Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e2030.roa
File:                     32332e3136342e3135332e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          /5y23l5QuS/6jkRccvFri+60xN5j0VzrLMXGmq9L2Z8=
Subject key identifier:   54:A3:5C:7B:F2:E5:AE:A7:5D:D7:E5:B6:18:75:39:E0:E2:E5:87:13
Certificate issuer:       /CN=d90d8aba2a75232dac0a4973b29677a14573561ef341199600
Certificate serial:       3CB295618DEC6EAE4F97584EF0FA8D1BBDE716E7
Authority key identifier: 44:17:C6:2B:C8:BB:64:8A:4A:97:DD:F6:50:5C:2E:44:3E:4B:35:FF
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a75232dac0a4973b29677a14573561ef341199600.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e2030.roa
Signing time:             Tue 20 Aug 2024 17:26:53 +0000
ROA not before:           Tue 20 Aug 2024 17:21:53 +0000
ROA not after:            Tue 19 Aug 2025 17:26:53 +0000
asID:                     0
IP address blocks:        23.164.153.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 22 Aug 2024 20:34:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b2:95:61:8d:ec:6e:ae:4f:97:58:4e:f0:fa:8d:1b:bd:e7:16:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90d8aba2a75232dac0a4973b29677a14573561ef341199600
        Validity
            Not Before: Aug 20 17:21:53 2024 GMT
            Not After : Aug 19 17:26:53 2025 GMT
        Subject: CN=54A35C7BF2E5AEA75DD7E5B6187539E0E2E58713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f1:67:de:38:2f:16:85:16:71:00:f0:70:fb:
                    6c:45:e2:ac:04:d4:ab:1c:b8:29:2c:7f:6d:8d:90:
                    a4:5a:95:37:26:fe:fb:b4:b4:d3:ce:3b:9f:a7:d0:
                    b2:d5:fa:62:a8:2f:3d:6f:96:2d:9f:c5:51:b3:77:
                    05:01:9d:e0:e0:a5:3d:b8:f9:49:20:73:40:c0:18:
                    50:82:b4:17:8c:75:34:39:ae:89:c3:d9:07:48:a3:
                    02:48:c8:5c:29:79:5f:4a:8d:64:c6:2f:f5:07:74:
                    79:e5:d1:97:98:b0:75:c4:77:99:e0:fd:80:87:8d:
                    5d:fb:20:af:a9:af:dc:43:1f:28:28:d3:4a:dc:95:
                    f6:bd:d2:70:93:2f:cc:66:08:16:c2:9e:04:24:87:
                    88:bc:74:f9:09:ab:1f:9e:48:a3:7a:c4:a1:c8:a0:
                    15:51:3f:79:cc:52:5a:be:d2:99:d5:f7:c4:1d:32:
                    d5:23:2e:39:10:e2:40:3a:fc:f1:4c:ac:e0:d6:1b:
                    94:2f:dd:df:65:c1:80:72:cc:70:23:cc:52:80:aa:
                    11:cd:5b:e3:a4:a4:34:3a:f9:de:e6:3f:ad:d5:a2:
                    6d:91:7d:a3:1b:f9:04:e4:9b:4b:83:0b:6e:76:26:
                    a0:3b:38:5c:03:74:0c:a3:64:6d:09:69:1c:5b:84:
                    23:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A3:5C:7B:F2:E5:AE:A7:5D:D7:E5:B6:18:75:39:E0:E2:E5:87:13
            X509v3 Authority Key Identifier:
                keyid:44:17:C6:2B:C8:BB:64:8A:4A:97:DD:F6:50:5C:2E:44:3E:4B:35:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/4417C62BC8BB648A4A97DDF6505C2E443E4B35FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/871da40f-793a-4a45-a0a9-978148321a07/0ec17157-66de-4aab-85e7-28af4de430e2/d90d8aba2a75232dac0a4973b29677a14573561ef341199600.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2de2f64d-f6e5-47e3-a6fb-686d88e71ae9/2/32332e3136342e3135332e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.164.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:1c:81:3f:f6:14:1c:d2:9e:a3:d5:da:c4:76:45:25:54:06:
         70:39:b7:d1:c9:c7:9b:47:6e:59:00:71:90:c8:2e:f5:3a:19:
         e4:4c:49:7b:58:bd:92:1d:ac:3e:03:14:0c:90:17:fc:da:fd:
         e2:58:04:59:c6:78:4e:a1:9a:80:6f:6b:09:40:36:0c:78:5b:
         f9:d6:24:48:82:e5:a4:63:75:e9:ba:9d:c9:ba:05:60:44:a6:
         df:80:57:e5:cf:4b:3c:c1:09:5c:3e:95:31:79:a1:cc:5b:43:
         06:2f:cc:8c:59:c7:e8:6c:52:e1:b6:ed:e6:3d:28:de:fd:b2:
         e9:3a:29:48:28:ca:32:3b:b5:79:4b:88:d9:b3:8b:8c:b9:4d:
         39:6b:fb:c6:f9:b8:70:06:f2:de:59:ba:60:cb:57:ec:59:e2:
         e3:81:58:61:cd:62:23:36:79:d5:02:f3:27:ce:53:dc:1d:d1:
         54:fd:96:2c:aa:ad:cc:53:e8:7c:b1:14:bf:64:9c:c1:45:03:
         2a:27:75:d7:7a:fc:e5:1b:d5:8e:d5:f0:1a:96:10:e0:c5:d7:
         d9:38:16:d7:8d:05:2a:83:6d:de:46:09:c1:c9:a4:8b:d9:96:
         ad:f4:8d:08:dd:bc:06:6b:f0:ee:29:45:43:34:c4:0d:2c:ca:
         43:41:c6:3c
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgIUPLKVYY3sbq5Pl1hO8PqNG73nFucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDkwZDhhYmEyYTc1MjMyZGFjMGE0OTczYjI5Njc3YTE0
NTczNTYxZWYzNDExOTk2MDAwHhcNMjQwODIwMTcyMTUzWhcNMjUwODE5MTcyNjUz
WjAzMTEwLwYDVQQDEyg1NEEzNUM3QkYyRTVBRUE3NUREN0U1QjYxODc1MzlFMEUy
RTU4NzEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPFn3jgvFoUW
cQDwcPtsReKsBNSrHLgpLH9tjZCkWpU3Jv77tLTTzjufp9Cy1fpiqC89b5Ytn8VR
s3cFAZ3g4KU9uPlJIHNAwBhQgrQXjHU0Oa6Jw9kHSKMCSMhcKXlfSo1kxi/1B3R5
5dGXmLB1xHeZ4P2Ah41d+yCvqa/cQx8oKNNK3JX2vdJwky/MZggWwp4EJIeIvHT5
CasfnkijesShyKAVUT95zFJavtKZ1ffEHTLVIy45EOJAOvzxTKzg1huUL93fZcGA
csxwI8xSgKoRzVvjpKQ0Ovne5j+t1aJtkX2jG/kE5JtLgwtudiagOzhcA3QMo2Rt
CWkcW4QjoQIDAQABo4ICxTCCAsEwHQYDVR0OBBYEFFSjXHvy5a6nXdflthh1OeDi
5YcTMB8GA1UdIwQYMBaAFEQXxivIu2SKSpfd9lBcLkQ+SzX/MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzJkZTJmNjRkLWY2ZTUtNDdlMy1hNmZi
LTY4NmQ4OGU3MWFlOS8yLzQ0MTdDNjJCQzhCQjY0OEE0QTk3RERGNjUwNUMyRTQ0
M0U0QjM1RkYuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzg3MWRhNDBmLTc5M2Et
NGE0NS1hMGE5LTk3ODE0ODMyMWEwNy8wZWMxNzE1Ny02NmRlLTRhYWItODVlNy0y
OGFmNGRlNDMwZTIvZDkwZDhhYmEyYTc1MjMyZGFjMGE0OTczYjI5Njc3YTE0NTcz
NTYxZWYzNDExOTk2MDAuY2VyMIGlBggrBgEFBQcBCwSBmDCBlTCBkgYIKwYBBQUH
MAuGgYVyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzJkZTJmNjRkLWY2ZTUtNDdlMy1hNmZiLTY4NmQ4OGU3MWFlOS8yLzMyMzMyZTMx
MzYzNDJlMzEzNTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAXpJkwDQYJKoZIhvcNAQELBQADggEBAG4cgT/2FBzSnqPV2sR2RSVUBnA5t9HJ
x5tHblkAcZDILvU6GeRMSXtYvZIdrD4DFAyQF/za/eJYBFnGeE6hmoBvawlANgx4
W/nWJEiC5aRjdem6ncm6BWBEpt+AV+XPSzzBCVw+lTF5ocxbQwYvzIxZx+hsUuG2
7eY9KN79suk6KUgoyjI7tXlLiNmzi4y5TTlr+8b5uHAG8t5ZumDLV+xZ4uOBWGHN
YiM2edUC8yfOU9wd0VT9liyqrcxT6HyxFL9knMFFAyonddd6/OUb1Y7V8BqWEODF
19k4FteNBSqDbd5GCcHJpIvZlq30jQjdvAZr8O4pRUM0xA0sykNBxjw=