Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/c1Jv912s8_q5uV4CI9U-h8908kA.roa
File:                     c1Jv912s8_q5uV4CI9U-h8908kA.roa (raw, json)
Hash identifier:          YgYhuWtYtTOAz6sNoHKLLRXUJ/JR8XBlvPzFDlJF/Bg=
Subject key identifier:   73:52:6F:F7:5D:AC:F3:FA:B9:B9:5E:02:23:D5:3E:87:CF:74:F2:40
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0193F9146C55D82CDDA5B8C737A3A449AED6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/c1Jv912s8_q5uV4CI9U-h8908kA.roa
Signing time:             Tue 24 Dec 2024 14:31:25 +0000
ROA not before:           Tue 24 Dec 2024 14:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        31.56.8.0/21 maxlen: 24
                          31.56.142.0/23 maxlen: 24
                          31.56.148.0/22 maxlen: 24
                          31.57.184.0/22 maxlen: 24
                          31.59.68.0/24 maxlen: 24
                          31.59.136.0/21 maxlen: 24
                          31.59.144.0/21 maxlen: 24
                          31.59.152.0/21 maxlen: 24
                          31.59.160.0/21 maxlen: 24
                          31.59.168.0/21 maxlen: 24
                          217.60.236.0/24 maxlen: 24
                          217.60.245.0/24 maxlen: 24
                          217.60.248.0/24 maxlen: 24
                          217.60.253.0/24 maxlen: 24
                          217.60.254.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 26 Dec 2024 15:14:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f9:14:6c:55:d8:2c:dd:a5:b8:c7:37:a3:a4:49:ae:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec 24 14:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73526ff75dacf3fab9b95e0223d53e87cf74f240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:26:88:75:85:70:ac:77:23:8a:37:61:91:51:
                    55:9e:82:e2:00:0f:ee:e6:21:3b:ba:80:0a:80:2c:
                    cd:96:22:95:c0:d9:f9:3e:d7:cd:82:c9:c9:e7:6d:
                    42:bb:af:48:22:de:4f:14:7e:30:f5:28:86:ae:d4:
                    24:43:b6:c6:79:7e:16:d6:01:3a:3c:e0:f2:d7:09:
                    04:fa:ca:6a:19:ab:89:6d:e6:c2:84:28:0a:fa:6b:
                    ad:f9:fd:37:a5:ed:fe:cd:66:36:2d:88:82:1b:0c:
                    ca:aa:64:96:2f:5b:9c:16:8f:5e:f8:5b:1b:ed:db:
                    1d:8a:86:42:31:b8:1c:7d:17:34:1a:80:c9:4c:c5:
                    63:25:cd:5e:a9:c8:66:e3:e2:79:89:88:95:cf:3c:
                    d6:ad:7d:98:b7:f9:61:06:2a:06:2f:f4:36:41:c2:
                    77:9f:63:37:14:34:70:51:c2:43:58:2d:0e:91:02:
                    72:ae:7d:39:96:d7:d1:6f:c7:97:79:51:bb:45:fa:
                    11:5d:ea:1f:e8:e3:59:e5:b1:93:00:37:45:b2:12:
                    31:29:b5:89:e3:ca:f5:fc:30:62:ce:90:fa:08:0d:
                    b6:4f:63:9d:60:23:7f:c8:b2:66:bb:66:b6:d4:94:
                    ce:98:b0:22:d2:7e:a5:6a:ba:f5:37:8b:89:72:99:
