Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WjteNdXD6SxJ_ZvJdwlOSYAjDqU.roa
File:                     WjteNdXD6SxJ_ZvJdwlOSYAjDqU.roa (raw, json)
Hash identifier:          MNOS1Z/8YlJOTJ6+zfWuiclSQpcVK7rFQ1YAQ8TnP7g=
Subject key identifier:   5A:3B:5E:35:D5:C3:E9:2C:49:FD:9B:C9:77:09:4E:49:80:23:0E:A5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019417CF743FE28D4A46AFEA18E19831FF29
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WjteNdXD6SxJ_ZvJdwlOSYAjDqU.roa
Signing time:             Mon 30 Dec 2024 13:44:19 +0000
ROA not before:           Mon 30 Dec 2024 13:44:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        31.56.75.0/24 maxlen: 24
                          31.56.86.0/24 maxlen: 24
                          31.56.107.0/24 maxlen: 24
                          31.56.112.0/24 maxlen: 24
                          31.57.162.0/23 maxlen: 23
                          31.57.164.0/23 maxlen: 23
                          31.57.180.0/24 maxlen: 24
                          31.57.227.0/24 maxlen: 24
                          31.58.41.0/24 maxlen: 24
                          31.58.42.0/24 maxlen: 24
                          31.58.48.0/24 maxlen: 24
                          31.58.50.0/23 maxlen: 24
                          31.58.56.0/23 maxlen: 24
                          31.58.64.0/23 maxlen: 24
                          31.58.136.0/24 maxlen: 24
                          31.58.153.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 31 Dec 2024 09:47:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:17:cf:74:3f:e2:8d:4a:46:af:ea:18:e1:98:31:ff:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec 30 13:44:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a3b5e35d5c3e92c49fd9bc977094e4980230ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:45:de:74:e6:43:7f:26:25:19:75:98:ea:cb:
                    15:0a:36:c5:6e:a7:00:ee:f7:35:63:f4:b8:88:8b:
                    2e:15:9c:3c:2b:90:53:1f:b7:e2:32:05:60:50:fa:
                    71:31:e5:d2:06:70:a1:8a:e5:8c:87:5d:20:6e:17:
                    5a:13:10:65:e0:6a:81:3c:6c:69:f1:fa:76:78:a3:
                    f7:5e:e9:ff:83:96:ec:0f:d7:36:b1:47:1a:c7:c5:
                    42:e0:3d:d0:5c:40:5f:90:fe:ba:9a:a5:6f:1a:bc:
                    5e:42:3d:d3:94:13:0c:14:1a:69:3b:76:c4:21:86:
                    c1:fa:78:d2:c9:31:52:c3:e9:0d:72:c6:da:fd:22:
                    ca:f9:36:9e:4f:96:33:28:fb:c1:14:13:e6:dd:94:
                    f6:6f:e6:86:a7:fc:be:f6:2a:9d:d8:80:0f:e8:48:
                    cb:32:c1:5d:3d:d1:c5:f7:60:c2:7a:ba:a6:c1:40:
                    ee:8b:1b:4c:6a:72:d8:9d:41:b2:5e:d0:c2:22:8d:
                    d6:13:98:4c:6e:26:4c:dd:ce:26:15:9f:c0:c5:99:
                    b3:e1:71:ab:3d:f4:60:36:72:4d:6f:a4:6b:15:f3:
                    61:25:de:7f:17:89:0a:06:9a:64:5b:2b:37:3d:16:
                    c3:0f:57:f8:72:c7:86:5a:73:b8:ef:80:3d:cd:b2:
                    fa:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3B:5E:35:D5:C3:E9:2C:49:FD:9B:C9:77:09:4E:49:80:23:0E:A5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/WjteNdXD6SxJ_ZvJdwlOSYAjDqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.75.0/24
                  31.56.86.0/24
                  31.56.107.0/24
                  31.56.112.0/24
                  31.57.162.0-31.57.165.255
                  31.57.180.0/24
                  31.57.227.0/24
                  31.58.41.0-31.58.42.255
                  31.58.48.0/24
                  31.58.50.0/23
                  31.58.56.0/23
                  31.58.64.0/23
                  31.58.136.0/24
                  31.58.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:18:d1:ab:ab:83:9a:1a:44:c0:9e:9b:81:97:bf:0b:67:13:
         62:60:87:c6:1f:26:2c:9f:43:e6:7f:03:b7:2a:92:69:04:7a:
         c9:9c:85:3d:e0:a6:44:06:fb:51:66:51:1c:2c:7d:cd:4a:b4:
         63:db:c1:9b:48:d2:9b:bc:ec:dc:62:bb:be:9a:39:8b:67:f6:
         2f:b5:e0:c1:37:81:3f:19:0b:75:2c:43:ca:b8:00:23:43:d9:
         43:b2:ed:19:38:a9:80:47:e0:b3:ee:90:8b:af:53:16:64:e8:
         af:d3:43:ae:b6:43:9d:74:44:a5:74:a9:45:8b:cb:9e:40:86:
         1c:5d:bd:8b:07:8c:f3:a8:30:0b:80:8b:26:68:78:a6:ed:85:
         f7:c3:dc:87:1b:07:c9:59:ff:f4:61:92:ab:ba:21:a0:14:6e:
         af:6b:7e:a5:6e:6e:8b:52:b4:e9:34:dd:f5:e8:d7:94:70:37:
         0c:aa:4d:f6:87:81:80:c2:41:d1:c3:1a:2d:e2:a5:d8:61:b0:
         f9:e8:05:f6:29:d1:da:03:b5:b2:02:b4:ad:1b:2c:e2:04:f5:
         32:1c:f2:8f:1d:d6:20:c7:48:b1:19:07:e6:b0:c7:bc:93:b4:
         53:d9:41:20:7a:e5:9b:54:36:bc:85:bb:9c:81:d2:ba:f7:08:
         7c:06:85:46
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZQXz3Q/4o1KRq/qGOGYMf8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMjMwMTM0NDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTNiNWUzNWQ1YzNlOTJjNDlmZDliYzk3NzA5NGU0OTgwMjMwZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kXedOZDfyYlGXWY6ssVCjbFbqcA
7vc1Y/S4iIsuFZw8K5BTH7fiMgVgUPpxMeXSBnChiuWMh10gbhdaExBl4GqBPGxp
8fp2eKP3Xun/g5bsD9c2sUcax8VC4D3QXEBfkP66mqVvGrxeQj3TlBMMFBppO3bE
IYbB+njSyTFSw+kNcsba/SLK+TaeT5YzKPvBFBPm3ZT2b+aGp/y+9iqd2IAP6EjL
MsFdPdHF92DCerqmwUDuixtManLYnUGyXtDCIo3WE5hMbiZM3c4mFZ/AxZmz4XGr
PfRgNnJNb6RrFfNhJd5/F4kKBppkWys3PRbDD1f4cseGWnO474A9zbL69wIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFFo7XjXVw+ksSf2byXcJTkmAIw6lMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvV2p0ZU5kWEQ2U3hKX1p2SmR3bE9TWUFqRHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQAHzhLAwQA
HzhWAwQAHzhrAwQAHzhwMAwDBAEfOaIDBAEfOaQDBAAfObQDBAAfOeMwDAMEAB86
KQMEAB86KgMEAB86MAMEAR86MgMEAR86OAMEAR86QAMEAB86iAMEAB86mTANBgkq
hkiG9w0BAQsFAAOCAQEAgBjRq6uDmhpEwJ6bgZe/C2cTYmCHxh8mLJ9D5n8DtyqS
aQR6yZyFPeCmRAb7UWZRHCx9zUq0Y9vBm0jSm7zs3GK7vpo5i2f2L7XgwTeBPxkL
dSxDyrgAI0PZQ7LtGTipgEfgs+6Qi69TFmTor9NDrrZDnXREpXSpRYvLnkCGHF29
iweM86gwC4CLJmh4pu2F98PchxsHyVn/9GGSq7ohoBRur2t+pW5ui1K06TTd9ejX
lHA3DKpN9oeBgMJB0cMaLeKl2GGw+egF9inR2gO1sgK0rRss4gT1Mhzyjx3WIMdI
sRkH5rDHvJO0U9lBIHrlm1Q2vIW7nIHSuvcIfAaFRg==
-----END CERTIFICATE-----