Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203134343435.roa
File:                     322e35362e3235302e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          +pWeo4q4vGKWob3ayVyS+DNNLquqhzXM2SO1BsvCIIM=
Subject key identifier:   9A:DB:D9:33:AA:76:3B:E2:0C:BF:30:DC:7E:68:6E:0B:66:E6:21:D3
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       4D6022D340F56A7BD0405EC849CF3DBAD1D7D834
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203134343435.roa
Signing time:             Tue 12 Sep 2023 21:10:50 +0000
ROA not before:           Tue 12 Sep 2023 21:05:50 +0000
ROA not after:            Tue 10 Sep 2024 21:10:50 +0000
asID:                     14445
IP address blocks:        2.56.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 12 Feb 2024 00:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:60:22:d3:40:f5:6a:7b:d0:40:5e:c8:49:cf:3d:ba:d1:d7:d8:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Sep 12 21:05:50 2023 GMT
            Not After : Sep 10 21:10:50 2024 GMT
        Subject: CN=9ADBD933AA763BE20CBF30DC7E686E0B66E621D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:20:80:1f:80:fd:30:e7:f7:1f:7c:cd:e4:c5:
                    0c:55:cd:fe:d0:68:10:e4:99:db:5d:29:1b:9f:e5:
                    89:9a:c4:07:03:f7:d8:16:51:da:bc:58:ac:d2:2c:
                    41:e5:77:fe:1d:cf:3f:e2:f7:d7:39:2a:77:5d:fb:
                    39:8d:5d:1d:b3:1c:95:b2:25:27:78:13:fe:bf:6b:
                    c9:5a:95:51:dd:f4:cc:fb:04:f0:b9:d2:6f:b4:76:
                    a4:5b:eb:82:c3:f5:b5:99:ae:f6:eb:81:7c:a0:1a:
                    6d:2f:4f:e1:b1:77:b7:21:19:1e:87:ff:97:74:11:
                    b8:9a:76:c1:d0:e9:c9:b1:6f:dc:f2:4e:29:65:30:
                    d6:e0:40:67:05:d9:ea:9b:47:28:46:7d:38:38:02:
                    f1:d4:0f:cc:69:ce:ea:93:30:08:09:2f:4f:9b:14:
                    40:74:e1:c2:b7:db:84:3a:39:17:6d:5c:65:10:7e:
                    39:6e:6f:8d:5a:75:20:86:25:3a:47:1b:0c:20:c7:
                    c6:01:3b:f9:d2:1c:63:25:84:4d:46:e2:34:fe:82:
                    1c:d7:7a:4b:ac:9c:d0:a6:8e:c3:4f:bb:aa:7b:e7:
                    66:cd:8d:7f:f0:c8:8f:0f:d7:86:ac:c1:2f:a4:49:
                    30:56:dd:18:c2:de:f1:82:c0:13:45:c2:6a:6d:5d:
                    8f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DB:D9:33:AA:76:3B:E2:0C:BF:30:DC:7E:68:6E:0B:66:E6:21:D3
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a5:cb:5c:94:8c:eb:5a:72:6c:5c:c7:27:04:f1:17:08:eb:
         80:fb:4e:8f:ee:37:1e:ff:7f:ec:f0:d2:7e:9a:68:c2:d9:4e:
         0c:95:fa:d6:ec:05:0d:70:17:7b:fc:96:2e:a6:fe:a0:70:ce:
         b3:32:5e:34:8e:dc:19:56:41:09:9d:22:f9:51:02:e7:6d:b2:
         35:9d:56:8f:cf:9b:46:3f:19:c3:35:11:32:75:7d:8e:43:1c:
         3d:0c:39:7e:66:41:a8:b7:ff:12:89:2d:e5:f4:fb:6d:89:68:
         82:29:1f:89:93:d7:e7:6b:12:ae:25:2c:91:a3:93:cc:1c:29:
         47:b2:8c:b3:53:87:87:ea:67:77:3e:7b:f3:78:34:c7:61:f9:
         b8:0c:9e:2a:48:1b:26:b7:93:16:d7:e2:7b:7c:19:a9:d4:98:
         dd:8b:f7:d3:1d:44:20:40:1d:47:38:b9:b0:d3:16:f4:53:9f:
         b2:7e:df:4b:ca:55:2e:ac:74:ec:88:3d:cb:da:13:17:d6:5f:
         81:eb:ea:d5:c7:ff:da:4b:e1:36:f9:4c:19:df:78:f2:a7:62:
         37:d1:7a:ec:63:3c:29:87:44:20:d0:2d:d9:3b:a8:3a:d6:f7:
         c2:68:a2:37:26:13:0b:61:9f:6d:b3:6b:a4:2c:27:9c:7a:b6:
         76:28:27:e0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTWAi00D1anvQQF7ISc89utHX2DQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA5MTIyMTA1NTBaFw0yNDA5MTAyMTEwNTBaMDMxMTAvBgNV
BAMTKDlBREJEOTMzQUE3NjNCRTIwQ0JGMzBEQzdFNjg2RTBCNjZFNjIxRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJIIAfgP0w5/cffM3kxQxVzf7Q
aBDkmdtdKRuf5YmaxAcD99gWUdq8WKzSLEHld/4dzz/i99c5Kndd+zmNXR2zHJWy
JSd4E/6/a8lalVHd9Mz7BPC50m+0dqRb64LD9bWZrvbrgXygGm0vT+Gxd7chGR6H
/5d0EbiadsHQ6cmxb9zyTillMNbgQGcF2eqbRyhGfTg4AvHUD8xpzuqTMAgJL0+b
FEB04cK324Q6ORdtXGUQfjlub41adSCGJTpHGwwgx8YBO/nSHGMlhE1G4jT+ghzX
ekusnNCmjsNPu6p752bNjX/wyI8P14aswS+kSTBW3RjC3vGCwBNFwmptXY/PAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmtvZM6p2O+IMvzDcfmhuC2bmIdMwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzNDM0MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOPow
DQYJKoZIhvcNAQELBQADggEBAFKly1yUjOtacmxcxycE8RcI64D7To/uNx7/f+zw
0n6aaMLZTgyV+tbsBQ1wF3v8li6m/qBwzrMyXjSO3BlWQQmdIvlRAudtsjWdVo/P
m0Y/GcM1ETJ1fY5DHD0MOX5mQai3/xKJLeX0+22JaIIpH4mT1+drEq4lLJGjk8wc
KUeyjLNTh4fqZ3c+e/N4NMdh+bgMnipIGya3kxbX4nt8GanUmN2L99MdRCBAHUc4
ubDTFvRTn7J+30vKVS6sdOyIPcvaExfWX4Hr6tXH/9pL4Tb5TBnfePKnYjfReuxj
PCmHRCDQLdk7qDrW98JoojcmEwthn22za6QsJ5x6tnYoJ+A=
Generated at Mon Feb 12 03:23:15 2024 by rpki-client on console-fra.rpki-client.org