Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1pHqYh07Mtn5Vi_107m-A9f0N0.roa
File:                     z1pHqYh07Mtn5Vi_107m-A9f0N0.roa (raw, json)
Hash identifier:          YIa/JIoVutrmDKV1IcaO1y/3UW9P+tUaZtGPp7usJak=
Subject key identifier:   CF:5A:47:A9:88:74:EC:CB:67:E5:58:BF:D7:4E:E6:F8:0F:5F:D0:DD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0193077D71063D1E43B5E5D6164D20539D3D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1pHqYh07Mtn5Vi_107m-A9f0N0.roa
Signing time:             Thu 07 Nov 2024 16:38:01 +0000
ROA not before:           Thu 07 Nov 2024 16:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        31.56.4.0/23 maxlen: 23
                          31.56.24.0/24 maxlen: 24
                          31.56.39.0/24 maxlen: 24
                          31.56.42.0/23 maxlen: 24
                          31.56.66.0/24 maxlen: 24
                          31.56.85.0/24 maxlen: 24
                          31.56.89.0/24 maxlen: 24
                          31.56.120.0/22 maxlen: 24
                          31.56.127.0/24 maxlen: 24
                          31.57.132.0/23 maxlen: 23
                          31.57.176.0/21 maxlen: 24
                          31.57.192.0/22 maxlen: 24
                          31.57.232.0/22 maxlen: 24
                          31.57.244.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 08 Nov 2024 06:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:7d:71:06:3d:1e:43:b5:e5:d6:16:4d:20:53:9d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  7 16:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf5a47a98874eccb67e558bfd74ee6f80f5fd0dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:52:f5:6c:7c:d8:9b:42:1b:b6:8c:d2:4d:c1:
                    2c:0c:f2:ae:0a:e2:a6:82:cf:69:86:36:86:05:b8:
                    be:80:73:ea:f1:f7:c3:f3:71:00:d3:89:34:51:bb:
                    15:57:ef:d2:2a:fe:67:c1:93:59:58:78:84:1c:2c:
                    fc:39:7a:83:e7:78:2b:55:30:50:83:7c:c2:17:41:
                    d2:2d:32:54:61:df:2f:a3:64:67:af:96:e3:f0:6a:
                    87:67:8b:6b:24:b9:b4:c9:54:2c:15:94:ce:1a:d0:
                    40:2a:a2:3c:0d:e2:36:01:03:e0:a9:1f:b2:d7:f6:
                    2b:96:b9:b1:f9:de:87:17:a2:e8:3a:36:0c:30:71:
                    05:f7:7e:06:12:dc:76:dd:7b:52:3a:2a:e0:17:56:
                    e7:67:a4:5d:e4:b9:86:6b:4d:55:26:eb:66:bd:f9:
                    35:7b:27:5a:3c:c4:ad:0a:ff:2c:c4:e7:df:ef:d7:
                    7b:9b:be:fa:de:65:24:70:ec:b6:54:77:37:12:3d:
                    2b:4e:45:99:c2:9f:32:b0:d5:8d:72:67:71:59:a9:
                    a9:a5:50:73:94:7e:be:38:07:73:17:20:91:9a:54:
                    f7:48:b7:8b:55:95:8b:97:9e:b5:bc:2d:22:e8:2b:
                    58:c2:73:0f:b8:44:4c:9e:54:d1:ed:7f:80:33:57:
                    4d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5A:47:A9:88:74:EC:CB:67:E5:58:BF:D7:4E:E6:F8:0F:5F:D0:DD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1pHqYh07Mtn5Vi_107m-A9f0N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.4.0/23
                  31.56.24.0/24
                  31.56.39.0/24
                  31.56.42.0/23
                  31.56.66.0/24
                  31.56.85.0/24
                  31.56.89.0/24
                  31.56.120.0/22
                  31.56.127.0/24
                  31.57.132.0/23
                  31.57.176.0/21
                  31.57.192.0/22
                  31.57.232.0/22
                  31.57.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:22:98:1c:ba:54:20:c4:87:41:5f:9c:57:9b:c2:09:1e:4d:
         cd:80:93:9d:68:f6:fe:c2:40:35:1c:58:f1:82:0f:60:7b:e2:
         eb:bb:b7:84:b4:fa:5e:43:60:12:ec:b0:82:6d:cb:9e:04:4a:
         83:22:1a:bf:c1:1b:da:34:9b:a4:15:60:9d:cd:54:14:08:87:
         2a:58:1e:af:48:42:da:fe:7f:3d:a7:3d:33:3a:ab:24:b5:52:
         d5:b6:d0:79:4d:52:a7:ea:91:d7:df:6e:e7:0d:18:91:61:1b:
         c0:b2:85:d1:7a:51:40:2e:73:4f:a9:c6:6e:a8:ed:53:f1:d1:
         7a:89:bd:96:55:77:c2:63:bd:3f:0d:46:39:7a:a2:c6:2a:bd:
         07:f1:00:fb:dc:45:9b:93:20:3f:90:e9:68:37:0e:68:31:22:
         17:18:57:13:74:fd:73:2b:a1:f9:24:27:cd:6c:bc:ec:74:f1:
         b7:3e:b3:26:93:38:14:02:8d:a5:88:19:4b:8d:00:18:95:a5:
         53:28:27:61:5c:f4:01:24:7f:dd:1f:72:59:be:5f:84:92:65:
         4a:3d:54:7e:60:7f:df:95:e6:de:f2:01:2a:a4:e3:f9:5e:b0:
         27:14:38:44:d3:13:ab:81:3e:ed:17:af:e4:29:a6:2b:50:3f:
         89:56:c0:12
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZMHfXEGPR5DteXWFk0gU509MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA3MTYzODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVhNDdhOTg4NzRlY2NiNjdlNTU4YmZkNzRlZTZmODBmNWZkMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8FL1bHzYm0IbtozSTcEsDPKuCuKm
gs9phjaGBbi+gHPq8ffD83EA04k0UbsVV+/SKv5nwZNZWHiEHCz8OXqD53grVTBQ
g3zCF0HSLTJUYd8vo2Rnr5bj8GqHZ4trJLm0yVQsFZTOGtBAKqI8DeI2AQPgqR+y
1/Yrlrmx+d6HF6LoOjYMMHEF934GEtx23XtSOirgF1bnZ6Rd5LmGa01VJutmvfk1
eydaPMStCv8sxOff79d7m7763mUkcOy2VHc3Ej0rTkWZwp8ysNWNcmdxWamppVBz
lH6+OAdzFyCRmlT3SLeLVZWLl561vC0i6CtYwnMPuERMnlTR7X+AM1dNTQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFM9aR6mIdOzLZ+VYv9dO5vgPX9DdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvejFwSHFZaDA3TXRuNVZpXzEwN20tQTlmME4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBHzgEAwQA
HzgYAwQAHzgnAwQBHzgqAwQAHzhCAwQAHzhVAwQAHzhZAwQCHzh4AwQAHzh/AwQB
HzmEAwQDHzmwAwQCHznAAwQCHznoAwQCHzn0MA0GCSqGSIb3DQEBCwUAA4IBAQC3
IpgculQgxIdBX5xXm8IJHk3NgJOdaPb+wkA1HFjxgg9ge+Lru7eEtPpeQ2AS7LCC
bcueBEqDIhq/wRvaNJukFWCdzVQUCIcqWB6vSELa/n89pz0zOqsktVLVttB5TVKn
6pHX327nDRiRYRvAsoXRelFALnNPqcZuqO1T8dF6ib2WVXfCY70/DUY5eqLGKr0H
8QD73EWbkyA/kOloNw5oMSIXGFcTdP1zK6H5JCfNbLzsdPG3PrMmkzgUAo2liBlL
jQAYlaVTKCdhXPQBJH/dH3JZvl+EkmVKPVR+YH/flebe8gEqpOP5XrAnFDhE0xOr
gT7tF6/kKaYrUD+JVsAS