Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lM9Gs07Q_C0ni4oUjZjMe67-PnI.roa
File:                     lM9Gs07Q_C0ni4oUjZjMe67-PnI.roa (raw, json)
Hash identifier:          xc9una9yCKXswdz4ihZzGWWY5iGop+bLGpO2NZ+QXzg=
Subject key identifier:   94:CF:46:B3:4E:D0:FC:2D:27:8B:8A:14:8D:98:CC:7B:AE:FE:3E:72
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234374457D8F1AEB0F47F0E7E63A70
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lM9Gs07Q_C0ni4oUjZjMe67-PnI.roa
Signing time:             Thu 02 Jan 2025 17:49:47 +0000
ROA not before:           Thu 02 Jan 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        31.56.115.0/24 maxlen: 24
                          31.56.116.0/24 maxlen: 24
                          31.56.125.0/24 maxlen: 24
                          31.56.127.0/24 maxlen: 24
                          31.57.192.0/24 maxlen: 24
                          31.57.193.0/24 maxlen: 24
                          31.57.195.0/24 maxlen: 24
                          31.57.232.0/24 maxlen: 24
                          31.57.233.0/24 maxlen: 24
                          31.57.234.0/24 maxlen: 24
                          31.57.235.0/24 maxlen: 24
                          31.58.145.0/24 maxlen: 24
                          31.58.148.0/24 maxlen: 24
                          31.58.149.0/24 maxlen: 24
                          31.58.151.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 20:12:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:43:74:45:7d:8f:1a:eb:0f:47:f0:e7:e6:3a:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94cf46b34ed0fc2d278b8a148d98cc7baefe3e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:42:89:b9:7a:54:e0:35:49:9e:1f:3b:98:5c:
                    b4:0c:29:d4:6a:43:f3:b8:2d:81:df:4d:fe:3d:a2:
                    fa:d4:45:93:49:f9:20:35:f2:06:17:55:ba:82:af:
                    f7:d8:b1:85:2c:56:85:70:f6:24:b5:5a:28:c6:49:
                    6e:de:9c:25:7e:53:8c:11:a7:46:8c:24:0e:70:c5:
                    b2:ef:43:9c:b3:26:08:00:ae:90:70:f6:7e:cb:8b:
                    f1:eb:14:be:42:d1:e7:1c:b8:a4:9c:06:b4:05:6f:
                    0c:f0:38:40:04:46:41:15:66:3c:6f:01:20:a0:e1:
                    bc:ac:d8:86:95:6a:1f:ca:0e:27:de:d4:00:8f:05:
                    b4:25:c4:27:6d:a4:1e:33:5e:52:af:25:5a:52:c8:
                    6e:d1:ee:f9:5f:b2:36:93:35:b4:92:be:d3:d8:ba:
                    d1:a8:5a:f1:50:bd:a2:20:f0:f9:73:71:fa:84:fb:
                    44:31:e3:ae:2a:ff:73:9a:27:18:f2:e2:c1:f4:94:
                    a6:36:5e:0e:73:77:ad:ed:89:52:4d:54:18:ce:f9:
                    bd:1c:4e:06:ea:67:94:8e:1e:e3:3a:a5:ae:c7:c0:
                    27:ea:7f:6b:37:90:a9:91:6b:e6:e3:8e:2b:74:19:
                    81:51:a1:b4:4f:6f:de:5a:e8:1b:c8:fe:30:ac:db:
