Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/Vz2DO-TL_yUsFbIBsnO1Eeimcc8.roa
File:                     Vz2DO-TL_yUsFbIBsnO1Eeimcc8.roa (raw, json)
Hash identifier:          Qvw7qAsOPMXkINJQcjx+JP/JIiyBdRsbd05URg1Bv5Q=
Subject key identifier:   57:3D:83:3B:E4:CB:FF:25:2C:15:B2:01:B2:73:B5:11:E8:A6:71:CF
Certificate issuer:       /CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
Certificate serial:       01958DE6D41E06F0B8C7624E4437FCF67722
Authority key identifier: 62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/Vz2DO-TL_yUsFbIBsnO1Eeimcc8.roa
Signing time:             Thu 13 Mar 2025 05:07:49 +0000
ROA not before:           Thu 13 Mar 2025 05:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25577
IP address blocks:        31.3.208.0/21 maxlen: 21
                          31.3.208.0/24 maxlen: 24
                          31.3.211.0/24 maxlen: 24
                          31.3.212.0/23 maxlen: 23
                          31.3.221.0/24 maxlen: 24
                          31.3.223.0/24 maxlen: 24
                          81.27.64.0/24 maxlen: 24
                          81.27.66.0/23 maxlen: 23
                          81.27.75.0/24 maxlen: 24
                          81.27.76.0/24 maxlen: 24
                          81.27.80.0/22 maxlen: 22
                          81.27.87.0/24 maxlen: 24
                          81.27.88.0/21 maxlen: 21
                          82.197.72.0/22 maxlen: 22
                          82.197.72.0/24 maxlen: 24
                          82.197.74.0/24 maxlen: 24
                          2001:9d8::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 13 Mar 2025 06:12:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8d:e6:d4:1e:06:f0:b8:c7:62:4e:44:37:fc:f6:77:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62d190b238d97af7900bdcbd02304b782ffcaf2a
        Validity
            Not Before: Mar 13 05:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=573d833be4cbff252c15b201b273b511e8a671cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:34:17:f1:e8:b6:3c:df:d8:f0:76:e4:1e:6e:
                    dd:d1:f1:ed:87:7e:70:47:e1:6d:28:c1:e7:2a:5e:
                    60:a5:bd:2b:18:dd:f0:42:aa:59:c5:2e:30:98:32:
                    f6:a9:18:62:7d:61:a6:42:99:df:59:74:80:1d:5f:
                    7e:cb:0a:e4:83:67:f1:66:2c:39:53:c5:f6:dc:83:
                    8f:e7:41:df:9f:24:ec:e3:fe:85:2b:6f:96:30:b0:
                    bb:10:fa:ba:3b:fc:f5:31:78:78:ac:a9:3a:05:e1:
                    a8:eb:49:76:d9:8b:01:13:ba:89:19:8a:bf:a1:f4:
                    01:1d:e7:23:12:9d:6e:6a:85:18:28:b7:bc:85:5c:
                    3f:9c:19:27:9c:21:e6:18:6d:9a:96:bd:df:8a:0b:
                    a8:14:b4:47:5a:fa:3b:07:10:cb:0d:39:99:5c:c1:
                    a4:a7:e6:8e:7f:b7:1f:bc:96:3d:f6:51:c7:8e:c5:
                    58:61:42:ca:02:da:62:30:07:83:ea:50:5e:16:2f:
                    f8:f9:03:d9:37:f7:e3:bf:b4:10:f2:f4:d1:91:1c:
                    b4:e2:6e:a0:de:4f:7a:1b:1d:e2:d4:f8:0c:e0:ff:
                    25:09:df:cf:6b:f5:b4:97:3f:5c:25:3d:70:50:13:
                    fb:61:8a:34:e2:40:d7:1b:eb:b4:23:ca:30:56:31:
                    2e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3D:83:3B:E4:CB:FF:25:2C:15:B2:01:B2:73:B5:11:E8:A6:71:CF
            X509v3 Authority Key Identifier:
                keyid:62:D1:90:B2:38:D9:7A:F7:90:0B:DC:BD:02:30:4B:78:2F:FC:AF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YtGQsjjZeveQC9y9AjBLeC_8ryo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/Vz2DO-TL_yUsFbIBsnO1Eeimcc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5a337f-c843-45f4-8d99-163fb7003e5d/1/YtGQsjjZeveQC9y9AjBLeC_8ryo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.208.0/21
                  31.3.221.0/24
                  31.3.223.0/24
                  81.27.64.0/24
                  81.27.66.0/23
                  81.27.75.0-81.27.76.255
                  81.27.80.0/22
                  81.27.87.0-81.27.95.255
                  82.197.72.0/22
                IPv6:
                  2001:9d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:5f:6a:48:2a:f4:39:6f:77:f7:a2:f8:41:46:32:2b:d5:4b:
         d8:a3:10:64:75:28:04:43:75:64:6b:68:db:d2:46:1d:ec:62:
         8c:dd:15:ff:85:68:a4:85:73:cd:4d:8c:75:ed:3d:28:3d:7f:
         68:7f:08:2c:fe:b4:b3:6f:93:87:41:5e:1c:11:ee:9d:0d:3a:
         da:25:1d:c3:db:c8:e0:63:10:2c:88:8f:f6:fa:ff:d9:44:a5:
         a9:76:4b:38:0a:fd:01:68:ae:e7:5c:a3:83:ef:cb:fa:93:25:
         62:79:91:64:c3:8d:e6:74:c8:15:b0:c9:aa:2c:d0:1b:f4:9f:
         47:db:c0:55:2e:1b:28:59:1e:0c:c3:f5:18:df:e4:ba:24:2b:
         e3:c1:47:a4:7e:b0:8a:1e:02:2f:0c:bf:cf:98:0d:7d:b3:5c:
         40:cd:09:30:cb:da:3e:b1:cf:7f:1c:9a:cf:9b:1f:45:5b:4a:
         ed:3a:f1:81:eb:c0:56:73:b5:c1:bb:3f:fa:f8:43:f1:fb:03:
         7a:73:26:cc:90:90:e3:08:59:e0:af:89:3c:6d:6c:8c:11:ec:
         0d:b1:24:0a:a7:05:3c:6a:93:78:c0:19:98:fd:e9:98:4b:c8:
         be:0d:bc:be:e5:8f:be:60:b3:7d:a8:ac:62:ab:05:f4:3f:35:
         ad:db:b6:bd
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZWN5tQeBvC4x2JORDf89nciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZDE5MGIyMzhkOTdhZjc5MDBiZGNiZDAyMzA0Yjc4MmZm
Y2FmMmEwHhcNMjUwMzEzMDUwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNkODMzYmU0Y2JmZjI1MmMxNWIyMDFiMjczYjUxMWU4YTY3MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8TQX8ei2PN/Y8HbkHm7d0fHth35w
R+FtKMHnKl5gpb0rGN3wQqpZxS4wmDL2qRhifWGmQpnfWXSAHV9+ywrkg2fxZiw5
U8X23IOP50HfnyTs4/6FK2+WMLC7EPq6O/z1MXh4rKk6BeGo60l22YsBE7qJGYq/
ofQBHecjEp1uaoUYKLe8hVw/nBknnCHmGG2alr3figuoFLRHWvo7BxDLDTmZXMGk
p+aOf7cfvJY99lHHjsVYYULKAtpiMAeD6lBeFi/4+QPZN/fjv7QQ8vTRkRy04m6g
3k96Gx3i1PgM4P8lCd/Pa/W0lz9cJT1wUBP7YYo04kDXG+u0I8owVjEu9wIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFFc9gzvky/8lLBWyAbJztRHopnHPMB8GA1UdIwQY
MBaAFGLRkLI42Xr3kAvcvQIwS3gv/K8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTkt
MTYzZmI3MDAzZTVkLzEvVnoyRE8tVExfeVVzRmJJQnNuTzFFZWltY2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81YTMzN2YtYzg0My00NWY0LThkOTktMTYzZmI3MDAzZTVk
LzEvWXRHUXNqalpldmVRQzl5OUFqQkxlQ184cnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQDHwPQAwQA
HwPdAwQAHwPfAwQAURtAAwQBURtCMAwDBABRG0sDBABRG0wDBAJRG1AwDAMEAFEb
VwMEBVEbQAMEAlLFSDANBAIAAjAHAwUAIAEJ2DANBgkqhkiG9w0BAQsFAAOCAQEA
bV9qSCr0OW9396L4QUYyK9VL2KMQZHUoBEN1ZGto29JGHexijN0V/4VopIVzzU2M
de09KD1/aH8ILP60s2+Th0FeHBHunQ062iUdw9vI4GMQLIiP9vr/2USlqXZLOAr9
AWiu51yjg+/L+pMlYnmRZMON5nTIFbDJqizQG/SfR9vAVS4bKFkeDMP1GN/kuiQr
48FHpH6wih4CLwy/z5gNfbNcQM0JMMvaPrHPfxyaz5sfRVtK7TrxgevAVnO1wbs/
+vhD8fsDenMmzJCQ4whZ4K+JPG1sjBHsDbEkCqcFPGqTeMAZmP3pmEvIvg28vuWP
vmCzfaisYqsF9D81rdu2vQ==
-----END CERTIFICATE-----