Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/I89OFi7ZztX7vb7PZBgZi7KTvww.roa
File:                     I89OFi7ZztX7vb7PZBgZi7KTvww.roa (raw, json)
Hash identifier:          thBQU5i++7Ly8Ps+DTCPfKx1vw8GloBXFy9sopPF3Xo=
Subject key identifier:   23:CF:4E:16:2E:D9:CE:D5:FB:BD:BE:CF:64:18:19:8B:B2:93:BF:0C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019316A39DC37256346A957E595C6AB6EC9D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/I89OFi7ZztX7vb7PZBgZi7KTvww.roa
Signing time:             Sun 10 Nov 2024 15:14:01 +0000
ROA not before:           Sun 10 Nov 2024 15:14:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        31.56.4.0/23 maxlen: 23
                          31.56.24.0/24 maxlen: 24
                          31.56.42.0/23 maxlen: 24
                          31.56.48.0/24 maxlen: 24
                          31.56.66.0/24 maxlen: 24
                          31.56.85.0/24 maxlen: 24
                          31.56.89.0/24 maxlen: 24
                          31.56.120.0/22 maxlen: 24
                          31.56.127.0/24 maxlen: 24
                          31.57.132.0/23 maxlen: 23
                          31.57.176.0/21 maxlen: 24
                          31.57.192.0/22 maxlen: 24
                          31.57.207.0/24 maxlen: 24
                          31.57.232.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Nov 2024 09:43:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:16:a3:9d:c3:72:56:34:6a:95:7e:59:5c:6a:b6:ec:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 10 15:14:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23cf4e162ed9ced5fbbdbecf6418198bb293bf0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e6:6e:db:a3:49:89:17:f3:d0:6e:fc:95:b5:
                    c7:3a:ad:a6:67:92:9c:bd:80:50:7b:48:78:84:cd:
                    bd:7a:b5:0d:96:db:db:18:b3:b6:3b:80:03:de:9b:
                    89:8c:0d:58:6d:92:de:94:7c:82:a5:bc:09:38:e7:
                    f2:ed:c1:0e:ec:52:b4:d9:aa:25:9a:a5:c5:f2:ce:
                    34:d1:5c:be:f0:f2:01:f2:6d:9b:1d:52:cf:e5:73:
                    a2:a5:c4:c6:ff:7f:d6:58:62:6b:96:f6:24:15:3a:
                    1a:97:0b:40:7d:72:4e:dd:39:58:dc:15:04:4d:d2:
                    46:12:10:eb:ec:2d:20:ac:3c:50:a7:5b:9f:c5:9a:
                    88:01:c2:54:c5:cc:07:ed:cd:a4:05:bf:3c:b2:e8:
                    0c:d6:d5:ee:1b:cb:88:4d:e4:94:22:97:16:27:d2:
                    87:33:3a:99:c6:a2:8b:c4:74:56:a1:7c:3f:49:aa:
                    18:1b:39:d3:d1:63:b8:7f:13:b2:4d:c3:d1:39:63:
                    51:89:c4:98:85:29:ad:81:c2:dc:94:64:db:04:f2:
                    8d:d1:9e:e3:1f:0a:ec:aa:7a:24:22:fa:94:b6:92:
                    d7:41:81:84:e4:f2:5e:20:0a:bc:f6:33:5c:50:4e:
                    2f:3b:44:43:c9:39:61:eb:b5:e0:87:12:7c:a2:9b:
                    2d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CF:4E:16:2E:D9:CE:D5:FB:BD:BE:CF:64:18:19:8B:B2:93:BF:0C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/I89OFi7ZztX7vb7PZBgZi7KTvww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.4.0/23
                  31.56.24.0/24
                  31.56.42.0/23
                  31.56.48.0/24
                  31.56.66.0/24
                  31.56.85.0/24
                  31.56.89.0/24
                  31.56.120.0/22
                  31.56.127.0/24
                  31.57.132.0/23
                  31.57.176.0/21
                  31.57.192.0/22
                  31.57.207.0/24
                  31.57.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:ac:0c:2e:07:cc:d8:3e:c1:ad:be:e0:41:2f:48:45:24:03:
         f0:97:78:22:4b:67:30:28:26:d5:c1:0a:18:20:57:ba:49:c2:
         c6:47:45:38:d8:86:91:7e:94:d7:57:36:80:92:a3:98:e1:88:
         4a:aa:91:f3:19:ca:0c:64:5b:3b:51:90:d5:c7:84:01:6a:c0:
         76:c6:a4:38:d5:ea:97:60:61:65:ec:a6:d3:00:39:33:e5:ad:
         11:af:0d:00:cf:a8:4b:9f:f0:3f:78:c1:69:83:c4:e6:4c:c6:
         9e:54:0f:6e:9d:6c:3e:7c:92:5d:cd:2a:09:6d:33:b4:e6:2a:
         1c:00:2c:fa:c4:6a:99:06:b1:c4:af:b2:fa:16:be:bf:40:e0:
         9a:08:2f:b0:d8:df:b2:f3:e3:ef:a0:a0:a2:c0:71:c7:c5:a0:
         71:06:f0:29:92:82:54:1f:5a:6a:38:b6:4f:f0:6f:00:b6:d8:
         06:a8:63:45:bc:fd:c4:96:6c:41:b1:29:c4:a3:20:6d:50:8f:
         85:5a:5f:ab:7f:7d:66:e4:2d:6e:aa:2e:43:8b:06:cd:3a:71:
         cf:3f:2b:a2:ce:22:8f:dd:c8:f4:c9:ec:8a:9d:d8:65:3c:b5:
         b7:93:2e:50:70:0b:64:b8:22:65:95:13:88:9e:5e:b4:71:ed:
         70:b6:39:0c
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZMWo53DclY0apV+WVxqtuydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTEwMTUxNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NmNGUxNjJlZDljZWQ1ZmJiZGJlY2Y2NDE4MTk4YmIyOTNiZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeZu26NJiRfz0G78lbXHOq2mZ5Kc
vYBQe0h4hM29erUNltvbGLO2O4AD3puJjA1YbZLelHyCpbwJOOfy7cEO7FK02aol
mqXF8s400Vy+8PIB8m2bHVLP5XOipcTG/3/WWGJrlvYkFToalwtAfXJO3TlY3BUE
TdJGEhDr7C0grDxQp1ufxZqIAcJUxcwH7c2kBb88sugM1tXuG8uITeSUIpcWJ9KH
MzqZxqKLxHRWoXw/SaoYGznT0WO4fxOyTcPROWNRicSYhSmtgcLclGTbBPKN0Z7j
HwrsqnokIvqUtpLXQYGE5PJeIAq89jNcUE4vO0RDyTlh67XghxJ8opstkwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFCPPThYu2c7V+72+z2QYGYuyk78MMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSTg5T0ZpN1p6dFg3dmI3UFpCZ1ppN0tUdnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBHzgEAwQA
HzgYAwQBHzgqAwQAHzgwAwQAHzhCAwQAHzhVAwQAHzhZAwQCHzh4AwQAHzh/AwQB
HzmEAwQDHzmwAwQCHznAAwQAHznPAwQCHznoMA0GCSqGSIb3DQEBCwUAA4IBAQAT
rAwuB8zYPsGtvuBBL0hFJAPwl3giS2cwKCbVwQoYIFe6ScLGR0U42IaRfpTXVzaA
kqOY4YhKqpHzGcoMZFs7UZDVx4QBasB2xqQ41eqXYGFl7KbTADkz5a0Rrw0Az6hL
n/A/eMFpg8TmTMaeVA9unWw+fJJdzSoJbTO05iocACz6xGqZBrHEr7L6Fr6/QOCa
CC+w2N+y8+PvoKCiwHHHxaBxBvApkoJUH1pqOLZP8G8AttgGqGNFvP3ElmxBsSnE
oyBtUI+FWl+rf31m5C1uqi5DiwbNOnHPPyuiziKP3cj0yeyKndhlPLW3ky5QcAtk
uCJllROInl60ce1wtjkM
-----END CERTIFICATE-----