Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/326130613a363034343a3230303a3a2f34302d3438203d3e203437323732.roa
File:                     326130613a363034343a3230303a3a2f34302d3438203d3e203437323732.roa (raw, json)
Hash identifier:          NAZZghj3CoUtLQicO1YyZuUO7/QK2YuUS8COfvzkGng=
Subject key identifier:   A6:2F:BF:38:50:B3:A3:D7:F6:1E:AF:61:BC:76:33:30:98:B9:FB:56
Certificate issuer:       /CN=57A9746FE543EB3EA0D449534244C93FC88F8503
Certificate serial:       086DCB963FFC408F350DAE64DF7FCA20AF9F7276
Authority key identifier: 57:A9:74:6F:E5:43:EB:3E:A0:D4:49:53:42:44:C9:3F:C8:8F:85:03
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/57A9746FE543EB3EA0D449534244C93FC88F8503.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/326130613a363034343a3230303a3a2f34302d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:43 +0000
ROA not before:           Sun 26 Nov 2023 11:03:43 +0000
ROA not after:            Sun 24 Nov 2024 11:08:43 +0000
asID:                     47272
IP address blocks:        2a0a:6044:200::/40 maxlen: 48

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 19:03:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:6d:cb:96:3f:fc:40:8f:35:0d:ae:64:df:7f:ca:20:af:9f:72:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57A9746FE543EB3EA0D449534244C93FC88F8503
        Validity
            Not Before: Nov 26 11:03:43 2023 GMT
            Not After : Nov 24 11:08:43 2024 GMT
        Subject: CN=A62FBF3850B3A3D7F61EAF61BC76333098B9FB56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:33:20:b3:da:ac:25:22:86:9e:fa:43:2f:ab:
                    e6:df:d7:a6:7c:b5:b1:57:47:0e:f5:14:d0:10:99:
                    42:fd:69:31:37:c0:79:74:ae:0d:5e:5a:48:af:09:
                    62:70:8a:cf:e6:53:f2:88:c3:b0:d5:bd:c1:ba:d1:
                    af:83:fa:fc:c1:42:6d:af:38:c2:2f:67:07:42:b2:
                    bc:89:d7:2d:08:39:13:50:77:f1:dd:94:c2:8c:b5:
                    98:44:b1:41:76:93:23:dd:a6:04:f1:6e:a7:eb:87:
                    4d:59:a6:ce:66:e3:56:fb:2a:d1:4c:cc:62:9d:85:
                    a8:bc:89:6b:c7:e8:ab:d5:d8:d3:24:55:5d:e3:d0:
                    7b:86:79:2a:74:1e:d5:4e:b3:2f:ad:46:e3:f5:a1:
                    44:1e:a7:39:23:9f:25:a8:78:ba:dc:28:82:2c:20:
                    94:36:fd:b6:35:40:e9:f7:bd:f2:bf:49:75:3d:e1:
                    b2:08:88:80:f4:21:cd:b1:a8:d6:cb:4d:be:89:b4:
                    5a:cd:f6:23:63:ab:06:18:78:d6:0d:ce:ac:0a:22:
                    15:4f:a6:ef:f4:61:c1:c5:3b:77:52:3a:76:34:79:
                    60:2d:6c:bd:e4:35:c3:3e:d7:9d:af:2f:44:7c:05:
                    8f:6a:a4:bc:2e:f7:6c:e8:a4:3a:c9:ca:24:f7:1d:
                    c1:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2F:BF:38:50:B3:A3:D7:F6:1E:AF:61:BC:76:33:30:98:B9:FB:56
            X509v3 Authority Key Identifier:
                keyid:57:A9:74:6F:E5:43:EB:3E:A0:D4:49:53:42:44:C9:3F:C8:8F:85:03

