Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130393a353463363a613030303a3a2f33362d3336203d3e20323132313238.roa
File:                     326130393a353463363a613030303a3a2f33362d3336203d3e20323132313238.roa (raw, json)
Hash identifier:          +Ghcx5H8UB3RyRVQVS3SOxjncYvixpapgGS+MKYAdPg=
Subject key identifier:   D5:B3:6B:3B:94:3D:8D:E0:BA:78:2B:3A:99:07:68:C9:B4:CC:A8:B3
Certificate issuer:       /CN=CCD5D3BE49456F7D48B7321029C886F318C23B36
Certificate serial:       049BAC4B6D4E3F8F9D4E17A5A4E159CA21E853C3
Authority key identifier: CC:D5:D3:BE:49:45:6F:7D:48:B7:32:10:29:C8:86:F3:18:C2:3B:36
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/CCD5D3BE49456F7D48B7321029C886F318C23B36.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130393a353463363a613030303a3a2f33362d3336203d3e20323132313238.roa
Signing time:             Tue 22 Apr 2025 14:56:51 +0000
ROA not before:           Tue 22 Apr 2025 14:51:51 +0000
ROA not after:            Tue 21 Apr 2026 14:56:51 +0000
asID:                     212128
IP address blocks:        2a09:54c6:a000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Tue 22 Apr 2025 20:23:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:9b:ac:4b:6d:4e:3f:8f:9d:4e:17:a5:a4:e1:59:ca:21:e8:53:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CCD5D3BE49456F7D48B7321029C886F318C23B36
        Validity
            Not Before: Apr 22 14:51:51 2025 GMT
            Not After : Apr 21 14:56:51 2026 GMT
        Subject: CN=D5B36B3B943D8DE0BA782B3A990768C9B4CCA8B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:16:26:04:28:dc:49:2e:64:2e:00:7a:2c:b9:
                    ac:64:5e:e4:4f:62:bf:1c:ac:5b:11:26:65:20:cb:
                    2d:0c:91:5e:4b:8f:5a:e9:2c:87:ca:bd:83:64:8b:
                    bb:e1:b0:cc:40:9c:53:bf:5e:80:db:12:f0:45:7a:
                    fb:dd:d4:73:88:da:25:c3:bb:0a:8c:00:22:09:e0:
                    ae:f4:ff:8c:b3:1d:f3:4f:94:49:19:af:62:83:f5:
                    d4:2d:0c:27:1b:54:63:01:72:27:fd:db:79:74:b2:
                    89:89:a8:72:3d:46:ee:8d:48:bc:48:5a:15:e3:59:
                    6c:61:7d:f8:f3:69:5b:ed:9a:2a:75:e0:f0:b4:0c:
                    70:ac:4e:52:5a:52:f7:e1:da:4c:87:77:a3:43:ce:
                    f3:af:0c:7e:b8:1d:de:88:46:81:89:05:a9:1f:d0:
                    d6:a1:e1:10:23:96:79:75:6e:83:4e:fb:e9:84:7f:
                    ef:28:2b:a0:72:f9:60:ec:5b:8d:5f:1a:bf:b2:d4:
                    86:9e:6e:ce:24:07:8b:6f:25:0e:86:10:aa:b8:40:
                    5e:af:3c:a2:2b:28:9b:e7:9f:e8:09:6a:d9:11:6d:
                    06:2d:ef:cf:42:83:a5:5a:25:b9:fa:90:ae:88:bb:
                    07:31:2b:c7:00:d0:ff:56:b2:15:96:a9:28:1b:9c:
                    af:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B3:6B:3B:94:3D:8D:E0:BA:78:2B:3A:99:07:68:C9:B4:CC:A8:B3
            X509v3 Authority Key Identifier:
                keyid:CC:D5:D3:BE:49:45:6F:7D:48:B7:32:10:29:C8:86:F3:18:C2:3B:36

