Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/3/323630323a663766663a32353a3a2f34382d3438203d3e203133383532.roa
File:                     323630323a663766663a32353a3a2f34382d3438203d3e203133383532.roa (raw, json)
Hash identifier:          4Fih11K7VBoIaHXd7GArbPzSZNcYygFDhA8X8Cii1ng=
Subject key identifier:   74:CC:1B:D5:D3:60:71:9C:4F:C3:B3:10:EA:CA:1D:8C:7E:94:D1:76
Certificate issuer:       /CN=f9d4bd83ed27b9a9325e1d6da6cc71a7e6564c102ee7996ce8
Certificate serial:       1998762D403577E36149F843DB20FE6A1CDC6B75
Authority key identifier: 22:EC:27:BC:99:97:53:43:E6:F2:5F:5A:46:C6:E6:7C:28:2D:96:DD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/69fd0156-bb1f-48b6-bf32-c9492286f195/6e83fbf2-b64b-4c55-ba28-ca84ad0af5ab/f9d4bd83ed27b9a9325e1d6da6cc71a7e6564c102ee7996ce8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/3/323630323a663766663a32353a3a2f34382d3438203d3e203133383532.roa
Signing time:             Fri 20 Sep 2024 08:16:01 +0000
ROA not before:           Fri 20 Sep 2024 08:11:01 +0000
ROA not after:            Fri 19 Sep 2025 08:16:01 +0000
asID:                     13852
IP address blocks:        2602:f7ff:25::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 24 Sep 2024 08:05:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:98:76:2d:40:35:77:e3:61:49:f8:43:db:20:fe:6a:1c:dc:6b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9d4bd83ed27b9a9325e1d6da6cc71a7e6564c102ee7996ce8
        Validity
            Not Before: Sep 20 08:11:01 2024 GMT
            Not After : Sep 19 08:16:01 2025 GMT
        Subject: CN=74CC1BD5D360719C4FC3B310EACA1D8C7E94D176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ca:b5:6e:0c:c8:5c:37:d3:20:c8:a0:76:47:
                    48:ef:d4:16:e8:9d:04:f8:cb:9a:e3:8f:06:3b:ad:
                    01:0f:2a:da:84:21:c4:0e:59:d8:b3:d3:01:f9:bf:
                    e5:fe:a1:e4:bc:07:9f:af:23:8d:3c:61:61:b5:d4:
                    93:df:3e:ec:74:0d:f3:e9:0d:ea:49:0a:a0:e7:28:
                    a9:5f:35:70:88:e2:2c:83:bf:fa:34:f5:a1:9b:1d:
                    c7:ed:fd:ae:64:78:a8:25:50:6a:f4:98:a6:7b:6f:
                    db:3d:43:0c:b2:2d:d2:05:c7:ac:a7:94:1d:2d:46:
                    a1:4a:63:d0:14:c4:34:6c:45:1a:10:67:90:45:36:
                    35:9f:41:36:a3:bf:b0:b0:02:24:fe:f6:11:4e:41:
                    2b:b4:83:c9:e3:16:23:82:a0:e7:f4:82:cf:d2:1d:
                    b4:53:da:c1:c6:35:fb:2b:ec:04:2b:4f:a2:6d:35:
                    76:6f:f7:d0:fd:63:70:de:9a:d2:4f:62:57:96:5c:
                    42:d6:c6:fd:e7:ef:32:6a:38:78:2b:5f:40:58:4d:
                    94:8f:87:c8:ea:e2:c7:0d:03:bd:3d:f4:e2:99:87:
                    f6:c6:67:c2:75:25:02:09:0f:42:69:f7:eb:ff:fc:
                    af:5e:1d:e2:58:c0:11:cd:09:fb:c3:cd:f0:a0:f6:
                    26:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:CC:1B:D5:D3:60:71:9C:4F:C3:B3:10:EA:CA:1D:8C:7E:94:D1:76
            X509v3 Authority Key Identifier:
                keyid:22:EC:27:BC:99:97:53:43:E6:F2:5F:5A:46:C6:E6:7C:28:2D:96:DD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/3/22EC27BC99975343E6F25F5A46C6E67C282D96DD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/69fd0156-bb1f-48b6-bf32-c9492286f195/6e83fbf2-b64b-4c55-ba28-ca84ad0af5ab/f9d4bd83ed27b9a9325e1d6da6cc71a7e6564c102ee7996ce8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0c70401c-7f41-4a6b-9434-cc80dca093e6/3/323630323a663766663a32353a3a2f34382d3438203d3e203133383532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f7ff:25::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:dc:8a:a4:f7:ea:08:52:52:90:dc:08:4d:40:75:52:11:33:
         c3:45:06:fc:2e:dd:1d:4f:40:90:96:38:0b:02:23:b3:d4:75:
         3e:f4:4b:30:5d:d0:08:53:d3:2a:92:4d:e5:51:b5:96:2d:6d:
         6c:0b:07:d8:fb:05:e5:d8:a8:1c:87:92:38:6e:0a:13:1d:de:
         89:77:db:8f:8d:82:f1:a2:3e:8d:c4:e5:b7:2b:49:f7:05:05:
         f5:f4:2e:6b:c1:ce:03:37:16:12:d6:e3:30:65:49:68:80:43:
         61:26:f8:e5:4f:d0:21:ec:72:74:64:ee:51:75:f3:96:36:20:
         68:0a:88:8c:52:85:92:40:74:3d:0e:2f:81:53:ea:58:7d:69:
         7a:fb:61:1f:53:b7:3e:01:b0:c5:a5:aa:3b:2c:ac:ab:e8:bf:
         bc:6f:51:f8:60:de:ec:e3:3e:05:a4:a5:83:4c:83:76:67:10:
         32:ee:1f:29:50:ee:20:f6:ba:45:f9:aa:9d:40:41:f9:ea:ff:
         5d:ca:b5:b7:b2:63:63:f6:da:2d:fa:30:f7:bb:8d:d6:27:2a:
         e3:23:9c:82:3a:21:58:f3:20:e5:56:8d:fa:32:f8:42:d4:cc:
         9b:9c:e7:a6:f3:03:26:2c:1a:69:d3:f6:eb:65:1d:22:b1:26:
         d8:0c:f2:09
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIUGZh2LUA1d+NhSfhD2yD+ahzca3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZjlkNGJkODNlZDI3YjlhOTMyNWUxZDZkYTZjYzcxYTdl
NjU2NGMxMDJlZTc5OTZjZTgwHhcNMjQwOTIwMDgxMTAxWhcNMjUwOTE5MDgxNjAx
WjAzMTEwLwYDVQQDEyg3NENDMUJENUQzNjA3MTlDNEZDM0IzMTBFQUNBMUQ4QzdF
OTREMTc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8q1bgzIXDfT
IMigdkdI79QW6J0E+Mua448GO60BDyrahCHEDlnYs9MB+b/l/qHkvAefryONPGFh
tdST3z7sdA3z6Q3qSQqg5yipXzVwiOIsg7/6NPWhmx3H7f2uZHioJVBq9Jime2/b
PUMMsi3SBcesp5QdLUahSmPQFMQ0bEUaEGeQRTY1n0E2o7+wsAIk/vYRTkErtIPJ
4xYjgqDn9ILP0h20U9rBxjX7K+wEK0+ibTV2b/fQ/WNw3prST2JXllxC1sb95+8y
ajh4K19AWE2Uj4fI6uLHDQO9PfTimYf2xmfCdSUCCQ9Caffr//yvXh3iWMARzQn7
w83woPYmswIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFHTMG9XTYHGcT8OzEOrKHYx+
lNF2MB8GA1UdIwQYMBaAFCLsJ7yZl1ND5vJfWkbG5nwoLZbdMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzBjNzA0MDFjLTdmNDEtNGE2Yi05NDM0
LWNjODBkY2EwOTNlNi8zLzIyRUMyN0JDOTk5NzUzNDNFNkYyNUY1QTQ2QzZFNjdD
MjgyRDk2REQuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzY5ZmQwMTU2LWJiMWYt
NDhiNi1iZjMyLWM5NDkyMjg2ZjE5NS82ZTgzZmJmMi1iNjRiLTRjNTUtYmEyOC1j
YTg0YWQwYWY1YWIvZjlkNGJkODNlZDI3YjlhOTMyNWUxZDZkYTZjYzcxYTdlNjU2
NGMxMDJlZTc5OTZjZTguY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzBjNzA0MDFjLTdmNDEtNGE2Yi05NDM0LWNjODBkY2EwOTNlNi8zLzMyMzYzMDMy
M2E2NjM3NjY2NjNhMzIzNTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzMzODM1
MzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAmAvf/ACUwDQYJKoZIhvcNAQELBQADggEBACbciqT36ghS
UpDcCE1AdVIRM8NFBvwu3R1PQJCWOAsCI7PUdT70SzBd0AhT0yqSTeVRtZYtbWwL
B9j7BeXYqByHkjhuChMd3ol324+NgvGiPo3E5bcrSfcFBfX0LmvBzgM3FhLW4zBl
SWiAQ2Em+OVP0CHscnRk7lF185Y2IGgKiIxShZJAdD0OL4FT6lh9aXr7YR9Ttz4B
sMWlqjssrKvov7xvUfhg3uzjPgWkpYNMg3ZnEDLuHylQ7iD2ukX5qp1AQfnq/13K
tbeyY2P22i36MPe7jdYnKuMjnII6IVjzIOVWjfoy+ELUzJuc56bzAyYsGmnT9utl
HSKxJtgM8gk=
-----END CERTIFICATE-----