Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sPM28V52YsLBvHVubJMEARAA5ms.roa
File:                     sPM28V52YsLBvHVubJMEARAA5ms.roa (raw, json)
Hash identifier:          IPXtr70SW7guoJnMpn0lx37KZDn3EkDN02piE8mmkMY=
Subject key identifier:   B0:F3:36:F1:5E:76:62:C2:C1:BC:75:6E:6C:93:04:01:10:00:E6:6B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018C6E1B35F38F5A03CB2EC07E71990C4D6F
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sPM28V52YsLBvHVubJMEARAA5ms.roa
Signing time:             Fri 15 Dec 2023 15:32:06 +0000
ROA not before:           Fri 15 Dec 2023 15:32:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.154.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1280:24::/64 maxlen: 64
                          2a04:29c7:1300:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Tue 26 Dec 2023 11:34:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6e:1b:35:f3:8f:5a:03:cb:2e:c0:7e:71:99:0c:4d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Dec 15 15:32:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0f336f15e7662c2c1bc756e6c9304011000e66b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:26:54:4f:fc:fd:ea:11:ec:d7:d9:51:e3:28:
                    44:be:e3:07:e4:75:32:5f:d8:f6:f7:42:61:e6:92:
                    26:84:7d:a8:e6:70:b3:56:74:6a:9a:3a:fa:8b:00:
                    cd:25:4c:af:04:09:fb:0f:a9:7a:f3:96:c5:74:f8:
                    5d:3f:5d:e1:99:b2:30:9d:ef:0b:6d:71:f5:f2:18:
                    58:62:1c:0f:5b:54:c2:95:49:89:0b:a2:08:d9:98:
                    9b:49:0a:c9:dd:9f:a7:19:1b:58:35:c2:f8:80:45:
                    f0:5a:b9:29:f4:a3:35:3b:64:6c:8c:6e:ef:cf:bd:
                    f7:6a:f5:1a:39:c7:de:c5:39:83:ba:fc:8e:45:1e:
                    e5:e6:6e:bb:dc:a5:9e:98:26:08:6c:c4:e8:f8:4b:
                    6a:60:e2:d2:ed:75:fa:1e:57:cb:fc:6e:4f:c6:18:
                    3e:3b:de:a7:38:c4:7f:4e:98:8c:3f:55:94:62:70:
                    77:35:c2:9f:e8:d1:ce:71:15:33:24:4e:fa:76:0b:
                    06:2a:2f:ea:f4:32:58:f7:c9:44:d5:3e:fa:33:b0:
                    52:fc:99:42:7f:4d:8d:76:6e:4f:ce:5c:96:fb:90:
                    e0:05:1b:cb:c3:6f:7f:f2:19:cf:ce:e5:bc:00:fd:
                    c7:d5:67:f4:55:32:66:e8:39:0a:bd:75:37:2a:3c:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F3:36:F1:5E:76:62:C2:C1:BC:75:6E:6C:93:04:01:10:00:E6:6B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/sPM28V52YsLBvHVubJMEARAA5ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.134.255
                  77.90.136.0/23
                  77.90.140.0/24
                  77.90.142.0-77.90.148.255
                  77.90.153.0-77.90.154.255
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.138.0/24
                  213.209.145.0/24
                  213.209.150.0/24
                  213.209.157.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:34:a8:bb:1c:f8:e3:b6:7b:29:3a:5e:b7:cf:42:ce:b4:01:
         3c:66:08:16:8c:03:62:13:54:96:31:ec:15:d2:43:15:a9:ce:
         ae:be:1f:58:4a:d7:98:57:89:e6:d7:4a:9e:51:19:7d:e3:6b:
         af:e7:43:82:0e:0e:84:ba:75:81:f0:58:fd:b5:a5:35:6f:cd:
         c0:0e:8d:a2:c8:eb:2b:90:c1:61:88:2b:ae:e2:c1:a0:a0:5e:
         0c:af:53:c0:94:db:9c:02:57:e6:64:df:3c:c2:8e:41:30:fb:
         6b:a6:62:e6:dd:79:6b:21:f4:b4:9e:98:21:31:b2:c7:ae:a6:
         74:81:46:e7:77:7b:af:b1:65:70:b8:85:28:e2:fa:38:98:70:
         ba:71:31:cb:6b:05:53:83:30:62:37:ad:92:7c:a7:07:9a:04:
         b2:b6:94:2d:74:1c:44:ff:bd:e9:96:d9:e5:ee:4e:b6:1f:9f:
         fb:30:9d:63:8a:c9:e8:97:1b:82:68:fb:ea:d8:90:de:e1:4b:
         bd:60:8f:ac:03:3a:6a:d0:ba:3c:58:2e:5c:fd:f6:80:b4:7b:
         23:a7:66:33:b5:ef:3f:48:18:a1:8d:fa:1c:03:ce:ba:e3:07:
         c1:05:c5:99:9e:26:16:de:8b:23:a5:41:6b:f2:d6:e2:38:7c:
         3c:92:3d:1d
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAYxuGzXzj1oDyy7AfnGZDE1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMxMjE1MTUzMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYzMzZmMTVlNzY2MmMyYzFiYzc1NmU2YzkzMDQwMTEwMDBlNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyZUT/z96hHs19lR4yhEvuMH5HUy
X9j290Jh5pImhH2o5nCzVnRqmjr6iwDNJUyvBAn7D6l685bFdPhdP13hmbIwne8L
bXH18hhYYhwPW1TClUmJC6II2ZibSQrJ3Z+nGRtYNcL4gEXwWrkp9KM1O2RsjG7v
z733avUaOcfexTmDuvyORR7l5m673KWemCYIbMTo+EtqYOLS7XX6HlfL/G5Pxhg+
O96nOMR/TpiMP1WUYnB3NcKf6NHOcRUzJE76dgsGKi/q9DJY98lE1T76M7BS/JlC
f02Ndm5PzlyW+5DgBRvLw29/8hnPzuW8AP3H1Wf0VTJm6DkKvXU3KjzKgQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFLDzNvFedmLCwbx1bmyTBAEQAOZrMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvc1BNMjhWNTJZc0xCdkhWdWJKTUVBUkFBNW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDB8BAIAATB2MAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiAMEAE1ajDAMAwQBTVqOAwQATVqU
MAwDBABNWpkDBABNWpoDBABNWrwwDAMEALnmDQMEALnmDgMEANXRgQMEANXRigME
ANXRkQMEANXRlgMEANXRnTAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcN
AQELBQADggEBAFI0qLsc+OO2eyk6XrfPQs60ATxmCBaMA2ITVJYx7BXSQxWpzq6+
H1hK15hXiebXSp5RGX3ja6/nQ4IODoS6dYHwWP21pTVvzcAOjaLI6yuQwWGIK67i
waCgXgyvU8CU25wCV+Zk3zzCjkEw+2umYubdeWsh9LSemCExsseupnSBRud3e6+x
ZXC4hSji+jiYcLpxMctrBVODMGI3rZJ8pweaBLK2lC10HET/vemW2eXuTrYfn/sw
nWOKyeiXG4Jo++rYkN7hS71gj6wDOmrQujxYLlz99oC0eyOnZjO17z9IGKGN+hwD
zrrjB8EFxZmeJhbeiyOlQWvy1uI4fDySPR0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:26 2024 by rpki-client on console-ams.rpki-client.org