Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32382e302f32332d3234203d3e2033333230.roa
File:                     33312e362e32382e302f32332d3234203d3e2033333230.roa (raw, json)
Hash identifier:          UVMexO/9/gEK7/ZzVIvd1MKwFwlHuX/GCBMYnngSPBc=
Subject key identifier:   34:9D:35:09:8E:63:B0:53:19:4E:AC:AD:C9:7F:FA:E6:BC:04:00:AF
Certificate issuer:       /CN=3a96802395455ca00679c41d5c056cae95d4b57d
Certificate serial:       30D3B4BC05598269A3FD481285BB727DC57FF406
Authority key identifier: 3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32382e302f32332d3234203d3e2033333230.roa
Signing time:             Wed 22 Mar 2023 15:29:44 +0000
ROA not before:           Wed 22 Mar 2023 15:24:44 +0000
ROA not after:            Wed 20 Mar 2024 15:29:44 +0000
asID:                     3320
IP address blocks:        31.6.28.0/23 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:d3:b4:bc:05:59:82:69:a3:fd:48:12:85:bb:72:7d:c5:7f:f4:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a96802395455ca00679c41d5c056cae95d4b57d
        Validity
            Not Before: Mar 22 15:24:44 2023 GMT
            Not After : Mar 20 15:29:44 2024 GMT
        Subject: CN=349D35098E63B053194EACADC97FFAE6BC0400AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d0:3e:24:92:10:8b:9b:c2:6a:f8:b4:9a:4f:
                    a0:4b:78:76:f6:6d:92:74:f2:03:80:3b:9c:c0:a6:
                    ad:aa:fb:1d:a4:74:4a:e7:82:7a:35:3d:6f:5f:d4:
                    f5:74:72:aa:08:e3:ad:d8:1f:f9:ab:71:d3:48:a7:
                    b0:be:e6:eb:47:76:b7:ca:6d:58:db:81:f2:22:e3:
                    20:9f:a5:9f:01:14:d0:17:25:e6:f1:61:a1:fe:72:
                    8a:5c:0c:0c:2d:38:30:70:73:9d:2a:16:30:bb:85:
                    44:ed:2c:27:24:05:22:b4:83:3e:46:8f:3a:b2:f1:
                    f8:f1:34:94:e5:93:d6:a6:a1:a9:bf:eb:49:9b:06:
                    53:8a:b8:98:d0:12:30:6c:07:88:f3:cb:09:9a:fa:
                    17:30:8a:27:cb:23:66:c1:67:16:89:7d:54:7d:1a:
                    e8:23:e7:f4:5e:eb:8c:bb:60:f1:f0:a4:0b:4b:ac:
                    1c:af:b6:24:59:87:80:dd:ad:8c:f2:10:0d:1a:af:
                    26:34:83:79:18:02:eb:25:58:69:e7:2b:50:ab:4f:
                    bc:24:d2:b0:db:66:7a:fa:a0:90:0b:80:ef:e9:6f:
                    1d:e0:37:20:b8:6d:32:9b:b9:c5:4b:42:a4:97:ff:
                    43:1a:0a:0b:e9:5c:d4:6c:04:d8:31:c6:0c:a7:0c:
                    c2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:9D:35:09:8E:63:B0:53:19:4E:AC:AD:C9:7F:FA:E6:BC:04:00:AF
            X509v3 Authority Key Identifier:
                keyid:3A:96:80:23:95:45:5C:A0:06:79:C4:1D:5C:05:6C:AE:95:D4:B5:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/3A96802395455CA00679C41D5C056CAE95D4B57D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpaAI5VFXKAGecQdXAVsrpXUtX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a2ffbce7-88dd-4ca9-b245-116386cee788/0/33312e362e32382e302f32332d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:c7:44:06:c2:92:df:6b:09:23:e2:5b:eb:a3:64:32:65:89:
         c3:79:0b:f0:64:b2:2b:6b:cb:01:b1:79:58:1d:17:5b:5e:03:
         91:eb:9c:99:ec:62:ac:24:ab:89:d8:b6:bc:4a:39:ef:95:7b:
         2d:da:b8:d0:fe:78:28:5d:8b:7b:77:ff:a3:24:3b:ad:2e:9c:
         28:16:c1:78:b5:4a:54:7e:5a:68:90:93:c5:cd:b0:d2:c4:06:
         29:3e:06:7f:37:46:35:29:20:e6:69:2d:d6:de:d7:6e:72:62:
         6e:92:72:4f:09:32:c2:14:09:27:07:cb:52:d9:1a:f6:0c:ef:
         44:92:ab:34:46:77:ca:6b:4b:a9:f1:e5:c7:51:0f:e2:93:1f:
         00:0a:90:61:b7:84:6f:b3:d1:bc:10:74:f9:a2:26:75:6c:ce:
         f1:20:fc:0d:a6:40:d2:9d:d1:7d:bd:ae:dd:cb:4d:f1:5d:6f:
         bb:ca:b2:ac:50:29:5f:77:c0:af:ed:28:a9:83:72:68:1c:01:
         8e:fc:98:ca:cb:66:29:f4:57:c9:a6:7c:41:86:ff:68:37:20:
         7e:88:fd:69:b1:ad:24:e0:75:ab:3b:53:3a:fa:b7:01:cd:fd:
         e7:76:1d:54:9e:35:ef:1d:1c:a5:40:00:b8:92:8b:a1:b1:d1:
         52:bf:ff:b0
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUMNO0vAVZgmmj/UgShbtyfcV/9AYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2E5NjgwMjM5NTQ1NWNhMDA2NzljNDFkNWMwNTZjYWU5
NWQ0YjU3ZDAeFw0yMzAzMjIxNTI0NDRaFw0yNDAzMjAxNTI5NDRaMDMxMTAvBgNV
BAMTKDM0OUQzNTA5OEU2M0IwNTMxOTRFQUNBREM5N0ZGQUU2QkMwNDAwQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/0D4kkhCLm8Jq+LSaT6BLeHb2
bZJ08gOAO5zApq2q+x2kdErngno1PW9f1PV0cqoI463YH/mrcdNIp7C+5utHdrfK
bVjbgfIi4yCfpZ8BFNAXJebxYaH+copcDAwtODBwc50qFjC7hUTtLCckBSK0gz5G
jzqy8fjxNJTlk9amoam/60mbBlOKuJjQEjBsB4jzywma+hcwiifLI2bBZxaJfVR9
Gugj5/Re64y7YPHwpAtLrByvtiRZh4DdrYzyEA0aryY0g3kYAuslWGnnK1CrT7wk
0rDbZnr6oJALgO/pbx3gNyC4bTKbucVLQqSX/0MaCgvpXNRsBNgxxgynDMJFAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUNJ01CY5jsFMZTqytyX/65rwEAK8wHwYDVR0j
BBgwFoAUOpaAI5VFXKAGecQdXAVsrpXUtX0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTJmZmJjZTctODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2Vl
Nzg4LzAvM0E5NjgwMjM5NTQ1NUNBMDA2NzlDNDFENUMwNTZDQUU5NUQ0QjU3RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09wYUFJNVZGWEtBR2VjUWRYQVZzcnBY
VXRYMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTJmZmJjZTct
ODhkZC00Y2E5LWIyNDUtMTE2Mzg2Y2VlNzg4LzAvMzMzMTJlMzYyZTMyMzgyZTMw
MmYzMjMzMmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAR8GHDANBgkq
hkiG9w0BAQsFAAOCAQEAXsdEBsKS32sJI+Jb66NkMmWJw3kL8GSyK2vLAbF5WB0X
W14DkeucmexirCSridi2vEo575V7Ldq40P54KF2Le3f/oyQ7rS6cKBbBeLVKVH5a
aJCTxc2w0sQGKT4GfzdGNSkg5mkt1t7XbnJibpJyTwkywhQJJwfLUtka9gzvRJKr
NEZ3ymtLqfHlx1EP4pMfAAqQYbeEb7PRvBB0+aImdWzO8SD8DaZA0p3Rfb2u3ctN
8V1vu8qyrFApX3fAr+0oqYNyaBwBjvyYystmKfRXyaZ8QYb/aDcgfoj9abGtJOB1
qztTOvq3Ac3953YdVJ417x0cpUAAuJKLobHRUr//sA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:59 2023 by rpki-client on console-fra.rpki-client.org