Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/z29pt1kDFyAlICsuOlFs4zDuPBA.roa
File:                     z29pt1kDFyAlICsuOlFs4zDuPBA.roa (raw, json)
Hash identifier:          TjHYT+lOCubbFey199kgafvkx5fXX4H+9dUbONlqIfo=
Subject key identifier:   CF:6F:69:B7:59:03:17:20:25:20:2B:2E:3A:51:6C:E3:30:EE:3C:10
Certificate issuer:       /CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
Certificate serial:       0190E4182046D3347176B0142179C845F271
Authority key identifier: 7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/z29pt1kDFyAlICsuOlFs4zDuPBA.roa
Signing time:             Wed 24 Jul 2024 09:35:04 +0000
ROA not before:           Wed 24 Jul 2024 09:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41344
IP address blocks:        31.185.8.0/21 maxlen: 21
                          31.185.8.0/24 maxlen: 24
                          31.185.9.0/24 maxlen: 24
                          31.185.10.0/24 maxlen: 24
                          31.185.11.0/24 maxlen: 24
                          31.185.12.0/24 maxlen: 24
                          31.185.13.0/24 maxlen: 24
                          31.185.14.0/24 maxlen: 24
                          31.185.15.0/24 maxlen: 24
                          89.249.224.0/22 maxlen: 22
                          89.249.226.0/24 maxlen: 24
                          89.249.228.0/22 maxlen: 22
                          89.249.231.0/24 maxlen: 24
                          89.249.232.0/22 maxlen: 22
                          89.249.232.0/24 maxlen: 24
                          89.249.233.0/24 maxlen: 24
                          89.249.235.0/24 maxlen: 24
                          89.249.236.0/24 maxlen: 24
                          89.249.237.0/24 maxlen: 24
                          89.249.238.0/24 maxlen: 24
                          185.124.176.0/22 maxlen: 22
                          185.124.177.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 29 Dec 2024 08:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e4:18:20:46:d3:34:71:76:b0:14:21:79:c8:45:f2:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
        Validity
            Not Before: Jul 24 09:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf6f69b75903172025202b2e3a516ce330ee3c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:34:9b:0c:9b:e5:a3:2a:6f:19:60:21:23:7e:
                    7d:50:8e:f6:57:63:62:92:96:ee:b3:b0:ce:e0:f4:
                    71:62:f4:f4:ae:9a:5b:4e:1f:92:1e:1d:04:34:dd:
                    ae:1d:96:c2:1a:76:7c:f9:71:f7:b6:07:8f:eb:64:
                    94:ec:2c:51:7e:64:1f:82:ce:67:75:1a:63:69:27:
                    a9:59:fd:3a:d5:a5:7e:b8:d7:cc:30:99:8d:23:c8:
                    a9:ac:db:30:1e:b6:fe:d8:2a:fd:2c:02:cb:d8:ce:
                    58:5c:3f:8c:0f:7d:eb:e8:69:4d:4d:0d:c6:dc:8b:
                    79:d7:25:50:98:58:27:b3:80:02:7d:0e:16:c9:38:
                    c5:75:7b:9a:b0:16:9b:79:54:92:50:8a:3d:74:6a:
                    0d:05:4c:39:63:e1:74:89:ae:16:21:9a:0b:cf:f5:
                    c5:87:72:ca:db:30:eb:27:2a:c0:4f:20:0f:3b:55:
                    23:95:95:16:40:3c:71:e8:7f:14:75:f4:80:b1:08:
                    3a:e7:20:37:a9:aa:f9:0f:c7:f3:fd:5f:2a:a1:19:
                    0d:1f:e4:3a:73:47:bc:7a:97:36:d0:30:f7:24:99:
                    89:06:0f:eb:77:a6:e6:b7:5c:fa:65:29:aa:41:68:
                    8b:c5:c2:fd:73:b4:6d:7b:e4:f1:fc:4c:b8:73:95:
                    04:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6F:69:B7:59:03:17:20:25:20:2B:2E:3A:51:6C:E3:30:EE:3C:10
            X509v3 Authority Key Identifier:
                keyid:7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/z29pt1kDFyAlICsuOlFs4zDuPBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/e9WZftB1wimLRhIl4QYPV3sdfU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.8.0/21
                  89.249.224.0-89.249.238.255
                  185.124.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:38:8e:cf:6b:ba:f3:13:ca:01:eb:eb:d5:61:e7:33:98:67:
         45:13:d0:00:49:1e:46:6f:d9:dd:46:e5:f6:40:11:59:89:49:
         8d:c4:b6:2f:2f:3e:04:af:f7:4c:aa:67:17:fd:f7:4f:8c:4b:
         48:5c:e9:89:a4:8b:db:f1:20:a0:04:e2:c4:96:2b:c2:ec:94:
         ac:15:ed:3d:bb:d7:61:83:b3:11:17:76:7d:f5:83:b9:1b:13:
         60:53:cb:0c:78:72:bc:19:01:e6:9b:92:68:19:92:24:17:6b:
         1c:94:01:5f:80:38:42:f2:b9:64:db:69:4f:33:53:e7:68:68:
         c7:b7:3b:7a:bf:cf:6e:bf:57:89:22:19:62:be:3a:fd:c2:92:
         8a:f3:27:86:3a:1a:35:27:77:ab:6c:00:3a:ef:14:82:8f:69:
         14:0b:fb:fd:20:19:e9:55:4c:06:63:3f:76:c5:a1:24:c5:a8:
         d1:04:a4:96:bc:5d:e2:84:c5:64:e8:02:06:c0:e8:6a:af:9c:
         c1:e3:c2:09:31:61:d5:f9:13:79:42:9d:52:cb:2f:92:d1:c0:
         ed:41:83:70:e4:ba:4d:ef:3d:c3:b9:51:6a:23:1f:e1:1b:65:
         5c:42:07:fb:42:02:a9:e5:e0:88:95:8f:24:46:e2:60:10:79:
         b4:69:8c:5d
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZDkGCBG0zRxdrAUIXnIRfJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZDU5OTdlZDA3NWMyMjk4YjQ2MTIyNWUxMDYwZjU3N2Ix
ZDdkNGQwHhcNMjQwNzI0MDkzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZmNjliNzU5MDMxNzIwMjUyMDJiMmUzYTUxNmNlMzMwZWUzYzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DSbDJvloypvGWAhI359UI72V2Ni
kpbus7DO4PRxYvT0rppbTh+SHh0ENN2uHZbCGnZ8+XH3tgeP62SU7CxRfmQfgs5n
dRpjaSepWf061aV+uNfMMJmNI8iprNswHrb+2Cr9LALL2M5YXD+MD33r6GlNTQ3G
3It51yVQmFgns4ACfQ4WyTjFdXuasBabeVSSUIo9dGoNBUw5Y+F0ia4WIZoLz/XF
h3LK2zDrJyrATyAPO1UjlZUWQDxx6H8UdfSAsQg65yA3qar5D8fz/V8qoRkNH+Q6
c0e8epc20DD3JJmJBg/rd6bmt1z6ZSmqQWiLxcL9c7Rte+Tx/Ey4c5UENQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFM9vabdZAxcgJSArLjpRbOMw7jwQMB8GA1UdIwQY
MBaAFHvVmX7QdcIpi0YSJeEGD1d7HX1NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUt
NWFjN2YwNjYyMzBiLzEvejI5cHQxa0RGeUFsSUNzdU9sRnM0ekR1UEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUtNWFjN2YwNjYyMzBi
LzEvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDH7kIMAwD
BAVZ+eADBABZ+e4DBAK5fLAwDQYJKoZIhvcNAQELBQADggEBAFw4js9ruvMTygHr
69Vh5zOYZ0UT0ABJHkZv2d1G5fZAEVmJSY3Eti8vPgSv90yqZxf990+MS0hc6Ymk
i9vxIKAE4sSWK8LslKwV7T2712GDsxEXdn31g7kbE2BTywx4crwZAeabkmgZkiQX
axyUAV+AOELyuWTbaU8zU+doaMe3O3q/z26/V4kiGWK+Ov3CkorzJ4Y6GjUnd6ts
ADrvFIKPaRQL+/0gGelVTAZjP3bFoSTFqNEEpJa8XeKExWToAgbA6GqvnMHjwgkx
YdX5E3lCnVLLL5LRwO1Bg3Dkuk3vPcO5UWojH+EbZVxCB/tCAqnl4IiVjyRG4mAQ
ebRpjF0=
-----END CERTIFICATE-----