Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203233343730.roa
File:                     32332e3134352e35372e302f32342d3234203d3e203233343730.roa (raw, json)
Hash identifier:          MU5FF02lcfA1rcKdf+9Kd4rYiSkHMhaoq8EWHQwYN4o=
Subject key identifier:   B8:AF:AD:8C:BB:AE:49:31:A9:F3:18:DB:E7:38:1D:B0:9C:90:A6:8C
Certificate issuer:       /CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
Certificate serial:       3D9EDC3A9CE5873CF9BDD55B03803B65BD08E82E
Authority key identifier: 93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203233343730.roa
Signing time:             Wed 28 Feb 2024 03:39:29 +0000
ROA not before:           Wed 28 Feb 2024 03:34:29 +0000
ROA not after:            Wed 26 Feb 2025 03:39:29 +0000
asID:                     23470
IP address blocks:        23.145.57.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 28 Feb 2024 18:26:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:9e:dc:3a:9c:e5:87:3c:f9:bd:d5:5b:03:80:3b:65:bd:08:e8:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
        Validity
            Not Before: Feb 28 03:34:29 2024 GMT
            Not After : Feb 26 03:39:29 2025 GMT
        Subject: CN=B8AFAD8CBBAE4931A9F318DBE7381DB09C90A68C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f4:ee:28:a1:7d:be:3a:59:99:30:dd:cd:a2:
                    e1:d3:bd:4e:15:b9:c5:a4:0b:5b:62:99:48:89:26:
                    83:dc:77:67:48:7c:2b:a2:a7:cb:e8:ca:d9:47:d7:
                    73:62:4d:b1:43:79:92:33:12:a4:3e:1b:8b:e2:40:
                    7e:21:73:d8:26:20:8a:af:44:22:e2:3b:64:0e:f9:
                    19:df:74:00:14:12:fe:bc:f1:f0:b4:e4:84:8a:67:
                    27:df:3d:96:6f:ff:43:f7:94:41:ad:16:80:69:a2:
                    44:db:7e:39:c6:00:56:20:02:ea:20:41:ca:b3:20:
                    20:75:4c:ee:5f:9a:4c:08:b7:4d:05:17:6f:61:0d:
                    0b:6d:53:0a:2c:a1:3d:ec:ae:6b:63:a9:19:3a:97:
                    1e:b6:87:90:15:ee:a8:e0:07:ab:fa:81:c3:43:50:
                    8e:28:fe:e9:62:40:f1:a7:6f:26:8a:bf:fd:2d:f1:
                    d0:f3:95:99:c0:f0:c1:b2:ad:8b:01:bc:24:37:da:
                    3f:dc:9b:dd:d1:8f:70:1f:13:b2:2d:c9:38:48:cd:
                    c0:83:34:db:a3:ed:20:a7:c3:11:7f:39:a3:02:c3:
                    c5:c2:a8:9c:74:5e:a7:62:94:77:e6:b2:43:0d:9c:
                    e6:c0:78:75:4d:c0:9f:45:ef:37:42:b2:ee:d2:e2:
                    17:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:AF:AD:8C:BB:AE:49:31:A9:F3:18:DB:E7:38:1D:B0:9C:90:A6:8C
            X509v3 Authority Key Identifier:
                keyid:93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203233343730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:cf:06:2f:22:72:a7:17:95:f7:fe:24:93:9c:68:5a:bb:3c:
         e8:a4:fc:ae:f1:72:2b:3b:ff:de:70:57:2b:b0:71:73:ca:9d:
         e7:7f:26:6c:75:ee:78:89:d1:09:53:53:92:08:d9:75:b5:a9:
         4e:d5:81:97:08:fb:d4:a7:6c:29:6c:7e:5a:0c:af:2b:f4:8a:
         82:ed:1f:2a:7e:6e:01:40:d7:81:bf:fd:9c:09:ae:75:f3:4d:
         4f:0f:2e:b3:72:e5:fd:b4:75:d8:a5:6a:6d:db:f6:20:1f:df:
         f8:2e:e7:73:45:f2:44:0e:68:15:78:85:b4:0a:a5:9a:8e:d0:
         13:dc:81:bd:34:48:c2:d6:87:4d:76:72:0c:08:50:8f:99:e0:
         f1:50:d4:7d:be:07:a9:22:24:01:41:cf:b7:78:ae:da:47:c8:
         8e:bb:39:e4:85:6f:2e:68:2d:42:d5:4c:c6:7c:a9:f5:51:4a:
         fa:cc:92:ab:5d:3d:58:bc:07:4c:8a:f6:f2:b1:05:f9:5b:32:
         25:a9:23:57:00:e4:51:60:92:6a:3e:4f:e7:da:0f:21:15:6c:
         76:90:01:7f:4d:8a:52:4b:6f:b7:ad:02:85:e7:93:b2:67:a6:
         48:18:e6:7b:b5:55:b6:22:0b:46:23:68:24:92:8c:53:32:9e:
         ac:16:e8:cf
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUPZ7cOpzlhzz5vdVbA4A7Zb0I6C4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4
Zjc5NGRmMzJiZmU5ZWQwNzEwHhcNMjQwMjI4MDMzNDI5WhcNMjUwMjI2MDMzOTI5
WjAzMTEwLwYDVQQDEyhCOEFGQUQ4Q0JCQUU0OTMxQTlGMzE4REJFNzM4MURCMDlD
OTBBNjhDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfTuKKF9vjpZ
mTDdzaLh071OFbnFpAtbYplIiSaD3HdnSHwroqfL6MrZR9dzYk2xQ3mSMxKkPhuL
4kB+IXPYJiCKr0Qi4jtkDvkZ33QAFBL+vPHwtOSEimcn3z2Wb/9D95RBrRaAaaJE
2345xgBWIALqIEHKsyAgdUzuX5pMCLdNBRdvYQ0LbVMKLKE97K5rY6kZOpcetoeQ
Fe6o4Aer+oHDQ1COKP7pYkDxp28mir/9LfHQ85WZwPDBsq2LAbwkN9o/3Jvd0Y9w
HxOyLck4SM3AgzTbo+0gp8MRfzmjAsPFwqicdF6nYpR35rJDDZzmwHh1TcCfRe83
QrLu0uIXLQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFLivrYy7rkkxqfMY2+c4HbCc
kKaMMB8GA1UdIwQYMBaAFJOwKWwxeHeA/oQTMY/Q0nCDg0zFMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC84LzkzQjAyOTZDMzE3ODc3ODBGRTg0MTMzMThGRDBEMjcw
ODM4MzRDQzUuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4Zjc5
NGRmMzJiZmU5ZWQwNzEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC84LzMyMzMyZTMx
MzQzNTJlMzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzMzNDM3MzAucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXkTkwDQYJKoZIhvcNAQELBQADggEBAGPPBi8icqcXlff+JJOcaFq7
POik/K7xcis7/95wVyuwcXPKned/Jmx17niJ0QlTU5II2XW1qU7VgZcI+9SnbCls
floMryv0ioLtHyp+bgFA14G//ZwJrnXzTU8PLrNy5f20ddilam3b9iAf3/gu53NF
8kQOaBV4hbQKpZqO0BPcgb00SMLWh012cgwIUI+Z4PFQ1H2+B6kiJAFBz7d4rtpH
yI67OeSFby5oLULVTMZ8qfVRSvrMkqtdPVi8B0yK9vKxBflbMiWpI1cA5FFgkmo+
T+faDyEVbHaQAX9NilJLb7etAoXnk7JnpkgY5nu1VbYiC0YjaCSSjFMynqwW6M8=
-----END CERTIFICATE-----