Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20323036313235.roa
File:                     3139382e3133352e3136392e302f32342d3234203d3e20323036313235.roa (raw, json)
Hash identifier:          7CefDu2mlzxHI7NSHUFaWJEY7uBSGWqnQTJSTMfy5MA=
Subject key identifier:   55:BD:32:F8:64:C1:74:18:8C:E4:F7:D5:3B:93:DE:85:B9:9E:AB:FF
Certificate issuer:       /CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
Certificate serial:       2E969F50D1817A72BD503B46654A86476045A5BB
Authority key identifier: 6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20323036313235.roa
Signing time:             Sat 04 Jan 2025 05:08:28 +0000
ROA not before:           Sat 04 Jan 2025 05:03:28 +0000
ROA not after:            Sat 03 Jan 2026 05:08:28 +0000
asID:                     206125
IP address blocks:        198.135.169.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 28 Jan 2025 04:31:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:96:9f:50:d1:81:7a:72:bd:50:3b:46:65:4a:86:47:60:45:a5:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43729997152fd84fcda6d190c3b3195b02679660112be9a2d7
        Validity
            Not Before: Jan  4 05:03:28 2025 GMT
            Not After : Jan  3 05:08:28 2026 GMT
        Subject: CN=55BD32F864C174188CE4F7D53B93DE85B99EABFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1b:1d:93:eb:fb:98:96:52:fd:f8:bb:88:9d:
                    38:48:56:bd:03:99:4e:6b:7a:3b:2b:38:d4:f4:00:
                    f1:9a:ae:04:24:f7:01:2c:d5:78:a6:23:74:c8:ff:
                    4f:cf:9a:f6:93:fe:ee:c9:f8:a6:6e:3e:ed:4e:bb:
                    ff:6f:58:92:c6:de:17:97:57:42:3c:0a:1c:94:91:
                    79:7f:71:f7:63:e4:ef:0c:e0:14:c6:0f:ba:be:28:
                    d5:4f:27:43:32:e3:83:af:d7:89:97:6a:d4:03:78:
                    26:88:9b:1d:00:81:22:e7:1f:90:24:e6:12:23:9a:
                    8e:b2:d0:95:fd:86:8a:a1:9c:45:ee:a5:4f:04:82:
                    01:18:d0:00:09:1c:55:ac:67:58:3a:21:c1:b1:72:
                    e9:0c:e4:1e:14:fb:c6:4d:ed:9b:c9:22:1f:3b:95:
                    f6:18:d2:72:00:d5:46:4e:2f:b3:e2:75:9f:cf:3e:
                    fc:c7:5d:1c:93:8c:39:97:8c:d2:16:ea:21:0d:f3:
                    dc:1a:84:c7:69:ad:e8:4a:60:ca:a0:48:d8:2f:6c:
                    4f:f8:bb:60:21:59:c1:1f:fe:95:e3:26:c7:17:4b:
                    9f:9e:e5:07:31:85:c8:b7:b0:15:61:b7:e8:9b:39:
                    c2:e9:35:e8:e2:f4:31:ea:b1:d3:c7:6b:f9:17:13:
                    65:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:BD:32:F8:64:C1:74:18:8C:E4:F7:D5:3B:93:DE:85:B9:9E:AB:FF
            X509v3 Authority Key Identifier:
                keyid:6A:6F:6E:C2:72:A5:EB:DC:18:24:1C:2C:84:D1:D9:FE:94:C1:25:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/6A6F6EC272A5EBDC18241C2C84D1D9FE94C125AA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/829fb872-15bb-4a4e-9ed9-259960b049bd/43729997152fd84fcda6d190c3b3195b02679660112be9a2d7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/7/3139382e3133352e3136392e302f32342d3234203d3e20323036313235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.135.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:95:bf:a5:d1:af:b7:fa:be:22:91:77:8f:5e:dc:f6:55:bb:
         8c:5d:de:2b:71:78:75:57:a2:0b:bf:03:b7:aa:15:46:26:fc:
         f1:82:18:73:a4:3b:db:95:25:69:f5:eb:76:62:25:25:10:52:
         11:79:20:d6:ea:04:ae:ec:bc:61:a0:df:b8:fe:56:0f:35:cb:
         62:bc:26:eb:16:02:14:c0:b1:8e:e7:fb:c2:9d:4e:bd:1a:24:
         c8:27:13:4d:ee:66:a4:71:b6:c8:98:d3:9e:a8:7b:54:76:a4:
         0a:30:fa:22:30:98:62:45:0f:12:2a:82:83:8a:ab:0b:78:46:
         9b:ac:a6:e6:43:12:35:1d:86:04:0f:84:94:38:0b:f2:a4:97:
         60:e8:84:fe:1c:5b:27:ac:6f:7d:d9:21:70:63:1f:a1:a3:ea:
         44:32:aa:6d:6e:cc:c9:6e:c8:d1:dd:3f:a7:f1:c6:46:9e:51:
         3f:20:96:22:8f:d0:22:b1:aa:28:e0:55:a7:67:c2:77:8c:8e:
         a6:a9:1b:9b:cb:13:28:f9:38:56:45:b0:8d:fe:7c:d2:8c:de:
         16:58:8c:96:62:88:bf:ce:45:ae:c1:3a:75:ce:36:59:a7:d0:
         e2:15:ba:1b:9d:5a:85:93:a0:ed:bd:f7:09:5e:ed:be:10:a7:
         78:0d:56:42
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgIULpafUNGBenK9UDtGZUqGR2BFpbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIw
MjY3OTY2MDExMmJlOWEyZDcwHhcNMjUwMTA0MDUwMzI4WhcNMjYwMTAzMDUwODI4
WjAzMTEwLwYDVQQDEyg1NUJEMzJGODY0QzE3NDE4OENFNEY3RDUzQjkzREU4NUI5
OUVBQkZGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRsdk+v7mJZS
/fi7iJ04SFa9A5lOa3o7KzjU9ADxmq4EJPcBLNV4piN0yP9Pz5r2k/7uyfimbj7t
Trv/b1iSxt4Xl1dCPAoclJF5f3H3Y+TvDOAUxg+6vijVTydDMuODr9eJl2rUA3gm
iJsdAIEi5x+QJOYSI5qOstCV/YaKoZxF7qVPBIIBGNAACRxVrGdYOiHBsXLpDOQe
FPvGTe2bySIfO5X2GNJyANVGTi+z4nWfzz78x10ck4w5l4zSFuohDfPcGoTHaa3o
SmDKoEjYL2xP+LtgIVnBH/6V4ybHF0ufnuUHMYXIt7AVYbfomznC6TXo4vQx6rHT
x2v5FxNlhwIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFFW9MvhkwXQYjOT31TuT3oW5
nqv/MB8GA1UdIwQYMBaAFGpvbsJypevcGCQcLITR2f6UwSWqMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC83LzZBNkY2RUMyNzJBNUVCREMxODI0MUMyQzg0RDFEOUZF
OTRDMTI1QUEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTIt
NDk5NC04ZjZjLWQ2YzkxYjBiODQxNS84MjlmYjg3Mi0xNWJiLTRhNGUtOWVkOS0y
NTk5NjBiMDQ5YmQvNDM3Mjk5OTcxNTJmZDg0ZmNkYTZkMTkwYzNiMzE5NWIwMjY3
OTY2MDExMmJlOWEyZDcuY2VyMIGxBggrBgEFBQcBCwSBpDCBoTCBngYIKwYBBQUH
MAuGgZFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC83LzMxMzkzODJl
MzEzMzM1MmUzMTM2MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzYzMTMy
MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADGh6kwDQYJKoZIhvcNAQELBQADggEBACWVv6XRr7f6viKR
d49e3PZVu4xd3itxeHVXogu/A7eqFUYm/PGCGHOkO9uVJWn163ZiJSUQUhF5INbq
BK7svGGg37j+Vg81y2K8JusWAhTAsY7n+8KdTr0aJMgnE03uZqRxtsiY056oe1R2
pAow+iIwmGJFDxIqgoOKqwt4RpuspuZDEjUdhgQPhJQ4C/Kkl2DohP4cWyesb33Z
IXBjH6Gj6kQyqm1uzMluyNHdP6fxxkaeUT8gliKP0CKxqijgVadnwneMjqapG5vL
Eyj5OFZFsI3+fNKM3hZYjJZiiL/ORa7BOnXONlmn0OIVuhudWoWToO299wle7b4Q
p3gNVkI=
-----END CERTIFICATE-----
Generated at Sat Apr 5 04:35:03 2025 by rpki-client