Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1ujG7K-LC6oonEWRO56lAgG1cqM.roa
File:                     1ujG7K-LC6oonEWRO56lAgG1cqM.roa (raw, json)
Hash identifier:          GdWAiCF7ue67eWIMsOs/nxeQdXbC61h31CJfjkIkbUs=
Subject key identifier:   D6:E8:C6:EC:AF:8B:0B:AA:28:9C:45:91:3B:9E:A5:02:01:B5:72:A3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DBDF4A23A25F5F2C4622D58CAF2377F04
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1ujG7K-LC6oonEWRO56lAgG1cqM.roa
Signing time:             Sun 18 Feb 2024 20:42:22 +0000
ROA not before:           Sun 18 Feb 2024 20:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:97c0:aba::/48 maxlen: 48
                          2a0e:b107:19::/48 maxlen: 48
                          2a0e:b107:360::/48 maxlen: 48
                          2a0e:b107:361::/48 maxlen: 48
                          2a0e:b107:362::/48 maxlen: 48
                          2a0e:b107:363::/48 maxlen: 48
                          2a0e:b107:364::/48 maxlen: 48
                          2a0e:b107:365::/48 maxlen: 48
                          2a0e:b107:367::/48 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48

Validation:               Failed, certificate revoked on Fri 26 Apr 2024 05:24:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bd:f4:a2:3a:25:f5:f2:c4:62:2d:58:ca:f2:37:7f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 18 20:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6e8c6ecaf8b0baa289c45913b9ea50201b572a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e3:db:3e:30:d7:95:d8:fc:57:1e:a4:04:2e:
                    db:51:6d:cf:38:88:64:66:89:86:37:e4:b5:d4:9d:
                    26:3c:0e:8d:ee:e3:5c:6d:5c:a8:e7:73:38:0e:bf:
                    55:fa:eb:2d:47:38:3e:23:d4:e2:a3:08:fb:ad:3c:
                    7c:57:f1:08:bc:70:0a:57:d1:94:c6:6a:19:12:fc:
                    59:51:2a:2d:7e:7f:60:54:95:ef:e1:ce:15:23:0a:
                    14:25:f7:21:b9:c9:01:45:27:5d:c9:cb:89:12:98:
                    cb:06:f7:9d:f1:24:f9:8c:fc:1f:36:0d:fd:3e:90:
                    e4:47:54:a4:e8:45:ff:70:3b:13:01:d7:d3:ad:b5:
                    e4:a9:56:ed:71:2b:97:07:40:ed:cf:b8:a4:7e:4e:
                    14:a7:dd:d2:b9:74:63:9d:4e:17:9b:e6:1c:00:b7:
                    90:b1:56:d5:9f:36:10:52:6b:48:c8:6b:5b:8c:e6:
                    86:bf:a4:32:bf:bf:cc:13:f5:d3:d1:d6:81:fc:77:
                    8d:b6:23:7b:93:d7:92:54:24:48:21:44:60:7e:53:
                    7c:e1:f6:67:b2:b3:e3:43:1f:9a:17:28:e4:c8:4b:
                    7f:b0:d5:94:c8:11:51:c0:ec:76:fc:27:5d:4a:a1:
                    d9:a8:8e:99:64:d1:af:c4:b6:c5:d9:6c:c3:43:05:
                    e8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E8:C6:EC:AF:8B:0B:AA:28:9C:45:91:3B:9E:A5:02:01:B5:72:A3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1ujG7K-LC6oonEWRO56lAgG1cqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aba::/48
                  2a0e:b107:19::/48
                  2a0e:b107:360::-2a0e:b107:365:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:367::/48
                  2a0e:b107:f50::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:98:6b:1b:61:66:8d:50:da:4d:75:17:f9:a6:41:3c:75:cf:
         68:58:fa:f9:69:8c:1f:11:1b:c3:a8:a4:c0:0c:f1:48:29:bf:
         23:3f:91:0f:b2:4b:7a:0b:c9:dc:0a:a7:25:c8:b6:ea:ad:48:
         28:c8:8b:31:9b:b4:aa:82:2b:07:95:1e:d9:a4:b5:82:62:f3:
         7f:f9:48:6f:a5:46:1e:f1:92:fb:ff:20:65:a1:4b:4c:69:26:
         8c:2b:e9:f1:1c:9e:68:e9:29:7a:40:91:24:d7:34:6c:7e:c2:
         fb:43:70:b4:1d:15:fa:b7:f1:0a:a4:1b:36:4e:44:e5:d2:39:
         7f:4b:e5:51:69:e8:ed:65:0a:f6:45:9c:20:08:ef:7f:08:51:
         62:52:c7:09:16:89:a7:a6:bc:b4:d5:39:06:97:b9:f0:bb:f3:
         12:33:bf:3b:b5:8e:53:23:ba:26:d5:ac:0f:94:96:4d:be:df:
         8e:71:3e:20:8e:39:a9:10:1f:c1:e7:b4:d5:fd:3f:fd:72:7c:
         a7:7f:f1:96:3e:5d:2b:5b:5d:c2:e0:28:53:6d:00:ba:56:88:
         10:2b:a4:b8:9b:ca:d4:21:96:61:e6:d4:dc:14:2f:6c:3d:31:
         26:9a:f7:83:b1:fe:6d:dc:54:8f:67:6f:5f:35:32:65:5f:22:
         a2:bf:fb:14
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY299KI6JfXyxGItWMryN38EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjE4MjA0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmU4YzZlY2FmOGIwYmFhMjg5YzQ1OTEzYjllYTUwMjAxYjU3MmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApePbPjDXldj8Vx6kBC7bUW3POIhk
ZomGN+S11J0mPA6N7uNcbVyo53M4Dr9V+ustRzg+I9Tiowj7rTx8V/EIvHAKV9GU
xmoZEvxZUSotfn9gVJXv4c4VIwoUJfchuckBRSddycuJEpjLBved8ST5jPwfNg39
PpDkR1Sk6EX/cDsTAdfTrbXkqVbtcSuXB0Dtz7ikfk4Up93SuXRjnU4Xm+YcALeQ
sVbVnzYQUmtIyGtbjOaGv6Qyv7/ME/XT0daB/HeNtiN7k9eSVCRIIURgflN84fZn
srPjQx+aFyjkyEt/sNWUyBFRwOx2/CddSqHZqI6ZZNGvxLbF2WzDQwXoOQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNboxuyviwuqKJxFkTuepQIBtXKjMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMXVqRzdLLUxDNm9vbkVXUk81NmxBZ0cxY3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwcAKg6XwAq6
AwcAKg6xBwAZMBIDBwUqDrEHA2ADBwEqDrEHA2QDBwAqDrEHA2cDBwQqDrEHD1Aw
DQYJKoZIhvcNAQELBQADggEBAG6YaxthZo1Q2k11F/mmQTx1z2hY+vlpjB8RG8Oo
pMAM8UgpvyM/kQ+yS3oLydwKpyXItuqtSCjIizGbtKqCKweVHtmktYJi83/5SG+l
Rh7xkvv/IGWhS0xpJowr6fEcnmjpKXpAkSTXNGx+wvtDcLQdFfq38QqkGzZOROXS
OX9L5VFp6O1lCvZFnCAI738IUWJSxwkWiaemvLTVOQaXufC78xIzvzu1jlMjuibV
rA+Ulk2+345xPiCOOakQH8HntNX9P/1yfKd/8ZY+XStbXcLgKFNtALpWiBArpLib
ytQhlmHm1NwUL2w9MSaa94Ox/m3cVI9nb181MmVfIqK/+xQ=
-----END CERTIFICATE-----