Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ij_IiH5nL3qENMWef3__8qBtwmc.roa
File:                     ij_IiH5nL3qENMWef3__8qBtwmc.roa (raw, json)
Hash identifier:          2jotybUvmGO6/m16Hxee2qOJDPWkt/T/z5LIaHqHG84=
Subject key identifier:   8A:3F:C8:88:7E:67:2F:7A:84:34:C5:9E:7F:7F:FF:F2:A0:6D:C2:67
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195672B36D52165198001902AA59055C15B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ij_IiH5nL3qENMWef3__8qBtwmc.roa
Signing time:             Wed 05 Mar 2025 16:37:20 +0000
ROA not before:           Wed 05 Mar 2025 16:37:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        31.56.8.0/21 maxlen: 24
                          31.56.126.0/24 maxlen: 24
                          31.56.142.0/23 maxlen: 24
                          31.56.148.0/22 maxlen: 24
                          31.57.184.0/22 maxlen: 24
                          31.59.136.0/21 maxlen: 24
                          31.59.144.0/21 maxlen: 24
                          31.59.152.0/21 maxlen: 24
                          31.59.160.0/21 maxlen: 24
                          31.59.168.0/21 maxlen: 24
                          31.59.228.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 14 Mar 2025 10:31:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:67:2b:36:d5:21:65:19:80:01:90:2a:a5:90:55:c1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  5 16:37:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a3fc8887e672f7a8434c59e7f7ffff2a06dc267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b1:e9:1d:c6:65:0e:77:56:fe:18:08:c3:2e:
                    2c:9e:0b:32:15:56:6e:16:96:f8:d4:ce:3c:8d:03:
                    45:a3:44:56:17:9e:86:b6:ef:94:a8:5f:9f:3f:e0:
                    9a:e4:c1:c6:a6:8b:64:14:1c:df:36:f7:88:ba:30:
                    8c:17:29:1e:bd:19:e2:89:36:e2:5b:41:e1:22:69:
                    d9:b6:49:2d:bf:b3:d0:49:33:a3:36:be:0b:43:fd:
                    90:ab:bf:2a:56:ce:2f:6e:bc:91:1b:ae:b0:ac:ab:
                    26:2e:8b:ce:12:ad:25:17:04:4a:2d:c6:83:05:df:
                    39:46:35:33:d2:79:5d:0d:40:a2:9c:25:aa:d6:1e:
                    fc:26:3a:9f:c4:53:29:a6:2c:45:25:ec:56:72:51:
                    14:17:fe:18:0d:2c:71:22:a8:ce:dc:61:7e:d0:a5:
                    bf:47:50:db:ca:f6:26:f9:7e:e0:ae:89:54:55:14:
                    92:70:e0:90:b7:a1:86:79:2f:05:36:76:a3:08:ee:
                    d8:cb:97:4f:ac:2f:aa:6b:a8:a6:8b:b8:41:7c:53:
                    aa:33:c9:fa:52:ce:68:fa:26:8f:64:9d:d1:f9:b6:
                    e6:3e:61:07:40:0d:3d:ca:f8:1e:54:9d:b4:69:05:
                    29:49:f3:76:ad:93:5e:da:fe:57:e4:6c:00:f3:9d:
                    1e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3F:C8:88:7E:67:2F:7A:84:34:C5:9E:7F:7F:FF:F2:A0:6D:C2:67
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ij_IiH5nL3qENMWef3__8qBtwmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.8.0/21
                  31.56.126.0/24
                  31.56.142.0/23
                  31.56.148.0/22
                  31.57.184.0/22
                  31.59.136.0-31.59.175.255
                  31.59.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:68:33:14:87:4a:84:6c:4a:0e:85:1b:4b:48:00:68:e1:6e:
         9d:b6:95:5e:b0:37:b0:b5:fd:c8:56:5e:5a:8f:b0:b1:03:55:
         94:58:53:41:19:1b:cb:4d:09:06:60:97:3f:69:b5:70:22:c1:
         2a:d2:56:50:4c:f3:d8:62:5a:36:fa:46:e5:33:ab:e5:59:60:
         84:00:da:88:54:16:24:d9:48:fe:20:65:bf:23:21:66:bb:39:
         ff:6d:4d:85:9c:24:51:47:c2:da:91:90:7a:f4:ec:0e:8d:b0:
         82:86:fa:1c:a0:78:2e:dd:85:09:16:9c:a1:1c:97:75:44:87:
         6a:2c:5a:5f:21:b4:20:6b:b3:2d:48:91:5e:14:c6:87:45:b1:
         1c:e3:f8:25:42:a8:0c:1f:a0:d8:06:f2:80:86:13:1b:ae:38:
         cd:62:c4:24:fa:29:c1:1c:9a:6a:8b:8a:ec:1d:84:dc:47:92:
         91:32:dd:1f:80:d5:e2:2e:4b:82:ee:b0:b0:ec:04:d2:f1:4d:
         ff:0d:7e:d1:e3:c6:45:92:5e:44:61:6f:c1:6a:de:d7:14:d3:
         2b:4a:83:71:65:16:13:1b:8e:86:a1:2b:92:7f:23:90:f6:2f:
         79:e2:21:5c:54:b7:b1:72:c4:9c:a5:08:bf:3c:04:1e:69:d1:
         63:07:a2:5a
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZVnKzbVIWUZgAGQKqWQVcFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzA1MTYzNzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTNmYzg4ODdlNjcyZjdhODQzNGM1OWU3ZjdmZmZmMmEwNmRjMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrHpHcZlDndW/hgIwy4sngsyFVZu
Fpb41M48jQNFo0RWF56Gtu+UqF+fP+Ca5MHGpotkFBzfNveIujCMFykevRniiTbi
W0HhImnZtkktv7PQSTOjNr4LQ/2Qq78qVs4vbryRG66wrKsmLovOEq0lFwRKLcaD
Bd85RjUz0nldDUCinCWq1h78JjqfxFMppixFJexWclEUF/4YDSxxIqjO3GF+0KW/
R1DbyvYm+X7grolUVRSScOCQt6GGeS8FNnajCO7Yy5dPrC+qa6imi7hBfFOqM8n6
Us5o+iaPZJ3R+bbmPmEHQA09yvgeVJ20aQUpSfN2rZNe2v5X5GwA850eIQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIo/yIh+Zy96hDTFnn9///KgbcJnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaWpfSWlINW5MM3FFTk1XZWYzX184cUJ0d21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQDHzgIAwQA
Hzh+AwQBHziOAwQCHziUAwQCHzm4MAwDBAMfO4gDBAQfO6ADBAAfO+QwDQYJKoZI
hvcNAQELBQADggEBABNoMxSHSoRsSg6FG0tIAGjhbp22lV6wN7C1/chWXlqPsLED
VZRYU0EZG8tNCQZglz9ptXAiwSrSVlBM89hiWjb6RuUzq+VZYIQA2ohUFiTZSP4g
Zb8jIWa7Of9tTYWcJFFHwtqRkHr07A6NsIKG+hygeC7dhQkWnKEcl3VEh2osWl8h
tCBrsy1IkV4UxodFsRzj+CVCqAwfoNgG8oCGExuuOM1ixCT6KcEcmmqLiuwdhNxH
kpEy3R+A1eIuS4LusLDsBNLxTf8NftHjxkWSXkRhb8Fq3tcU0ytKg3FlFhMbjoah
K5J/I5D2L3niIVxUt7FyxJylCL88BB5p0WMHolo=
-----END CERTIFICATE-----