Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34322d3438203d3e20323134363433.roa
File:                     326131343a373538313a653130303a3a2f34322d3438203d3e20323134363433.roa (raw, json)
Hash identifier:          RtEkRlFqNmy9qCts33j8XbOdsQ9RDgX22q5Tn0F+Vmk=
Subject key identifier:   22:AC:BF:AE:0C:87:0A:6F:6E:DB:8A:4D:4D:36:C9:80:8D:7D:2C:B7
Certificate issuer:       /CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
Certificate serial:       6615C44A6985D43178E6EA4EDFDF868BE35DD802
Authority key identifier: F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34322d3438203d3e20323134363433.roa
Signing time:             Wed 17 Jul 2024 15:13:53 +0000
ROA not before:           Wed 17 Jul 2024 15:08:53 +0000
ROA not after:            Wed 16 Jul 2025 15:13:53 +0000
asID:                     214643
IP address blocks:        2a14:7581:e100::/42 maxlen: 48

Validation:               Failed, certificate revoked on Thu 01 Aug 2024 18:47:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:15:c4:4a:69:85:d4:31:78:e6:ea:4e:df:df:86:8b:e3:5d:d8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
        Validity
            Not Before: Jul 17 15:08:53 2024 GMT
            Not After : Jul 16 15:13:53 2025 GMT
        Subject: CN=22ACBFAE0C870A6F6EDB8A4D4D36C9808D7D2CB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:db:8d:51:cd:bf:70:ff:ff:20:c9:1f:96:56:
                    a2:f0:b1:6a:76:7b:8f:7c:87:38:1a:5b:0e:17:45:
                    48:b0:05:18:9c:99:6f:c5:9b:d6:5f:e3:72:54:b4:
                    ad:8b:a0:67:5a:6d:8c:da:cf:9d:ef:22:d0:ac:da:
                    7a:5b:96:69:29:5a:ee:77:44:48:a4:bd:9c:37:c1:
                    03:8f:d4:fc:47:ad:83:c5:a3:2f:a7:13:b1:96:7f:
                    22:44:62:ab:8d:c4:bf:46:dd:dc:0d:9b:c4:da:5e:
                    dc:d5:1d:ab:84:20:9d:4f:a8:3f:48:35:a5:fe:16:
                    e5:df:d2:41:4b:1f:ff:89:b6:af:40:02:8c:ac:16:
                    8d:97:a1:87:e0:e1:2a:6e:99:e3:be:37:f7:e5:ab:
                    26:4d:64:d7:b3:61:3b:5f:43:05:5b:20:74:f2:77:
                    2c:ac:83:d4:5e:db:cc:eb:48:d5:99:d5:a4:a6:b7:
                    25:78:78:a3:39:7e:ff:de:49:c7:90:60:d6:51:2c:
                    ba:e6:7e:71:05:7d:c3:7d:d9:7e:68:35:90:dc:ee:
                    3e:26:c5:78:0d:a5:a6:5c:a2:4f:d3:04:03:b5:a6:
                    69:51:a8:7d:71:ff:47:89:eb:3b:90:94:1c:4f:0c:
                    54:92:86:1d:ed:cb:79:d6:a2:f5:20:6b:05:1b:93:
                    af:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AC:BF:AE:0C:87:0A:6F:6E:DB:8A:4D:4D:36:C9:80:8D:7D:2C:B7
            X509v3 Authority Key Identifier:
                keyid:F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653130303a3a2f34322d3438203d3e20323134363433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:e100::/42

