Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IviTCWUthqiaS-kys2Uljwj-iP0.roa
File:                     IviTCWUthqiaS-kys2Uljwj-iP0.roa (raw, json)
Hash identifier:          Dy0ESsMGZZV7huxy2QyEE9ebo2c9mFewHGm9oRnnp2E=
Subject key identifier:   22:F8:93:09:65:2D:86:A8:9A:4B:E9:32:B3:65:25:8F:08:FE:88:FD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0193A6067A34A04E7616517BF05CAD49DE0C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IviTCWUthqiaS-kys2Uljwj-iP0.roa
Signing time:             Sun 08 Dec 2024 11:27:42 +0000
ROA not before:           Sun 08 Dec 2024 11:27:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        31.56.4.0/23 maxlen: 23
                          31.56.24.0/24 maxlen: 24
                          31.56.42.0/23 maxlen: 24
                          31.56.50.0/23 maxlen: 24
                          31.56.57.0/24 maxlen: 24
                          31.56.85.0/24 maxlen: 24
                          31.56.89.0/24 maxlen: 24
                          31.56.104.0/22 maxlen: 22
                          31.56.108.0/22 maxlen: 22
                          31.56.114.0/23 maxlen: 24
                          31.56.118.0/23 maxlen: 24
                          31.56.120.0/22 maxlen: 24
                          31.56.156.0/24 maxlen: 24
                          31.57.65.0/24 maxlen: 24
                          31.57.132.0/23 maxlen: 23
                          31.57.146.0/23 maxlen: 24
                          31.57.166.0/24 maxlen: 24
                          31.57.176.0/21 maxlen: 24
                          31.57.188.0/24 maxlen: 24
                          31.57.192.0/22 maxlen: 24
                          31.57.200.0/23 maxlen: 24
                          31.57.204.0/24 maxlen: 24
                          31.57.228.0/24 maxlen: 24
                          31.57.232.0/22 maxlen: 24
                          31.58.130.0/24 maxlen: 24
                          31.58.131.0/24 maxlen: 24
                          31.58.152.0/22 maxlen: 24
                          31.59.96.0/22 maxlen: 22
                          31.59.112.0/22 maxlen: 22
                          31.59.184.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Tue 10 Dec 2024 12:40:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:a6:06:7a:34:a0:4e:76:16:51:7b:f0:5c:ad:49:de:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec  8 11:27:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f89309652d86a89a4be932b365258f08fe88fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:f2:b8:04:2d:68:0f:b7:90:97:92:93:88:
                    0a:4f:a1:c4:21:27:ff:35:42:9b:a6:b6:dd:79:28:
                    75:d9:08:48:f7:4e:27:22:e8:25:d7:f5:16:d6:ba:
                    94:81:bd:52:7b:53:21:9b:df:7f:7d:41:15:ef:d3:
                    40:78:3d:94:3f:77:b9:63:0b:1b:ff:d9:71:28:36:
                    7e:8b:9d:c9:99:91:c5:64:2f:87:ce:2c:5f:d9:38:
                    fd:91:c6:93:9c:d8:8a:c3:dd:d5:8c:37:da:75:39:
                    a8:19:06:85:56:bb:8a:39:43:97:53:32:bc:b2:09:
                    d5:29:25:ca:ca:26:e6:f6:f0:1f:76:d1:ca:90:63:
                    ba:13:bd:43:9a:05:4d:6a:4f:0e:e6:9e:65:8b:09:
                    26:c9:9a:7a:32:26:a3:c0:6d:73:7a:c4:06:d4:d5:
                    ca:d4:7e:5b:85:ba:66:be:25:b8:73:62:71:52:e0:
                    14:ce:4d:c1:33:ef:f6:99:7b:43:c1:22:b8:59:4c:
                    be:6e:7b:00:a8:7f:43:0c:d7:21:7a:0c:18:19:40:
                    c0:ff:97:42:8e:0d:30:9d:e1:39:42:ed:eb:c3:3f:
                    f7:6d:53:05:20:1c:8c:e0:6f:3e:14:d5:ab:12:17:
                    2a:c0:34:5d:b3:98:92:f7:be:78:96:9f:ca:c7:0f:
                    53:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F8:93:09:65:2D:86:A8:9A:4B:E9:32:B3:65:25:8F:08:FE:88:FD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IviTCWUthqiaS-kys2Uljwj-iP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.4.0/23
                  31.56.24.0/24
                  31.56.42.0/23
                  31.56.50.0/23
                  31.56.57.0/24
                  31.56.85.0/24
                  31.56.89.0/24
                  31.56.104.0/21
                  31.56.114.0/23
                  31.56.118.0-31.56.123.255
                  31.56.156.0/24
                  31.57.65.0/24
                  31.57.132.0/23
                  31.57.146.0/23
                  31.57.166.0/24
                  31.57.176.0/21
                  31.57.188.0/24
                  31.57.192.0/22
                  31.57.200.0/23
                  31.57.204.0/24
                  31.57.228.0/24
                  31.57.232.0/22
                  31.58.130.0/23
                  31.58.152.0/22
                  31.59.96.0/22
                  31.59.112.0/22
                  31.59.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:95:56:79:4c:04:28:fa:df:f4:8b:4d:83:75:b9:7f:44:0f:
         c2:bd:f1:06:23:d8:0a:8c:06:d0:2d:6a:70:b1:ef:ea:75:e4:
         35:ba:87:3e:d5:f5:14:5a:f8:10:66:82:4b:1e:a9:e3:04:72:
         97:51:58:cd:73:0c:92:cb:4e:9a:d7:25:4b:74:59:cb:cd:15:
         ab:98:ec:0b:a9:7b:3b:69:4b:0c:bc:2b:98:b6:87:3f:1e:00:
         1a:78:8c:a3:f8:e5:aa:87:77:e3:66:e0:82:ec:e6:24:f8:4e:
         86:40:9d:3d:2e:11:ff:21:2f:81:a8:51:b0:5b:97:4b:35:a6:
         f8:d6:00:53:05:f7:00:30:bf:b8:04:30:a1:e9:35:09:7b:24:
         7b:da:cb:dd:06:f6:4f:4c:be:2e:bb:14:76:65:ad:26:26:a0:
         74:cb:42:5d:c7:b1:2c:89:63:b1:a5:62:71:ae:c0:89:8b:a5:
         a6:73:78:02:29:2f:4e:3f:f8:22:f1:e4:09:ac:96:11:23:05:
         55:f2:ef:3e:08:92:7a:13:99:be:51:5d:02:61:90:93:ed:97:
         c0:22:ae:07:4a:d0:3e:7a:e5:f8:69:e4:c0:a6:15:40:97:7c:
         d8:67:7c:6a:5f:34:c0:af:8e:01:2d:69:b4:49:4e:ba:d8:47:
         1d:82:16:f0
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAZOmBno0oE52FlF78FytSd4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMjA4MTEyNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY4OTMwOTY1MmQ4NmE4OWE0YmU5MzJiMzY1MjU4ZjA4ZmU4OGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP7yuAQtaA+3kJeSk4gKT6HEISf/
NUKbprbdeSh12QhI904nIugl1/UW1rqUgb1Se1Mhm99/fUEV79NAeD2UP3e5Ywsb
/9lxKDZ+i53JmZHFZC+Hzixf2Tj9kcaTnNiKw93VjDfadTmoGQaFVruKOUOXUzK8
sgnVKSXKyibm9vAfdtHKkGO6E71DmgVNak8O5p5liwkmyZp6MiajwG1zesQG1NXK
1H5bhbpmviW4c2JxUuAUzk3BM+/2mXtDwSK4WUy+bnsAqH9DDNchegwYGUDA/5dC
jg0wneE5Qu3rwz/3bVMFIByM4G8+FNWrEhcqwDRds5iS9754lp/Kxw9TsQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFCL4kwllLYaomkvpMrNlJY8I/oj9MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSXZpVENXVXRocWlhUy1reXMyVWxqd2otaVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAEf
OAQDBAAfOBgDBAEfOCoDBAEfODIDBAAfODkDBAAfOFUDBAAfOFkDBAMfOGgDBAEf
OHIwDAMEAR84dgMEAh84eAMEAB84nAMEAB85QQMEAR85hAMEAR85kgMEAB85pgME
Ax85sAMEAB85vAMEAh85wAMEAR85yAMEAB85zAMEAB855AMEAh856AMEAR86ggME
Ah86mAMEAh87YAMEAh87cAMEAh87uDANBgkqhkiG9w0BAQsFAAOCAQEAh5VWeUwE
KPrf9ItNg3W5f0QPwr3xBiPYCowG0C1qcLHv6nXkNbqHPtX1FFr4EGaCSx6p4wRy
l1FYzXMMkstOmtclS3RZy80Vq5jsC6l7O2lLDLwrmLaHPx4AGniMo/jlqod342bg
guzmJPhOhkCdPS4R/yEvgahRsFuXSzWm+NYAUwX3ADC/uAQwoek1CXske9rL3Qb2
T0y+LrsUdmWtJiagdMtCXcexLIljsaVica7AiYulpnN4AikvTj/4IvHkCayWESMF
VfLvPgiSehOZvlFdAmGQk+2XwCKuB0rQPnrl+GnkwKYVQJd82Gd8al80wK+OAS1p
tElOuthHHYIW8A==
-----END CERTIFICATE-----
Generated at Mon Apr 28 15:28:34 2025 by rpki-client