1:ad:29:5c:77:26:0c:81:0d:09:b6:36:7e:27:c5:
         1a:d3:45:64:90:bc:75:0c:a7:a0:53:fb:25:56:a3:69:6a:58:
         31:97:45:4e:1a:97:d5:5c:36:bd:5a:c1:a4:df:7c:be:8d:14:
         ea:73:d7:10:10:3c:87:85:3b:3b:1c:a7:e6:70:85:03:25:ba:
         3d:f5:e3:bc:46:fb:90:ed:1e:1d:06:08:4f:05:c3:e5:8c:5c:
         1c:d3:d7:1f:97:04:f2:97:9e:21:d5:c2:7e:bb:35:46:68:75:
         42:75:d6:8e:af:77:56:83:15:2b:82:77:00:17:83:b4:4b:8e:
         eb:40:ce:0a:8f:e0:a5:1c:8b:ee:bc:9c:fd:85:f4:e4:92:6a:
         b8:b8:89:fb
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYVvgl6B0Pz2iH/BUlD8yZQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwMTAxMjI0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Q4NWQ0M2YzMGE0NmQ2MzljNDc2ZTdjY2UwYWI3ZThmYWMzOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrp7M/N9w6R/Dby95M2+bZ/Aznpv
U48ypwD2vtP+pf3WMMXqVCy1Kjc1ryxTo6qPnKb587GSy2Id25wojzpOWXGM7/fK
Hv1oMbPxwxrfog/nuc76UikmzNzwSQ3XTjuKg7cih7bo/6OFDyNn5hV6nEFiPbnj
/LruQKthjLN6OKNSy8dm6FY61zhpmrVOQBane8mKbH4TzxtlHFfZk+otXRsokze7
ztXqYvf3Dj4OuY7e2E9vEVup+1vM0uRdhwk0OOYNDS9ZzIRfT2nTsa9b8NVDcTnL
oznTnLzZ4Fz5FXPPad05V2p1+qAv6NOTk9C6xkdrnO5C8VI34kxW/xuRrwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFHfYXUPzCkbWOcR258zgq36PrDkVMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvZDloZFFfTUtSdFk1eEhibnpPQ3Jmby1zT1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeMAwDBAFNWp4D
BAJNWqADBABNWqUDBABNWqcwDAMEAE1aqQMEAE1arAMEAE1arwMEAE1asQMEAE1a
tgMEAE1augMEANXRgwMEANXRhwMEANXRiQMEANXRiwMEAtXRmDANBgkqhkiG9w0B
AQsFAAOCAQEAR1Jje1nO19coS4fK3enNAymFv0V0TdehtTcbksHTuKk/8xsktmq4
ndMdmIZtikLkooUaMXQQUQ1BGQNM078xTEv9VlAKM2bTSthyknSzPPCzPXWmHaDe
IVrKMUFfNT0pwrxxXVQG76sQXgdp+yHRoa0pXHcmDIENCbY2fifFGtNFZJC8dQyn
oFP7JVajaWpYMZdFThqX1Vw2vVrBpN98vo0U6nPXEBA8h4U7Oxyn5nCFAyW6PfXj
vEb7kO0eHQYITwXD5YxcHNPXH5cE8peeIdXCfrs1Rmh1QnXWjq93VoMVK4J3ABeD
tEuO60DOCo/gpRyL7ryc/YX05JJquLiJ+w==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:08 2023 by rpki-client on console-ams.rpki-client.org