Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/7/32332e3135332e3233322e302f32342d3234203d3e20313939373635.roa
File:                     32332e3135332e3233322e302f32342d3234203d3e20313939373635.roa (raw, json)
Hash identifier:          +B+z9XtUAaN20fSO0t6TN+ahHcE5GaDzO7soORTGpj4=
Subject key identifier:   71:8C:E2:FF:9B:45:51:F7:6B:B4:09:04:31:AB:70:FE:6F:46:67:1C
Certificate issuer:       /CN=4b43c64a680efdc51a00463172b8f5aff945e0733fc49c2e4c
Certificate serial:       597DF50CB1F6F1BCFC9EFD4166B043751032048C
Authority key identifier: D7:49:83:C1:FA:BA:0C:C1:56:6F:06:01:AF:E1:14:23:E1:1B:51:71
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b150e98d-80e9-45f6-bc63-6b40a3d59e9c/4b43c64a680efdc51a00463172b8f5aff945e0733fc49c2e4c.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/7/32332e3135332e3233322e302f32342d3234203d3e20313939373635.roa
Signing time:             Sun 17 Mar 2024 19:21:23 +0000
ROA not before:           Sun 17 Mar 2024 19:16:23 +0000
ROA not after:            Sun 16 Mar 2025 19:21:23 +0000
asID:                     199765
IP address blocks:        23.153.232.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 22 Jun 2024 19:26:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:7d:f5:0c:b1:f6:f1:bc:fc:9e:fd:41:66:b0:43:75:10:32:04:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b43c64a680efdc51a00463172b8f5aff945e0733fc49c2e4c
        Validity
            Not Before: Mar 17 19:16:23 2024 GMT
            Not After : Mar 16 19:21:23 2025 GMT
        Subject: CN=718CE2FF9B4551F76BB4090431AB70FE6F46671C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:d9:3b:8a:9c:a4:e5:40:c8:1b:b2:43:1d:
                    0c:75:3c:9b:4e:1b:3f:26:4a:7b:4c:90:56:d3:74:
                    dd:ef:64:c7:61:c3:1e:69:01:fe:dd:43:42:46:d5:
                    8b:ba:62:4f:d8:af:64:d1:72:6e:56:77:21:8a:ec:
                    c1:9a:33:e6:b7:d3:89:bc:d6:10:df:27:48:ec:b2:
                    16:bf:94:17:49:24:7e:ff:06:8b:cf:e0:fe:8d:a5:
                    45:7d:c7:d7:eb:2d:f2:8a:2e:b6:40:58:56:89:49:
                    99:aa:89:c7:35:f5:00:12:44:ef:a8:4f:8f:e9:bc:
                    90:51:44:a4:59:ca:ca:79:55:f5:3b:d4:04:1a:86:
                    e8:94:e7:c1:68:2a:cb:24:45:2c:2d:d3:c2:fb:03:
                    e4:68:3c:80:a8:b1:1a:3a:a6:10:76:64:8b:8e:12:
                    55:56:64:32:fe:ca:14:3b:5c:8d:26:08:4b:10:3a:
                    00:9c:58:80:89:a7:99:d8:3f:9e:10:a6:1e:68:62:
                    01:49:0d:a4:38:e5:88:17:cf:b5:6c:47:52:e3:32:
                    33:d1:c5:23:0f:e8:e7:a9:d1:85:87:2b:91:25:42:
                    ce:1d:a3:2d:79:f0:b6:8b:2b:91:b5:d9:85:90:ab:
                    a7:dc:cd:32:72:cb:07:02:89:f9:aa:90:ab:e6:d6:
                    7a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8C:E2:FF:9B:45:51:F7:6B:B4:09:04:31:AB:70:FE:6F:46:67:1C
            X509v3 Authority Key Identifier:
                keyid:D7:49:83:C1:FA:BA:0C:C1:56:6F:06:01:AF:E1:14:23:E1:1B:51:71

