Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jiPz9GZcO64VWRPSDPaHWph-45c.roa
File:                     jiPz9GZcO64VWRPSDPaHWph-45c.roa (raw, json)
Hash identifier:          i4fD83rvp455a+qRLcoJ9d5zE5nlzWfg2eVOymlXpyU=
Subject key identifier:   8E:23:F3:F4:66:5C:3B:AE:15:59:13:D2:0C:F6:87:5A:98:7E:E3:97
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018B18F51153D6B484C59534A541A950112A
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jiPz9GZcO64VWRPSDPaHWph-45c.roa
Signing time:             Tue 10 Oct 2023 09:39:55 +0000
ROA not before:           Tue 10 Oct 2023 09:39:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          185.230.15.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Thu 19 Oct 2023 09:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:18:f5:11:53:d6:b4:84:c5:95:34:a5:41:a9:50:11:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Oct 10 09:39:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e23f3f4665c3bae155913d20cf6875a987ee397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:39:bb:9f:b6:b2:cc:44:51:50:9b:84:fc:fb:
                    cc:fe:c8:3e:c9:ee:3f:6e:e5:18:65:ed:5c:7b:d0:
                    e8:66:df:06:ca:e0:78:e1:0f:96:cf:ff:42:58:a8:
                    e5:f3:1c:e8:12:30:27:88:e4:78:42:de:e4:95:bf:
                    79:99:5e:f5:bb:60:b6:00:1c:9d:e7:2a:25:55:2f:
                    7b:85:d8:b7:b1:53:24:d9:28:5e:56:f8:cd:d6:b4:
                    5e:ca:01:c5:14:8f:37:5d:e6:a2:e2:91:3c:b2:d6:
                    f4:9e:ab:c1:df:28:df:d5:14:2c:b1:19:86:18:48:
                    a7:1c:ff:93:05:ce:e3:18:3d:96:f2:b7:3f:47:e0:
                    cb:da:8f:5f:16:9d:fd:cb:dc:50:34:76:96:cd:42:
                    06:cb:6b:29:b0:7d:5d:73:c1:a0:ba:24:19:3a:72:
                    5a:a7:9f:b5:93:c6:25:f3:58:9c:1d:3e:66:79:0d:
                    78:b5:4c:a5:ba:48:f7:35:14:66:ad:28:e1:9d:a1:
                    cf:58:0a:b1:ea:d4:ff:02:27:29:8d:bc:0c:0a:ce:
                    71:e9:06:a4:19:d7:e1:ec:f9:87:a3:53:e8:1e:dd:
                    12:07:5b:b6:c2:3a:9a:73:96:b0:b0:b6:e8:50:00:
                    49:0c:be:c8:ca:93:c5:67:6c:64:b6:9c:ac:dd:c1:
                    16:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:23:F3:F4:66:5C:3B:AE:15:59:13:D2:0C:F6:87:5A:98:7E:E3:97
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/jiPz9GZcO64VWRPSDPaHWph-45c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  185.230.14.0/23
                  213.209.138.0/24
                  213.209.145.0-213.209.146.255
                  213.209.150.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:5d:79:1b:a2:64:57:66:54:36:62:94:30:34:c1:9a:98:6f:
         8e:80:0b:71:c6:44:34:ec:52:1a:63:5e:c3:82:fc:76:51:77:
         87:29:1c:bc:9d:88:7b:b7:60:0c:35:84:9a:7f:e7:06:3c:5e:
         fe:57:74:85:e7:54:63:63:4f:a9:ea:30:17:f9:f6:f6:9d:60:
         9a:d0:5a:25:1d:a7:7b:7c:e5:37:4e:cd:60:87:91:4c:25:17:
         40:a5:a4:cc:f9:0b:97:53:f0:63:d1:44:14:2c:c1:a9:c3:f0:
         c4:7e:6f:3d:c5:e0:fd:1d:0e:b4:02:33:1e:2d:9d:96:17:36:
         04:f5:5b:a6:35:71:f1:4a:4a:fc:e1:0d:3a:a7:15:67:5f:2e:
         44:8f:2a:8c:45:89:57:9c:8f:df:a6:5c:9f:7f:85:1a:90:e5:
         e4:94:3f:4e:2f:aa:84:43:b9:e8:03:57:64:1b:cf:0d:1b:e9:
         0e:af:c8:cb:96:ec:0a:f3:ce:b6:0b:9a:ec:7f:41:11:1f:56:
         47:59:a4:72:45:a4:8e:dd:e6:7e:dc:60:22:b7:0b:db:01:00:
         30:ca:f1:da:c6:d8:d1:d8:0c:3c:ac:eb:72:b6:12:9f:21:cb:
         5a:44:94:f0:a5:4a:d4:d0:66:2a:53:aa:7f:30:d6:ec:de:40:
         3d:26:ed:c1
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAYsY9RFT1rSExZU0pUGpUBEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMxMDEwMDkzOTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTIzZjNmNDY2NWMzYmFlMTU1OTEzZDIwY2Y2ODc1YTk4N2VlMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzm7n7ayzERRUJuE/PvM/sg+ye4/
buUYZe1ce9DoZt8GyuB44Q+Wz/9CWKjl8xzoEjAniOR4Qt7klb95mV71u2C2AByd
5yolVS97hdi3sVMk2SheVvjN1rReygHFFI83Xeai4pE8stb0nqvB3yjf1RQssRmG
GEinHP+TBc7jGD2W8rc/R+DL2o9fFp39y9xQNHaWzUIGy2spsH1dc8GguiQZOnJa
p5+1k8Yl81icHT5meQ14tUylukj3NRRmrSjhnaHPWAqx6tT/AicpjbwMCs5x6Qak
Gdfh7PmHo1PoHt0SB1u2wjqac5awsLboUABJDL7IypPFZ2xktpys3cEWNwIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFI4j8/RmXDuuFVkT0gz2h1qYfuOXMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvamlQejlHWmNPNjRWV1JQU0RQYUhXcGgtNDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBqBAIAATBkMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqQ
MAwDBAFNWpIDBABNWpQDBAG55g4DBADV0YowDAMEANXRkQMEANXRkgMEANXRljAU
BAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAJFdeRuiZFdm
VDZilDA0wZqYb46AC3HGRDTsUhpjXsOC/HZRd4cpHLydiHu3YAw1hJp/5wY8Xv5X
dIXnVGNjT6nqMBf59vadYJrQWiUdp3t85TdOzWCHkUwlF0ClpMz5C5dT8GPRRBQs
wanD8MR+bz3F4P0dDrQCMx4tnZYXNgT1W6Y1cfFKSvzhDTqnFWdfLkSPKoxFiVec
j9+mXJ9/hRqQ5eSUP04vqoRDuegDV2Qbzw0b6Q6vyMuW7ArzzrYLmux/QREfVkdZ
pHJFpI7d5n7cYCK3C9sBADDK8drG2NHYDDys63K2Ep8hy1pElPClStTQZipTqn8w
1uzeQD0m7cE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:03 2024 by rpki-client on console-fra.rpki-client.org