Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3PVdIOy8scJIOW42q0bV4l-w3AA.roa
File:                     3PVdIOy8scJIOW42q0bV4l-w3AA.roa (raw, json)
Hash identifier:          kjt6dLR5vMJg9q+Imy9jdj0VDHiZB3tHY6kl8AGo8W4=
Subject key identifier:   DC:F5:5D:20:EC:BC:B1:C2:48:39:6E:36:AB:46:D5:E2:5F:B0:DC:00
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0195D17AA20709ED9180D388A7966F741AEC
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3PVdIOy8scJIOW42q0bV4l-w3AA.roa
Signing time:             Wed 26 Mar 2025 08:03:49 +0000
ROA not before:           Wed 26 Mar 2025 08:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60446
IP address blocks:        31.210.37.0/24 maxlen: 24
                          31.210.38.0/24 maxlen: 24
                          31.210.39.0/24 maxlen: 24
                          31.210.40.0/24 maxlen: 24
                          77.92.147.0/24 maxlen: 24
                          78.135.75.0/24 maxlen: 24
                          78.135.76.0/24 maxlen: 24
                          188.132.223.0/24 maxlen: 24
                          188.132.224.0/24 maxlen: 24
                          188.132.226.0/24 maxlen: 24
                          188.132.230.0/24 maxlen: 24
                          188.132.239.0/24 maxlen: 24
                          188.132.241.0/24 maxlen: 24
                          188.132.242.0/24 maxlen: 24
                          188.132.243.0/24 maxlen: 24
                          188.132.250.0/24 maxlen: 24
                          188.132.251.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 26 Mar 2025 09:03:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:7a:a2:07:09:ed:91:80:d3:88:a7:96:6f:74:1a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar 26 08:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcf55d20ecbcb1c248396e36ab46d5e25fb0dc00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:61:da:16:78:f2:54:db:b8:aa:70:3a:aa:08:
                    7d:a5:fa:e9:32:d1:c9:cf:3d:5a:ab:50:31:06:c0:
                    ef:cb:99:1e:3f:9a:71:89:23:14:4e:7c:56:d1:ca:
                    68:c6:26:70:ff:fd:0b:7f:95:c6:c6:61:92:60:81:
                    ff:9d:e0:c9:cd:6c:10:c7:a3:50:74:96:74:84:db:
                    5a:0a:32:e5:44:4f:cd:a8:01:3d:af:61:9c:fb:93:
                    ab:ac:37:9a:97:a9:51:56:63:76:aa:ed:3e:3d:e0:
                    ef:c0:49:b4:de:36:db:07:cb:c5:1b:28:b6:d4:ee:
                    7c:16:0d:81:26:39:cb:fb:03:6b:6e:ae:5a:6e:be:
                    5f:3f:35:dd:87:5e:96:7e:88:34:0d:b3:e3:3c:02:
                    7a:fb:16:74:35:22:8d:56:45:a9:14:76:22:4f:e7:
                    0d:24:d1:9b:43:8d:05:e4:2a:f0:36:18:85:d7:97:
                    07:26:86:f5:11:32:58:91:e2:5c:34:8e:53:0e:ac:
                    c9:66:c3:9c:56:05:c6:0b:a6:8f:ea:d8:9b:25:8a:
                    2f:05:d2:95:be:01:53:1c:1b:9e:64:0b:5c:03:e5:
                    ce:0f:90:78:dc:4d:8e:da:41:47:37:31:e6:58:42:
                    30:c8:d1:23:84:54:f7:4d:f8:8f:90:30:20:bc:c2:
                    9d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F5:5D:20:EC:BC:B1:C2:48:39:6E:36:AB:46:D5:E2:5F:B0:DC:00
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3PVdIOy8scJIOW42q0bV4l-w3AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.37.0-31.210.40.255
                  77.92.147.0/24
                  78.135.75.0-78.135.76.255
                  188.132.223.0-188.132.224.255
                  188.132.226.0/24
                  188.132.230.0/24
                  188.132.239.0/24
                  188.132.241.0-188.132.243.255
                  188.132.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:7a:05:31:c7:46:a4:78:c5:8b:cc:86:bd:00:c8:a9:3c:b3:
         54:4b:31:56:17:01:63:42:3b:28:24:ab:e6:40:66:11:bb:d4:
         39:45:4c:fd:e6:e0:84:b8:61:f0:7b:ca:56:f7:6a:b8:98:65:
         52:f6:26:67:92:fe:e9:5d:2c:2e:b9:06:e2:93:b9:ae:73:03:
         b5:98:12:5c:c7:aa:db:e1:eb:89:f0:e1:06:e6:0b:30:39:2f:
         7a:66:af:b6:4a:b9:ac:ad:7f:c4:ed:45:f1:09:73:f8:25:f4:
         93:9b:a4:0e:00:66:fc:cb:ef:a3:fe:4b:6e:a5:0b:39:bd:20:
         c0:f6:80:d7:99:aa:4f:5a:e4:2a:73:d8:e6:b5:6a:63:53:2c:
         76:06:c1:2d:26:e9:b5:3b:0a:97:d9:9c:a0:f9:6f:88:9f:15:
         d5:1d:f0:f7:ed:83:f1:86:1f:de:db:d1:e9:9d:bc:16:2f:28:
         e1:7e:c1:d4:a7:10:92:b5:fe:42:53:b1:5b:6a:fb:b5:94:fe:
         6d:af:ec:d9:41:7c:b9:67:68:df:0d:3c:fe:cc:d6:f4:ce:fc:
         3d:c8:95:77:8a:32:9a:27:ff:cc:9c:a4:7e:49:fd:27:a6:6b:
         23:b3:b4:82:93:20:12:c3:b6:86:1c:00:67:ad:be:72:e8:c7:
         ef:a6:26:ca
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZXReqIHCe2RgNOIp5ZvdBrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMzI2MDgwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y1NWQyMGVjYmNiMWMyNDgzOTZlMzZhYjQ2ZDVlMjVmYjBkYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2HaFnjyVNu4qnA6qgh9pfrpMtHJ
zz1aq1AxBsDvy5keP5pxiSMUTnxW0cpoxiZw//0Lf5XGxmGSYIH/neDJzWwQx6NQ
dJZ0hNtaCjLlRE/NqAE9r2Gc+5OrrDeal6lRVmN2qu0+PeDvwEm03jbbB8vFGyi2
1O58Fg2BJjnL+wNrbq5abr5fPzXdh16Wfog0DbPjPAJ6+xZ0NSKNVkWpFHYiT+cN
JNGbQ40F5CrwNhiF15cHJob1ETJYkeJcNI5TDqzJZsOcVgXGC6aP6tibJYovBdKV
vgFTHBueZAtcA+XOD5B43E2O2kFHNzHmWEIwyNEjhFT3TfiPkDAgvMKdcQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFNz1XSDsvLHCSDluNqtG1eJfsNwAMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvM1BWZElPeThzY0pJT1c0MnEwYlY0bC13M0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBAAf0iUD
BAAf0igDBABNXJMwDAMEAE6HSwMEAE6HTDAMAwQAvITfAwQAvITgAwQAvITiAwQA
vITmAwQAvITvMAwDBAC8hPEDBAK8hPADBAG8hPowDQYJKoZIhvcNAQELBQADggEB
AJB6BTHHRqR4xYvMhr0AyKk8s1RLMVYXAWNCOygkq+ZAZhG71DlFTP3m4IS4YfB7
ylb3ariYZVL2JmeS/uldLC65BuKTua5zA7WYElzHqtvh64nw4QbmCzA5L3pmr7ZK
uaytf8TtRfEJc/gl9JObpA4AZvzL76P+S26lCzm9IMD2gNeZqk9a5Cpz2Oa1amNT
LHYGwS0m6bU7CpfZnKD5b4ifFdUd8Pftg/GGH97b0emdvBYvKOF+wdSnEJK1/kJT
sVtq+7WU/m2v7NlBfLlnaN8NPP7M1vTO/D3IlXeKMpon/8ycpH5J/SemayOztIKT
IBLDtoYcAGetvnLox++mJso=
-----END CERTIFICATE-----