Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203136353039.roa
File:                     323630323a666136653a3a2f33362d3438203d3e203136353039.roa (raw, json)
Hash identifier:          3c4BpfAb8I0hHPCBt0w/y0NJawXmhPwI6tlZWjTTDlE=
Subject key identifier:   DF:DF:3E:34:CF:12:83:7B:ED:7C:40:FF:C7:45:1A:8D:3E:C5:3C:1C
Certificate issuer:       /CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
Certificate serial:       53B320783AAE13F350A328922CB3CB98BA497A12
Authority key identifier: 6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203136353039.roa
Signing time:             Thu 03 Jul 2025 00:11:17 +0000
ROA not before:           Thu 03 Jul 2025 00:06:17 +0000
ROA not after:            Thu 02 Jul 2026 00:11:17 +0000
asID:                     16509
IP address blocks:        2602:fa6e::/36 maxlen: 48
Validation:               Failed, certificate revoked on Mon 07 Jul 2025 21:30:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:b3:20:78:3a:ae:13:f3:50:a3:28:92:2c:b3:cb:98:ba:49:7a:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
        Validity
            Not Before: Jul  3 00:06:17 2025 GMT
            Not After : Jul  2 00:11:17 2026 GMT
        Subject: CN=DFDF3E34CF12837BED7C40FFC7451A8D3EC53C1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f4:06:68:34:62:82:fe:1d:8a:eb:27:c1:eb:
                    95:30:54:dc:2a:7e:16:43:ef:5d:4c:91:aa:65:b8:
                    79:7c:31:2f:9e:e6:58:ac:b4:b4:53:fe:75:32:fa:
                    66:09:b4:31:d4:b4:30:a4:59:a9:21:5f:96:82:c4:
                    22:b5:d5:55:56:26:ea:d2:d1:93:ac:fe:87:54:5d:
                    00:56:b6:72:5f:52:e9:9b:52:7c:14:f8:52:4d:f9:
                    f9:cf:bf:10:df:21:75:f6:1d:17:c2:2d:b7:13:a8:
                    9c:b9:73:be:d2:cc:dc:8b:ce:0f:d8:c1:64:12:92:
                    c6:bf:4e:0a:55:0e:92:86:68:d3:42:71:2a:e8:8b:
                    04:57:bb:8b:5d:5b:5f:6e:7c:bb:96:61:83:48:e7:
                    84:d6:1a:08:dc:1d:91:e7:36:ed:98:a0:98:ea:76:
                    b1:13:19:d8:18:43:4f:7a:43:61:1d:32:a6:b5:61:
                    2d:31:2a:b4:90:47:c0:0d:2b:fd:23:e9:d7:fe:27:
                    ce:30:2b:79:10:d6:45:67:d9:2c:25:91:6e:d3:8a:
                    3d:f9:58:39:4f:c5:b8:47:eb:b8:fa:f6:8f:c3:02:
                    b4:c5:2f:d5:39:01:5d:99:fb:2f:22:ae:f1:1c:90:
                    33:f0:97:62:43:04:b1:fb:49:26:93:00:22:7c:65:
                    ea:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DF:3E:34:CF:12:83:7B:ED:7C:40:FF:C7:45:1A:8D:3E:C5:3C:1C
            X509v3 Authority Key Identifier:
                keyid:6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/323630323a666136653a3a2f33362d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:fa6e::/36

    Signature Algorithm: sha256WithRSAEncryption
         8b:e0:64:e6:64:b7:5f:3d:e6:bf:b6:b3:24:75:90:07:bc:9c:
         31:57:e2:ab:19:36:33:30:90:23:30:c1:81:6b:0e:f8:9f:5c:
         f0:ea:bb:3b:bd:fd:a0:59:85:09:d7:cf:21:bd:f7:5c:ab:99:
         58:b7:60:7a:5e:33:ce:91:69:c2:02:f0:3b:ec:3f:a8:ed:27:
         7a:65:50:5f:03:a9:6f:81:93:e1:0f:d2:74:53:a1:58:31:3b:
         9b:b2:ef:aa:11:9e:08:5e:a0:a9:70:87:dd:59:36:8d:91:21:
         9d:be:d9:e2:74:96:1d:dc:2d:59:54:1b:06:df:cb:46:ce:ec:
         f0:a5:b7:2e:50:29:06:a2:36:54:c0:6c:36:a5:7c:9d:5c:e0:
         67:02:bb:92:ce:ed:d7:fb:9c:ed:05:68:bc:c3:d6:ae:48:9c:
         e2:86:1d:ab:5e:9d:d1:db:b0:19:fc:14:dd:80:01:57:46:fb:
         fc:e8:65:05:ef:39:e4:20:3e:9c:62:27:a1:4b:5d:c2:1a:c5:
         69:25:c5:bd:f3:b6:de:70:fe:33:d5:50:1a:2d:2d:db:db:46:
         f9:df:92:8b:1a:39:84:0e:9b:bd:54:fd:9c:4c:6d:90:f5:9b:
         e3:86:de:fc:9a:90:a7:6e:e0:73:9e:12:ec:2c:ec:2b:ba:f9:
         9d:59:f2:39
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgIUU7MgeDquE/NQoyiSLLPLmLpJehIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIw
MjY3OTY2MDExMmJlOWEyZDcwHhcNMjUwNzAzMDAwNjE3WhcNMjYwNzAyMDAxMTE3
WjAzMTEwLwYDVQQDEyhERkRGM0UzNENGMTI4MzdCRUQ3QzQwRkZDNzQ1MUE4RDNF
QzUzQzFDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vQGaDRigv4d
iusnweuVMFTcKn4WQ+9dTJGqZbh5fDEvnuZYrLS0U/51MvpmCbQx1LQwpFmpIV+W
gsQitdVVVibq0tGTrP6HVF0AVrZyX1Lpm1J8FPhSTfn5z78Q3yF19h0Xwi23E6ic
uXO+0szci84P2MFkEpLGv04KVQ6ShmjTQnEq6IsEV7uLXVtfbny7lmGDSOeE1hoI
3B2R5zbtmKCY6naxExnYGENPekNhHTKmtWEtMSq0kEfADSv9I+nX/ifOMCt5ENZF
Z9ksJZFu04o9+Vg5T8W4R+u4+vaPwwK0xS/VOQFdmfsvIq7xHJAz8JdiQwSx+0km
kwAifGXqgwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFN/fPjTPEoN77XxA/8dFGo0+
xTwcMB8GA1UdIwQYMBaAFGpvbsJypevcGCQcLITR2f6UwSWqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC83LzZBNkY2RUMyNzJBNUVCREMxODI0MUMyQzg0RDFEOUZF
OTRDMTI1QUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIwMjY3
OTY2MDExMmJlOWEyZDcuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC83LzMyMzYzMDMy
M2E2NjYxMzY2NTNhM2EyZjMzMzYyZDM0MzgyMDNkM2UyMDMxMzYzNTMwMzkucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgQmAvpuADANBgkqhkiG9w0BAQsFAAOCAQEAi+Bk5mS3Xz3mv7azJHWQ
B7ycMVfiqxk2MzCQIzDBgWsO+J9c8Oq7O739oFmFCdfPIb33XKuZWLdgel4zzpFp
wgLwO+w/qO0nemVQXwOpb4GT4Q/SdFOhWDE7m7LvqhGeCF6gqXCH3Vk2jZEhnb7Z
4nSWHdwtWVQbBt/LRs7s8KW3LlApBqI2VMBsNqV8nVzgZwK7ks7t1/uc7QVovMPW
rkic4oYdq16d0duwGfwU3YABV0b7/OhlBe855CA+nGInoUtdwhrFaSXFvfO23nD+
M9VQGi0t29tG+d+Sixo5hA6bvVT9nExtkPWb44be/JqQp27gc54S7CzsK7r5nVny
OQ==
-----END CERTIFICATE-----