Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1lw_X19paGaa52OWBA9LgsmaBtE.roa
File:                     1lw_X19paGaa52OWBA9LgsmaBtE.roa (raw, json)
Hash identifier:          lv5fOWXa3PYrdY/Uik1f+i+bU7Em9wKgbAt9A9suf8o=
Subject key identifier:   D6:5C:3F:5F:5F:69:68:66:9A:E7:63:96:04:0F:4B:82:C9:9A:06:D1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0185E61378415A95FAE37164BC8940C57530
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1lw_X19paGaa52OWBA9LgsmaBtE.roa
Signing time:             Tue 24 Jan 2023 23:18:33 +0000
ROA not before:           Tue 24 Jan 2023 23:18:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e6:13:78:41:5a:95:fa:e3:71:64:bc:89:40:c5:75:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 24 23:18:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d65c3f5f5f6968669ae76396040f4b82c99a06d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:33:47:70:87:9d:7c:32:2f:2f:80:fe:62:d8:
                    00:d6:82:4e:3e:6d:82:2c:02:78:cb:a3:ee:5e:1e:
                    5a:c0:89:7b:ec:aa:ee:81:96:a6:d6:11:ca:4e:cf:
                    3a:70:dc:a3:78:01:d4:a7:81:77:57:97:37:2a:24:
                    00:4b:ac:51:21:24:e2:f9:85:9c:74:53:fa:23:cb:
                    53:66:33:e2:8f:a0:b6:cc:a8:f8:4c:f3:80:82:cc:
                    52:bc:f7:37:3c:1d:e4:87:b7:83:9c:86:2f:5f:08:
                    78:35:6e:c0:2d:39:85:82:3f:4a:a2:22:c3:0f:f7:
                    36:01:ba:44:7e:6e:c1:10:e9:72:9b:e4:66:e5:a3:
                    9f:04:98:99:e8:2f:39:f2:4d:16:4b:a6:96:64:25:
                    24:22:08:0c:da:39:7e:d1:07:71:c1:87:dc:f6:52:
                    37:81:aa:2f:03:61:a6:9a:20:71:48:7a:ef:b4:db:
                    2a:6d:b0:c0:8f:ce:47:bb:c6:78:9c:ff:f4:b0:b3:
                    f9:35:7d:7e:ac:42:11:67:02:24:7e:83:9e:37:09:
                    5d:ac:2c:4b:29:5d:4a:ba:1b:02:aa:fa:94:56:b5:
                    6c:79:24:fc:7c:42:ed:23:ee:f5:3f:71:55:0d:6b:
                    1e:a8:f8:c9:66:79:74:2c:77:0b:9d:8c:1f:ad:12:
                    d4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5C:3F:5F:5F:69:68:66:9A:E7:63:96:04:0F:4B:82:C9:9A:06:D1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1lw_X19paGaa52OWBA9LgsmaBtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:85:f1:2b:ac:e6:06:e8:99:5d:84:64:81:8b:37:93:0c:a8:
         b7:ca:97:9f:cd:7d:c2:d6:9c:cf:5c:09:80:96:ab:c8:fa:6a:
         83:1f:22:ab:81:6c:22:7c:64:28:e9:7a:66:f9:b3:3c:ca:44:
         36:7d:37:d0:c6:40:74:be:68:86:5c:ea:ee:04:63:a4:16:36:
         f9:f5:9d:b5:22:d3:cb:6f:7b:2d:a7:0b:40:7a:ad:06:50:3b:
         59:1f:49:17:e5:98:70:76:9e:e9:fb:bf:e9:b7:c2:37:c4:92:
         fa:6c:68:1d:5b:d7:d0:e5:02:54:64:d9:39:cf:13:06:21:bc:
         0f:8c:03:e9:08:8b:d2:b5:9d:88:31:2b:cd:fb:5d:13:49:02:
         34:d2:17:74:fe:64:5c:c6:ce:ab:59:c0:40:47:41:25:95:6c:
         27:20:d3:5a:02:e3:e4:68:3d:2c:33:e6:94:70:47:d0:35:d2:
         1a:00:69:cb:e0:0a:b8:93:f9:6e:3b:75:bb:e6:b1:2a:3e:bf:
         39:f4:2f:18:85:d1:5a:54:ac:37:2e:55:4c:d6:33:e0:6a:08:
         bb:b8:72:0a:57:f9:ed:0e:7b:e8:25:e2:3e:ce:3e:e8:18:2b:
         2a:9c:b8:9d:40:3c:9e:4b:a1:67:b3:b6:91:c6:32:77:2e:00:
         10:0b:87:29
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYXmE3hBWpX643FkvIlAxXUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTI0MjMxODMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjVjM2Y1ZjVmNjk2ODY2OWFlNzYzOTYwNDBmNGI4MmM5OWEwNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTNHcIedfDIvL4D+YtgA1oJOPm2C
LAJ4y6PuXh5awIl77KrugZam1hHKTs86cNyjeAHUp4F3V5c3KiQAS6xRISTi+YWc
dFP6I8tTZjPij6C2zKj4TPOAgsxSvPc3PB3kh7eDnIYvXwh4NW7ALTmFgj9KoiLD
D/c2AbpEfm7BEOlym+Rm5aOfBJiZ6C858k0WS6aWZCUkIggM2jl+0QdxwYfc9lI3
gaovA2GmmiBxSHrvtNsqbbDAj85Hu8Z4nP/0sLP5NX1+rEIRZwIkfoOeNwldrCxL
KV1KuhsCqvqUVrVseST8fELtI+71P3FVDWseqPjJZnl0LHcLnYwfrRLU4wIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFNZcP19faWhmmudjlgQPS4LJmgbRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMWx3X1gxOXBhR2FhNTJPV0JBOUxnc21hQnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgACMHcDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF
0AMHBCoOsQcF4AMHBCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMH
ACoOsQcYcAMHACoOsQcbnjANBgkqhkiG9w0BAQsFAAOCAQEAmIXxK6zmBuiZXYRk
gYs3kwyot8qXn819wtacz1wJgJaryPpqgx8iq4FsInxkKOl6ZvmzPMpENn030MZA
dL5ohlzq7gRjpBY2+fWdtSLTy297LacLQHqtBlA7WR9JF+WYcHae6fu/6bfCN8SS
+mxoHVvX0OUCVGTZOc8TBiG8D4wD6QiL0rWdiDErzftdE0kCNNIXdP5kXMbOq1nA
QEdBJZVsJyDTWgLj5Gg9LDPmlHBH0DXSGgBpy+AKuJP5bjt1u+axKj6/OfQvGIXR
WlSsNy5VTNYz4GoIu7hyClf57Q576CXiPs4+6BgrKpy4nUA8nkuhZ7O2kcYydy4A
EAuHKQ==
-----END CERTIFICATE-----