Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SkJKoFAnGn-j_h2gx7ixZVx88J8.roa
File:                     SkJKoFAnGn-j_h2gx7ixZVx88J8.roa (raw, json)
Hash identifier:          za7WpzavjGDrkYnAoygiBSuJzBSomIzwJNC855MgCbA=
Subject key identifier:   4A:42:4A:A0:50:27:1A:7F:A3:FE:1D:A0:C7:B8:B1:65:5C:7C:F0:9F
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       01942067F9EBBC5130A49F6D4C3D9F9DF11F
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SkJKoFAnGn-j_h2gx7ixZVx88J8.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        31.12.76.0/23 maxlen: 32
                          31.12.78.0/23 maxlen: 32
                          46.149.160.0/22 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          83.229.66.0/24 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          185.51.23.0/24 maxlen: 32
                          193.32.96.0/23 maxlen: 32
                          193.32.98.0/23 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          194.99.60.0/23 maxlen: 32
                          194.99.62.0/23 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
Validation:               Failed, certificate revoked on Wed 22 Jan 2025 09:55:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f9:eb:bc:51:30:a4:9f:6d:4c:3d:9f:9d:f1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a424aa050271a7fa3fe1da0c7b8b1655c7cf09f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:19:6c:fe:37:72:86:ca:dc:de:7b:7a:b3:89:
                    5a:39:f0:81:12:50:9d:36:f6:fd:7a:72:ea:34:5c:
                    23:c1:9d:7a:3c:74:19:31:b4:e5:83:05:90:24:4b:
                    2f:4c:0a:2e:b9:0e:22:04:d8:84:2f:1b:27:70:50:
                    42:13:9a:2d:55:79:5c:69:f5:d1:7a:1f:dd:1d:e5:
                    86:e6:86:c7:09:5c:9d:e4:e1:90:eb:9b:57:11:bd:
                    fe:79:af:0d:b7:a8:04:6c:a5:3b:a8:fd:d7:bd:b6:
                    05:9b:e3:2e:73:68:1e:f3:28:9f:19:64:4f:71:bb:
                    4b:11:23:5c:f7:9e:b4:94:f9:96:c7:8c:8a:68:91:
                    d4:b9:27:5c:b9:1e:52:1d:4f:9d:3a:83:ba:e1:4f:
                    7d:b2:d3:34:bc:4d:a7:75:a4:cd:08:d0:f9:79:22:
                    24:29:c9:6d:aa:70:5a:21:82:19:01:a3:e0:79:65:
                    6e:f6:15:87:c1:cb:e7:6f:3a:51:18:40:2a:f5:3d:
                    ce:c6:67:92:86:ca:e2:9f:88:75:d3:7e:82:89:18:
                    a9:17:a7:5a:2c:60:27:35:b8:9b:24:7c:9e:38:cd:
                    85:dc:98:be:1f:73:44:57:ca:99:76:35:eb:4b:9f:
                    5e:ed:a7:17:13:14:91:66:61:9c:76:39:6f:b8:4f:
                    3f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:42:4A:A0:50:27:1A:7F:A3:FE:1D:A0:C7:B8:B1:65:5C:7C:F0:9F
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SkJKoFAnGn-j_h2gx7ixZVx88J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.76.0/22
                  46.149.160.0/22
                  80.240.98.0/23
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  185.51.23.0/24
                  193.32.96.0/22
                  193.47.56.0/22
                  194.99.60.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:68:64:a8:99:c7:91:72:6f:a8:fa:72:72:56:7d:fe:d8:52:
         b5:d1:f1:e1:2f:b0:6c:6e:8d:35:bf:13:94:68:ca:92:00:d0:
         20:88:39:60:5c:37:25:18:e4:6d:d4:f1:1b:51:f7:c2:21:ed:
         b1:93:3c:cb:73:06:fa:bd:b6:ba:fe:74:5b:72:ee:92:a6:e0:
         52:f3:d2:1e:b1:b9:43:86:41:21:56:83:df:31:91:77:a1:bb:
         dc:42:9e:34:93:01:60:94:61:af:68:65:b3:25:ba:05:d0:36:
         ef:d0:cd:90:14:4f:fa:ee:59:b9:9a:5f:e7:7a:51:48:1a:af:
         16:41:4e:70:91:54:e2:aa:ef:65:cc:fd:59:5f:6f:e4:23:9b:
         82:9a:d1:b3:6f:9d:a4:c8:06:de:71:d5:96:6a:b8:40:03:40:
         88:06:3e:c2:57:b9:95:d9:1c:43:b5:b9:80:34:13:ec:a4:c5:
         2f:6c:b4:2b:07:c2:ce:5d:3c:15:49:67:28:da:66:14:2a:64:
         be:40:71:a0:b7:8e:21:86:e3:1c:8f:43:1d:7a:30:42:3e:6a:
         3e:20:38:39:9c:38:81:b9:9f:4b:01:3c:25:1b:90:97:e9:8d:
         18:5b:c5:05:9d:30:9c:eb:6f:27:95:38:05:37:5e:bf:b7:b1:
         bf:c4:d1:fd
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQgZ/nrvFEwpJ9tTD2fnfEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQyNGFhMDUwMjcxYTdmYTNmZTFkYTBjN2I4YjE2NTVjN2NmMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhls/jdyhsrc3nt6s4laOfCBElCd
Nvb9enLqNFwjwZ16PHQZMbTlgwWQJEsvTAouuQ4iBNiELxsncFBCE5otVXlcafXR
eh/dHeWG5obHCVyd5OGQ65tXEb3+ea8Nt6gEbKU7qP3XvbYFm+Muc2ge8yifGWRP
cbtLESNc9560lPmWx4yKaJHUuSdcuR5SHU+dOoO64U99stM0vE2ndaTNCND5eSIk
KcltqnBaIYIZAaPgeWVu9hWHwcvnbzpRGEAq9T3OxmeShsrin4h1036CiRipF6da
LGAnNbibJHyeOM2F3Ji+H3NEV8qZdjXrS59e7acXExSRZmGcdjlvuE8/uwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFEpCSqBQJxp/o/4doMe4sWVcfPCfMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvU2tKS29GQW5Hbi1qX2gyZ3g3aXhaVng4OEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCHwxMAwQC
LpWgAwQBUPBiAwQAU+VCAwQCZw5oAwQCuRIoAwQAuTMXAwQCwSBgAwQCwS84AwQC
wmM8AwQCw9iAAwQC1Gc4AwQB2cKIMA0GCSqGSIb3DQEBCwUAA4IBAQB3aGSomceR
cm+o+nJyVn3+2FK10fHhL7Bsbo01vxOUaMqSANAgiDlgXDclGORt1PEbUffCIe2x
kzzLcwb6vba6/nRbcu6SpuBS89IesblDhkEhVoPfMZF3obvcQp40kwFglGGvaGWz
JboF0Dbv0M2QFE/67lm5ml/nelFIGq8WQU5wkVTiqu9lzP1ZX2/kI5uCmtGzb52k
yAbecdWWarhAA0CIBj7CV7mV2RxDtbmANBPspMUvbLQrB8LOXTwVSWco2mYUKmS+
QHGgt44hhuMcj0MdejBCPmo+IDg5nDiBuZ9LATwlG5CX6Y0YW8UFnTCc628nlTgF
N16/t7G/xNH9
-----END CERTIFICATE-----