    Signature Algorithm: sha256WithRSAEncryption
         11:08:50:ab:b8:18:18:cd:e1:8d:55:d0:49:aa:af:ea:72:46:
         fe:c9:8c:5f:42:e7:0f:1f:f5:b3:a7:8c:e2:89:4c:0c:a3:af:
         cb:d4:2d:72:f6:ef:e6:71:d2:5b:58:99:df:a7:a7:a9:8b:e2:
         3a:4a:5e:21:fb:1b:00:09:77:34:b2:91:32:33:f1:27:91:59:
         15:c9:96:16:0a:d1:3a:bd:e4:38:96:83:11:3f:92:e8:e9:57:
         e3:c3:dc:3a:f6:2a:b7:db:6a:b3:8c:d0:b5:44:1d:80:00:f3:
         55:8b:23:bf:3b:6e:77:42:72:39:fb:fd:cd:6b:0e:af:f7:a4:
         7f:6b:a7:88:02:fb:6f:be:03:a6:08:77:bf:b9:4c:22:00:17:
         dc:98:15:b4:24:b0:49:86:ae:d5:f2:be:89:b4:ff:3d:12:ca:
         21:76:90:da:39:34:e7:96:14:f6:ba:98:b9:44:1f:39:e6:8d:
         1f:26:c0:61:15:3f:e2:d3:7b:02:d5:ac:31:44:af:c2:4a:d3:
         d0:59:e1:50:33:43:e0:67:5a:4b:55:ce:dc:2a:95:c8:72:ad:
         51:7b:88:a6:20:dd:65:4f:53:b3:c2:ff:25:eb:f1:37:51:be:
         76:70:65:ce:83:1b:d5:1a:c9:6a:32:18:c4:12:e7:88:ac:60:
         7e:09:3f:fd
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUZhXESmmF1DF45upO39+Gi+Nd2AIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhB
RUY3QUQxQTAeFw0yNDA3MTcxNTA4NTNaFw0yNTA3MTYxNTEzNTNaMDMxMTAvBgNV
BAMTKDIyQUNCRkFFMEM4NzBBNkY2RURCOEE0RDREMzZDOTgwOEQ3RDJDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp241Rzb9w//8gyR+WVqLwsWp2
e498hzgaWw4XRUiwBRicmW/Fm9Zf43JUtK2LoGdabYzaz53vItCs2npblmkpWu53
REikvZw3wQOP1PxHrYPFoy+nE7GWfyJEYquNxL9G3dwNm8TaXtzVHauEIJ1PqD9I
NaX+FuXf0kFLH/+Jtq9AAoysFo2XoYfg4SpumeO+N/flqyZNZNezYTtfQwVbIHTy
dyysg9Re28zrSNWZ1aSmtyV4eKM5fv/eSceQYNZRLLrmfnEFfcN92X5oNZDc7j4m
xXgNpaZcok/TBAO1pmlRqH1x/0eJ6zuQlBxPDFSShh3ty3nWovUgawUbk6/NAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUIqy/rgyHCm9u24pNTTbJgI19LLcwHwYDVR0j
BBgwFoAU+feiiFzzAS+hOQ07Mln8eK73rRowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGI4ZDhiN2QtYzQ4Ni00MjM5LTlkOWYtOGY4ZjVkY2Vk
OGQwLzEvRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhBRUY3QUQxQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC9GOUY3QTI4ODVDRjMwMTJGQTEzOTBEM0Iz
MjU5RkM3OEFFRjdBRDFBLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kYjhkOGI3ZC1jNDg2LTQyMzktOWQ5Zi04ZjhmNWRjZWQ4ZDAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY1MzEzMDMwM2EzYTJmMzQzMjJkMzQzODIwM2QzZTIwMzIz
MTM0MzYzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcGKhR1geEAMA0GCSqGSIb3DQEBCwUAA4IBAQAR
CFCruBgYzeGNVdBJqq/qckb+yYxfQucPH/Wzp4ziiUwMo6/L1C1y9u/mcdJbWJnf
p6epi+I6Sl4h+xsACXc0spEyM/EnkVkVyZYWCtE6veQ4loMRP5Lo6Vfjw9w69iq3
22qzjNC1RB2AAPNViyO/O253QnI5+/3Naw6v96R/a6eIAvtvvgOmCHe/uUwiABfc
mBW0JLBJhq7V8r6JtP89EsohdpDaOTTnlhT2upi5RB855o0fJsBhFT/i03sC1awx
RK/CStPQWeFQM0PgZ1pLVc7cKpXIcq1Re4imIN1lT1Ozwv8l6/E3Ub52cGXOgxvV
GslqMhjEEueIrGB+CT/9
-----END CERTIFICATE-----