                    40:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:CF:46:B3:4E:D0:FC:2D:27:8B:8A:14:8D:98:CC:7B:AE:FE:3E:72
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lM9Gs07Q_C0ni4oUjZjMe67-PnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.115.0-31.56.116.255
                  31.56.125.0/24
                  31.56.127.0/24
                  31.57.192.0/23
                  31.57.195.0/24
                  31.57.232.0/22
                  31.58.145.0/24
                  31.58.148.0/23
                  31.58.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:25:15:17:ca:f8:cf:14:9e:11:b3:dc:65:f5:67:2a:82:86:
         db:8d:24:8f:57:4b:20:1f:4f:c5:30:9c:06:c5:e7:48:2a:9c:
         e3:63:48:ce:cc:0a:10:8a:9a:e2:d1:df:a0:b9:c2:8c:11:b3:
         71:a8:14:96:de:1e:bf:b8:e3:a6:38:1a:48:45:64:5f:23:ce:
         73:e9:cd:d3:d2:cb:65:33:28:72:f4:cb:c2:06:59:8b:c3:9a:
         2c:cf:2b:78:7b:58:08:ff:77:7e:3b:9a:76:ba:d7:0c:49:69:
         c0:67:d4:30:36:14:cd:00:ed:8a:c6:72:14:9c:2b:08:01:a9:
         06:ad:d1:73:41:84:5b:77:34:05:37:6a:54:69:4c:4d:48:1f:
         84:a5:19:a9:bf:56:fa:e5:f1:17:30:6e:d1:58:a3:03:ee:86:
         41:91:ed:a0:5c:36:ed:ba:7e:38:3a:37:32:4d:bd:f8:16:0f:
         4c:d2:b5:35:7a:24:46:fb:4f:0c:34:16:ab:1d:0e:ac:2b:8b:
         9a:c5:b9:43:71:29:fd:41:a6:86:b2:b2:11:98:4b:3e:20:b3:
         33:5b:b0:b9:ee:b6:24:c2:ae:c5:4c:fa:fe:2f:52:5f:05:c5:
         67:8e:d1:b0:69:16:b0:a7:35:dc:c2:fa:14:49:60:87:dd:b2:
         2b:7c:75:79
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQoI0N0RX2PGusPR/Dn5jpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGNmNDZiMzRlZDBmYzJkMjc4YjhhMTQ4ZDk4Y2M3YmFlZmUzZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kKJuXpU4DVJnh87mFy0DCnUakPz
uC2B303+PaL61EWTSfkgNfIGF1W6gq/32LGFLFaFcPYktVooxklu3pwlflOMEadG
jCQOcMWy70OcsyYIAK6QcPZ+y4vx6xS+QtHnHLiknAa0BW8M8DhABEZBFWY8bwEg
oOG8rNiGlWofyg4n3tQAjwW0JcQnbaQeM15SryVaUshu0e75X7I2kzW0kr7T2LrR
qFrxUL2iIPD5c3H6hPtEMeOuKv9zmicY8uLB9JSmNl4Oc3et7YlSTVQYzvm9HE4G
6meUjh7jOqWux8An6n9rN5CpkWvm444rdBmBUaG0T2/eWugbyP4wrNtA+wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJTPRrNO0PwtJ4uKFI2YzHuu/j5yMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbE05R3MwN1FfQzBuaTRvVWpaak1lNjctUG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAAfOHMD
BAAfOHQDBAAfOH0DBAAfOH8DBAEfOcADBAAfOcMDBAIfOegDBAAfOpEDBAEfOpQD
BAAfOpcwDQYJKoZIhvcNAQELBQADggEBAJ0lFRfK+M8UnhGz3GX1ZyqChtuNJI9X
SyAfT8UwnAbF50gqnONjSM7MChCKmuLR36C5wowRs3GoFJbeHr+446Y4GkhFZF8j
znPpzdPSy2UzKHL0y8IGWYvDmizPK3h7WAj/d347mna61wxJacBn1DA2FM0A7YrG
chScKwgBqQat0XNBhFt3NAU3alRpTE1IH4SlGam/Vvrl8RcwbtFYowPuhkGR7aBc
Nu26fjg6NzJNvfgWD0zStTV6JEb7Tww0FqsdDqwri5rFuUNxKf1BpoayshGYSz4g
szNbsLnutiTCrsVM+v4vUl8FxWeO0bBpFrCnNdzC+hRJYIfdsit8dXk=
-----END CERTIFICATE-----