Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/BYVv2GGCqaoeoPwYb8PYuiEp1ZI.roa
File:                     BYVv2GGCqaoeoPwYb8PYuiEp1ZI.roa (raw, json)
Hash identifier:          wCMxJvq0YuQMHdI75vHmUqC2uXcL5V2ZBghW+qX4j1k=
Subject key identifier:   05:85:6F:D8:61:82:A9:AA:1E:A0:FC:18:6F:C3:D8:BA:21:29:D5:92
Certificate issuer:       /CN=759d6afb8ddf8f8c0dd660790edcba1f3b370c63
Certificate serial:       018C4E63ECCCEBFFDF3CB9ADA255C78057A4
Authority key identifier: 75:9D:6A:FB:8D:DF:8F:8C:0D:D6:60:79:0E:DC:BA:1F:3B:37:0C:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/BYVv2GGCqaoeoPwYb8PYuiEp1ZI.roa
Signing time:             Sat 09 Dec 2023 11:43:40 +0000
ROA not before:           Sat 09 Dec 2023 11:43:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60631
IP address blocks:        185.8.172.0/24 maxlen: 24
                          185.8.174.0/24 maxlen: 24
                          185.8.173.0/24 maxlen: 24
                          185.8.175.0/24 maxlen: 24
                          130.185.75.0/24 maxlen: 24
                          130.185.74.0/24 maxlen: 24
                          130.185.76.0/24 maxlen: 24
                          130.185.78.0/23 maxlen: 23
                          130.185.78.0/24 maxlen: 24
                          130.185.77.0/24 maxlen: 24
                          130.185.73.0/24 maxlen: 24
                          130.185.72.0/24 maxlen: 24
                          130.185.79.0/24 maxlen: 24
                          185.208.174.0/24 maxlen: 24
                          185.208.175.0/24 maxlen: 24
                          2a03:2dc0:1000::/36 maxlen: 36
                          2a03:2dc0::/36 maxlen: 36
                          2a03:2dc0:2000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:4e:63:ec:cc:eb:ff:df:3c:b9:ad:a2:55:c7:80:57:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=759d6afb8ddf8f8c0dd660790edcba1f3b370c63
        Validity
            Not Before: Dec  9 11:43:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05856fd86182a9aa1ea0fc186fc3d8ba2129d592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3b:5d:9d:93:41:b1:34:dd:f6:39:5b:6d:a8:
                    87:46:5f:be:55:6a:d2:73:bd:3b:dc:8c:ef:a3:ee:
                    e6:ee:a0:61:c5:19:0a:02:fb:76:84:31:95:b9:84:
                    a9:93:69:ca:7d:f8:9a:58:7d:f3:23:55:f0:da:c7:
                    41:c3:8b:6e:4e:e2:16:69:e5:73:62:b5:09:37:57:
                    7a:f2:91:81:91:19:0a:fc:af:1e:58:09:13:25:f7:
                    ed:b5:a4:d6:16:17:bd:d7:15:74:1e:ce:77:3c:f6:
                    bf:1a:47:d6:32:93:98:87:26:95:4e:8a:29:7b:fd:
                    9d:60:ff:ec:72:b0:8a:b3:66:ee:d5:ec:6d:32:8a:
                    b1:07:ec:09:cb:21:4e:7e:d9:5c:c6:bb:11:b6:0d:
                    1a:52:fd:2b:0e:7e:cf:a6:20:f2:ca:75:07:cc:ca:
                    27:a9:11:03:4f:ff:df:61:c0:f1:61:43:47:7f:8d:
                    d9:9b:7f:1f:67:3f:99:68:d9:39:c7:a3:5a:98:ff:
                    d1:b4:dc:17:5c:9b:d5:b3:ed:9c:48:a6:8b:a5:41:
                    20:8a:70:c8:f3:c9:a5:45:1f:cb:e8:de:05:b9:f2:
                    49:76:b2:a5:0b:b2:4f:ee:ff:ce:ce:a6:a6:ad:1e:
                    85:44:72:45:1f:ff:e7:e0:93:6b:8a:79:07:55:d4:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:85:6F:D8:61:82:A9:AA:1E:A0:FC:18:6F:C3:D8:BA:21:29:D5:92
