Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jABIDfLclCBnxn3XCy8O0nrQWMs.roa
File:                     jABIDfLclCBnxn3XCy8O0nrQWMs.roa (raw, json)
Hash identifier:          jGXfhedgllrNmnhNvhnlfFr5jVF5bZouVH2OZlkEJcg=
Subject key identifier:   8C:00:48:0D:F2:DC:94:20:67:C6:7D:D7:0B:2F:0E:D2:7A:D0:58:CB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01969A29C520443C97AD2D462D5157100AD7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jABIDfLclCBnxn3XCy8O0nrQWMs.roa
Signing time:             Sun 04 May 2025 07:19:10 +0000
ROA not before:           Sun 04 May 2025 07:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4766
IP address blocks:        31.56.172.0/24 maxlen: 24
                          31.56.173.0/24 maxlen: 24
                          31.56.242.0/24 maxlen: 24
                          31.56.243.0/24 maxlen: 24
                          31.56.244.0/24 maxlen: 24
                          31.56.245.0/24 maxlen: 24
                          217.60.0.0/21 maxlen: 24
                          217.60.3.0/24 maxlen: 24
                          217.60.7.0/24 maxlen: 24
                          217.60.12.0/22 maxlen: 24
                          217.60.15.0/24 maxlen: 24
                          217.60.24.0/22 maxlen: 24
                          217.60.36.0/22 maxlen: 24
                          217.60.44.0/22 maxlen: 24
                          217.60.56.0/21 maxlen: 24
Validation:               Failed, certificate revoked on Sun 04 May 2025 07:32:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:29:c5:20:44:3c:97:ad:2d:46:2d:51:57:10:0a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  4 07:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c00480df2dc942067c67dd70b2f0ed27ad058cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:65:63:42:1e:0f:5c:99:9e:e8:5c:6f:51:8b:
                    78:32:0d:95:51:de:12:29:0e:86:22:2d:cc:40:d7:
                    d7:66:f5:50:1b:5d:11:ea:d3:3e:d7:63:9e:ac:30:
                    a7:1b:ce:1a:2f:3c:d0:21:33:cf:dd:00:d7:d9:59:
                    5a:51:cb:05:47:5e:d4:03:34:54:e3:66:5e:54:fe:
                    02:94:8b:ba:f8:2f:5d:42:49:34:87:eb:9a:5a:23:
                    98:90:65:21:75:f2:0a:ac:c3:61:d7:5f:6b:1a:c2:
                    b3:17:0f:04:2c:d7:b2:e4:1a:ef:59:ed:c8:d9:ed:
                    a3:46:9b:de:32:97:d2:da:13:c0:a6:82:db:e1:b9:
                    eb:3b:46:cc:c9:41:d9:9a:a4:61:bb:06:1f:76:8f:
                    45:c7:1c:37:6d:60:db:b6:22:71:8d:c3:a3:39:e8:
                    1d:ec:28:cb:85:5c:58:e3:88:fb:ef:1b:37:51:af:
                    9b:0c:22:4b:b3:05:40:5a:bc:bb:63:40:0a:5b:6b:
                    ad:6a:f7:ab:99:55:12:c4:b7:a3:a5:5e:0d:02:c0:
                    f0:ab:0c:b3:d1:c4:b6:a6:b2:08:55:ac:62:fd:2f:
                    5d:79:75:b7:3a:e8:89:87:6e:33:c7:ac:6b:65:1b:
                    cb:17:ff:2f:c6:7e:b5:96:0f:ac:0f:07:85:2e:ed:
                    ec:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:00:48:0D:F2:DC:94:20:67:C6:7D:D7:0B:2F:0E:D2:7A:D0:58:CB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jABIDfLclCBnxn3XCy8O0nrQWMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.172.0/23
                  31.56.242.0-31.56.245.255
                  217.60.0.0/21
                  217.60.12.0/22
                  217.60.24.0/22
                  217.60.36.0/22
                  217.60.44.0/22
                  217.60.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         89:ef:a1:6f:c4:8a:c5:47:e1:d8:0b:c9:87:5a:94:7e:97:c3:
         35:71:7b:3b:47:00:0a:dc:82:b6:b1:a2:5d:14:35:d8:46:91:
         e5:0c:fa:f5:02:b3:15:4a:bb:cb:23:b3:60:03:70:fe:2f:e8:
         09:a1:af:96:a1:f9:f2:ab:b4:b1:56:a0:ee:e2:76:ee:f9:73:
         a7:ad:0e:a9:43:af:b1:84:2a:29:33:1e:52:c0:cb:43:09:6c:
         f3:b3:45:9d:df:8a:2e:60:c2:d9:f8:16:68:a4:a4:25:9d:96:
         2e:da:98:5e:d8:74:c4:ea:c0:ea:f4:d0:90:4e:8f:da:e8:b2:
         5d:67:97:ec:53:ff:af:41:ec:f4:dc:51:9e:e9:3b:80:92:e3:
         4e:76:81:47:4a:61:d7:75:0f:e4:27:11:4e:5c:03:22:3d:7f:
         2b:dc:05:dc:88:70:5f:97:f0:7a:a5:63:e8:1d:ea:43:f5:73:
         0f:d0:1b:59:b5:7b:7f:9a:44:4e:7b:c2:5b:1a:1e:eb:df:f1:
         18:4b:eb:8e:0a:8e:30:90:cc:8b:ba:e2:92:ef:0f:a5:8e:35:
         8f:8a:ab:dd:2e:f0:f5:e6:05:6c:00:e8:31:a6:a4:83:69:7c:
         35:2a:7a:ff:12:66:df:94:8b:f3:96:84:38:8a:ba:17:8f:19:
         70:c2:7c:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZaaKcUgRDyXrS1GLVFXEArXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA0MDcxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzAwNDgwZGYyZGM5NDIwNjdjNjdkZDcwYjJmMGVkMjdhZDA1OGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomVjQh4PXJme6FxvUYt4Mg2VUd4S
KQ6GIi3MQNfXZvVQG10R6tM+12OerDCnG84aLzzQITPP3QDX2VlaUcsFR17UAzRU
42ZeVP4ClIu6+C9dQkk0h+uaWiOYkGUhdfIKrMNh119rGsKzFw8ELNey5BrvWe3I
2e2jRpveMpfS2hPApoLb4bnrO0bMyUHZmqRhuwYfdo9Fxxw3bWDbtiJxjcOjOegd
7CjLhVxY44j77xs3Ua+bDCJLswVAWry7Y0AKW2utavermVUSxLejpV4NAsDwqwyz
0cS2prIIVaxi/S9deXW3OuiJh24zx6xrZRvLF/8vxn61lg+sDweFLu3s8wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFIwASA3y3JQgZ8Z91wsvDtJ60FjLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvakFCSURmTGNsQ0JueG4zWEN5OE8wbnJRV01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBHzisMAwD
BAEfOPIDBAEfOPQDBAPZPAADBALZPAwDBALZPBgDBALZPCQDBALZPCwDBAPZPDgw
DQYJKoZIhvcNAQELBQADggEBAInvoW/EisVH4dgLyYdalH6XwzVxeztHAArcgrax
ol0UNdhGkeUM+vUCsxVKu8sjs2ADcP4v6Amhr5ah+fKrtLFWoO7idu75c6etDqlD
r7GEKikzHlLAy0MJbPOzRZ3fii5gwtn4FmikpCWdli7amF7YdMTqwOr00JBOj9ro
sl1nl+xT/69B7PTcUZ7pO4CS4052gUdKYdd1D+QnEU5cAyI9fyvcBdyIcF+X8Hql
Y+gd6kP1cw/QG1m1e3+aRE57wlsaHuvf8RhL644KjjCQzIu64pLvD6WONY+Kq90u
8PXmBWwA6DGmpINpfDUqev8SZt+Ui/OWhDiKuhePGXDCfJk=
-----END CERTIFICATE-----