Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34302d3430203d3e20323134363433.roa
File:                     326131343a373538313a653130303a3a2f34302d3430203d3e20323134363433.roa (raw, json)
Hash identifier:          j8+qPwQKMdSdvc1OhWtxV7nHoFcZK8taQsqEjQTDaLo=
Subject key identifier:   88:76:48:04:24:C1:5F:77:63:6D:9A:E8:E7:B7:1F:58:31:B2:5E:4F
Certificate issuer:       /CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
Certificate serial:       1C91BF862A3BBE6FE145A6ED6D290606909146CC
Authority key identifier: F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34302d3430203d3e20323134363433.roa
Signing time:             Tue 30 Jul 2024 22:43:49 +0000
ROA not before:           Tue 30 Jul 2024 22:38:49 +0000
ROA not after:            Tue 29 Jul 2025 22:43:49 +0000
asID:                     214643
IP address blocks:        2a14:7581:e100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 03 Sep 2024 19:12:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:91:bf:86:2a:3b:be:6f:e1:45:a6:ed:6d:29:06:06:90:91:46:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
        Validity
            Not Before: Jul 30 22:38:49 2024 GMT
            Not After : Jul 29 22:43:49 2025 GMT
        Subject: CN=8876480424C15F77636D9AE8E7B71F5831B25E4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:09:61:0f:2d:b4:95:be:16:f1:b8:be:e6:98:
                    1d:5a:4f:b6:b4:1b:72:37:5c:6e:31:09:c8:06:41:
                    92:a5:fa:77:a8:72:09:5b:37:ad:f0:44:12:b9:a7:
                    12:15:0c:e2:2c:13:a1:7f:91:68:1a:9a:ad:04:5d:
                    06:65:02:32:62:3f:eb:42:0c:52:4e:d1:05:5d:0b:
                    99:ef:2e:6c:65:11:78:f4:20:da:8e:5c:b6:be:ec:
                    c7:43:9a:21:ad:d1:2b:55:63:59:c4:9d:c2:8c:44:
                    31:65:b5:13:10:db:60:6f:88:64:0d:c7:6f:3c:3e:
                    f4:84:f4:75:d6:f7:77:93:9f:35:a1:64:43:5b:b2:
                    7f:38:4a:a4:2c:59:17:ff:21:c1:72:6e:0c:1c:bc:
                    79:3d:4c:33:65:d3:dc:a3:99:07:d7:46:bf:c1:8d:
                    52:fd:9e:51:8f:26:50:4b:4c:b0:af:a1:a5:57:b2:
                    23:e2:1a:a8:3c:80:10:5f:be:ef:2d:ef:bf:f4:16:
                    1a:90:86:59:b7:5d:00:8e:6d:3d:09:58:6a:27:bb:
                    ad:f8:7a:1e:fd:2b:a9:83:81:14:bb:37:9e:6a:03:
                    e0:37:7e:c8:4e:74:28:1e:2b:9e:b0:1c:5e:5d:70:
                    c8:ea:e5:f6:ce:a2:15:24:c2:da:3e:c3:85:12:65:
                    b7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:76:48:04:24:C1:5F:77:63:6D:9A:E8:E7:B7:1F:58:31:B2:5E:4F
            X509v3 Authority Key Identifier:
                keyid:F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34302d3430203d3e20323134363433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:e100::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:33:23:0e:2e:44:20:a3:6c:52:16:8a:3b:46:93:20:54:07:
         a2:06:96:f2:85:74:71:69:6e:57:5a:1b:28:0a:8b:a0:ad:23:
         a5:78:dc:5d:d3:de:a8:2b:dc:c2:86:35:bf:87:5d:cf:66:15:
         41:83:60:6a:5d:ed:dc:00:2a:fa:6a:71:6c:26:e8:7e:3f:a5:
         2b:8e:67:a1:44:92:db:48:7c:10:e4:7d:54:7a:ce:90:47:ca:
         a5:53:1f:cf:eb:b4:d3:48:c2:f6:4f:58:68:77:88:a4:30:4e:
         80:97:b3:dd:8b:47:e5:22:83:63:d4:e0:13:33:2e:2c:16:5d:
         c6:eb:a7:42:f8:7a:db:b6:30:a1:68:5b:70:38:17:73:c6:3b:
         32:af:1b:60:d7:41:da:c6:a2:24:fe:16:b8:d3:ef:f1:3c:ad:
         88:e9:3f:b9:c4:2b:b2:ce:26:22:08:0d:3d:88:c0:3e:ab:5a:
         7b:3d:54:87:4d:65:fd:a8:76:29:bb:5e:68:53:0e:ef:76:7f:
         b3:3a:de:c5:95:93:8e:cb:a5:de:1a:79:bd:91:d9:fe:6f:29:
         04:19:52:57:cd:43:67:ee:69:d4:4e:a1:0c:9c:57:04:fe:82:
         a6:72:26:ef:c7:57:d9:8e:06:36:55:27:37:2b:e1:95:50:63:
         f7:13:1a:f6
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUHJG/hio7vm/hRabtbSkGBpCRRswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhB
RUY3QUQxQTAeFw0yNDA3MzAyMjM4NDlaFw0yNTA3MjkyMjQzNDlaMDMxMTAvBgNV
BAMTKDg4NzY0ODA0MjRDMTVGNzc2MzZEOUFFOEU3QjcxRjU4MzFCMjVFNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4CWEPLbSVvhbxuL7mmB1aT7a0
G3I3XG4xCcgGQZKl+neocglbN63wRBK5pxIVDOIsE6F/kWgamq0EXQZlAjJiP+tC
DFJO0QVdC5nvLmxlEXj0INqOXLa+7MdDmiGt0StVY1nEncKMRDFltRMQ22BviGQN
x288PvSE9HXW93eTnzWhZENbsn84SqQsWRf/IcFybgwcvHk9TDNl09yjmQfXRr/B
jVL9nlGPJlBLTLCvoaVXsiPiGqg8gBBfvu8t77/0FhqQhlm3XQCObT0JWGonu634
eh79K6mDgRS7N55qA+A3fshOdCgeK56wHF5dcMjq5fbOohUkwto+w4USZbfNAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQUiHZIBCTBX3djbZro57cfWDGyXk8wHwYDVR0j
BBgwFoAU+feiiFzzAS+hOQ07Mln8eK73rRowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGI4ZDhiN2QtYzQ4Ni00MjM5LTlkOWYtOGY4ZjVkY2Vk
OGQwLzEvRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhBRUY3QUQxQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC9GOUY3QTI4ODVDRjMwMTJGQTEzOTBEM0Iz
MjU5RkM3OEFFRjdBRDFBLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kYjhkOGI3ZC1jNDg2LTQyMzktOWQ5Zi04ZjhmNWRjZWQ4ZDAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY1MzEzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzIz
MTM0MzYzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1geEwDQYJKoZIhvcNAQELBQADggEBAKMz
Iw4uRCCjbFIWijtGkyBUB6IGlvKFdHFpbldaGygKi6CtI6V43F3T3qgr3MKGNb+H
Xc9mFUGDYGpd7dwAKvpqcWwm6H4/pSuOZ6FEkttIfBDkfVR6zpBHyqVTH8/rtNNI
wvZPWGh3iKQwToCXs92LR+Uig2PU4BMzLiwWXcbrp0L4etu2MKFoW3A4F3PGOzKv
G2DXQdrGoiT+FrjT7/E8rYjpP7nEK7LOJiIIDT2IwD6rWns9VIdNZf2odim7XmhT
Du92f7M63sWVk47Lpd4aeb2R2f5vKQQZUlfNQ2fuadROoQycVwT+gqZyJu/HV9mO
BjZVJzcr4ZVQY/cTGvY=
-----END CERTIFICATE-----