Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uNT1QAIpRNM77RQ0sKu_qlz22Fo.roa
File:                     uNT1QAIpRNM77RQ0sKu_qlz22Fo.roa (raw, json)
Hash identifier:          6Ab5FiP1F3wf9uuctm8KOXbUKNK8WCbN3yvcHSAtmDo=
Subject key identifier:   B8:D4:F5:40:02:29:44:D3:3B:ED:14:34:B0:AB:BF:AA:5C:F6:D8:5A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0193BA10CDE26ADEB1637D17052BB5292EA2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uNT1QAIpRNM77RQ0sKu_qlz22Fo.roa
Signing time:             Thu 12 Dec 2024 08:51:23 +0000
ROA not before:           Thu 12 Dec 2024 08:51:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        31.56.8.0/21 maxlen: 24
                          31.56.142.0/23 maxlen: 24
                          31.56.148.0/22 maxlen: 24
                          31.57.184.0/22 maxlen: 24
                          31.58.208.0/24 maxlen: 24
                          31.58.209.0/24 maxlen: 24
                          31.59.68.0/24 maxlen: 24
                          31.59.136.0/21 maxlen: 24
                          31.59.144.0/21 maxlen: 24
                          31.59.152.0/21 maxlen: 24
                          31.59.160.0/21 maxlen: 24
                          31.59.168.0/21 maxlen: 24
                          217.60.62.0/24 maxlen: 24
                          217.60.245.0/24 maxlen: 24
                          217.60.248.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 23 Dec 2024 16:31:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ba:10:cd:e2:6a:de:b1:63:7d:17:05:2b:b5:29:2e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec 12 08:51:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8d4f540022944d33bed1434b0abbfaa5cf6d85a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:59:27:35:82:88:e8:67:80:fd:43:fc:e1:55:
                    1e:2e:21:aa:05:05:da:d4:a2:37:21:8e:70:b4:79:
                    bc:43:bd:2a:36:59:b5:d8:95:48:81:2f:27:30:d8:
                    57:f2:d4:49:6f:70:ac:5a:34:c8:6d:e2:d9:0f:47:
                    04:4c:bc:88:78:d4:01:95:96:2e:a6:a0:94:63:be:
                    3b:08:9a:17:17:85:f9:b6:e0:53:32:8f:94:ab:58:
                    99:33:26:72:5f:a5:82:4d:37:5c:ae:17:e4:72:0b:
                    b8:fb:85:84:c9:52:bf:38:4a:42:68:20:60:12:07:
                    12:bf:a1:4e:fc:12:49:e5:36:7b:61:5a:d3:6e:81:
                    1c:e0:31:27:83:36:2f:92:c9:a7:d6:e8:db:ad:c7:
                    d1:11:47:f3:51:89:c7:0f:42:cd:56:e2:85:79:07:
                    c8:4c:fe:9b:db:51:d1:7b:fd:47:c7:53:2b:4f:38:
                    a4:2e:33:21:a2:79:b5:aa:a6:e9:51:d7:96:ce:d5:
                    08:0f:20:a0:85:86:d2:7b:4c:b5:ef:10:83:2a:22:
                    73:92:6c:57:39:75:22:33:3f:f1:8c:bf:3d:9d:e7:
                    ca:9a:7f:e6:32:86:f2:6a:4d:20:28:a8:5c:5f:09:
                    77:b9:41:d2:f6:4f:01:ee:7f:3a:e0:6d:bd:43:f3:
