Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf8baa64a8018bb2dab7cc0a91/0/3230342e31342e37352e302f32342d3234203d3e20333937393636.roa
File:                     3230342e31342e37352e302f32342d3234203d3e20333937393636.roa (raw, json)
Hash identifier:          QntvtL95omFOQCe7m7azekWg//kT+km4NSDQqefRVBo=
Subject key identifier:   9E:7A:79:7B:6A:28:AF:D3:3D:7A:4D:46:37:70:4F:C1:0C:CB:2E:9E
Certificate issuer:       /CN=9c94a1c4191d6eeaf7e77336a5edbc05cb99ac63c7835a8bc3
Certificate serial:       319FD0D1D08A5B42DDB3BDB115B396C6E21A3B92
Authority key identifier: DF:4E:46:83:A0:C8:76:F6:8A:72:BD:DF:AA:05:88:30:93:56:C3:D6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/081bd66e-b1d1-405a-8a32-c830ec790ce5/9c94a1c4191d6eeaf7e77336a5edbc05cb99ac63c7835a8bc3.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bb2dab7cc0a91/0/3230342e31342e37352e302f32342d3234203d3e20333937393636.roa
Signing time:             Tue 26 Mar 2024 10:13:18 +0000
ROA not before:           Tue 26 Mar 2024 10:08:18 +0000
ROA not after:            Tue 25 Mar 2025 10:13:18 +0000
asID:                     397966
IP address blocks:        204.14.75.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Sep 2024 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:9f:d0:d1:d0:8a:5b:42:dd:b3:bd:b1:15:b3:96:c6:e2:1a:3b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c94a1c4191d6eeaf7e77336a5edbc05cb99ac63c7835a8bc3
        Validity
            Not Before: Mar 26 10:08:18 2024 GMT
            Not After : Mar 25 10:13:18 2025 GMT
        Subject: CN=9E7A797B6A28AFD33D7A4D4637704FC10CCB2E9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3d:de:b9:e8:03:c8:e3:d5:7c:6d:58:8c:81:
                    53:ba:b8:07:62:9c:07:92:8e:d5:6e:6b:d3:5c:70:
                    83:cd:67:7d:3b:08:34:65:ca:84:52:e4:c9:06:ee:
                    8e:ce:5e:e0:7f:f3:30:9b:da:c5:9e:7d:35:29:4e:
                    de:ba:d0:e8:0a:d1:24:5c:89:8e:68:8d:96:56:f3:
                    d5:d3:5e:6d:5e:1b:50:f5:21:67:6e:0d:de:c4:57:
                    dd:14:0a:3f:f5:a5:17:f9:39:78:e6:f6:e2:ea:e6:
                    dc:2b:d8:d2:35:02:01:57:c9:da:a6:66:6f:08:24:
                    a4:64:c5:24:53:62:36:ad:95:fe:5f:64:32:3c:97:
                    fe:90:9d:68:32:e6:73:8a:73:65:9c:4b:1a:c9:4e:
                    22:b8:04:d3:d0:a9:dd:8d:93:32:4a:f6:bc:e6:3c:
                    65:98:50:aa:9f:a0:73:41:0a:a2:8f:fc:75:2b:5c:
                    96:10:c7:cc:45:9d:0c:35:b6:99:bc:d3:9e:5b:c5:
                    72:a6:eb:89:01:bb:69:8f:07:1a:d1:d1:2f:c8:94:
                    59:1b:b7:b0:07:ec:b4:c7:b8:cd:59:09:52:bd:d2:
                    4d:3b:79:8c:c6:2b:b7:0f:8b:cc:df:41:e1:f9:8c:
                    95:e0:9b:d7:e9:d0:18:06:64:ff:c2:6f:c1:ab:97:
                    f4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:7A:79:7B:6A:28:AF:D3:3D:7A:4D:46:37:70:4F:C1:0C:CB:2E:9E
            X509v3 Authority Key Identifier:
                keyid:DF:4E:46:83:A0:C8:76:F6:8A:72:BD:DF:AA:05:88:30:93:56:C3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bb2dab7cc0a91/0/DF4E4683A0C876F68A72BDDFAA0588309356C3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/081bd66e-b1d1-405a-8a32-c830ec790ce5/9c94a1c4191d6eeaf7e77336a5edbc05cb99ac63c7835a8bc3.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf8baa64a8018bb2dab7cc0a91/0/3230342e31342e37352e302f32342d3234203d3e20333937393636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.14.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:78:7f:af:b8:2b:10:7b:5c:2d:7d:5f:03:e9:21:64:98:a8:
         5b:35:6e:6b:87:02:c1:52:88:88:38:ca:7a:94:a4:17:ea:c1:
         55:30:65:6d:b4:c8:cf:6a:04:c9:da:2e:0b:70:00:8d:22:cd:
         11:48:a8:9b:89:c0:74:d4:02:db:57:2a:98:56:01:27:e6:30:
         58:3c:01:aa:d2:0f:ea:52:8f:6d:72:0d:dc:ad:35:c1:11:f6:
         65:21:c8:ce:ae:ad:02:cb:d7:4f:65:67:89:80:d7:51:ac:f2:
         43:a4:fa:13:d0:a1:c4:94:08:6c:8b:60:c6:d2:92:53:cc:2c:
         98:b4:74:8f:31:c7:6d:a5:c6:2b:83:cc:9d:99:d6:76:61:f1:
         c0:bb:b6:f8:f3:ef:03:ef:f9:b5:82:e0:ab:82:ce:26:cf:82:
         eb:08:4c:0d:60:51:4b:c0:4e:d0:f0:69:ec:5b:e1:08:89:72:
         5c:ec:27:73:ce:fd:22:46:82:ad:d9:d9:16:7c:0a:e5:62:53:
         46:2d:73:a8:ff:05:fc:4e:f7:59:bd:c7:53:d0:c2:59:e8:93:
         66:0d:54:e9:f5:83:ef:4b:36:bd:f9:8d:b0:ec:77:43:81:0d:
         e7:99:24:f7:ad:34:d1:2f:da:55:42:49:f1:07:6a:8f:f9:27:
         51:41:4c:39
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIUMZ/Q0dCKW0Lds72xFbOWxuIaO5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWM5NGExYzQxOTFkNmVlYWY3ZTc3MzM2YTVlZGJjMDVj
Yjk5YWM2M2M3ODM1YThiYzMwHhcNMjQwMzI2MTAwODE4WhcNMjUwMzI1MTAxMzE4
WjAzMTEwLwYDVQQDEyg5RTdBNzk3QjZBMjhBRkQzM0Q3QTRENDYzNzcwNEZDMTBD
Q0IyRTlFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj3euegDyOPV
fG1YjIFTurgHYpwHko7VbmvTXHCDzWd9Owg0ZcqEUuTJBu6Ozl7gf/Mwm9rFnn01
KU7eutDoCtEkXImOaI2WVvPV015tXhtQ9SFnbg3exFfdFAo/9aUX+Tl45vbi6ubc
K9jSNQIBV8napmZvCCSkZMUkU2I2rZX+X2QyPJf+kJ1oMuZzinNlnEsayU4iuATT
0KndjZMySva85jxlmFCqn6BzQQqij/x1K1yWEMfMRZ0MNbaZvNOeW8VypuuJAbtp
jwca0dEvyJRZG7ewB+y0x7jNWQlSvdJNO3mMxiu3D4vM30Hh+YyV4JvX6dAYBmT/
wm/Bq5f02wIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFJ56eXtqKK/TPXpNRjdwT8EM
yy6eMB8GA1UdIwQYMBaAFN9ORoOgyHb2inK936oFiDCTVsPWMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmOGJhYTY0YTgwMThiYjJkYWI3Y2MwYTkxLzAv
REY0RTQ2ODNBMEM4NzZGNjhBNzJCRERGQUEwNTg4MzA5MzU2QzNENi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvODcxZGE0MGYtNzkzYS00YTQ1LWEwYTktOTc4MTQ4
MzIxYTA3LzA4MWJkNjZlLWIxZDEtNDA1YS04YTMyLWM4MzBlYzc5MGNlNS85Yzk0
YTFjNDE5MWQ2ZWVhZjdlNzczMzZhNWVkYmMwNWNiOTlhYzYzYzc4MzVhOGJjMy5j
ZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjhiYWE2NGE4MDE4YmIy
ZGFiN2NjMGE5MS8wLzMyMzAzNDJlMzEzNDJlMzczNTJlMzAyZjMyMzQyZDMyMzQy
MDNkM2UyMDMzMzkzNzM5MzYzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMwOSzANBgkqhkiG9w0BAQsF
AAOCAQEALXh/r7grEHtcLX1fA+khZJioWzVua4cCwVKIiDjKepSkF+rBVTBlbbTI
z2oEydouC3AAjSLNEUiom4nAdNQC21cqmFYBJ+YwWDwBqtIP6lKPbXIN3K01wRH2
ZSHIzq6tAsvXT2VniYDXUazyQ6T6E9ChxJQIbItgxtKSU8wsmLR0jzHHbaXGK4PM
nZnWdmHxwLu2+PPvA+/5tYLgq4LOJs+C6whMDWBRS8BO0PBp7FvhCIlyXOwnc879
IkaCrdnZFnwK5WJTRi1zqP8F/E73Wb3HU9DCWeiTZg1U6fWD70s2vfmNsOx3Q4EN
55kk96000S/aVUJJ8Qdqj/knUUFMOQ==
-----END CERTIFICATE-----