Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/3/3137322e39352e3232392e302f32342d3234203d3e2035363530.roa
File:                     3137322e39352e3232392e302f32342d3234203d3e2035363530.roa (raw, json)
Hash identifier:          MCPKMQpcwe1O85lLzjWY659HTEWgYirSX0mKsF/+8Ac=
Subject key identifier:   5E:67:F7:A0:64:37:70:4A:48:53:21:77:C5:2E:6E:E8:FA:16:7E:9A
Certificate issuer:       /CN=37666160059af2c1129ecb9e5f6abf5ca92bc8744d61d459ef
Certificate serial:       65BD11579C569C1480ED047FCA2079C9F4DD0145
Authority key identifier: F7:8B:3E:52:D2:7B:D2:E7:4B:EA:4F:E6:E8:62:40:60:DD:38:5D:37
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/f16705a2-07ac-4031-9237-10489c31b96a/37666160059af2c1129ecb9e5f6abf5ca92bc8744d61d459ef.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/3/3137322e39352e3232392e302f32342d3234203d3e2035363530.roa
Signing time:             Thu 02 Nov 2023 11:38:00 +0000
ROA not before:           Thu 02 Nov 2023 11:33:00 +0000
ROA not after:            Thu 31 Oct 2024 11:38:00 +0000
asID:                     5650
IP address blocks:        172.95.229.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 04:17:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:bd:11:57:9c:56:9c:14:80:ed:04:7f:ca:20:79:c9:f4:dd:01:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37666160059af2c1129ecb9e5f6abf5ca92bc8744d61d459ef
        Validity
            Not Before: Nov  2 11:33:00 2023 GMT
            Not After : Oct 31 11:38:00 2024 GMT
        Subject: CN=5E67F7A06437704A48532177C52E6EE8FA167E9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:de:63:65:c9:01:d3:28:b5:16:2d:c1:ab:8b:
                    42:a9:a9:fb:cb:cf:03:40:88:61:a8:7c:2d:13:7d:
                    5b:34:e1:62:89:03:8f:89:22:fb:c8:a5:f0:21:eb:
                    0d:ae:ea:77:26:48:47:6d:04:9f:a1:82:f7:dd:ad:
                    1f:6c:43:21:9c:8e:80:f0:68:db:30:42:25:73:61:
                    de:a8:57:ff:6b:9a:46:a0:e9:1d:00:dc:e0:56:87:
                    b8:fc:b6:ba:4e:eb:00:4e:3e:2b:30:32:97:10:34:
                    6c:df:80:b7:ca:2b:f3:f4:a2:19:08:f8:8b:3d:26:
                    f8:b5:eb:3f:29:87:9e:5c:5c:d9:7f:1b:72:d9:a0:
                    e4:ec:c9:80:b1:3b:78:12:63:c5:51:43:75:1c:f9:
                    9d:31:46:c8:30:a5:65:90:54:bb:fd:29:6a:a0:90:
                    16:1b:b6:d5:0c:0b:44:92:52:62:62:56:d3:4a:0d:
                    fd:2b:f8:d1:2a:e4:b9:39:05:5e:92:92:a3:10:c5:
                    e6:e8:3d:a7:fe:1b:c2:3d:f5:85:4a:f2:78:7b:51:
                    ed:21:51:d4:d6:a2:6d:7d:5b:9e:49:41:7c:ac:b2:
                    e2:e3:fb:6f:8d:75:d0:d9:55:53:1a:aa:f8:5d:05:
                    e6:f9:37:15:b5:e6:29:5b:64:72:64:c9:f1:a3:88:
                    fc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:67:F7:A0:64:37:70:4A:48:53:21:77:C5:2E:6E:E8:FA:16:7E:9A
            X509v3 Authority Key Identifier:
                keyid:F7:8B:3E:52:D2:7B:D2:E7:4B:EA:4F:E6:E8:62:40:60:DD:38:5D:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/3/F78B3E52D27BD2E74BEA4FE6E8624060DD385D37.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/f16705a2-07ac-4031-9237-10489c31b96a/37666160059af2c1129ecb9e5f6abf5ca92bc8744d61d459ef.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade87289578018732a90a2f097f/3/3137322e39352e3232392e302f32342d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.95.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a9:ad:bb:2a:43:92:ce:35:9e:67:66:c8:0a:be:7c:ba:bc:
         80:23:5c:33:e9:94:f4:9a:df:74:d5:25:3e:38:b1:b2:67:b7:
         0c:94:f9:1e:89:2b:8e:e3:9f:dc:e7:6a:f1:e2:78:96:71:f3:
         c4:c7:24:23:3e:48:5c:0a:21:bf:95:06:aa:31:ab:33:fe:1b:
         76:fa:c0:5e:85:0f:f1:15:b8:97:af:03:aa:8b:29:78:6d:22:
         e0:97:9f:92:b4:49:5b:b8:5a:f2:19:0e:90:9d:1e:ef:fb:03:
         6a:91:a1:db:2c:78:0e:2d:03:43:16:75:3c:62:00:c2:2a:f7:
         30:62:84:56:c8:db:6c:9a:4a:1b:8a:59:85:c6:ea:06:6d:b2:
         8f:cc:d9:a7:00:f3:4d:42:a1:83:3a:37:ba:e0:48:4e:ca:f9:
         37:75:44:ef:f2:af:8c:69:88:e3:33:06:fd:8e:c6:43:f0:b8:
         eb:3d:6b:55:1f:ad:36:72:d4:c3:0e:d7:36:db:5f:c8:f5:e4:
         31:50:01:dc:44:27:88:6d:be:e2:48:2c:b3:a9:97:62:fb:3a:
         5f:30:37:96:dc:7e:3e:a6:62:d1:b8:4a:f1:b5:42:ce:b5:e2:
         f9:dd:22:d9:e8:be:b1:2c:14:53:49:af:b2:59:2c:f1:87:bd:
         a4:a9:07:10
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgIUZb0RV5xWnBSA7QR/yiB5yfTdAUUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMzc2NjYxNjAwNTlhZjJjMTEyOWVjYjllNWY2YWJmNWNh
OTJiYzg3NDRkNjFkNDU5ZWYwHhcNMjMxMTAyMTEzMzAwWhcNMjQxMDMxMTEzODAw
WjAzMTEwLwYDVQQDEyg1RTY3RjdBMDY0Mzc3MDRBNDg1MzIxNzdDNTJFNkVFOEZB
MTY3RTlBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvN5jZckB0yi1
Fi3Bq4tCqan7y88DQIhhqHwtE31bNOFiiQOPiSL7yKXwIesNrup3JkhHbQSfoYL3
3a0fbEMhnI6A8GjbMEIlc2HeqFf/a5pGoOkdANzgVoe4/La6TusATj4rMDKXEDRs
34C3yivz9KIZCPiLPSb4tes/KYeeXFzZfxty2aDk7MmAsTt4EmPFUUN1HPmdMUbI
MKVlkFS7/SlqoJAWG7bVDAtEklJiYlbTSg39K/jRKuS5OQVekpKjEMXm6D2n/hvC
PfWFSvJ4e1HtIVHU1qJtfVueSUF8rLLi4/tvjXXQ2VVTGqr4XQXm+TcVteYpW2Ry
ZMnxo4j8nwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFF5n96BkN3BKSFMhd8Uubuj6
Fn6aMB8GA1UdIwQYMBaAFPeLPlLSe9LnS+pP5uhiQGDdOF03MA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRlODcyODk1NzgwMTg3MzJhOTBhMmYwOTdmLzMv
Rjc4QjNFNTJEMjdCRDJFNzRCRUE0RkU2RTg2MjQwNjBERDM4NUQzNy5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvYTczNDIwY2ItYjNjYy00YjAzLWJkYTctMWJlMjA0
OTMzYWU1L2YxNjcwNWEyLTA3YWMtNDAzMS05MjM3LTEwNDg5YzMxYjk2YS8zNzY2
NjE2MDA1OWFmMmMxMTI5ZWNiOWU1ZjZhYmY1Y2E5MmJjODc0NGQ2MWQ0NTllZi5j
ZXIwgaAGCCsGAQUFBwELBIGTMIGQMIGNBggrBgEFBQcwC4aBgHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZTg3Mjg5NTc4MDE4NzMy
YTkwYTJmMDk3Zi8zLzMxMzczMjJlMzkzNTJlMzIzMjM5MmUzMDJmMzIzNDJkMzIz
NDIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACsX+UwDQYJKoZIhvcNAQELBQAD
ggEBAHeprbsqQ5LONZ5nZsgKvny6vIAjXDPplPSa33TVJT44sbJntwyU+R6JK47j
n9znavHieJZx88THJCM+SFwKIb+VBqoxqzP+G3b6wF6FD/EVuJevA6qLKXhtIuCX
n5K0SVu4WvIZDpCdHu/7A2qRodsseA4tA0MWdTxiAMIq9zBihFbI22yaShuKWYXG
6gZtso/M2acA801CoYM6N7rgSE7K+Td1RO/yr4xpiOMzBv2OxkPwuOs9a1UfrTZy
1MMO1zbbX8j15DFQAdxEJ4htvuJILLOpl2L7Ol8wN5bcfj6mYtG4SvG1Qs614vnd
ItnovrEsFFNJr7JZLPGHvaSpBxA=
-----END CERTIFICATE-----