Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0vMlY8qpq34G7g4Z89UqtRSPeM.roa
File:                     s0vMlY8qpq34G7g4Z89UqtRSPeM.roa (raw, json)
Hash identifier:          AlIkCB77nP+swLe43bUS7zKruAUUroVVI+jIxOVPzfY=
Subject key identifier:   B3:4B:CC:95:8F:2A:A6:AD:F8:1B:B8:38:67:CF:54:AA:D4:52:3D:E3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195704625B90878F9868AD67ABFAE30E49A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0vMlY8qpq34G7g4Z89UqtRSPeM.roa
Signing time:             Fri 07 Mar 2025 11:03:19 +0000
ROA not before:           Fri 07 Mar 2025 11:03:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        31.56.73.0/24 maxlen: 24
                          31.57.153.0/24 maxlen: 24
                          31.57.236.0/24 maxlen: 24
                          31.58.43.0/24 maxlen: 24
                          31.58.128.0/24 maxlen: 24
                          31.58.162.0/24 maxlen: 24
                          31.58.164.0/24 maxlen: 24
                          31.58.166.0/24 maxlen: 24
                          31.59.88.0/24 maxlen: 24
                          31.59.122.0/24 maxlen: 24
                          31.59.123.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 07 Mar 2025 16:53:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:46:25:b9:08:78:f9:86:8a:d6:7a:bf:ae:30:e4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  7 11:03:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b34bcc958f2aa6adf81bb83867cf54aad4523de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:94:12:48:44:06:73:ef:81:84:32:f3:d4:33:
                    75:bd:6d:d6:48:b8:9f:b8:61:5f:4a:f4:73:c6:fd:
                    fd:55:bd:d3:f6:86:23:db:36:2a:20:fc:e3:ba:8c:
                    3e:78:d5:34:ef:d1:b6:3b:44:d4:41:3f:1f:6c:f0:
                    bb:dc:44:6a:c0:02:3a:32:3f:6a:fb:9e:29:93:ce:
                    2c:3e:1d:59:0b:54:df:c2:08:a8:c6:ac:f3:36:68:
                    b8:74:71:b7:ce:97:5d:ee:92:3c:44:2e:b8:ad:f4:
                    40:f0:cc:c2:49:32:0d:88:dc:53:38:f7:73:c9:d1:
                    cc:a9:b9:da:e5:da:db:c4:8e:45:1b:0d:41:74:77:
                    9f:df:63:61:88:37:03:29:97:11:7d:56:a5:cb:24:
                    ee:18:45:d4:74:d3:40:35:3a:bd:43:25:a0:8e:bc:
                    3b:91:64:05:38:0f:0c:8c:fd:89:94:55:fb:50:ce:
                    8b:7a:57:c5:70:49:f8:78:fb:29:4e:38:83:92:69:
                    1d:4f:ff:e0:89:2f:0c:e4:ca:ef:00:d4:53:3e:ae:
                    99:7e:5a:75:74:3d:74:6b:51:c1:d9:2c:69:0b:f5:
                    62:c3:a4:19:71:82:25:c5:2b:62:00:69:f4:ac:66:
                    73:e4:b9:e6:3f:dc:1e:b8:c6:ef:e0:1c:47:e0:7f:
                    c2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:4B:CC:95:8F:2A:A6:AD:F8:1B:B8:38:67:CF:54:AA:D4:52:3D:E3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0vMlY8qpq34G7g4Z89UqtRSPeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.73.0/24
                  31.57.153.0/24
                  31.57.236.0/24
                  31.58.43.0/24
                  31.58.128.0/24
                  31.58.162.0/24
                  31.58.164.0/24
                  31.58.166.0/24
                  31.59.88.0/24
                  31.59.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:3c:e1:c3:53:f8:17:c6:68:59:d8:92:d7:f8:db:5a:02:48:
         31:f5:e2:5e:3e:a8:84:2d:e6:a0:b6:64:68:54:53:49:8c:f4:
         5c:f9:9e:23:8c:26:5c:60:a9:fd:e3:93:78:e7:6c:f4:f8:4c:
         39:90:97:62:8e:47:5c:72:5e:13:39:46:d4:aa:70:4c:54:c5:
         d0:9b:41:4c:5c:7c:2f:7c:db:84:2d:b5:84:6b:a4:35:88:94:
         29:9b:e1:38:35:a1:0f:7d:6e:55:8a:57:5f:f2:c1:99:4c:74:
         67:74:1f:ff:8b:ed:6f:28:00:1e:ac:37:79:6e:a7:7c:3d:41:
         48:16:7a:7d:79:28:c0:5f:f4:3c:70:d1:c4:29:82:3e:ea:a5:
         52:10:bf:cf:58:d4:25:5a:26:f7:27:3f:cc:41:50:77:ad:e4:
         89:78:2e:78:ca:2a:a2:77:21:93:f1:1e:be:4d:3b:60:6e:e6:
         01:e3:32:d9:2f:63:a4:12:35:cd:8a:fe:98:33:98:6b:d6:d8:
         95:b0:71:4d:bc:ea:1f:e2:58:40:21:3b:c8:a4:9c:33:9d:5d:
         55:81:e8:bd:e8:c6:0b:d3:6e:02:44:57:53:66:1d:90:cb:ab:
         f1:62:c1:77:83:58:6c:9d:00:f1:95:b9:fc:3d:f7:26:d8:a0:
         a2:db:eb:dd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZVwRiW5CHj5horWer+uMOSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzA3MTEwMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzRiY2M5NThmMmFhNmFkZjgxYmI4Mzg2N2NmNTRhYWQ0NTIzZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5QSSEQGc++BhDLz1DN1vW3WSLif
uGFfSvRzxv39Vb3T9oYj2zYqIPzjuow+eNU079G2O0TUQT8fbPC73ERqwAI6Mj9q
+54pk84sPh1ZC1TfwgioxqzzNmi4dHG3zpdd7pI8RC64rfRA8MzCSTINiNxTOPdz
ydHMqbna5drbxI5FGw1BdHef32NhiDcDKZcRfValyyTuGEXUdNNANTq9QyWgjrw7
kWQFOA8MjP2JlFX7UM6LelfFcEn4ePspTjiDkmkdT//giS8M5MrvANRTPq6Zflp1
dD10a1HB2SxpC/Viw6QZcYIlxStiAGn0rGZz5LnmP9weuMbv4BxH4H/CFwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLNLzJWPKqat+Bu4OGfPVKrUUj3jMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvczB2TWxZOHFwcTM0RzdnNFo4OVVxdFJTUGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAHzhJAwQA
HzmZAwQAHznsAwQAHzorAwQAHzqAAwQAHzqiAwQAHzqkAwQAHzqmAwQAHztYAwQB
Hzt6MA0GCSqGSIb3DQEBCwUAA4IBAQBPPOHDU/gXxmhZ2JLX+NtaAkgx9eJePqiE
LeagtmRoVFNJjPRc+Z4jjCZcYKn945N452z0+Ew5kJdijkdccl4TOUbUqnBMVMXQ
m0FMXHwvfNuELbWEa6Q1iJQpm+E4NaEPfW5Vildf8sGZTHRndB//i+1vKAAerDd5
bqd8PUFIFnp9eSjAX/Q8cNHEKYI+6qVSEL/PWNQlWib3Jz/MQVB3reSJeC54yiqi
dyGT8R6+TTtgbuYB4zLZL2OkEjXNiv6YM5hr1tiVsHFNvOof4lhAITvIpJwznV1V
gei96MYL024CRFdTZh2Qy6vxYsF3g1hsnQDxlbn8Pfcm2KCi2+vd
-----END CERTIFICATE-----