Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3c8e4e11-3aca-4305-acd4-f05e6c909115/1/326131343a373538313a386430303a3a2f34302d3430203d3e203530333835.roa
File:                     326131343a373538313a386430303a3a2f34302d3430203d3e203530333835.roa (raw, json)
Hash identifier:          ZHMWoXZg0NwYlRcmkS+IjMVin58NqsgwX3WwApdd0bg=
Subject key identifier:   76:37:82:3E:4B:80:F0:68:08:69:FE:E0:07:7F:A2:AF:DF:FB:20:14
Certificate issuer:       /CN=0874801164DC95F0AB9CCD4BD304A3EF78E9F39B
Certificate serial:       3827177342C14A305B127BCB1B77C299A3096EC7
Authority key identifier: 08:74:80:11:64:DC:95:F0:AB:9C:CD:4B:D3:04:A3:EF:78:E9:F3:9B
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/0874801164DC95F0AB9CCD4BD304A3EF78E9F39B.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3c8e4e11-3aca-4305-acd4-f05e6c909115/1/326131343a373538313a386430303a3a2f34302d3430203d3e203530333835.roa
Signing time:             Fri 17 May 2024 16:15:27 +0000
ROA not before:           Fri 17 May 2024 16:10:27 +0000
ROA not after:            Fri 16 May 2025 16:15:27 +0000
asID:                     50385
IP address blocks:        2a14:7581:8d00::/40 maxlen: 40

Validation:               Failed, certificate revoked on Sat 18 May 2024 12:28:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:27:17:73:42:c1:4a:30:5b:12:7b:cb:1b:77:c2:99:a3:09:6e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0874801164DC95F0AB9CCD4BD304A3EF78E9F39B
        Validity
            Not Before: May 17 16:10:27 2024 GMT
            Not After : May 16 16:15:27 2025 GMT
        Subject: CN=7637823E4B80F0680869FEE0077FA2AFDFFB2014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1e:6a:0d:df:6f:21:d1:53:6e:2d:3a:cc:be:
                    ae:cc:ea:25:d5:7c:c7:2a:9b:15:55:48:a2:c9:f9:
                    52:04:c7:a7:f6:30:7a:29:27:fd:22:ea:73:20:eb:
                    45:40:2e:e5:e2:a8:56:b7:8d:df:bf:0f:1e:b8:f9:
                    38:7a:61:4a:e5:a9:c7:ad:ea:98:6f:76:8a:ca:da:
                    bb:a2:d5:c4:d8:eb:ac:24:bf:ad:f8:7b:64:38:e7:
                    c1:2e:7f:b6:95:95:25:ac:d5:fc:31:ff:ff:77:13:
                    27:3d:a5:7d:bb:0f:15:23:df:d9:d5:db:c1:11:15:
                    90:b0:20:17:eb:9f:69:42:4a:1b:e6:c1:61:d1:d2:
                    18:92:d8:f6:93:6a:02:3e:1b:87:99:48:d8:0e:19:
                    d2:81:6d:c0:3c:42:42:04:3e:df:f9:71:2f:45:80:
                    b4:b0:2a:a2:5e:11:c4:b1:a5:58:e4:9f:bf:02:d5:
                    5e:95:61:3f:d7:4f:94:43:29:71:49:49:94:72:ac:
                    75:38:05:d2:4d:f8:54:49:ca:92:1f:32:bb:09:e6:
                    02:8a:df:ac:0a:89:65:12:66:9a:27:39:80:0a:3c:
                    c2:ce:72:10:77:26:30:4d:80:78:63:f5:c6:69:e4:
                    ef:a0:b8:6c:76:3b:78:d4:92:68:0b:3e:68:c3:36:
                    67:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:37:82:3E:4B:80:F0:68:08:69:FE:E0:07:7F:A2:AF:DF:FB:20:14
            X509v3 Authority Key Identifier:
                keyid:08:74:80:11:64:DC:95:F0:AB:9C:CD:4B:D3:04:A3:EF:78:E9:F3:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3c8e4e11-3aca-4305-acd4-f05e6c909115/1/0874801164DC95F0AB9CCD4BD304A3EF78E9F39B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/0874801164DC95F0AB9CCD4BD304A3EF78E9F39B.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3c8e4e11-3aca-4305-acd4-f05e6c909115/1/326131343a373538313a386430303a3a2f34302d3430203d3e203530333835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:8d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:6f:56:37:f1:b7:f2:71:fd:20:3f:b8:73:d8:06:d1:b7:c8:
         eb:dd:2a:81:6a:1f:df:40:28:8d:ea:ea:52:2e:98:78:ec:0d:
         88:41:16:a9:58:86:ee:b7:75:6c:c6:e4:87:55:b6:6f:52:44:
         ff:02:52:e5:3a:2a:32:4d:27:e5:5b:5d:7a:9e:e9:a8:c6:13:
         bb:d5:7e:c1:18:26:80:fc:6a:28:c8:4d:d1:74:47:5a:71:e5:
         a4:b9:08:bb:5b:52:9f:ad:26:48:34:aa:d4:6f:a2:2e:b4:52:
         e9:6a:8b:39:97:41:25:0b:95:05:a6:10:f1:5b:60:5c:da:0d:
         44:15:fb:9e:5d:f1:c3:fd:e8:63:50:ca:73:0a:e7:4e:78:ab:
         10:8d:48:36:5d:38:30:93:55:2c:29:a3:c1:ce:d9:15:a4:53:
         5e:d5:75:1e:56:47:d2:ce:f9:2a:ad:72:7a:5a:42:d8:b7:a2:
         26:cf:6d:50:9f:e2:d4:15:74:d3:9f:95:01:35:04:09:e4:72:
         4c:81:0f:38:8f:ca:5a:88:5a:40:1c:36:ed:14:2f:00:0f:f7:
         b8:f2:d3:06:8e:56:aa:6a:c8:11:dc:0c:4a:c4:22:80:de:06:
         16:7b:d6:37:ba:e7:70:c6:5c:a7:92:b2:a8:43:ed:1c:e6:5a:
         59:8e:ac:4a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUOCcXc0LBSjBbEnvLG3fCmaMJbscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg3NDgwMTE2NERDOTVGMEFCOUNDRDRCRDMwNEEzRUY3
OEU5RjM5QjAeFw0yNDA1MTcxNjEwMjdaFw0yNTA1MTYxNjE1MjdaMDMxMTAvBgNV
BAMTKDc2Mzc4MjNFNEI4MEYwNjgwODY5RkVFMDA3N0ZBMkFGREZGQjIwMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtHmoN328h0VNuLTrMvq7M6iXV
fMcqmxVVSKLJ+VIEx6f2MHopJ/0i6nMg60VALuXiqFa3jd+/Dx64+Th6YUrlqcet
6phvdorK2rui1cTY66wkv634e2Q458Euf7aVlSWs1fwx//93Eyc9pX27DxUj39nV
28ERFZCwIBfrn2lCShvmwWHR0hiS2PaTagI+G4eZSNgOGdKBbcA8QkIEPt/5cS9F
gLSwKqJeEcSxpVjkn78C1V6VYT/XT5RDKXFJSZRyrHU4BdJN+FRJypIfMrsJ5gKK
36wKiWUSZponOYAKPMLOchB3JjBNgHhj9cZp5O+guGx2O3jUkmgLPmjDNmcTAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUdjeCPkuA8GgIaf7gB3+ir9/7IBQwHwYDVR0j
BBgwFoAUCHSAEWTclfCrnM1L0wSj73jp85swDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvM2M4ZTRlMTEtM2FjYS00MzA1LWFjZDQtZjA1ZTZjOTA5
MTE1LzEvMDg3NDgwMTE2NERDOTVGMEFCOUNDRDRCRDMwNEEzRUY3OEU5RjM5Qi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8wODc0ODAxMTY0REM5NUYwQUI5Q0NENEJE
MzA0QTNFRjc4RTlGMzlCLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zYzhlNGUxMS0zYWNhLTQzMDUtYWNkNC1mMDVlNmM5MDkxMTUvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTM4NjQzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzUz
MDMzMzgzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcB
BwEB/wQSMBAwDgQCAAIwCAMGACoUdYGNMA0GCSqGSIb3DQEBCwUAA4IBAQAob1Y3
8bfycf0gP7hz2AbRt8jr3SqBah/fQCiN6upSLph47A2IQRapWIbut3VsxuSHVbZv
UkT/AlLlOioyTSflW116numoxhO71X7BGCaA/GooyE3RdEdaceWkuQi7W1KfrSZI
NKrUb6IutFLpaos5l0ElC5UFphDxW2Bc2g1EFfueXfHD/ehjUMpzCudOeKsQjUg2
XTgwk1UsKaPBztkVpFNe1XUeVkfSzvkqrXJ6WkLYt6Imz21Qn+LUFXTTn5UBNQQJ
5HJMgQ84j8paiFpAHDbtFC8AD/e48tMGjlaqasgR3AxKxCKA3gYWe9Y3uudwxlyn
krKoQ+0c5lpZjqxK
-----END CERTIFICATE-----