                    02:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:52:6F:F7:5D:AC:F3:FA:B9:B9:5E:02:23:D5:3E:87:CF:74:F2:40
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/c1Jv912s8_q5uV4CI9U-h8908kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.8.0/21
                  31.56.142.0/23
                  31.56.148.0/22
                  31.57.184.0/22
                  31.59.68.0/24
                  31.59.136.0-31.59.175.255
                  217.60.236.0/24
                  217.60.245.0/24
                  217.60.248.0/24
                  217.60.253.0-217.60.254.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:08:a7:f7:53:1c:f6:d6:19:b8:be:1c:30:5a:2a:76:3b:6e:
         43:08:44:b2:aa:b0:f6:af:1e:1e:d3:03:91:00:3f:a3:77:ea:
         a9:19:17:98:bb:7e:ad:30:d2:42:00:c3:04:91:83:b6:6e:60:
         56:98:89:50:97:5e:56:20:a8:6c:7c:33:13:b7:eb:ea:51:b7:
         15:df:ce:72:67:63:e1:1e:6a:44:6d:e6:e1:cc:d1:8c:3e:fb:
         65:5d:5e:c9:70:fb:e3:07:57:fc:23:ef:9c:5b:10:ec:e0:a9:
         00:51:8e:3b:76:64:83:ad:dc:16:de:53:b8:c5:57:ec:64:14:
         68:9f:dc:da:82:e7:06:7b:f4:a0:de:f6:b7:3b:72:45:75:00:
         34:e5:ba:6c:b9:61:2c:6b:d3:64:4a:7e:ed:0e:a8:61:7d:e6:
         ff:ee:82:de:c6:96:f6:0f:42:a7:a5:1f:2f:c1:d2:28:ce:8e:
         bd:d5:ec:07:32:d3:ff:3d:e4:d8:b1:49:76:a2:eb:a6:57:aa:
         8b:03:87:b8:74:e2:01:8e:66:b1:83:49:13:45:d4:ff:80:db:
         cc:09:d4:51:1d:32:1f:cb:e4:2d:45:a3:fa:c7:5b:64:88:d7:
         fa:af:3e:1e:0b:f5:9c:f8:77:c2:85:40:37:37:3a:72:98:29:
         75:71:c5:d2
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZP5FGxV2CzdpbjHN6OkSa7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMjI0MTQzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzUyNmZmNzVkYWNmM2ZhYjliOTVlMDIyM2Q1M2U4N2NmNzRmMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSaIdYVwrHcjijdhkVFVnoLiAA/u
5iE7uoAKgCzNliKVwNn5PtfNgsnJ521Cu69IIt5PFH4w9SiGrtQkQ7bGeX4W1gE6
PODy1wkE+spqGauJbebChCgK+mut+f03pe3+zWY2LYiCGwzKqmSWL1ucFo9e+Fsb
7dsdioZCMbgcfRc0GoDJTMVjJc1eqchm4+J5iYiVzzzWrX2Yt/lhBioGL/Q2QcJ3
n2M3FDRwUcJDWC0OkQJyrn05ltfRb8eXeVG7RfoRXeof6ONZ5bGTADdFshIxKbWJ
48r1/DBizpD6CA22T2OdYCN/yLJmu2a21JTOmLAi0n6larr1N4uJcpkCNQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHNSb/ddrPP6ubleAiPVPofPdPJAMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYzFKdjkxMnM4X3E1dVY0Q0k5VS1oODkwOGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQDHzgIAwQB
HziOAwQCHziUAwQCHzm4AwQAHztEMAwDBAMfO4gDBAQfO6ADBADZPOwDBADZPPUD
BADZPPgwDAMEANk8/QMEANk8/jANBgkqhkiG9w0BAQsFAAOCAQEAjwin91Mc9tYZ
uL4cMFoqdjtuQwhEsqqw9q8eHtMDkQA/o3fqqRkXmLt+rTDSQgDDBJGDtm5gVpiJ
UJdeViCobHwzE7fr6lG3Fd/Ocmdj4R5qRG3m4czRjD77ZV1eyXD74wdX/CPvnFsQ
7OCpAFGOO3Zkg63cFt5TuMVX7GQUaJ/c2oLnBnv0oN72tztyRXUANOW6bLlhLGvT
ZEp+7Q6oYX3m/+6C3saW9g9Cp6UfL8HSKM6OvdXsBzLT/z3k2LFJdqLrpleqiwOH
uHTiAY5msYNJE0XU/4DbzAnUUR0yH8vkLUWj+sdbZIjX+q8+Hgv1nPh3woVANzc6
cpgpdXHF0g==
-----END CERTIFICATE-----