Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653230303a3a2f34302d3432203d3e20323134363433.roa
File:                     326131343a373538313a653230303a3a2f34302d3432203d3e20323134363433.roa (raw, json)
Hash identifier:          J6FI3SxIoVW+jaAWJJjS4URE2/uSGiYurwtGiJtgndw=
Subject key identifier:   D3:B9:6A:27:BB:4A:5F:8E:AD:96:02:91:30:10:9C:CC:86:6B:B4:AA
Certificate issuer:       /CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
Certificate serial:       7F918F48B151B311D8157DFE6AD02742D1472101
Authority key identifier: F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653230303a3a2f34302d3432203d3e20323134363433.roa
Signing time:             Wed 17 Jul 2024 15:17:19 +0000
ROA not before:           Wed 17 Jul 2024 15:12:19 +0000
ROA not after:            Wed 16 Jul 2025 15:17:19 +0000
asID:                     214643
IP address blocks:        2a14:7581:e200::/40 maxlen: 42

Validation:               Failed, certificate revoked on Thu 01 Aug 2024 18:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:91:8f:48:b1:51:b3:11:d8:15:7d:fe:6a:d0:27:42:d1:47:21:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A
        Validity
            Not Before: Jul 17 15:12:19 2024 GMT
            Not After : Jul 16 15:17:19 2025 GMT
        Subject: CN=D3B96A27BB4A5F8EAD96029130109CCC866BB4AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0b:ca:56:fa:16:b5:9a:dd:c9:ac:4a:6d:e9:
                    39:fa:61:6b:c4:60:96:19:1c:43:fd:fe:d1:46:d8:
                    f2:b3:aa:f1:33:6d:6e:10:6c:c3:85:7d:26:37:a6:
                    1c:a0:d4:6b:81:5e:33:9f:30:48:1f:3f:e4:e5:36:
                    83:81:7b:84:d4:68:8e:2e:c4:4b:b3:11:dc:27:29:
                    f3:f9:dd:a9:35:f7:da:1e:a9:32:04:ad:59:24:bc:
                    43:55:fe:66:ed:42:90:d5:ce:2c:f2:6c:0d:d7:be:
                    12:7a:44:31:43:69:fd:de:2c:62:97:46:46:18:62:
                    9e:1e:a2:c1:9c:cc:df:e9:d2:65:73:eb:e2:41:d5:
                    2e:ef:b0:68:94:e0:de:95:ea:b0:fc:46:e0:61:a1:
                    85:ae:25:e3:02:c6:ff:41:8b:f4:ce:2c:c5:c9:5c:
                    ea:4d:e1:2b:e7:18:3a:6e:45:b8:da:f6:cf:56:ed:
                    19:51:23:4d:65:89:59:88:d9:7f:de:0d:18:8f:12:
                    f9:eb:31:4d:dc:5f:fa:43:5b:36:6f:8e:49:b2:fc:
                    7a:20:6d:1c:4a:d2:61:59:71:0d:e7:4c:5e:c7:48:
                    33:9c:b8:cd:85:8a:fb:47:9b:78:c1:25:8a:1a:48:
                    dd:c3:0c:49:3e:1a:4a:b0:ab:fa:5f:e3:27:f1:67:
                    e6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B9:6A:27:BB:4A:5F:8E:AD:96:02:91:30:10:9C:CC:86:6B:B4:AA
            X509v3 Authority Key Identifier:
                keyid:F9:F7:A2:88:5C:F3:01:2F:A1:39:0D:3B:32:59:FC:78:AE:F7:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/F9F7A2885CF3012FA1390D3B3259FC78AEF7AD1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/1/326131343a373538313a653230303a3a2f34302d3432203d3e20323134363433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:e200::/40

