Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a3a2f34382d3438203d3e203633333930.roa
File:                     323630323a663939323a3a2f34382d3438203d3e203633333930.roa (raw, json)
Hash identifier:          H36uH3T07rWST1Ri9735+M/mVW47NC6TsEf7qt3n414=
Subject key identifier:   DE:84:EE:53:6E:14:DF:E9:B9:82:2F:6F:CD:11:D2:D0:17:79:44:4D
Certificate issuer:       /CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
Certificate serial:       0AF5B165C733279AC15B53DBF22EB2E05411A0A0
Authority key identifier: 2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a3a2f34382d3438203d3e203633333930.roa
Signing time:             Tue 06 Feb 2024 01:59:29 +0000
ROA not before:           Tue 06 Feb 2024 01:54:29 +0000
ROA not after:            Tue 04 Feb 2025 01:59:29 +0000
asID:                     63390
IP address blocks:        2602:f992::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 29 Feb 2024 01:44:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:f5:b1:65:c7:33:27:9a:c1:5b:53:db:f2:2e:b2:e0:54:11:a0:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355
        Validity
            Not Before: Feb  6 01:54:29 2024 GMT
            Not After : Feb  4 01:59:29 2025 GMT
        Subject: CN=DE84EE536E14DFE9B9822F6FCD11D2D01779444D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b4:0a:b3:c0:17:29:8a:96:57:9f:96:73:e2:
                    ab:68:3c:a7:c9:fc:99:9b:bb:8f:85:c7:2a:0e:9f:
                    c6:c0:96:ff:69:7b:01:8c:e7:29:fb:f5:ed:93:1b:
                    93:ff:f9:20:88:67:e4:d4:f1:dc:f8:e2:2f:83:28:
                    56:31:bf:c3:65:c7:aa:18:ac:12:bb:88:bb:ee:dd:
                    bf:fc:a0:15:02:25:8a:72:44:e5:a3:8a:8e:2e:1e:
                    92:8d:a7:4d:58:b5:d5:c2:89:bc:8a:b2:0e:a7:9d:
                    66:ce:07:65:c1:d0:f2:be:52:5f:40:51:c6:0e:99:
                    8f:3a:20:de:f0:29:7f:c8:73:25:a7:bf:5c:19:ca:
                    66:c4:99:52:73:3b:77:e0:66:e8:08:70:6f:d6:7d:
                    b0:e3:2a:d1:f6:93:38:1c:9c:b4:2e:7a:cd:c5:ef:
                    7f:b9:f3:28:b9:50:cd:7e:dd:ad:a8:d6:18:34:67:
                    df:c6:81:06:3f:c1:2e:d4:5f:67:88:41:fd:52:c8:
                    87:b5:77:ba:22:8d:8b:f3:98:51:d4:45:3c:3f:86:
                    05:df:c5:2c:d0:95:8f:a0:55:93:4c:b1:3d:0a:fc:
                    6b:7c:54:38:a3:ed:47:dc:d5:0f:55:f0:46:d4:75:
                    67:23:28:7d:ab:12:b4:f3:5b:8a:f1:27:c1:bb:10:
                    14:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:84:EE:53:6E:14:DF:E9:B9:82:2F:6F:CD:11:D2:D0:17:79:44:4D
            X509v3 Authority Key Identifier:
                keyid:2F:0F:1B:C6:7D:D2:B9:A7:E2:54:56:38:C1:73:D5:EC:06:0C:27:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/2F0F1BC67DD2B9A7E2545638C173D5EC060C27D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/b915810d-b97a-4696-955d-495d5d12c3b5/a1ba1093bbf34991bf59a35b2bcaf49ab828176fa4310b6355.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/1/323630323a663939323a3a2f34382d3438203d3e203633333930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:f992::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:58:55:61:45:1c:4a:9a:42:a3:64:95:ab:4f:1e:51:4f:c9:
         a1:2c:e4:b8:e9:7a:43:fd:97:72:6e:d7:94:77:c7:7b:a7:b6:
         f2:7d:e0:47:18:63:4c:66:bd:77:ad:07:f9:47:08:36:7b:00:
         85:b2:2a:ad:a1:d1:56:48:62:08:72:87:ab:86:41:e4:a1:ce:
         d2:67:d8:72:7d:90:97:4e:28:53:ef:de:51:bf:95:6c:6b:35:
         7f:21:3c:7c:40:4b:62:64:4d:cf:89:b0:d0:38:f4:c7:17:01:
         fe:ae:dd:29:69:f8:5b:b3:52:e8:88:ed:1c:4b:5e:74:5a:9c:
         83:63:67:eb:e8:9c:99:81:aa:7f:d8:54:91:96:97:92:d5:5e:
         05:a9:ec:f9:f5:13:69:57:1c:05:b3:21:3a:9c:df:40:24:65:
         70:c4:16:5d:1d:47:4c:c9:56:b8:c6:e2:75:47:e4:ac:3b:66:
         18:e4:ed:d2:67:9f:ff:64:9b:22:96:dd:95:cb:1e:80:25:a7:
         83:69:2e:8b:a8:a5:82:4c:ca:f8:4e:75:bb:af:3c:db:01:f4:
         7d:df:f0:99:5a:e6:6d:f4:05:bf:ca:0a:ea:62:93:c6:7d:fd:
         68:76:e9:89:22:4b:c7:dc:13:9b:a5:b3:e7:9a:9f:d5:f5:7f:
         ba:53:66:00
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgIUCvWxZcczJ5rBW1Pb8i6y4FQRoKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFi
ODI4MTc2ZmE0MzEwYjYzNTUwHhcNMjQwMjA2MDE1NDI5WhcNMjUwMjA0MDE1OTI5
WjAzMTEwLwYDVQQDEyhERTg0RUU1MzZFMTRERkU5Qjk4MjJGNkZDRDExRDJEMDE3
Nzk0NDREMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7QKs8AXKYqW
V5+Wc+KraDynyfyZm7uPhccqDp/GwJb/aXsBjOcp+/XtkxuT//kgiGfk1PHc+OIv
gyhWMb/DZceqGKwSu4i77t2//KAVAiWKckTlo4qOLh6SjadNWLXVwom8irIOp51m
zgdlwdDyvlJfQFHGDpmPOiDe8Cl/yHMlp79cGcpmxJlSczt34GboCHBv1n2w4yrR
9pM4HJy0LnrNxe9/ufMouVDNft2tqNYYNGffxoEGP8Eu1F9niEH9UsiHtXe6Io2L
85hR1EU8P4YF38Us0JWPoFWTTLE9CvxrfFQ4o+1H3NUPVfBG1HVnIyh9qxK081uK
8SfBuxAU3QIDAQABo4ICzjCCAsowHQYDVR0OBBYEFN6E7lNuFN/puYIvb80R0tAX
eURNMB8GA1UdIwQYMBaAFC8PG8Z90rmn4lRWOMFz1ewGDCfQMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5
LTMwOWVkOTdmMzgyNC8xLzJGMEYxQkM2N0REMkI5QTdFMjU0NTYzOEMxNzNENUVD
MDYwQzI3RDAuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2It
NGIzMy05YTg4LTViMjJkMmE4MzM3ZC9iOTE1ODEwZC1iOTdhLTQ2OTYtOTU1ZC00
OTVkNWQxMmMzYjUvYTFiYTEwOTNiYmYzNDk5MWJmNTlhMzViMmJjYWY0OWFiODI4
MTc2ZmE0MzEwYjYzNTUuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
Lzg5MjcwZjZjLWEzZmUtNDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8xLzMyMzYzMDMy
M2E2NjM5MzkzMjNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDM2MzMzMzM5MzAucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAmAvmSAAAwDQYJKoZIhvcNAQELBQADggEBAA9YVWFFHEqaQqNklatP
HlFPyaEs5LjpekP9l3Ju15R3x3untvJ94EcYY0xmvXetB/lHCDZ7AIWyKq2h0VZI
Yghyh6uGQeShztJn2HJ9kJdOKFPv3lG/lWxrNX8hPHxAS2JkTc+JsNA49McXAf6u
3Slp+FuzUuiI7RxLXnRanINjZ+vonJmBqn/YVJGWl5LVXgWp7Pn1E2lXHAWzITqc
30AkZXDEFl0dR0zJVrjG4nVH5Kw7Zhjk7dJnn/9kmyKW3ZXLHoAlp4NpLouopYJM
yvhOdbuvPNsB9H3f8Jla5m30Bb/KCupik8Z9/Wh26YkiS8fcE5uls+ean9X1f7pT
ZgA=