Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203134363138.roa
File:                     323630323a666136653a3a2f33362d3438203d3e203134363138.roa (raw, json)
Hash identifier:          HN8bb96pnu/FV5zkGKXjApAZBxtHJe1Qln+nmdWFXZ8=
Subject key identifier:   B5:DA:7A:8D:35:56:71:62:2B:91:39:4F:F1:4D:01:9C:5B:6F:EF:B6
Certificate issuer:       /CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
Certificate serial:       504B7E0E320BB645B9F9EB0B58DEAA9F50242039
Authority key identifier: 6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203134363138.roa
Signing time:             Thu 03 Jul 2025 00:11:03 +0000
ROA not before:           Thu 03 Jul 2025 00:06:03 +0000
ROA not after:            Thu 02 Jul 2026 00:11:03 +0000
asID:                     14618
IP address blocks:        2602:fa6e::/36 maxlen: 48
Validation:               Failed, certificate revoked on Mon 07 Jul 2025 21:30:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:4b:7e:0e:32:0b:b6:45:b9:f9:eb:0b:58:de:aa:9f:50:24:20:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
        Validity
            Not Before: Jul  3 00:06:03 2025 GMT
            Not After : Jul  2 00:11:03 2026 GMT
        Subject: CN=B5DA7A8D355671622B91394FF14D019C5B6FEFB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:bc:18:1d:76:0c:07:06:d8:da:c6:7b:eb:07:
                    28:24:5e:dc:51:25:d0:49:70:73:ce:86:bc:3a:52:
                    8c:3c:03:e6:6c:d1:70:4a:4e:4c:e8:c1:f3:60:e5:
                    aa:47:ba:0b:5c:38:b1:44:36:35:b8:59:97:85:db:
                    6b:d9:4f:8a:eb:b4:6a:09:94:af:f3:ec:db:b3:21:
                    aa:96:84:49:fd:d7:88:58:ff:8d:af:f3:02:64:24:
                    0f:ad:c9:4e:20:59:38:7e:cc:86:c6:60:52:e8:73:
                    29:3a:f3:3f:76:b6:5a:71:1c:3a:2b:7e:e8:86:10:
                    1f:c1:42:5a:0c:1e:ca:28:dc:01:3b:58:be:79:ba:
                    11:c8:1b:5f:82:dd:26:8e:cf:46:a2:2c:ad:fb:d0:
                    1d:1e:40:1b:84:ff:7d:94:96:a8:8d:b5:c5:1a:9d:
                    bd:fb:34:21:d4:d3:04:89:48:71:2b:f5:34:fd:be:
                    87:7e:cb:80:e3:96:7d:cb:96:aa:05:e1:ae:e0:7c:
                    c5:ed:bc:31:f3:50:ae:1a:4c:9e:80:72:f8:4a:19:
                    95:cb:1a:68:eb:ca:35:21:39:99:e6:e4:62:5b:a7:
                    71:32:85:cf:02:91:40:a6:30:54:67:7e:5c:0b:54:
                    62:4a:78:d5:ac:54:3e:61:a3:f3:a3:9f:01:70:2b:
                    70:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:DA:7A:8D:35:56:71:62:2B:91:39:4F:F1:4D:01:9C:5B:6F:EF:B6
            X509v3 Authority Key Identifier:
                keyid:6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:fa6e::/36

    Signature Algorithm: sha256WithRSAEncryption
         44:d4:f6:cf:f2:7d:75:bf:c0:46:30:e0:e9:e1:08:64:a0:e8:
         b4:f5:1a:a5:d8:79:c6:bf:e7:4c:4f:7a:89:82:ff:d6:bd:95:
         29:3b:c5:0b:52:40:80:e5:fb:3a:25:04:be:dc:b3:55:de:a9:
         26:eb:bf:22:ca:72:de:f9:a2:7d:e2:07:77:79:55:7e:a2:8b:
         11:8f:b0:9c:06:2e:ab:8c:c0:f7:30:55:9d:55:9a:5f:7f:a3:
         c7:38:50:83:42:c0:77:ae:4c:32:20:8b:33:d0:44:e3:8a:92:
         28:a5:b9:84:8d:09:4d:de:90:65:ca:09:f4:95:a9:ad:de:89:
         3b:58:28:49:eb:e0:e7:77:46:0d:53:4f:ca:fa:c8:16:a7:94:
         cf:8a:4f:59:1c:0b:a9:1f:ec:92:e9:71:db:6d:9c:67:c6:86:
         68:ab:94:fc:06:7b:d3:bd:60:39:c5:42:05:3b:32:da:54:f7:
         a3:bf:86:ed:c2:af:98:2a:bf:6a:6c:42:cd:fe:7b:2c:7a:51:
         2d:89:64:72:a2:32:e5:4f:b8:d0:de:b6:67:8f:8f:36:54:93:
         e7:f0:32:15:8d:e7:a6:d3:23:74:3f:4b:eb:45:3b:91:e2:21:
         03:0f:ec:e8:ae:c7:ba:a7:b1:90:98:81:9d:0e:ae:0b:2a:41:
         f2:ec:0d:40
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUUEt+DjILtkW5+esLWN6qn1AkIDkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIw
MjY3OTY2MDExMmJlOWEyZDcwHhcNMjUwNzAzMDAwNjAzWhcNMjYwNzAyMDAxMTAz
WjAzMTEwLwYDVQQDEyhCNURBN0E4RDM1NTY3MTYyMkI5MTM5NEZGMTREMDE5QzVC
NkZFRkI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27wYHXYMBwbY
2sZ76wcoJF7cUSXQSXBzzoa8OlKMPAPmbNFwSk5M6MHzYOWqR7oLXDixRDY1uFmX
hdtr2U+K67RqCZSv8+zbsyGqloRJ/deIWP+Nr/MCZCQPrclOIFk4fsyGxmBS6HMp
OvM/drZacRw6K37ohhAfwUJaDB7KKNwBO1i+eboRyBtfgt0mjs9Goiyt+9AdHkAb
hP99lJaojbXFGp29+zQh1NMEiUhxK/U0/b6HfsuA45Z9y5aqBeGu4HzF7bwx81Cu
GkyegHL4ShmVyxpo68o1ITmZ5uRiW6dxMoXPApFApjBUZ35cC1RiSnjVrFQ+YaPz
o58BcCtwUwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFLXaeo01VnFiK5E5T/FNAZxb
b++2MB8GA1UdIwQYMBaAFGpvbsJypevcGCQcLITR2f6UwSWqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC83LzZBNkY2RUMyNzJBNUVCREMxODI0MUMyQzg0RDFEOUZF
OTRDMTI1QUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIwMjY3
OTY2MDExMmJlOWEyZDcuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC83LzMyMzYzMDMy
M2E2NjYxMzY2NTNhM2EyZjMzMzYyZDM0MzgyMDNkM2UyMDMxMzQzNjMxMzgucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgQmAvpuADANBgkqhkiG9w0BAQsFAAOCAQEARNT2z/J9db/ARjDg6eEI
ZKDotPUapdh5xr/nTE96iYL/1r2VKTvFC1JAgOX7OiUEvtyzVd6pJuu/Ispy3vmi
feIHd3lVfqKLEY+wnAYuq4zA9zBVnVWaX3+jxzhQg0LAd65MMiCLM9BE44qSKKW5
hI0JTd6QZcoJ9JWprd6JO1goSevg53dGDVNPyvrIFqeUz4pPWRwLqR/skulx222c
Z8aGaKuU/AZ7071gOcVCBTsy2lT3o7+G7cKvmCq/amxCzf57LHpRLYlkcqIy5U+4
0N62Z4+PNlST5/AyFY3nptMjdD9L60U7keIhAw/s6K7HuqexkJiBnQ6uCypB8uwN
QA==
-----END CERTIFICATE-----