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/57A9746FE543EB3EA0D449534244C93FC88F8503.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/57A9746FE543EB3EA0D449534244C93FC88F8503.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/0/326130613a363034343a3230303a3a2f34302d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6044:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:63:0b:a6:74:83:37:d1:67:71:e9:28:d0:5b:81:1a:fa:a2:
         02:89:30:de:d7:51:f4:51:3d:4c:34:50:04:ba:04:04:b8:92:
         51:3e:79:6f:20:b2:52:ea:b6:72:af:e7:55:87:c6:2f:35:f2:
         de:de:e3:a6:63:61:4c:be:49:3d:37:34:2b:88:c2:b7:6b:3b:
         d6:fb:89:2c:ea:47:e6:ba:a7:9b:1a:70:b5:9e:6f:b0:42:0c:
         63:db:44:88:b9:06:5b:9a:09:a5:a3:65:e9:ca:b8:ea:80:ae:
         66:6c:0b:2d:f6:9d:4c:50:40:c6:70:ea:3e:80:86:04:7d:20:
         ba:32:9d:49:a8:74:14:79:9f:dc:3e:d6:35:b0:46:ad:b8:0c:
         37:f9:b8:07:ed:fc:74:96:00:66:f1:65:49:fe:bc:9c:f9:fc:
         08:d8:58:74:3e:b3:f6:bd:ea:d3:11:23:dc:37:99:7b:54:0a:
         82:55:07:45:d4:52:db:86:f8:b1:b8:97:21:e2:5b:74:2e:95:
         34:e2:c2:dd:51:e4:66:81:08:70:46:41:e2:a0:60:70:5a:95:
         47:a3:c3:8d:8e:29:d1:7c:ca:23:ee:d6:05:59:e1:e6:1d:2c:
         81:7f:01:61:0c:3f:1b:97:63:21:1e:89:97:3d:7a:54:90:0e:
         13:35:8a:d8
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgIUCG3Llj/8QI81Da5k33/KIK+fcnYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTdBOTc0NkZFNTQzRUIzRUEwRDQ0OTUzNDI0NEM5M0ZD
ODhGODUwMzAeFw0yMzExMjYxMTAzNDNaFw0yNDExMjQxMTA4NDNaMDMxMTAvBgNV
BAMTKEE2MkZCRjM4NTBCM0EzRDdGNjFFQUY2MUJDNzYzMzMwOThCOUZCNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKMyCz2qwlIoae+kMvq+bf16Z8
tbFXRw71FNAQmUL9aTE3wHl0rg1eWkivCWJwis/mU/KIw7DVvcG60a+D+vzBQm2v
OMIvZwdCsryJ1y0IORNQd/HdlMKMtZhEsUF2kyPdpgTxbqfrh01Zps5m41b7KtFM
zGKdhai8iWvH6KvV2NMkVV3j0HuGeSp0HtVOsy+tRuP1oUQepzkjnyWoeLrcKIIs
IJQ2/bY1QOn3vfK/SXU94bIIiID0Ic2xqNbLTb6JtFrN9iNjqwYYeNYNzqwKIhVP
pu/0YcHFO3dSOnY0eWAtbL3kNcM+152vL0R8BY9qpLwu92zopDrJyiT3HcHJAgMB
AAGjggJ1MIICcTAdBgNVHQ4EFgQUpi+/OFCzo9f2Hq9hvHYzMJi5+1YwHwYDVR0j
BBgwFoAUV6l0b+VD6z6g1ElTQkTJP8iPhQMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzAvNTdBOTc0NkZFNTQzRUIzRUEwRDQ0OTUzNDI0NEM5M0ZDODhGODUwMy5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvNTdBOTc0NkZFNTQzRUIzRUEwRDQ0OTUzNDI0NEM5M0ZDODhG
ODUwMy5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMt
ZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1YzdkLzAvMzI2MTMwNjEzYTM2MzAzNDM0
M2EzMjMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzNDM3MzIzNzMyLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIA
AjAIAwYAKgpgRAIwDQYJKoZIhvcNAQELBQADggEBAEJjC6Z0gzfRZ3HpKNBbgRr6
ogKJMN7XUfRRPUw0UAS6BAS4klE+eW8gslLqtnKv51WHxi818t7e46ZjYUy+ST03
NCuIwrdrO9b7iSzqR+a6p5sacLWeb7BCDGPbRIi5BluaCaWjZenKuOqArmZsCy32
nUxQQMZw6j6AhgR9ILoynUmodBR5n9w+1jWwRq24DDf5uAft/HSWAGbxZUn+vJz5
/AjYWHQ+s/a96tMRI9w3mXtUCoJVB0XUUtuG+LG4lyHiW3QulTTiwt1R5GaBCHBG
QeKgYHBalUejw42OKdF8yiPu1gVZ4eYdLIF/AWEMPxuXYyEeiZc9elSQDhM1itg=
-----END CERTIFICATE-----