Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KHJDhaboXt_9hA9bR8gJj9VaTPg.roa
File:                     KHJDhaboXt_9hA9bR8gJj9VaTPg.roa (raw, json)
Hash identifier:          oPsqSqrC5iyDSoO5qfniIIDOSERihmmrW/F9But9olU=
Subject key identifier:   28:72:43:85:A6:E8:5E:DF:FD:84:0F:5B:47:C8:09:8F:D5:5A:4C:F8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019425D655A50C74798E03953765FA14A148
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KHJDhaboXt_9hA9bR8gJj9VaTPg.roa
Signing time:             Thu 02 Jan 2025 07:06:31 +0000
ROA not before:           Thu 02 Jan 2025 07:06:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        31.56.75.0/24 maxlen: 24
                          31.56.86.0/24 maxlen: 24
                          31.56.107.0/24 maxlen: 24
                          31.57.162.0/23 maxlen: 23
                          31.57.164.0/23 maxlen: 23
                          31.57.180.0/24 maxlen: 24
                          31.57.227.0/24 maxlen: 24
                          31.58.41.0/24 maxlen: 24
                          31.58.42.0/24 maxlen: 24
                          31.58.48.0/24 maxlen: 24
                          31.58.50.0/23 maxlen: 24
                          31.58.56.0/23 maxlen: 24
                          31.58.64.0/23 maxlen: 24
                          31.58.153.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:49:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:d6:55:a5:0c:74:79:8e:03:95:37:65:fa:14:a1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 07:06:31 2025 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28724385a6e85edffd840f5b47c8098fd55a4cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:81:ba:cd:f2:0c:61:6f:05:d7:f2:f9:eb:29:
                    61:0f:34:17:a3:de:9b:a0:67:ff:8a:0a:3a:78:14:
                    09:d9:76:10:63:c7:63:b3:0b:1b:22:82:52:af:cc:
                    87:01:a9:ce:81:09:5a:16:52:5a:7c:ec:b9:49:d6:
                    34:b7:75:88:17:cd:b4:82:70:ca:78:83:82:56:e0:
                    71:e1:6e:58:95:d0:c3:51:c7:51:58:81:84:68:0c:
                    86:58:e0:f6:92:fa:92:90:89:c2:35:38:16:e6:d0:
                    ad:0c:bd:ea:49:1b:7c:a8:a8:64:5f:b8:6f:71:b7:
                    a3:23:64:cb:f9:a4:4d:cf:9a:25:5f:3e:cd:c2:75:
                    ba:af:90:d4:10:c0:bd:b8:21:7d:50:40:fb:f8:78:
                    ac:88:42:6c:f9:4d:25:f9:9f:94:f8:42:18:ee:77:
                    dc:33:52:33:17:69:ef:6a:11:d2:e9:b5:e3:01:ae:
                    11:61:a2:85:43:a1:98:a8:73:66:74:74:67:28:de:
                    de:5f:e1:54:3e:63:5f:12:01:2d:bf:06:a9:03:0d:
                    40:f0:3b:9a:64:09:5c:f2:98:7a:bd:4d:6a:b6:9d:
                    fc:ba:01:28:9d:6c:24:e6:14:5a:3b:dd:cb:e7:64:
                    36:4a:5b:27:5d:c1:76:88:9b:df:6f:16:b1:f8:63:
                    56:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:72:43:85:A6:E8:5E:DF:FD:84:0F:5B:47:C8:09:8F:D5:5A:4C:F8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KHJDhaboXt_9hA9bR8gJj9VaTPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.75.0/24
                  31.56.86.0/24
                  31.56.107.0/24
                  31.57.162.0-31.57.165.255
                  31.57.180.0/24
                  31.57.227.0/24
                  31.58.41.0-31.58.42.255
                  31.58.48.0/24
                  31.58.50.0/23
                  31.58.56.0/23
                  31.58.64.0/23
                  31.58.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:0a:96:7b:57:bf:7a:a0:53:94:75:c4:55:14:8d:3f:6c:af:
         2d:cb:bd:ed:b9:ed:e0:23:5e:04:a3:44:5f:3b:7b:8a:f4:13:
         be:2e:5d:24:5c:71:f4:5e:da:63:8a:55:08:f5:c5:23:ed:2e:
         2e:57:8e:69:28:12:70:f8:1b:21:17:ed:d7:55:3c:dd:8f:86:
         e2:28:63:ad:55:38:7f:0a:ce:11:83:c2:7a:f8:a9:b9:53:17:
         ea:bd:30:45:b8:0b:90:6c:bd:22:46:d5:fd:45:1e:85:51:08:
         1a:dd:41:e0:ec:80:48:6d:79:92:36:9b:d3:ce:54:6f:69:87:
         11:70:a4:78:a7:9a:1a:16:42:31:98:12:a5:f9:77:9a:8b:56:
         5a:58:6e:57:34:dc:40:4c:d5:65:a5:51:4f:84:55:5f:46:28:
         d8:3e:d1:bb:99:6b:f3:06:09:38:7c:8c:d3:23:ef:6f:54:94:
         fb:60:51:d2:1b:00:1b:8e:f0:2b:06:6d:92:0e:c5:5a:51:8b:
         ed:b0:0c:4c:e6:04:93:0b:24:34:d3:81:fa:40:84:68:38:08:
         f5:0d:95:f7:f4:6c:ce:c5:9b:da:56:f3:a6:93:1d:ea:0f:ac:
         f4:e7:83:f7:ba:0f:50:f7:93:39:fd:0e:46:ab:cc:b5:1c:53:
         51:10:c7:b1
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZQl1lWlDHR5jgOVN2X6FKFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMDcwNjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODcyNDM4NWE2ZTg1ZWRmZmQ4NDBmNWI0N2M4MDk4ZmQ1NWE0Y2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4G6zfIMYW8F1/L56ylhDzQXo96b
oGf/igo6eBQJ2XYQY8djswsbIoJSr8yHAanOgQlaFlJafOy5SdY0t3WIF820gnDK
eIOCVuBx4W5YldDDUcdRWIGEaAyGWOD2kvqSkInCNTgW5tCtDL3qSRt8qKhkX7hv
cbejI2TL+aRNz5olXz7NwnW6r5DUEMC9uCF9UED7+HisiEJs+U0l+Z+U+EIY7nfc
M1IzF2nvahHS6bXjAa4RYaKFQ6GYqHNmdHRnKN7eX+FUPmNfEgEtvwapAw1A8Dua
ZAlc8ph6vU1qtp38ugEonWwk5hRaO93L52Q2SlsnXcF2iJvfbxax+GNWmQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFChyQ4Wm6F7f/YQPW0fICY/VWkz4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS0hKRGhhYm9YdF85aEE5YlI4Z0pqOVZhVFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAHzhLAwQA
HzhWAwQAHzhrMAwDBAEfOaIDBAEfOaQDBAAfObQDBAAfOeMwDAMEAB86KQMEAB86
KgMEAB86MAMEAR86MgMEAR86OAMEAR86QAMEAB86mTANBgkqhkiG9w0BAQsFAAOC
AQEAZgqWe1e/eqBTlHXEVRSNP2yvLcu97bnt4CNeBKNEXzt7ivQTvi5dJFxx9F7a
Y4pVCPXFI+0uLleOaSgScPgbIRft11U83Y+G4ihjrVU4fwrOEYPCevipuVMX6r0w
RbgLkGy9IkbV/UUehVEIGt1B4OyASG15kjab085Ub2mHEXCkeKeaGhZCMZgSpfl3
motWWlhuVzTcQEzVZaVRT4RVX0Yo2D7Ru5lr8wYJOHyM0yPvb1SU+2BR0hsAG47w
KwZtkg7FWlGL7bAMTOYEkwskNNOB+kCEaDgI9Q2V9/RszsWb2lbzppMd6g+s9OeD
97oPUPeTOf0ORqvMtRxTURDHsQ==
-----END CERTIFICATE-----