Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u3jLpKRktITBY2wdb8SBFWCR83o.roa
File:                     u3jLpKRktITBY2wdb8SBFWCR83o.roa (raw, json)
Hash identifier:          ED5uL4YqJ43YJRLWWSXI6cwUerfNHcvEhd/IxR+QLP4=
Subject key identifier:   BB:78:CB:A4:A4:64:B4:84:C1:63:6C:1D:6F:C4:81:15:60:91:F3:7A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01955B9FE43C4D6CCD3D1FAC1524C21FC2C7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u3jLpKRktITBY2wdb8SBFWCR83o.roa
Signing time:             Mon 03 Mar 2025 10:49:20 +0000
ROA not before:           Mon 03 Mar 2025 10:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4766
IP address blocks:        31.56.172.0/24 maxlen: 24
                          31.56.173.0/24 maxlen: 24
                          31.56.242.0/24 maxlen: 24
                          31.56.243.0/24 maxlen: 24
                          31.56.244.0/24 maxlen: 24
                          31.56.245.0/24 maxlen: 24
                          217.60.0.0/21 maxlen: 24
                          217.60.8.0/21 maxlen: 24
                          217.60.24.0/22 maxlen: 24
                          217.60.32.0/21 maxlen: 24
                          217.60.44.0/22 maxlen: 24
                          217.60.56.0/21 maxlen: 24
Validation:               Failed, certificate revoked on Mon 03 Mar 2025 17:42:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:9f:e4:3c:4d:6c:cd:3d:1f:ac:15:24:c2:1f:c2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  3 10:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb78cba4a464b484c1636c1d6fc481156091f37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:58:b5:5d:ea:04:19:c9:b8:a2:d1:f0:61:e7:
                    26:b0:30:f5:85:34:9c:b4:7f:22:a1:b1:fd:dd:2f:
                    3b:c4:eb:3f:65:9b:88:ac:fd:5c:a6:da:d5:36:5a:
                    4f:a3:4b:62:4d:5f:a1:67:13:35:58:d1:b9:01:e4:
                    df:e7:91:24:5c:e5:96:df:27:6a:9d:b0:f2:5b:7a:
                    1d:49:ca:be:1f:82:bb:bf:26:e9:10:24:1f:29:b4:
                    31:4f:22:35:60:b8:6d:1d:36:0b:80:c6:dd:be:3b:
                    26:0c:bc:aa:f0:e8:28:a1:1a:61:8d:bd:10:77:9c:
                    5d:67:4a:31:ef:22:26:f0:17:b6:30:68:3e:4c:87:
                    37:c2:b1:a3:1a:b1:fd:b1:a9:4f:bf:56:fb:71:1b:
                    73:83:57:f2:c1:39:cc:b5:44:d6:d2:b1:f4:a7:fe:
                    86:79:b8:0c:4d:14:6a:7e:bd:64:3e:81:0f:46:a6:
                    d4:17:ae:6a:6a:63:02:c5:61:30:29:31:c3:2f:3e:
                    8d:c3:06:fc:a2:04:88:34:53:58:eb:c7:f3:6a:9f:
                    72:0f:6e:24:05:5c:a3:ed:3e:56:0d:0a:00:76:bc:
                    a8:13:86:ce:5c:c1:c2:5f:ab:18:7e:25:c5:96:69:
                    93:b4:e1:fe:21:06:65:56:10:a4:7a:26:00:52:84:
                    26:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:78:CB:A4:A4:64:B4:84:C1:63:6C:1D:6F:C4:81:15:60:91:F3:7A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/u3jLpKRktITBY2wdb8SBFWCR83o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.172.0/23
                  31.56.242.0-31.56.245.255
                  217.60.0.0/20
                  217.60.24.0/22
                  217.60.32.0/21
                  217.60.44.0/22
                  217.60.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3f:15:a1:d6:a0:e4:73:2c:cd:dc:ef:6d:41:cf:0a:ef:9d:ee:
         83:e4:0b:24:22:6d:8e:a4:4c:e9:54:eb:4f:29:d9:59:1c:35:
         5d:71:3b:6b:76:66:3f:7d:bb:cb:9f:34:0a:0d:2e:28:f5:85:
         f3:f8:7c:5a:76:ec:bf:aa:72:f8:b5:de:9a:03:6f:99:1c:91:
         6e:03:65:dc:70:9b:21:69:c5:b9:57:81:58:ff:83:78:88:c8:
         dc:be:87:1c:36:62:ed:22:8f:00:39:cf:2a:e2:37:cc:de:f4:
         0a:11:00:ab:90:c4:15:c3:21:df:fd:b6:8d:50:7e:2e:5a:4d:
         4c:fa:3f:bf:74:a2:84:c7:d0:4a:b6:06:91:58:1a:df:66:91:
         76:4b:9d:df:ed:41:a0:2b:e6:23:92:05:26:88:e8:2a:a4:9f:
         5a:06:12:35:69:f6:9a:b8:7d:05:b2:e6:61:18:ce:5e:b3:d2:
         43:d1:73:31:ee:23:d3:00:23:db:ab:35:d6:0a:0f:6f:dc:22:
         83:6e:19:40:53:5d:93:59:47:a6:e1:a6:bd:b9:4e:7b:c5:be:
         a3:0f:44:17:fe:39:1a:7c:69:a6:68:d3:c0:6d:68:2e:f3:2e:
         42:55:c2:41:81:9a:ba:d7:eb:86:57:5c:57:f8:d0:59:7d:f2:
         dc:e5:80:e8
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZVbn+Q8TWzNPR+sFSTCH8LHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzAzMTA0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjc4Y2JhNGE0NjRiNDg0YzE2MzZjMWQ2ZmM0ODExNTYwOTFmMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Vi1XeoEGcm4otHwYecmsDD1hTSc
tH8iobH93S87xOs/ZZuIrP1cptrVNlpPo0tiTV+hZxM1WNG5AeTf55EkXOWW3ydq
nbDyW3odScq+H4K7vybpECQfKbQxTyI1YLhtHTYLgMbdvjsmDLyq8OgooRphjb0Q
d5xdZ0ox7yIm8Be2MGg+TIc3wrGjGrH9salPv1b7cRtzg1fywTnMtUTW0rH0p/6G
ebgMTRRqfr1kPoEPRqbUF65qamMCxWEwKTHDLz6Nwwb8ogSINFNY68fzap9yD24k
BVyj7T5WDQoAdryoE4bOXMHCX6sYfiXFlmmTtOH+IQZlVhCkeiYAUoQm/wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLt4y6SkZLSEwWNsHW/EgRVgkfN6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdTNqTHBLUmt0SVRCWTJ3ZGI4U0JGV0NSODNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBHzisMAwD
BAEfOPIDBAEfOPQDBATZPAADBALZPBgDBAPZPCADBALZPCwDBAPZPDgwDQYJKoZI
hvcNAQELBQADggEBAD8Vodag5HMszdzvbUHPCu+d7oPkCyQibY6kTOlU608p2Vkc
NV1xO2t2Zj99u8ufNAoNLij1hfP4fFp27L+qcvi13poDb5kckW4DZdxwmyFpxblX
gVj/g3iIyNy+hxw2Yu0ijwA5zyriN8ze9AoRAKuQxBXDId/9to1Qfi5aTUz6P790
ooTH0Eq2BpFYGt9mkXZLnd/tQaAr5iOSBSaI6Cqkn1oGEjVp9pq4fQWy5mEYzl6z
0kPRczHuI9MAI9urNdYKD2/cIoNuGUBTXZNZR6bhpr25TnvFvqMPRBf+ORp8aaZo
08BtaC7zLkJVwkGBmrrX64ZXXFf40Fl98tzlgOg=
-----END CERTIFICATE-----