Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qEX8TZo-guNPav40hboRJP5ZBIs.roa
File:                     qEX8TZo-guNPav40hboRJP5ZBIs.roa (raw, json)
Hash identifier:          89DeolATXGPQYa18yqryEguYYRMI5zmjfAdrgOVU5dA=
Subject key identifier:   A8:45:FC:4D:9A:3E:82:E3:4F:6A:FE:34:85:BA:11:24:FE:59:04:8B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01941C1CD64BBCEA9299DD4214B463024A16
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qEX8TZo-guNPav40hboRJP5ZBIs.roa
Signing time:             Tue 31 Dec 2024 09:47:19 +0000
ROA not before:           Tue 31 Dec 2024 09:47:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        31.56.112.0/21 maxlen: 24
                          31.57.11.0/24 maxlen: 24
                          31.57.131.0/24 maxlen: 24
                          31.57.150.0/24 maxlen: 24
                          31.57.176.0/24 maxlen: 24
                          31.57.194.0/24 maxlen: 24
                          31.58.59.0/24 maxlen: 24
                          31.58.146.0/24 maxlen: 24
                          31.59.14.0/24 maxlen: 24
                          31.59.30.0/24 maxlen: 24
                          31.59.97.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:49:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:1c:d6:4b:bc:ea:92:99:dd:42:14:b4:63:02:4a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Dec 31 09:47:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a845fc4d9a3e82e34f6afe3485ba1124fe59048b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:75:48:81:ea:62:14:b7:b2:01:a6:c9:46:07:
                    b6:ae:2c:fe:f3:63:4f:d2:07:0b:0f:0f:39:6d:7f:
                    2b:cb:48:78:aa:c1:db:7e:0e:e8:68:23:2d:f1:ec:
                    c1:a0:50:20:3e:72:28:78:9f:88:c6:19:1c:70:df:
                    ce:57:f5:28:b0:e7:a9:6e:dd:28:b3:f8:5a:87:85:
                    b8:33:e8:c3:67:07:f7:e7:b2:c5:c3:9e:55:b5:90:
                    2d:70:95:4c:3a:1b:3b:38:e7:c5:3f:a8:41:34:66:
                    6e:d2:dd:01:cc:81:80:aa:56:48:cc:e9:ac:ce:c2:
                    aa:3b:8c:68:3b:2b:91:16:7a:6a:ba:d3:d2:93:f3:
                    81:56:98:0e:93:9b:f8:64:c7:7d:6a:ec:e9:9d:88:
                    90:7d:b6:15:3e:93:6f:f2:45:d1:d7:03:5a:4b:dc:
                    fe:df:a8:b7:0e:ca:45:4c:cc:98:1d:b9:b5:0f:0b:
                    3e:48:1b:a1:bb:30:aa:e7:e2:dd:97:35:7d:b7:48:
                    13:0a:a8:c2:94:62:0c:0a:a6:60:79:38:8e:64:01:
                    27:1f:37:6f:78:ea:d1:dd:cc:e8:f4:bc:83:10:04:
                    16:55:3d:87:39:30:8e:b0:e4:07:c6:ae:f2:22:35:
                    89:b3:76:18:90:c1:0a:46:4f:e1:ee:a5:f9:cd:30:
                    fd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:45:FC:4D:9A:3E:82:E3:4F:6A:FE:34:85:BA:11:24:FE:59:04:8B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qEX8TZo-guNPav40hboRJP5ZBIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.112.0/21
                  31.57.11.0/24
                  31.57.131.0/24
                  31.57.150.0/24
                  31.57.176.0/24
                  31.57.194.0/24
                  31.58.59.0/24
                  31.58.146.0/24
                  31.59.14.0/24
                  31.59.30.0/24
                  31.59.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:e8:41:72:93:80:1a:a8:b1:f7:80:16:98:ac:32:c2:45:63:
         c8:c6:5c:d8:42:2e:ab:5d:05:3b:ac:8c:ff:1e:a3:31:e4:1a:
         91:48:18:69:17:4f:b2:13:87:fa:fe:7d:fb:cb:a6:4b:25:11:
         f1:e5:d3:57:59:a6:1a:7e:ff:d7:96:07:7b:8b:eb:b3:54:8b:
         f1:87:bf:65:0c:57:f7:99:d1:ea:4f:9a:ac:02:46:e3:7b:44:
         e6:df:b3:3a:e8:c0:ae:00:b3:2e:98:a0:25:5b:fb:93:b0:c6:
         92:e1:32:40:d5:17:60:43:06:93:01:bb:67:25:f7:64:2a:ef:
         69:77:fb:b3:9b:60:ff:ae:a7:b9:a6:de:ba:1c:6f:ab:9a:ff:
         46:8b:97:83:48:ce:b5:97:c4:fb:fd:af:08:a6:5e:f1:7f:78:
         eb:c0:a6:75:e6:16:4f:01:13:8c:4d:3e:bc:4f:28:e2:d8:cf:
         5d:45:5b:b7:e0:9e:9d:95:af:3f:90:df:87:63:cb:11:16:b4:
         db:dc:e9:16:05:01:33:7c:08:c9:7c:ec:5a:a6:1d:c5:48:04:
         d6:d9:e4:5a:6e:e2:38:bb:bc:e2:a0:1a:92:9b:ed:52:33:54:
         5d:6a:a0:40:a3:5b:54:10:a5:7b:2f:93:6e:fb:2b:9a:b5:73:
         03:63:e6:e0
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQcHNZLvOqSmd1CFLRjAkoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMjMxMDk0NzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQ1ZmM0ZDlhM2U4MmUzNGY2YWZlMzQ4NWJhMTEyNGZlNTkwNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3VIgepiFLeyAabJRge2riz+82NP
0gcLDw85bX8ry0h4qsHbfg7oaCMt8ezBoFAgPnIoeJ+IxhkccN/OV/UosOepbt0o
s/hah4W4M+jDZwf357LFw55VtZAtcJVMOhs7OOfFP6hBNGZu0t0BzIGAqlZIzOms
zsKqO4xoOyuRFnpqutPSk/OBVpgOk5v4ZMd9auzpnYiQfbYVPpNv8kXR1wNaS9z+
36i3DspFTMyYHbm1Dws+SBuhuzCq5+LdlzV9t0gTCqjClGIMCqZgeTiOZAEnHzdv
eOrR3czo9LyDEAQWVT2HOTCOsOQHxq7yIjWJs3YYkMEKRk/h7qX5zTD9iwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKhF/E2aPoLjT2r+NIW6EST+WQSLMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcUVYOFRaby1ndU5QYXY0MGhib1JKUDVaQklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQDHzhwAwQA
HzkLAwQAHzmDAwQAHzmWAwQAHzmwAwQAHznCAwQAHzo7AwQAHzqSAwQAHzsOAwQA
HzseAwQAHzthMA0GCSqGSIb3DQEBCwUAA4IBAQB86EFyk4AaqLH3gBaYrDLCRWPI
xlzYQi6rXQU7rIz/HqMx5BqRSBhpF0+yE4f6/n37y6ZLJRHx5dNXWaYafv/Xlgd7
i+uzVIvxh79lDFf3mdHqT5qsAkbje0Tm37M66MCuALMumKAlW/uTsMaS4TJA1Rdg
QwaTAbtnJfdkKu9pd/uzm2D/rqe5pt66HG+rmv9Gi5eDSM61l8T7/a8Ipl7xf3jr
wKZ15hZPAROMTT68Tyji2M9dRVu34J6dla8/kN+HY8sRFrTb3OkWBQEzfAjJfOxa
ph3FSATW2eRabuI4u7zioBqSm+1SM1RdaqBAo1tUEKV7L5Nu+yuatXMDY+bg
-----END CERTIFICATE-----