Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HuMm5KFGPTpELjBA0kfKY7d2kxY.roa
File:                     HuMm5KFGPTpELjBA0kfKY7d2kxY.roa (raw, json)
Hash identifier:          3Mwv3x4odqwCqxMFK1IbM6fjhctL7FlOf8DnEp07zwc=
Subject key identifier:   1E:E3:26:E4:A1:46:3D:3A:44:2E:30:40:D2:47:CA:63:B7:76:93:16
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194DB1A64AC17F9A2720FBA2F0B05005067
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HuMm5KFGPTpELjBA0kfKY7d2kxY.roa
Signing time:             Thu 06 Feb 2025 11:52:07 +0000
ROA not before:           Thu 06 Feb 2025 11:52:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        31.56.8.0/21 maxlen: 24
                          31.56.126.0/24 maxlen: 24
                          31.56.142.0/23 maxlen: 24
                          31.56.148.0/22 maxlen: 24
                          31.57.184.0/22 maxlen: 24
                          31.59.68.0/24 maxlen: 24
                          31.59.136.0/21 maxlen: 24
                          31.59.144.0/21 maxlen: 24
                          31.59.152.0/21 maxlen: 24
                          31.59.160.0/21 maxlen: 24
                          31.59.168.0/21 maxlen: 24
                          31.59.228.0/24 maxlen: 24
                          217.60.62.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 03 Mar 2025 10:42:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:db:1a:64:ac:17:f9:a2:72:0f:ba:2f:0b:05:00:50:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb  6 11:52:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ee326e4a1463d3a442e3040d247ca63b7769316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:14:0b:0f:1d:e6:25:65:27:6e:4e:5f:12:de:
                    c8:ee:e0:de:b0:26:0c:e3:78:dc:59:e7:ae:5d:e6:
                    63:d3:73:c6:2e:82:ae:75:0d:7f:6d:2e:77:de:9d:
                    8e:ee:3c:bb:27:f3:0b:98:62:b7:79:1b:58:ab:e9:
                    44:d2:87:60:ce:da:7f:8b:f1:39:70:40:3f:15:2f:
                    95:99:b1:a4:e1:8b:d9:f4:e1:1d:e4:28:06:56:bf:
                    c1:8a:50:b5:3b:15:d4:5d:e7:17:4d:81:b3:9c:60:
                    90:f2:b9:4f:19:3d:45:de:f7:fa:d7:db:01:45:32:
                    37:87:aa:e8:7c:2f:40:5b:91:ca:27:29:07:a0:5f:
                    26:b2:7d:1d:e9:9f:64:42:62:46:62:a8:d2:ba:e3:
                    72:21:f7:85:20:37:ad:66:fe:12:7b:f7:d8:36:9d:
                    ee:b5:54:26:e5:0f:2e:9d:42:15:e7:79:d7:a7:56:
                    1b:ab:b9:51:b7:9f:29:7c:77:5d:ac:a2:92:d7:74:
                    3f:01:8c:25:47:80:8a:ac:fd:54:b9:11:72:c7:f7:
                    37:d5:ab:90:bf:00:85:28:00:32:ea:df:af:ff:28:
                    b8:b4:f5:93:45:c1:17:d2:73:b2:7c:1e:76:fb:d6:
                    4b:63:a3:db:cd:27:44:a7:85:dd:63:33:80:4c:a1:
                    87:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E3:26:E4:A1:46:3D:3A:44:2E:30:40:D2:47:CA:63:B7:76:93:16
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HuMm5KFGPTpELjBA0kfKY7d2kxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.8.0/21
                  31.56.126.0/24
                  31.56.142.0/23
                  31.56.148.0/22
                  31.57.184.0/22
                  31.59.68.0/24
                  31.59.136.0-31.59.175.255
                  31.59.228.0/24
                  217.60.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:bd:15:87:88:73:9d:b1:7b:67:a9:0e:b9:6b:54:3c:62:43:
         f5:5d:39:f0:14:8e:11:77:0b:ae:91:d5:fb:a1:2b:16:57:27:
         ff:d3:3d:5b:f1:4f:6a:f0:a9:f6:60:27:bd:be:1c:1c:02:b6:
         b1:e0:29:99:6d:ea:8c:35:dd:e3:09:67:60:68:8e:5a:89:67:
         a6:a1:cb:df:ad:11:95:73:99:5a:40:05:59:08:9c:55:7c:f2:
         f0:dd:9d:36:b8:32:5f:3a:f0:be:e1:b7:8c:73:41:d3:89:c2:
         bb:44:9d:c2:32:9f:ac:6b:2d:61:a6:02:f4:43:57:19:22:3d:
         e0:25:91:48:19:df:1a:6d:33:11:83:0e:37:72:e2:6e:eb:da:
         0a:05:45:be:5f:82:44:d0:2a:54:c7:57:6b:4e:be:b9:1d:88:
         08:a2:e0:f7:95:c4:d4:94:3c:c5:ea:1e:72:56:08:a1:99:e6:
         ad:bf:43:44:f5:ca:fb:67:5a:7e:7d:ce:b9:1b:3c:00:e5:21:
         43:d7:5f:98:d7:44:b9:17:37:61:78:99:7d:99:4d:2e:57:8b:
         a0:39:36:a2:aa:95:51:36:cc:08:74:13:0c:eb:3e:81:05:19:
         69:24:c1:d1:21:08:1c:a8:b6:dc:ad:ec:85:1b:a2:3d:7b:01:
         fa:18:0f:20
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZTbGmSsF/micg+6LwsFAFBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMjA2MTE1MjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWUzMjZlNGExNDYzZDNhNDQyZTMwNDBkMjQ3Y2E2M2I3NzY5MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BQLDx3mJWUnbk5fEt7I7uDesCYM
43jcWeeuXeZj03PGLoKudQ1/bS533p2O7jy7J/MLmGK3eRtYq+lE0odgztp/i/E5
cEA/FS+VmbGk4YvZ9OEd5CgGVr/BilC1OxXUXecXTYGznGCQ8rlPGT1F3vf619sB
RTI3h6rofC9AW5HKJykHoF8msn0d6Z9kQmJGYqjSuuNyIfeFIDetZv4Se/fYNp3u
tVQm5Q8unUIV53nXp1Ybq7lRt58pfHddrKKS13Q/AYwlR4CKrP1UuRFyx/c31auQ
vwCFKAAy6t+v/yi4tPWTRcEX0nOyfB52+9ZLY6PbzSdEp4XdYzOATKGHqQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB7jJuShRj06RC4wQNJHymO3dpMWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSHVNbTVLRkdQVHBFTGpCQTBrZktZN2Qya3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDHzgIAwQA
Hzh+AwQBHziOAwQCHziUAwQCHzm4AwQAHztEMAwDBAMfO4gDBAQfO6ADBAAfO+QD
BADZPD4wDQYJKoZIhvcNAQELBQADggEBAAK9FYeIc52xe2epDrlrVDxiQ/VdOfAU
jhF3C66R1fuhKxZXJ//TPVvxT2rwqfZgJ72+HBwCtrHgKZlt6ow13eMJZ2BojlqJ
Z6ahy9+tEZVzmVpABVkInFV88vDdnTa4Ml868L7ht4xzQdOJwrtEncIyn6xrLWGm
AvRDVxkiPeAlkUgZ3xptMxGDDjdy4m7r2goFRb5fgkTQKlTHV2tOvrkdiAii4PeV
xNSUPMXqHnJWCKGZ5q2/Q0T1yvtnWn59zrkbPADlIUPXX5jXRLkXN2F4mX2ZTS5X
i6A5NqKqlVE2zAh0EwzrPoEFGWkkwdEhCByottyt7IUboj17AfoYDyA=
-----END CERTIFICATE-----