Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Afw8k-7ncsa2Xr6eHQUxW82TyDo.roa
File:                     Afw8k-7ncsa2Xr6eHQUxW82TyDo.roa (raw, json)
Hash identifier:          EG08mEX9S88L7epmy8vIiLDLM11rmLvUgD3s4SkixfU=
Subject key identifier:   01:FC:3C:93:EE:E7:72:C6:B6:5E:BE:9E:1D:05:31:5B:CD:93:C8:3A
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0197831718296FF642AEBF3276B3D7FAEAB9
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Afw8k-7ncsa2Xr6eHQUxW82TyDo.roa
Signing time:             Wed 18 Jun 2025 12:50:17 +0000
ROA not before:           Wed 18 Jun 2025 12:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        31.171.156.0/24 maxlen: 32
                          31.171.157.0/24 maxlen: 32
                          31.171.158.0/24 maxlen: 32
                          45.142.24.0/24 maxlen: 24
                          103.93.43.0/24 maxlen: 32
                          103.111.0.0/22 maxlen: 32
                          103.204.123.0/24 maxlen: 32
                          109.104.135.0/24 maxlen: 32
                          109.104.136.0/24 maxlen: 32
                          109.104.137.0/24 maxlen: 32
                          109.104.158.0/24 maxlen: 32
                          185.153.124.0/22 maxlen: 32
                          185.233.124.0/22 maxlen: 32
                          194.113.94.0/23 maxlen: 32
Validation:               Failed, certificate revoked on Tue 08 Jul 2025 09:27:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:83:17:18:29:6f:f6:42:ae:bf:32:76:b3:d7:fa:ea:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jun 18 12:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01fc3c93eee772c6b65ebe9e1d05315bcd93c83a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:27:b4:54:4c:24:7b:13:9e:02:4f:a3:56:f8:
                    a0:6c:ff:3a:2f:3a:6a:46:a8:59:4a:e9:0f:d2:e9:
                    35:d2:de:bc:12:45:16:3a:64:af:3b:8f:2c:76:39:
                    77:6d:9c:72:f1:2b:de:92:b3:48:29:2d:f8:83:e0:
                    23:cb:2d:19:ff:8a:e5:28:a7:87:bb:1e:c2:0c:57:
                    6a:16:df:06:8d:5d:03:50:49:cf:cb:e3:9e:69:c0:
                    b8:a7:ae:30:b5:11:bc:7f:eb:77:04:3f:41:d3:14:
                    ea:21:26:e9:17:11:2a:9e:86:68:b0:1f:42:4e:42:
                    28:dd:5b:4d:1e:12:48:4c:2c:89:68:07:12:ba:2f:
                    d6:7a:b7:c5:ad:8f:d9:51:d1:e3:30:62:c0:12:67:
                    27:ec:2d:bb:ec:c0:92:d0:17:b3:c2:5c:b4:72:5d:
                    1c:50:e5:ff:b4:24:c5:92:2a:ba:b6:6a:06:c1:61:
                    14:52:c3:27:4a:fe:60:66:41:90:59:eb:8a:3c:b0:
                    86:65:22:f0:c3:8e:48:10:fc:3d:d7:cb:db:4e:de:
                    62:b1:6b:69:df:f4:15:27:d5:61:10:cd:63:30:2c:
                    ce:05:e3:a3:45:e5:42:81:fc:47:c1:e9:98:db:58:
                    03:ab:6e:0d:bd:08:36:b0:75:66:87:6e:6a:e4:1c:
                    60:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FC:3C:93:EE:E7:72:C6:B6:5E:BE:9E:1D:05:31:5B:CD:93:C8:3A
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Afw8k-7ncsa2Xr6eHQUxW82TyDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.156.0-31.171.158.255
                  45.142.24.0/24
                  103.93.43.0/24
                  103.111.0.0/22
                  103.204.123.0/24
                  109.104.135.0-109.104.137.255
                  109.104.158.0/24
                  185.153.124.0/22
                  185.233.124.0/22
                  194.113.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:35:0c:10:05:77:69:ae:f2:86:84:84:82:33:cb:fc:7f:88:
         c7:b3:ca:58:62:e0:d1:e9:28:1a:dc:fe:64:2c:76:c1:3e:8b:
         43:a8:b4:92:95:0e:0b:73:c0:36:c2:3b:02:8d:d0:46:74:2c:
         c3:3c:25:13:10:c7:94:09:f4:47:7c:19:0d:87:73:7d:b5:2a:
         4c:53:d4:81:25:05:4b:fa:41:6f:ec:d3:e5:91:ed:06:4b:e8:
         50:a2:78:f8:a6:bb:d2:c7:0a:2e:f8:ff:a4:24:c7:83:ec:da:
         7b:fe:94:c9:6e:68:36:e6:7e:4f:4c:a8:99:ef:08:6e:d7:19:
         1e:f3:bf:d6:d7:a6:01:30:93:01:96:5c:9b:43:2c:22:c9:69:
         c4:68:e0:bb:02:83:ad:98:a5:3d:5c:e0:a4:e6:71:9d:5e:30:
         36:91:e9:68:15:9f:22:15:a9:29:13:d4:db:66:72:72:34:d7:
         d5:fd:16:0b:be:16:c4:7c:5c:9c:9e:02:25:d3:77:5a:e5:3f:
         b7:f1:bf:4a:17:80:0a:c3:19:ec:1f:f1:16:5f:fd:63:e0:03:
         63:22:bd:78:9b:ff:07:8b:84:41:4b:83:17:28:08:4c:78:9f:
         30:87:8f:66:ef:b2:16:a6:4a:70:d7:fa:fd:12:74:2c:8c:ad:
         68:4a:93:ae
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZeDFxgpb/ZCrr8ydrPX+uq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwNjE4MTI1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWZjM2M5M2VlZTc3MmM2YjY1ZWJlOWUxZDA1MzE1YmNkOTNjODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCe0VEwkexOeAk+jVvigbP86Lzpq
RqhZSukP0uk10t68EkUWOmSvO48sdjl3bZxy8SvekrNIKS34g+Ajyy0Z/4rlKKeH
ux7CDFdqFt8GjV0DUEnPy+OeacC4p64wtRG8f+t3BD9B0xTqISbpFxEqnoZosB9C
TkIo3VtNHhJITCyJaAcSui/WerfFrY/ZUdHjMGLAEmcn7C277MCS0Bezwly0cl0c
UOX/tCTFkiq6tmoGwWEUUsMnSv5gZkGQWeuKPLCGZSLww45IEPw918vbTt5isWtp
3/QVJ9VhEM1jMCzOBeOjReVCgfxHwemY21gDq24NvQg2sHVmh25q5BxgMQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAH8PJPu53LGtl6+nh0FMVvNk8g6MB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvQWZ3OGstN25jc2EyWHI2ZUhRVXhXODJUeURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAIfq5wD
BAAfq54DBAAtjhgDBABnXSsDBAJnbwADBABnzHswDAMEAG1ohwMEAW1oiAMEAG1o
ngMEArmZfAMEArnpfAMEAcJxXjANBgkqhkiG9w0BAQsFAAOCAQEAWDUMEAV3aa7y
hoSEgjPL/H+Ix7PKWGLg0ekoGtz+ZCx2wT6LQ6i0kpUOC3PANsI7Ao3QRnQswzwl
ExDHlAn0R3wZDYdzfbUqTFPUgSUFS/pBb+zT5ZHtBkvoUKJ4+Ka70scKLvj/pCTH
g+zae/6UyW5oNuZ+T0yome8IbtcZHvO/1temATCTAZZcm0MsIslpxGjguwKDrZil
PVzgpOZxnV4wNpHpaBWfIhWpKRPU22ZycjTX1f0WC74WxHxcnJ4CJdN3WuU/t/G/
SheACsMZ7B/xFl/9Y+ADYyK9eJv/B4uEQUuDFygITHifMIePZu+yFqZKcNf6/RJ0
LIytaEqTrg==
-----END CERTIFICATE-----