Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3335373a3a2f34382d3438203d3e20323136333234.roa
File:                     326130663a383563313a3335373a3a2f34382d3438203d3e20323136333234.roa (raw, json)
Hash identifier:          /pQ249alEDZEAWHll3nD1rq+HpyD6SgzppZmxnllU3Y=
Subject key identifier:   CE:E8:59:B8:61:38:0A:69:ED:80:B2:C6:1A:90:7F:E0:4C:1B:56:3E
Certificate issuer:       /CN=069FAF47FF48AEF4C98F5097074530A74C111AB9
Certificate serial:       295E3D2D376FA7F041F2BAED785F9CB826E415B4
Authority key identifier: 06:9F:AF:47:FF:48:AE:F4:C9:8F:50:97:07:45:30:A7:4C:11:1A:B9
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/069FAF47FF48AEF4C98F5097074530A74C111AB9.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3335373a3a2f34382d3438203d3e20323136333234.roa
Signing time:             Tue 12 Mar 2024 01:41:18 +0000
ROA not before:           Tue 12 Mar 2024 01:36:18 +0000
ROA not after:            Tue 11 Mar 2025 01:41:18 +0000
asID:                     216324
IP address blocks:        2a0f:85c1:357::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 16 Mar 2024 13:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:5e:3d:2d:37:6f:a7:f0:41:f2:ba:ed:78:5f:9c:b8:26:e4:15:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=069FAF47FF48AEF4C98F5097074530A74C111AB9
        Validity
            Not Before: Mar 12 01:36:18 2024 GMT
            Not After : Mar 11 01:41:18 2025 GMT
        Subject: CN=CEE859B861380A69ED80B2C61A907FE04C1B563E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:23:a7:63:f3:22:63:0b:41:a9:c6:30:da:
                    b4:1b:70:b7:b3:45:3a:b4:d7:88:15:e9:13:7d:b9:
                    c1:43:c7:61:a7:b5:43:f6:97:64:dc:c3:b4:6d:92:
                    82:15:63:b8:4c:9b:95:29:0f:94:c1:49:9e:2e:43:
                    56:97:ec:3d:7c:92:8b:29:7b:c0:a0:c2:0f:43:14:
                    1d:1c:4f:56:08:f3:a0:4a:b2:69:c8:d6:e8:b1:33:
                    43:c1:33:cb:83:6d:ab:9c:bf:be:85:68:16:85:0f:
                    fa:25:6a:0e:22:64:5b:2d:50:80:f1:1d:ea:6a:17:
                    3a:0f:0e:b2:fc:be:34:c8:6e:ae:91:33:62:e7:9f:
                    fb:1f:11:a0:49:c5:9a:8a:fd:af:c1:fe:ea:70:28:
                    a8:16:50:91:0d:f6:46:8c:00:29:43:39:04:12:1d:
                    e3:b0:3f:7c:fa:77:25:fc:59:6f:90:b2:a6:26:b7:
                    c7:72:bb:60:bb:5f:b8:5b:6f:4e:85:c7:86:33:af:
                    e0:7e:0e:b1:9d:d4:1d:68:c9:74:cc:ae:5b:46:be:
                    f4:ec:08:95:04:94:96:30:2a:db:f5:89:d5:18:3f:
                    1b:36:06:e3:9e:55:05:50:14:fd:06:8c:eb:19:02:
                    aa:4c:fb:86:92:7c:45:17:d6:99:a6:0d:2a:05:c0:
                    ca:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E8:59:B8:61:38:0A:69:ED:80:B2:C6:1A:90:7F:E0:4C:1B:56:3E
            X509v3 Authority Key Identifier:
                keyid:06:9F:AF:47:FF:48:AE:F4:C9:8F:50:97:07:45:30:A7:4C:11:1A:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/069FAF47FF48AEF4C98F5097074530A74C111AB9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc20add3-a88e-4bb2-a84d-55da2128f196/0/069FAF47FF48AEF4C98F5097074530A74C111AB9.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/2/326130663a383563313a3335373a3a2f34382d3438203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:357::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:c3:f0:5b:76:21:54:fe:9d:09:08:cb:9d:07:7f:a0:e4:3d:
         45:d2:e1:10:50:23:a3:9b:bf:68:13:3f:14:d0:3a:33:58:89:
         d1:3d:d3:99:54:d3:60:51:f2:b6:e3:b5:83:6e:89:2e:36:cb:
         2c:d4:f9:af:32:47:58:ac:a1:a4:93:69:7e:a2:f5:a5:cc:b3:
         1b:bf:a4:9f:5d:d7:51:13:b7:f1:d4:d4:5f:da:9c:2c:b1:4c:
         7d:c4:a6:c3:b4:45:a4:15:31:8e:9d:d0:65:39:c5:e2:aa:43:
         82:dd:df:a3:99:29:e7:22:e1:bf:1a:34:0c:41:18:24:cd:74:
         17:6b:8e:1a:8d:87:8e:bb:74:54:10:67:12:9d:40:ee:ef:11:
         cc:fe:a8:47:4e:24:5b:ca:ce:b4:b3:e1:40:66:b7:32:4c:40:
         75:bc:a6:ff:0c:ee:c8:d4:57:a6:cd:db:46:49:5f:06:fc:f9:
         09:5d:14:d8:2b:8b:30:58:87:2d:70:d2:95:14:30:db:67:01:
         e9:5e:8f:c8:3b:8a:c2:73:2d:e5:25:d9:72:fc:d8:59:9c:2d:
         37:46:43:23:af:f2:45:b8:8e:8a:ec:6f:76:ee:8a:3f:57:0a:
         af:13:a1:ea:94:e9:ae:ab:1e:a4:b2:81:e2:e9:d0:98:b3:ce:
         79:8a:f5:9e
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUKV49LTdvp/BB8rrteF+cuCbkFbQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDY5RkFGNDdGRjQ4QUVGNEM5OEY1MDk3MDc0NTMwQTc0
QzExMUFCOTAeFw0yNDAzMTIwMTM2MThaFw0yNTAzMTEwMTQxMThaMDMxMTAvBgNV
BAMTKENFRTg1OUI4NjEzODBBNjlFRDgwQjJDNjFBOTA3RkUwNEMxQjU2M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiPiOnY/MiYwtBqcYw2rQbcLez
RTq014gV6RN9ucFDx2GntUP2l2Tcw7RtkoIVY7hMm5UpD5TBSZ4uQ1aX7D18kosp
e8Cgwg9DFB0cT1YI86BKsmnI1uixM0PBM8uDbaucv76FaBaFD/olag4iZFstUIDx
HepqFzoPDrL8vjTIbq6RM2Lnn/sfEaBJxZqK/a/B/upwKKgWUJEN9kaMAClDOQQS
HeOwP3z6dyX8WW+QsqYmt8dyu2C7X7hbb06Fx4Yzr+B+DrGd1B1oyXTMrltGvvTs
CJUElJYwKtv1idUYPxs2BuOeVQVQFP0GjOsZAqpM+4aSfEUX1pmmDSoFwMrTAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUzuhZuGE4CmntgLLGGpB/4EwbVj4wHwYDVR0j
BBgwFoAUBp+vR/9IrvTJj1CXB0Uwp0wRGrkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzIvMDY5RkFGNDdGRjQ4QUVGNEM5OEY1MDk3MDc0NTMwQTc0QzExMUFCOS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mYzIwYWRkMy1hODhlLTRi
YjItYTg0ZC01NWRhMjEyOGYxOTYvMC8wNjlGQUY0N0ZGNDhBRUY0Qzk4RjUwOTcw
NzQ1MzBBNzRDMTExQUI5LmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMi8zMjYxMzA2
NjNhMzgzNTYzMzEzYTMzMzUzNzNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoPhcEDVzANBgkqhkiG9w0BAQsFAAOCAQEACMPw
W3YhVP6dCQjLnQd/oOQ9RdLhEFAjo5u/aBM/FNA6M1iJ0T3TmVTTYFHytuO1g26J
LjbLLNT5rzJHWKyhpJNpfqL1pcyzG7+kn13XURO38dTUX9qcLLFMfcSmw7RFpBUx
jp3QZTnF4qpDgt3fo5kp5yLhvxo0DEEYJM10F2uOGo2Hjrt0VBBnEp1A7u8RzP6o
R04kW8rOtLPhQGa3MkxAdbym/wzuyNRXps3bRklfBvz5CV0U2CuLMFiHLXDSlRQw
22cB6V6PyDuKwnMt5SXZcvzYWZwtN0ZDI6/yRbiOiuxvdu6KP1cKrxOh6pTprqse
pLKB4unQmLPOeYr1ng==
-----END CERTIFICATE-----