            X509v3 Authority Key Identifier:
                keyid:75:9D:6A:FB:8D:DF:8F:8C:0D:D6:60:79:0E:DC:BA:1F:3B:37:0C:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/BYVv2GGCqaoeoPwYb8PYuiEp1ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.72.0/21
                  185.8.172.0/22
                  185.208.174.0/23
                IPv6:
                  2a03:2dc0::-2a03:2dc0:2fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         49:1b:8b:4e:38:40:51:9f:ee:26:15:2a:d0:1d:59:33:92:f9:
         60:6e:a8:15:fd:12:ed:c8:9e:75:90:1d:19:27:0f:d9:8f:7c:
         8a:57:b0:75:73:b2:86:ed:30:e2:9f:6f:a7:5e:98:a7:ce:14:
         92:f7:86:6f:02:1d:64:57:0b:e3:ac:66:81:e1:ef:38:0a:c4:
         e2:1a:07:a4:a4:d7:6f:16:70:6a:9d:af:a1:a3:c6:35:f6:41:
         42:ef:4b:06:af:9f:a1:25:14:09:88:0b:f4:b1:53:66:f6:26:
         e9:25:c9:44:75:bc:c0:5f:61:e1:a3:f1:46:3b:79:36:bb:c0:
         29:4c:c4:a9:28:80:ce:0c:1f:cc:43:84:64:93:d7:e5:80:f9:
         b6:7b:ba:24:71:83:21:86:55:37:1a:33:29:34:1b:23:b4:6e:
         a4:f0:10:27:18:77:9d:58:e1:05:38:f1:07:1c:3c:50:8f:48:
         7a:01:2a:29:ba:63:32:ec:d9:62:2a:64:fc:91:40:f2:a6:52:
         50:7f:fd:63:9e:ed:ae:3a:55:73:18:bd:7e:30:ce:3f:5c:ec:
         51:5c:50:85:3e:47:fa:ad:ca:2b:cb:20:d1:57:9f:4e:78:dc:
         af:06:a1:dd:d9:de:43:7a:ee:ae:5b:26:fa:51:4e:22:b0:6a:
         79:f5:15:8c
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYxOY+zM6//fPLmtolXHgFekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OWQ2YWZiOGRkZjhmOGMwZGQ2NjA3OTBlZGNiYTFmM2Iz
NzBjNjMwHhcNMjMxMjA5MTE0MzQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTg1NmZkODYxODJhOWFhMWVhMGZjMTg2ZmMzZDhiYTIxMjlkNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjtdnZNBsTTd9jlbbaiHRl++VWrS
c7073Izvo+7m7qBhxRkKAvt2hDGVuYSpk2nKffiaWH3zI1Xw2sdBw4tuTuIWaeVz
YrUJN1d68pGBkRkK/K8eWAkTJffttaTWFhe91xV0Hs53PPa/GkfWMpOYhyaVToop
e/2dYP/scrCKs2bu1extMoqxB+wJyyFOftlcxrsRtg0aUv0rDn7PpiDyynUHzMon
qREDT//fYcDxYUNHf43Zm38fZz+ZaNk5x6NamP/RtNwXXJvVs+2cSKaLpUEginDI
88mlRR/L6N4FufJJdrKlC7JP7v/OzqamrR6FRHJFH//n4JNrinkHVdSonwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAWFb9hhgqmqHqD8GG/D2LohKdWSMB8GA1UdIwQY
MBaAFHWdavuN34+MDdZgeQ7cuh87NwxjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFoxcS00M2ZqNHdOMW1CNUR0eTZIenMzREdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xNmI3ZjQtZmExNS00N2E2LTlmYzUt
MjU0YmNiY2VjMDM3LzEvQllWdjJHR0NxYW9lb1B3WWI4UFl1aUVwMVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xNmI3ZjQtZmExNS00N2E2LTlmYzUtMjU0YmNiY2VjMDM3
LzEvZFoxcS00M2ZqNHdOMW1CNUR0eTZIenMzREdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAYBAIAATASAwQDgrlIAwQC
uQisAwQBudCuMBcEAgACMBEwDwMFBioDLcADBgQqAy3AIDANBgkqhkiG9w0BAQsF
AAOCAQEASRuLTjhAUZ/uJhUq0B1ZM5L5YG6oFf0S7ciedZAdGScP2Y98ilewdXOy
hu0w4p9vp16Yp84UkveGbwIdZFcL46xmgeHvOArE4hoHpKTXbxZwap2voaPGNfZB
Qu9LBq+foSUUCYgL9LFTZvYm6SXJRHW8wF9h4aPxRjt5NrvAKUzEqSiAzgwfzEOE
ZJPX5YD5tnu6JHGDIYZVNxozKTQbI7RupPAQJxh3nVjhBTjxBxw8UI9IegEqKbpj
MuzZYipk/JFA8qZSUH/9Y57trjpVcxi9fjDOP1zsUVxQhT5H+q3KK8sg0VefTnjc
rwah3dneQ3rurlsm+lFOIrBqefUVjA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:18 2024 by rpki-client on console-ams.rpki-client.org