Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203539393230.roa
File:                     32332e3134352e35362e302f32342d3234203d3e203539393230.roa (raw, json)
Hash identifier:          I3RjNxDFiOnqSDD2n0HWuG6+WY8JC7WZIvQbgJjuCNc=
Subject key identifier:   DB:9D:D1:D8:E9:B9:C8:72:87:FB:D7:6D:E7:AC:5B:BD:A6:CA:8D:02
Certificate issuer:       /CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
Certificate serial:       18BCC3B04F6B595BAA7DA51209BCCE8769440422
Authority key identifier: 93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203539393230.roa
Signing time:             Mon 14 Oct 2024 10:57:39 +0000
ROA not before:           Mon 14 Oct 2024 10:52:39 +0000
ROA not after:            Mon 13 Oct 2025 10:57:39 +0000
asID:                     59920
IP address blocks:        23.145.56.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 17 Oct 2024 21:25:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:bc:c3:b0:4f:6b:59:5b:aa:7d:a5:12:09:bc:ce:87:69:44:04:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
        Validity
            Not Before: Oct 14 10:52:39 2024 GMT
            Not After : Oct 13 10:57:39 2025 GMT
        Subject: CN=DB9DD1D8E9B9C87287FBD76DE7AC5BBDA6CA8D02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3a:14:9d:7f:c2:12:d2:eb:17:49:38:09:11:
                    9a:1f:29:9e:84:af:9f:53:be:c6:54:0a:71:f2:d3:
                    f8:b1:6e:3c:9a:c0:b8:f7:3c:e0:5f:cd:6b:68:16:
                    20:61:06:46:b5:8b:38:08:6f:bc:9f:fc:4b:db:4e:
                    b9:f8:21:3c:0f:fb:b4:65:22:34:5d:47:78:ef:47:
                    2c:37:1e:91:af:ae:94:b2:df:b7:da:8f:ca:ff:2c:
                    71:24:9b:de:66:e6:44:8b:b1:21:3f:af:a0:33:80:
                    46:5a:cb:87:e8:93:9c:44:7d:41:d6:3e:ab:e1:da:
                    3d:15:89:b5:ee:7b:88:13:d2:70:e8:7b:40:be:f9:
                    90:41:bf:cb:ea:bb:9d:2b:75:7f:93:29:e7:67:ee:
                    a3:48:01:7c:e7:2a:64:86:df:bb:17:1d:53:cb:28:
                    f4:92:5b:7e:ef:da:f0:1c:89:22:19:6b:00:c8:2d:
                    9f:cf:94:07:8c:97:ab:2c:21:4d:61:6d:9e:a5:a6:
                    8b:05:11:ff:44:13:a0:d6:8e:ae:35:56:07:5a:fc:
                    17:01:3b:c2:72:d4:34:8e:ba:5c:67:81:d7:54:18:
                    8e:03:aa:b1:c2:f3:74:d6:2d:b7:9c:ac:cd:8f:78:
                    ec:14:ec:6d:0b:e7:ad:ca:a5:d8:2f:0d:80:40:5f:
                    b2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9D:D1:D8:E9:B9:C8:72:87:FB:D7:6D:E7:AC:5B:BD:A6:CA:8D:02
            X509v3 Authority Key Identifier:
                keyid:93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35362e302f32342d3234203d3e203539393230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:0b:02:d2:b6:0d:9e:21:6a:79:44:dc:15:7f:cd:94:06:71:
         7a:2c:0d:df:68:9a:c5:98:50:03:4e:28:54:87:e7:c4:2a:2e:
         a1:6b:f5:a8:b7:ac:cd:c6:5a:c8:42:03:15:b5:e8:de:e7:1d:
         be:40:30:64:25:4b:5a:1b:d8:95:35:df:12:5f:35:7f:59:3c:
         ef:ed:e4:45:26:24:a2:1a:0c:fd:7b:6b:f8:13:ba:9e:28:0c:
         fa:fb:5d:c1:1c:6d:80:4e:c8:48:e5:a4:61:f4:56:46:b1:7e:
         f2:b5:fe:be:3c:56:9c:19:1c:aa:e1:3c:a1:b1:23:74:a2:25:
         39:9c:c9:38:88:8a:e0:80:9a:a9:df:e8:5e:c8:bd:91:0c:22:
         52:76:2c:e7:1a:03:f1:cc:97:79:98:96:1f:46:b1:d9:3f:d7:
         3a:7e:14:40:0a:d4:00:64:02:a6:26:22:1c:6c:30:72:89:ce:
         cd:58:36:c1:24:bf:74:d7:68:81:17:ee:e5:18:f6:f5:21:53:
         16:06:2e:62:60:76:d4:4f:c7:ab:f5:9a:2c:29:95:b3:7b:55:
         fb:29:9f:25:8f:86:0c:81:a7:fa:1b:4b:8b:e4:fb:a2:85:aa:
         2f:10:54:07:21:00:4c:77:d5:8e:2f:38:5b:70:8f:77:43:e4:
         70:8e:ae:a0
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUGLzDsE9rWVuqfaUSCbzOh2lEBCIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4
Zjc5NGRmMzJiZmU5ZWQwNzEwHhcNMjQxMDE0MTA1MjM5WhcNMjUxMDEzMTA1NzM5
WjAzMTEwLwYDVQQDEyhEQjlERDFEOEU5QjlDODcyODdGQkQ3NkRFN0FDNUJCREE2
Q0E4RDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjoUnX/CEtLr
F0k4CRGaHymehK+fU77GVApx8tP4sW48msC49zzgX81raBYgYQZGtYs4CG+8n/xL
2065+CE8D/u0ZSI0XUd470csNx6Rr66Ust+32o/K/yxxJJveZuZEi7EhP6+gM4BG
WsuH6JOcRH1B1j6r4do9FYm17nuIE9Jw6HtAvvmQQb/L6rudK3V/kynnZ+6jSAF8
5ypkht+7Fx1Tyyj0klt+79rwHIkiGWsAyC2fz5QHjJerLCFNYW2epaaLBRH/RBOg
1o6uNVYHWvwXATvCctQ0jrpcZ4HXVBiOA6qxwvN01i23nKzNj3jsFOxtC+etyqXY
Lw2AQF+yAQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFNud0djpuchyh/vXbeesW72m
yo0CMB8GA1UdIwQYMBaAFJOwKWwxeHeA/oQTMY/Q0nCDg0zFMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC84LzkzQjAyOTZDMzE3ODc3ODBGRTg0MTMzMThGRDBEMjcw
ODM4MzRDQzUuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4Zjc5
NGRmMzJiZmU5ZWQwNzEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC84LzMyMzMyZTMx
MzQzNTJlMzUzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzkzOTMyMzAucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXkTgwDQYJKoZIhvcNAQELBQADggEBAEMLAtK2DZ4hanlE3BV/zZQG
cXosDd9omsWYUANOKFSH58QqLqFr9ai3rM3GWshCAxW16N7nHb5AMGQlS1ob2JU1
3xJfNX9ZPO/t5EUmJKIaDP17a/gTup4oDPr7XcEcbYBOyEjlpGH0VkaxfvK1/r48
VpwZHKrhPKGxI3SiJTmcyTiIiuCAmqnf6F7IvZEMIlJ2LOcaA/HMl3mYlh9Gsdk/
1zp+FEAK1ABkAqYmIhxsMHKJzs1YNsEkv3TXaIEX7uUY9vUhUxYGLmJgdtRPx6v1
miwplbN7VfspnyWPhgyBp/obS4vk+6KFqi8QVAchAEx31Y4vOFtwj3dD5HCOrqA=