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/CCD5D3BE49456F7D48B7321029C886F318C23B36.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/CCD5D3BE49456F7D48B7321029C886F318C23B36.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f7948738-3255-49f9-9b6c-9c9f3898995d/3/326130393a353463363a613030303a3a2f33362d3336203d3e20323132313238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:54c6:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         00:9a:b8:27:70:4b:c0:a0:1d:51:c7:dd:ff:16:39:7a:b3:2b:
         40:0b:5d:76:a9:e8:51:a5:3d:cf:ff:df:dd:23:11:db:84:c6:
         bb:6a:af:df:f0:1e:6f:df:2f:d0:8f:4e:f0:c4:23:69:7d:23:
         78:37:99:05:aa:26:ee:2f:94:0e:19:3a:11:5b:92:d1:d4:21:
         e6:ea:9b:46:c6:e9:61:d9:56:ab:44:e1:05:4c:8c:72:ff:56:
         50:a0:77:80:47:28:97:cf:e5:a9:39:58:d2:f8:fe:8d:80:d9:
         f8:87:fd:50:16:1a:d7:0d:73:e2:74:d5:c6:42:7c:81:0f:b2:
         a5:42:6b:b1:41:81:0b:7b:80:39:f0:3e:1e:89:7f:ae:97:31:
         f8:6e:d7:1b:7c:d6:3e:d7:6c:fb:78:2b:b3:9f:16:79:49:91:
         70:46:c7:e8:fd:f3:0b:a9:69:b8:61:52:39:6b:e1:e4:d0:7d:
         af:c2:14:98:5c:ef:08:7f:07:79:49:af:33:47:71:ab:4a:a4:
         3f:01:96:96:c4:60:b6:91:d7:7a:e7:60:11:4f:10:bd:ee:ec:
         48:63:96:e3:f1:12:2b:9e:dc:25:29:8d:3c:ff:d1:3e:3e:df:
         c0:fc:72:12:40:13:e2:8a:4c:32:92:88:55:e1:a4:49:7d:84:
         de:a9:fb:41
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgIUBJusS21OP4+dThelpOFZyiHoU8MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMx
OEMyM0IzNjAeFw0yNTA0MjIxNDUxNTFaFw0yNjA0MjExNDU2NTFaMDMxMTAvBgNV
BAMTKEQ1QjM2QjNCOTQzRDhERTBCQTc4MkIzQTk5MDc2OEM5QjRDQ0E4QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvFiYEKNxJLmQuAHosuaxkXuRP
Yr8crFsRJmUgyy0MkV5Lj1rpLIfKvYNki7vhsMxAnFO/XoDbEvBFevvd1HOI2iXD
uwqMACIJ4K70/4yzHfNPlEkZr2KD9dQtDCcbVGMBcif923l0somJqHI9Ru6NSLxI
WhXjWWxhffjzaVvtmip14PC0DHCsTlJaUvfh2kyHd6NDzvOvDH64Hd6IRoGJBakf
0Nah4RAjlnl1boNO++mEf+8oK6By+WDsW41fGr+y1Iaebs4kB4tvJQ6GEKq4QF6v
PKIrKJvnn+gJatkRbQYt789Cg6VaJbn6kK6IuwcxK8cA0P9WshWWqSgbnK8rAgMB
AAGjggJ5MIICdTAdBgNVHQ4EFgQU1bNrO5Q9jeC6eCs6mQdoybTMqLMwHwYDVR0j
BBgwFoAUzNXTvklFb31ItzIQKciG8xjCOzYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjc5NDg3MzgtMzI1NS00OWY5LTliNmMtOWM5ZjM4OTg5
OTVkLzMvQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMxOEMyM0IzNi5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvQ0NENUQzQkU0OTQ1NkY3RDQ4QjczMjEwMjlDODg2RjMxOEMy
M0IzNi5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjc5NDg3Mzgt
MzI1NS00OWY5LTliNmMtOWM5ZjM4OTg5OTVkLzMvMzI2MTMwMzkzYTM1MzQ2MzM2
M2E2MTMwMzAzMDNhM2EyZjMzMzYyZDMzMzYyMDNkM2UyMDMyMzEzMjMxMzIzOC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAw
DgQCAAIwCAMGBCoJVMagMA0GCSqGSIb3DQEBCwUAA4IBAQAAmrgncEvAoB1Rx93/
Fjl6sytAC112qehRpT3P/9/dIxHbhMa7aq/f8B5v3y/Qj07wxCNpfSN4N5kFqibu
L5QOGToRW5LR1CHm6ptGxulh2VarROEFTIxy/1ZQoHeARyiXz+WpOVjS+P6NgNn4
h/1QFhrXDXPidNXGQnyBD7KlQmuxQYELe4A58D4eiX+ulzH4btcbfNY+12z7eCuz
nxZ5SZFwRsfo/fMLqWm4YVI5a+Hk0H2vwhSYXO8Ifwd5Sa8zR3GrSqQ/AZaWxGC2
kdd652ARTxC97uxIY5bj8RIrntwlKY08/9E+Pt/A/HISQBPiikwykohV4aRJfYTe
qftB
-----END CERTIFICATE-----