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/7/D74983C1FABA0CC1566F0601AFE11423E11B5171.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b150e98d-80e9-45f6-bc63-6b40a3d59e9c/4b43c64a680efdc51a00463172b8f5aff945e0733fc49c2e4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/7/32332e3135332e3233322e302f32342d3234203d3e20313939373635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.153.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:0e:7b:af:6c:6a:61:47:76:23:d9:fa:b6:e9:27:66:9d:49:
         66:d9:04:06:65:ff:ee:41:15:95:0f:90:8a:28:61:7f:a5:45:
         c9:88:25:b2:b6:f1:a3:a7:69:9b:dc:6e:57:da:59:af:2c:f6:
         c5:67:db:0f:d7:2d:1f:7c:7c:e3:67:7e:6e:fd:85:7e:f1:37:
         f3:3b:49:e4:f9:19:1d:30:05:1f:66:48:c3:48:b9:66:c5:f3:
         a6:a0:ed:6a:fd:9e:89:ca:fa:d9:54:3c:31:37:5c:fe:c3:9d:
         1f:95:f9:03:1f:5d:29:fe:91:17:7a:7e:4e:15:4c:8a:ac:29:
         9d:76:a8:01:d1:0e:12:6b:b1:8a:e4:c5:63:66:aa:f1:c8:bd:
         d2:cc:9e:a2:5f:24:fb:f0:a0:d9:bf:6a:ae:6f:79:b8:67:5b:
         2a:09:e8:ed:4f:63:95:53:99:20:71:00:c9:68:d5:6b:b1:b4:
         c3:7a:9c:6b:2d:c7:33:e3:1b:3f:a2:79:7a:24:08:59:cb:7f:
         72:c2:b7:f1:b7:84:56:00:fa:3c:01:8c:c4:d1:4f:31:ca:72:
         dd:b7:64:42:54:d0:f7:2b:4f:aa:6d:09:9c:1a:92:58:dd:f3:
         5e:a2:f2:dc:17:66:b4:71:b5:1b:10:92:e4:a0:50:6e:b0:4b:
         57:0e:32:e9
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIUWX31DLH28bz8nv1BZrBDdRAyBIwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNGI0M2M2NGE2ODBlZmRjNTFhMDA0NjMxNzJiOGY1YWZm
OTQ1ZTA3MzNmYzQ5YzJlNGMwHhcNMjQwMzE3MTkxNjIzWhcNMjUwMzE2MTkyMTIz
WjAzMTEwLwYDVQQDEyg3MThDRTJGRjlCNDU1MUY3NkJCNDA5MDQzMUFCNzBGRTZG
NDY2NzFDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjrZO4qcpOVA
yBuyQx0MdTybThs/Jkp7TJBW03Td72THYcMeaQH+3UNCRtWLumJP2K9k0XJuVnch
iuzBmjPmt9OJvNYQ3ydI7LIWv5QXSSR+/waLz+D+jaVFfcfX6y3yii62QFhWiUmZ
qonHNfUAEkTvqE+P6byQUUSkWcrKeVX1O9QEGobolOfBaCrLJEUsLdPC+wPkaDyA
qLEaOqYQdmSLjhJVVmQy/soUO1yNJghLEDoAnFiAiaeZ2D+eEKYeaGIBSQ2kOOWI
F8+1bEdS4zIz0cUjD+jnqdGFhyuRJULOHaMtefC2iyuRtdmFkKun3M0ycssHAon5
qpCr5tZ6EQIDAQABo4ICzzCCAsswHQYDVR0OBBYEFHGM4v+bRVH3a7QJBDGrcP5v
RmccMB8GA1UdIwQYMBaAFNdJg8H6ugzBVm8GAa/hFCPhG1FxMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FlNmVkZWVjLTA4YmEtNGNkZS04OTc5
LTRmYWVhNGIxYmMxMi83L0Q3NDk4M0MxRkFCQTBDQzE1NjZGMDYwMUFGRTExNDIz
RTExQjUxNzEuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS9iMTUwZTk4ZC04MGU5LTQ1ZjYtYmM2My02
YjQwYTNkNTllOWMvNGI0M2M2NGE2ODBlZmRjNTFhMDA0NjMxNzJiOGY1YWZmOTQ1
ZTA3MzNmYzQ5YzJlNGMuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L2FlNmVkZWVjLTA4YmEtNGNkZS04OTc5LTRmYWVhNGIxYmMxMi83LzMyMzMyZTMx
MzUzMzJlMzIzMzMyMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM5MzczNjM1
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQAF5noMA0GCSqGSIb3DQEBCwUAA4IBAQAbDnuvbGphR3Yj2fq2
6SdmnUlm2QQGZf/uQRWVD5CKKGF/pUXJiCWytvGjp2mb3G5X2lmvLPbFZ9sP1y0f
fHzjZ35u/YV+8TfzO0nk+RkdMAUfZkjDSLlmxfOmoO1q/Z6JyvrZVDwxN1z+w50f
lfkDH10p/pEXen5OFUyKrCmddqgB0Q4Sa7GK5MVjZqrxyL3SzJ6iXyT78KDZv2qu
b3m4Z1sqCejtT2OVU5kgcQDJaNVrsbTDepxrLccz4xs/onl6JAhZy39ywrfxt4RW
APo8AYzE0U8xynLdt2RCVND3K0+qbQmcGpJY3fNeovLcF2a0cbUbEJLkoFBusEtX
DjLp
-----END CERTIFICATE-----