Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/zzSOoEe1fYqLkpuZF9r2rn_A3nA.roa
File:                     zzSOoEe1fYqLkpuZF9r2rn_A3nA.roa (raw, json)
Hash identifier:          YG20MS5Dkr0wlEe3Zd2Ov1Ulo0Y/J10ia1ux5VxuJeU=
Subject key identifier:   CF:34:8E:A0:47:B5:7D:8A:8B:92:9B:99:17:DA:F6:AE:7F:C0:DE:70
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01856F8258A602EC689E8481FF94FE71CD5D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/zzSOoEe1fYqLkpuZF9r2rn_A3nA.roa
Signing time:             Sun 01 Jan 2023 22:44:51 +0000
ROA not before:           Sun 01 Jan 2023 22:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42821
IP address blocks:        77.90.129.0/24 maxlen: 24
                          77.90.128.0/24 maxlen: 24
                          77.90.130.0/24 maxlen: 24
                          77.90.132.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.136.0/24 maxlen: 24
                          77.90.135.0/24 maxlen: 24
                          77.90.137.0/24 maxlen: 24
                          77.90.133.0/24 maxlen: 24
                          77.90.134.0/24 maxlen: 24
                          77.90.143.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
                          77.90.144.0/24 maxlen: 24
                          77.90.140.0/24 maxlen: 24
                          77.90.147.0/24 maxlen: 24
                          77.90.146.0/24 maxlen: 24
                          77.90.148.0/24 maxlen: 24
                          77.90.156.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.184.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.138.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          213.209.150.0/24 maxlen: 24
                          213.209.159.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          2a04:29c2::/32 maxlen: 32
                          2a04:29c7:1290:24::/64 maxlen: 64
                          2a04:29c7:1371:6027::/64 maxlen: 64
                          2a04:29c7:1280:27::/64 maxlen: 64
                          2a04:29c7:1420::/48 maxlen: 48
                          2a04:29c7::/32 maxlen: 32
                          2a04:29c7:1300:24::/64 maxlen: 64
                          2a04:29c7:1280:24::/64 maxlen: 64

Validation:               Failed, certificate revoked on Mon 02 Jan 2023 10:08:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:82:58:a6:02:ec:68:9e:84:81:ff:94:fe:71:cd:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  1 22:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf348ea047b57d8a8b929b9917daf6ae7fc0de70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:15:db:f3:d3:f9:26:f2:d4:ef:22:d1:d7:76:
                    84:b9:0d:52:a5:db:79:ea:7f:d5:1f:70:7d:94:55:
                    57:da:a2:de:96:86:d5:b8:fa:e2:ee:7d:c2:de:8c:
                    19:28:67:a8:a3:e3:aa:6f:d9:68:86:44:38:92:dc:
                    c7:bc:83:a1:89:ce:24:bf:f1:6a:04:9a:52:43:8b:
                    c9:66:d2:71:c1:85:5e:5d:9a:7e:58:06:0c:9f:87:
                    d8:44:93:34:48:1f:38:8f:aa:24:21:1c:50:6d:ca:
                    53:81:d4:ea:74:71:b0:db:1e:3c:63:3b:99:8e:29:
                    cc:75:1c:a9:05:c4:7a:88:1c:9b:77:94:1b:13:17:
                    d4:36:6f:15:6e:68:1d:3d:4c:5e:a3:80:18:59:6e:
                    8d:b2:e2:97:17:de:c2:1a:36:39:b1:36:bb:b6:85:
                    0f:26:f4:93:b7:09:35:01:a9:8f:93:c5:39:8f:07:
                    f8:9d:fb:64:82:89:f2:98:a1:87:aa:b3:4d:ea:50:
                    20:20:68:b3:3e:79:f9:4e:b5:e9:f2:2c:cd:95:94:
                    86:f8:0a:15:48:6b:f3:63:4a:6c:2e:01:e5:52:78:
                    ed:ac:51:5d:64:60:81:f2:c5:db:85:b4:cd:7d:11:
                    72:ee:b9:e0:96:a4:bf:76:25:70:79:8b:d2:98:49:
                    82:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:34:8E:A0:47:B5:7D:8A:8B:92:9B:99:17:DA:F6:AE:7F:C0:DE:70
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/zzSOoEe1fYqLkpuZF9r2rn_A3nA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.128.0-77.90.130.255
                  77.90.132.0-77.90.137.255
                  77.90.140.0/24
                  77.90.142.0-77.90.144.255
                  77.90.146.0-77.90.148.255
                  77.90.153.0/24
                  77.90.156.0/24
                  77.90.184.0/24
                  185.230.14.0/24
                  213.209.129.0/24
                  213.209.136.0/24
                  213.209.138.0/24
                  213.209.145.0/24
                  213.209.150.0/23
                  213.209.157.0/24
                  213.209.159.0/24
                IPv6:
                  2a04:29c2::/32
                  2a04:29c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:49:7d:07:14:f2:54:64:a2:24:be:ea:73:9d:f2:29:4f:17:
         d1:b3:ee:e4:fc:9e:68:0e:fd:a8:be:fc:92:b3:1e:e7:1d:4f:
         69:ca:d5:3d:65:65:38:6c:e8:7b:35:9a:de:ee:a7:92:33:cb:
         92:d4:f8:c7:bc:6c:96:83:f3:3c:4d:c7:45:33:e5:4c:2f:56:
         a6:ea:5a:9f:79:99:cb:75:96:31:36:9c:49:c3:a1:8c:4d:e8:
         86:58:fd:7d:b1:92:43:07:45:7e:e1:ad:b4:13:13:a6:76:b6:
         56:da:8c:45:12:ea:14:97:15:8a:52:d3:84:88:42:38:c0:53:
         96:ad:f3:2c:a4:b9:af:15:da:73:cb:f0:b1:3a:4f:9d:36:23:
         bc:d6:0b:a6:20:8a:32:ba:76:f7:40:b0:09:ac:49:9c:10:c4:
         34:d3:6c:b8:76:2d:2a:a5:63:6d:4e:17:92:6a:93:ac:1f:1c:
         08:24:a7:5c:d7:20:ea:25:e7:14:66:8d:a3:b2:38:f3:e8:49:
         ba:80:30:70:21:aa:16:c2:6b:55:79:ea:67:79:c9:ed:dc:cb:
         9a:d8:03:5b:51:ab:a5:95:ef:8d:b6:9e:3a:5f:9f:de:b5:37:
         31:fb:44:9b:0a:80:41:da:ab:cd:8b:69:93:bf:99:79:05:70:
         21:47:22:bb
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAYVvglimAuxonoSB/5T+cc1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwMTAxMjI0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjM0OGVhMDQ3YjU3ZDhhOGI5MjliOTkxN2RhZjZhZTdmYzBkZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRXb89P5JvLU7yLR13aEuQ1Spdt5
6n/VH3B9lFVX2qLelobVuPri7n3C3owZKGeoo+Oqb9lohkQ4ktzHvIOhic4kv/Fq
BJpSQ4vJZtJxwYVeXZp+WAYMn4fYRJM0SB84j6okIRxQbcpTgdTqdHGw2x48YzuZ
jinMdRypBcR6iBybd5QbExfUNm8VbmgdPUxeo4AYWW6NsuKXF97CGjY5sTa7toUP
JvSTtwk1AamPk8U5jwf4nftkgonymKGHqrNN6lAgIGizPnn5TrXp8izNlZSG+AoV
SGvzY0psLgHlUnjtrFFdZGCB8sXbhbTNfRFy7rnglqS/diVweYvSmEmCGQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFM80jqBHtX2Ki5KbmRfa9q5/wN5wMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvenpTT29FZTFmWXFMa3B1WkY5cjJybl9BM25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBhwQCAAEwgYAwDAME
B01agAMEAE1agjAMAwQCTVqEAwQBTVqIAwQATVqMMAwDBAFNWo4DBABNWpAwDAME
AU1akgMEAE1alAMEAE1amQMEAE1anAMEAE1auAMEALnmDgMEANXRgQMEANXRiAME
ANXRigMEANXRkQMEAdXRlgMEANXRnQMEANXRnzAUBAIAAjAOAwUAKgQpwgMFACoE
KccwDQYJKoZIhvcNAQELBQADggEBAJJJfQcU8lRkoiS+6nOd8ilPF9Gz7uT8nmgO
/ai+/JKzHucdT2nK1T1lZThs6Hs1mt7up5Izy5LU+Me8bJaD8zxNx0Uz5UwvVqbq
Wp95mct1ljE2nEnDoYxN6IZY/X2xkkMHRX7hrbQTE6Z2tlbajEUS6hSXFYpS04SI
QjjAU5at8yykua8V2nPL8LE6T502I7zWC6YgijK6dvdAsAmsSZwQxDTTbLh2LSql
Y21OF5Jqk6wfHAgkp1zXIOol5xRmjaOyOPPoSbqAMHAhqhbCa1V56md5ye3cy5rY
A1tRq6WV7422njpfn961NzH7RJsKgEHaq82LaZO/mXkFcCFHIrs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:07 2024 by rpki-client on console-fra.rpki-client.org