    Signature Algorithm: sha256WithRSAEncryption
         c6:a0:3c:bd:18:33:4c:3c:55:f2:96:73:f8:17:df:09:12:35:
         71:b8:8d:1c:4c:00:30:76:64:4d:bc:2f:08:5b:98:4b:a6:b1:
         c7:2e:6d:04:18:01:56:a0:2a:a4:15:36:e0:7d:f9:43:95:e2:
         51:c7:48:89:56:ca:8b:53:35:ce:e1:58:33:04:43:ec:b0:ff:
         68:3c:82:27:de:0b:14:50:7d:43:85:c2:7f:de:8c:40:e2:ee:
         4a:ef:cc:50:fb:bf:44:8d:02:20:fd:e3:5c:85:ed:1f:9e:2c:
         50:ee:bf:f9:98:e2:ed:02:7d:de:fc:87:25:79:f4:f4:20:b5:
         d9:43:cc:d2:17:cc:5b:a1:ef:f6:31:48:b2:8c:d1:87:34:63:
         23:2a:3d:0d:99:4e:b2:7d:7a:27:8b:9c:0b:1b:49:20:e7:cb:
         f4:eb:0a:65:62:d4:a9:61:1f:80:78:9e:88:d9:e8:39:8c:38:
         21:8c:4a:ee:49:e6:da:35:86:20:7a:3e:e2:a9:8f:c8:a4:ae:
         26:8a:b9:5a:8f:e8:be:e8:c2:56:6c:7e:da:45:80:ab:04:11:
         e1:65:e7:20:03:23:15:ee:c6:79:67:c8:7e:75:c4:b2:b3:88:
         ee:e4:b0:7b:21:51:4a:8d:91:5e:34:50:fd:1f:33:6b:76:43:
         57:ea:4e:53
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUf5GPSLFRsxHYFX3+atAnQtFHIQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhB
RUY3QUQxQTAeFw0yNDA3MTcxNTEyMTlaFw0yNTA3MTYxNTE3MTlaMDMxMTAvBgNV
BAMTKEQzQjk2QTI3QkI0QTVGOEVBRDk2MDI5MTMwMTA5Q0NDODY2QkI0QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJC8pW+ha1mt3JrEpt6Tn6YWvE
YJYZHEP9/tFG2PKzqvEzbW4QbMOFfSY3phyg1GuBXjOfMEgfP+TlNoOBe4TUaI4u
xEuzEdwnKfP53ak199oeqTIErVkkvENV/mbtQpDVzizybA3XvhJ6RDFDaf3eLGKX
RkYYYp4eosGczN/p0mVz6+JB1S7vsGiU4N6V6rD8RuBhoYWuJeMCxv9Bi/TOLMXJ
XOpN4SvnGDpuRbja9s9W7RlRI01liVmI2X/eDRiPEvnrMU3cX/pDWzZvjkmy/Hog
bRxK0mFZcQ3nTF7HSDOcuM2FivtHm3jBJYoaSN3DDEk+Gkqwq/pf4yfxZ+ZbAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQU07lqJ7tKX46tlgKRMBCczIZrtKowHwYDVR0j
BBgwFoAU+feiiFzzAS+hOQ07Mln8eK73rRowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGI4ZDhiN2QtYzQ4Ni00MjM5LTlkOWYtOGY4ZjVkY2Vk
OGQwLzEvRjlGN0EyODg1Q0YzMDEyRkExMzkwRDNCMzI1OUZDNzhBRUY3QUQxQS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC9GOUY3QTI4ODVDRjMwMTJGQTEzOTBEM0Iz
MjU5RkM3OEFFRjdBRDFBLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9kYjhkOGI3ZC1jNDg2LTQyMzktOWQ5Zi04ZjhmNWRjZWQ4ZDAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY1MzIzMDMwM2EzYTJmMzQzMDJkMzQzMjIwM2QzZTIwMzIz
MTM0MzYzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1geIwDQYJKoZIhvcNAQELBQADggEBAMag
PL0YM0w8VfKWc/gX3wkSNXG4jRxMADB2ZE28LwhbmEumsccubQQYAVagKqQVNuB9
+UOV4lHHSIlWyotTNc7hWDMEQ+yw/2g8gifeCxRQfUOFwn/ejEDi7krvzFD7v0SN
AiD941yF7R+eLFDuv/mY4u0Cfd78hyV59PQgtdlDzNIXzFuh7/YxSLKM0Yc0YyMq
PQ2ZTrJ9eieLnAsbSSDny/TrCmVi1KlhH4B4nojZ6DmMOCGMSu5J5to1hiB6PuKp
j8ikriaKuVqP6L7owlZsftpFgKsEEeFl5yADIxXuxnlnyH51xLKziO7ksHshUUqN
kV40UP0fM2t2Q1fqTlM=
-----END CERTIFICATE-----