Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203530323234.roa
File:                     32332e3134352e35372e302f32342d3234203d3e203530323234.roa (raw, json)
Hash identifier:          CoQo/M+ytz1yR3pl01t0AlN6oDHvXa8Zrel5Ee3pDs8=
Subject key identifier:   91:CC:2E:1A:D3:78:C6:13:6C:19:01:95:3D:DB:69:36:3B:EE:42:AA
Certificate issuer:       /CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
Certificate serial:       420EEB3E39B7D4D9E18F8B8FF42C65D450FE3537
Authority key identifier: 93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203530323234.roa
Signing time:             Sat 22 Mar 2025 15:22:05 +0000
ROA not before:           Sat 22 Mar 2025 15:17:05 +0000
ROA not after:            Sat 21 Mar 2026 15:22:05 +0000
asID:                     50224
IP address blocks:        23.145.57.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 01 Apr 2025 21:19:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0e:eb:3e:39:b7:d4:d9:e1:8f:8b:8f:f4:2c:65:d4:50:fe:35:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
        Validity
            Not Before: Mar 22 15:17:05 2025 GMT
            Not After : Mar 21 15:22:05 2026 GMT
        Subject: CN=91CC2E1AD378C6136C1901953DDB69363BEE42AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a7:63:88:32:8f:6d:19:e4:de:ca:1a:32:fe:
                    15:36:99:c4:77:a9:06:6e:f0:ad:f5:57:3a:b2:22:
                    a0:e6:25:fe:23:f4:c2:7d:fd:ab:9e:c9:ca:d3:6b:
                    a4:28:1f:96:d4:7e:9a:3d:eb:ef:72:a3:6b:d6:79:
                    ce:29:fd:c7:26:db:60:de:fb:8a:51:6d:50:c6:74:
                    03:5c:c3:c6:db:dd:b5:85:27:5a:86:ba:b9:58:33:
                    a3:f0:5e:df:73:4a:a0:5a:73:b7:6f:8f:22:79:45:
                    5c:e3:09:db:b3:be:18:a8:e6:92:a5:4b:a8:97:90:
                    4a:28:0a:f8:04:1e:fb:10:cd:f8:81:ba:92:02:15:
                    3f:35:e6:6f:34:1d:b5:70:14:9c:4e:d6:ac:6c:83:
                    39:b9:c8:36:6f:f0:a1:17:06:64:49:80:a3:dc:e9:
                    c0:39:83:83:9a:c6:65:28:6e:49:9b:55:0c:d1:f1:
                    c8:96:1b:c5:2b:db:44:ee:33:a6:94:62:0a:36:96:
                    96:11:e9:41:85:f0:ed:8c:ec:92:d6:9e:fe:e0:d1:
                    db:d8:2e:e2:7a:98:4a:13:ce:8a:30:54:90:ac:39:
                    89:86:3c:b6:99:9f:f0:7c:51:89:6d:ae:48:08:84:
                    a7:65:c3:85:35:41:cb:9d:fe:c9:2c:bd:28:6f:3b:
                    ca:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:CC:2E:1A:D3:78:C6:13:6C:19:01:95:3D:DB:69:36:3B:EE:42:AA
            X509v3 Authority Key Identifier:
                keyid:93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/32332e3134352e35372e302f32342d3234203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ca:47:a5:91:f1:69:c5:e3:d3:60:da:cd:d3:3b:4c:b2:b2:
         b2:05:29:8b:31:05:e8:92:20:57:df:3c:0a:fb:11:3f:68:6a:
         68:e1:25:f5:55:57:ee:bd:60:66:18:55:36:3f:90:0d:c5:e1:
         6d:53:6f:33:14:b2:d3:32:a5:3a:fa:42:01:78:94:d1:79:eb:
         f7:30:96:c6:0e:9f:38:c2:d1:95:13:1f:3b:a9:8c:41:c8:58:
         c6:80:4c:25:80:47:fa:9a:cc:e5:b0:9f:94:4f:d1:dc:38:18:
         d0:c1:47:80:1e:7c:44:07:6b:14:ac:71:bc:c6:28:3c:3e:52:
         bd:36:ea:d4:5f:6d:0f:d0:e2:13:35:fb:0f:99:ff:70:80:77:
         1a:6c:47:3f:e8:e0:3b:da:0d:81:8f:6b:26:8c:4d:40:0d:78:
         57:60:42:a4:88:f7:9b:35:e1:dd:ba:34:1f:4b:6e:02:67:41:
         94:4e:c9:c9:d0:d0:e3:15:74:8b:7c:20:41:fd:47:ef:cd:44:
         af:cc:66:1a:0e:99:95:6b:ea:ae:af:5e:aa:52:0a:7f:1d:1c:
         cb:8d:94:ff:1c:be:d9:fa:72:2a:d2:22:3b:f7:d1:04:21:17:
         74:d1:1c:23:46:c4:8e:68:1f:90:48:13:65:fc:de:7e:b2:84:
         7b:d5:a4:cb
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUQg7rPjm31Nnhj4uP9Cxl1FD+NTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4
Zjc5NGRmMzJiZmU5ZWQwNzEwHhcNMjUwMzIyMTUxNzA1WhcNMjYwMzIxMTUyMjA1
WjAzMTEwLwYDVQQDEyg5MUNDMkUxQUQzNzhDNjEzNkMxOTAxOTUzRERCNjkzNjNC
RUU0MkFBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAradjiDKPbRnk
3soaMv4VNpnEd6kGbvCt9Vc6siKg5iX+I/TCff2rnsnK02ukKB+W1H6aPevvcqNr
1nnOKf3HJttg3vuKUW1QxnQDXMPG2921hSdahrq5WDOj8F7fc0qgWnO3b48ieUVc
4wnbs74YqOaSpUuol5BKKAr4BB77EM34gbqSAhU/NeZvNB21cBScTtasbIM5ucg2
b/ChFwZkSYCj3OnAOYODmsZlKG5Jm1UM0fHIlhvFK9tE7jOmlGIKNpaWEelBhfDt
jOyS1p7+4NHb2C7iephKE86KMFSQrDmJhjy2mZ/wfFGJba5ICISnZcOFNUHLnf7J
LL0obzvKBwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFJHMLhrTeMYTbBkBlT3baTY7
7kKqMB8GA1UdIwQYMBaAFJOwKWwxeHeA/oQTMY/Q0nCDg0zFMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC84LzkzQjAyOTZDMzE3ODc3ODBGRTg0MTMzMThGRDBEMjcw
ODM4MzRDQzUuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4Zjc5
NGRmMzJiZmU5ZWQwNzEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC84LzMyMzMyZTMx
MzQzNTJlMzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzMjMyMzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBAAXkTkwDQYJKoZIhvcNAQELBQADggEBAK7KR6WR8WnF49Ng2s3TO0yy
srIFKYsxBeiSIFffPAr7ET9oamjhJfVVV+69YGYYVTY/kA3F4W1TbzMUstMypTr6
QgF4lNF56/cwlsYOnzjC0ZUTHzupjEHIWMaATCWAR/qazOWwn5RP0dw4GNDBR4Ae
fEQHaxSscbzGKDw+Ur026tRfbQ/Q4hM1+w+Z/3CAdxpsRz/o4DvaDYGPayaMTUAN
eFdgQqSI95s14d26NB9LbgJnQZROycnQ0OMVdIt8IEH9R+/NRK/MZhoOmZVr6q6v
XqpSCn8dHMuNlP8cvtn6cirSIjv30QQhF3TRHCNGxI5oH5BIE2X83n6yhHvVpMs=
-----END CERTIFICATE-----