                    07:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D4:F5:40:02:29:44:D3:3B:ED:14:34:B0:AB:BF:AA:5C:F6:D8:5A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uNT1QAIpRNM77RQ0sKu_qlz22Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.8.0/21
                  31.56.142.0/23
                  31.56.148.0/22
                  31.57.184.0/22
                  31.58.208.0/23
                  31.59.68.0/24
                  31.59.136.0-31.59.175.255
                  217.60.62.0/24
                  217.60.245.0/24
                  217.60.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:53:6d:85:22:e4:15:26:cc:f9:a8:75:d1:ea:4c:10:4a:6f:
         1e:6c:67:19:79:36:63:f7:7a:41:76:03:fd:77:cd:6e:ad:c9:
         77:30:01:3f:04:8e:eb:a6:ad:4e:7d:48:ad:03:26:70:63:42:
         d1:1d:04:df:d4:ef:6b:ad:04:91:fb:97:f2:ce:ff:9f:74:42:
         a8:9f:42:9f:df:3b:97:46:72:12:4a:36:7d:1d:46:51:7d:d2:
         de:f9:69:df:9c:68:73:b0:67:9f:22:e8:7c:4a:d6:88:32:bf:
         6c:d2:cc:50:9c:a6:37:d9:d8:21:32:fd:ee:65:9f:5c:64:95:
         f3:bf:8e:53:ba:84:83:8b:74:81:8d:fa:f9:bf:e9:6d:4d:b4:
         2c:0d:9c:74:32:dc:39:1d:f7:e0:e9:42:dd:1d:a1:7b:d2:21:
         d8:1f:30:f7:e4:fa:b9:e3:64:1c:a9:23:73:b9:ab:ba:06:47:
         40:46:16:d3:ad:bb:33:df:b2:4f:34:dc:04:3f:2f:ac:6f:73:
         55:83:0f:da:1a:f0:d4:5d:3f:d9:87:c1:11:88:ad:c6:4c:f5:
         e1:be:d6:3f:9a:f6:2e:ca:da:69:e1:b0:23:68:82:d0:66:d9:
         9f:74:9b:a6:66:b3:cb:86:39:08:f6:19:30:5f:b7:58:96:bb:
         5c:50:18:5f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZO6EM3iat6xY30XBSu1KS6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMjEyMDg1MTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQ0ZjU0MDAyMjk0NGQzM2JlZDE0MzRiMGFiYmZhYTVjZjZkODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FknNYKI6GeA/UP84VUeLiGqBQXa
1KI3IY5wtHm8Q70qNlm12JVIgS8nMNhX8tRJb3CsWjTIbeLZD0cETLyIeNQBlZYu
pqCUY747CJoXF4X5tuBTMo+Uq1iZMyZyX6WCTTdcrhfkcgu4+4WEyVK/OEpCaCBg
EgcSv6FO/BJJ5TZ7YVrTboEc4DEngzYvksmn1ujbrcfREUfzUYnHD0LNVuKFeQfI
TP6b21HRe/1Hx1MrTzikLjMhonm1qqbpUdeWztUIDyCghYbSe0y17xCDKiJzkmxX
OXUiMz/xjL89nefKmn/mMobyak0gKKhcXwl3uUHS9k8B7n864G29Q/MHqwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLjU9UACKUTTO+0UNLCrv6pc9thaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdU5UMVFBSXBSTk03N1JRMHNLdV9xbHoyMkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDHzgIAwQB
HziOAwQCHziUAwQCHzm4AwQBHzrQAwQAHztEMAwDBAMfO4gDBAQfO6ADBADZPD4D
BADZPPUDBADZPPgwDQYJKoZIhvcNAQELBQADggEBAD1TbYUi5BUmzPmoddHqTBBK
bx5sZxl5NmP3ekF2A/13zW6tyXcwAT8EjuumrU59SK0DJnBjQtEdBN/U72utBJH7
l/LO/590QqifQp/fO5dGchJKNn0dRlF90t75ad+caHOwZ58i6HxK1ogyv2zSzFCc
pjfZ2CEy/e5ln1xklfO/jlO6hIOLdIGN+vm/6W1NtCwNnHQy3Dkd9+DpQt0doXvS
IdgfMPfk+rnjZBypI3O5q7oGR0BGFtOtuzPfsk803AQ/L6xvc1WDD9oa8NRdP9mH
wRGIrcZM9eG+1j+a9i7K2mnhsCNogtBm2Z90m6Zms8uGOQj2GTBft1iWu1xQGF8=
-----END CERTIFICATE-----