Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203530323234.roa
File:                     32332e3134352e35362e302f32342d3234203d3e203530323234.roa (raw, json)
Hash identifier:          cp26tjhe7i7ErMaF8a07GyT4HQ1tS6PFk5+aryCWZJY=
Subject key identifier:   08:B8:FA:B1:E6:A8:CA:4F:1E:A8:30:33:DE:C5:76:07:81:32:87:84
Certificate issuer:       /CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
Certificate serial:       4BFA92EFE3CB4B35F7FF4E89C632F21B82D1F853
Authority key identifier: 93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203530323234.roa
Signing time:             Mon 14 Oct 2024 05:35:10 +0000
ROA not before:           Mon 14 Oct 2024 05:30:10 +0000
ROA not after:            Mon 13 Oct 2025 05:35:10 +0000
asID:                     50224
IP address blocks:        23.145.56.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 17 Oct 2024 21:25:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:fa:92:ef:e3:cb:4b:35:f7:ff:4e:89:c6:32:f2:1b:82:d1:f8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
        Validity
            Not Before: Oct 14 05:30:10 2024 GMT
            Not After : Oct 13 05:35:10 2025 GMT
        Subject: CN=08B8FAB1E6A8CA4F1EA83033DEC5760781328784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:de:7c:02:04:df:48:a1:2e:09:f1:f6:b4:ca:
                    f2:9d:3a:53:d7:2e:e7:66:f5:24:07:d3:d8:40:76:
                    39:1a:29:cd:dc:5c:e2:f3:1b:e1:64:88:41:94:45:
                    0c:1a:bd:2b:90:2c:45:6c:7e:e3:26:b2:9d:c7:0a:
                    cc:cc:00:b5:3c:ea:54:2c:ca:6b:e9:e5:ad:3d:b8:
                    0e:ea:f3:ba:18:94:57:03:2a:f8:eb:b0:b3:45:de:
                    f1:73:20:ff:ff:32:34:a3:cd:3e:62:04:8d:31:27:
                    27:72:82:32:7b:b3:ba:30:0c:c8:98:0d:68:f0:dc:
                    4b:99:02:92:c4:fd:59:8f:70:ed:8d:61:3d:74:16:
                    99:1c:d0:3f:a3:c0:1c:dc:c6:e8:b3:2e:4b:ee:84:
                    68:4c:2b:bb:0c:0c:c4:2c:5e:28:cc:fd:43:7b:75:
                    3b:c8:4f:0c:9c:6e:93:87:91:04:b2:31:65:37:17:
                    a5:44:1b:be:92:a2:9c:cf:36:53:1f:85:06:ad:9a:
                    17:d6:a3:bc:51:d3:fe:01:bd:1b:c4:97:e4:43:43:
                    04:56:7f:3f:e7:d2:b2:ab:90:25:dd:16:35:37:68:
                    df:87:a9:dd:7e:c3:e7:3d:c5:c7:13:86:8d:6d:6e:
                    62:c7:fa:a5:ac:5d:63:12:5a:40:c4:a3:75:52:93:
                    36:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B8:FA:B1:E6:A8:CA:4F:1E:A8:30:33:DE:C5:76:07:81:32:87:84
            X509v3 Authority Key Identifier:
                keyid:93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ec:76:6d:30:5a:e2:93:a1:7a:c8:f4:e4:8b:bf:40:e8:01:
         e8:ee:ae:8d:d9:f1:07:39:88:28:47:eb:d3:a4:52:6d:36:85:
         9e:e0:b8:5e:bb:dd:26:5f:0f:f3:69:ea:17:2c:42:5a:40:d3:
         fe:a5:56:f3:ac:00:b1:f1:78:cf:3e:24:ff:74:45:ee:84:34:
         21:76:f9:ab:c1:a1:fb:4c:86:9f:7e:dc:a8:1c:ac:38:bf:3d:
         eb:63:ac:f7:aa:3f:ec:ca:39:32:2c:f9:b8:5c:df:63:8a:de:
         95:b8:4f:c4:c8:c7:8b:26:17:2e:a2:13:4f:c3:4c:0a:94:13:
         73:79:ae:18:70:e8:71:52:37:7a:b8:30:41:4f:b0:7a:92:61:
         cc:b5:32:bb:30:45:3e:a4:1c:af:98:68:26:3d:01:48:1d:c1:
         93:84:2f:4d:2e:35:53:8a:6b:23:f7:aa:f1:9f:9c:05:eb:17:
         26:56:8a:e8:4e:c5:40:dd:09:97:da:f4:8b:f2:4b:42:3e:cf:
         77:5f:3f:d9:4f:08:14:07:09:68:05:57:4d:d1:6e:6c:07:a6:
         48:31:a6:e5:77:f9:e7:c5:e5:d8:c4:60:50:ef:65:b9:d3:06:
         61:9f:3c:54:95:d3:18:a8:7c:2d:b3:f5:eb:da:1d:f1:65:81:
         d9:20:54:84
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUS/qS7+PLSzX3/06JxjLyG4LR+FMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4
Zjc5NGRmMzJiZmU5ZWQwNzEwHhcNMjQxMDE0MDUzMDEwWhcNMjUxMDEzMDUzNTEw
WjAzMTEwLwYDVQQDEygwOEI4RkFCMUU2QThDQTRGMUVBODMwMzNERUM1NzYwNzgx
MzI4Nzg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt58AgTfSKEu
CfH2tMrynTpT1y7nZvUkB9PYQHY5GinN3Fzi8xvhZIhBlEUMGr0rkCxFbH7jJrKd
xwrMzAC1POpULMpr6eWtPbgO6vO6GJRXAyr467CzRd7xcyD//zI0o80+YgSNMScn
coIye7O6MAzImA1o8NxLmQKSxP1Zj3DtjWE9dBaZHNA/o8Ac3Mbosy5L7oRoTCu7
DAzELF4ozP1De3U7yE8MnG6Th5EEsjFlNxelRBu+kqKczzZTH4UGrZoX1qO8UdP+
Ab0bxJfkQ0MEVn8/59Kyq5Al3RY1N2jfh6ndfsPnPcXHE4aNbW5ix/qlrF1jElpA
xKN1UpM26wIDAQABo4ICyzCCAscwHQYDVR0OBBYEFAi4+rHmqMpPHqgwM97FdgeB
MoeEMB8GA1UdIwQYMBaAFJOwKWwxeHeA/oQTMY/Q0nCDg0zFMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC84LzkzQjAyOTZDMzE3ODc3ODBGRTg0MTMzMThGRDBEMjcw
ODM4MzRDQzUuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4Zjc5
NGRmMzJiZmU5ZWQwNzEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC84LzMyMzMyZTMx
MzQzNTJlMzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzMjMyMzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXkTgwDQYJKoZIhvcNAQELBQADggEBALjsdm0wWuKToXrI9OSLv0Do
Aejuro3Z8Qc5iChH69OkUm02hZ7guF673SZfD/Np6hcsQlpA0/6lVvOsALHxeM8+
JP90Re6ENCF2+avBoftMhp9+3KgcrDi/PetjrPeqP+zKOTIs+bhc32OK3pW4T8TI
x4smFy6iE0/DTAqUE3N5rhhw6HFSN3q4MEFPsHqSYcy1MrswRT6kHK+YaCY9AUgd
wZOEL00uNVOKayP3qvGfnAXrFyZWiuhOxUDdCZfa9IvyS0I+z3dfP9lPCBQHCWgF
V03RbmwHpkgxpuV3+efF5djEYFDvZbnTBmGfPFSV0xiofC2z9evaHfFlgdkgVIQ=
-----END CERTIFICATE-----