Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2478un3-RBv4PhRxp-RRSPacmv0.roa
File:                     2478un3-RBv4PhRxp-RRSPacmv0.roa (raw, json)
Hash identifier:          L+xhhRCozTBC2SKCVYb8ewrxX4iMOPhcrXdBca7DtEg=
Subject key identifier:   DB:8E:FC:BA:7D:FE:44:1B:F8:3E:14:71:A7:E4:51:48:F6:9C:9A:FD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7A9CD8315125A31BC35457B2C91F6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2478un3-RBv4PhRxp-RRSPacmv0.roa
Signing time:             Mon 02 Jan 2023 05:15:08 +0000
ROA not before:           Mon 02 Jan 2023 05:15:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202427
IP address blocks:        2a0e:97c0:5bd::/48 maxlen: 48
                          2a0e:97c0:5b0::/44 maxlen: 48
                          2a0e:97c0:5b8::/48 maxlen: 48
                          2a0e:97c0:5b3::/48 maxlen: 48
                          2a0e:97c0:5be::/48 maxlen: 48
                          2a0e:97c0:5b1::/48 maxlen: 48
                          2a0e:97c0:5bc::/48 maxlen: 48
                          2a0e:97c0:5b7::/48 maxlen: 48
                          2a0e:97c0:5b2::/48 maxlen: 48
                          2a0e:97c0:5b5::/48 maxlen: 48
                          2a0e:97c0:5b0::/48 maxlen: 48
                          2a0e:97c0:5bb::/48 maxlen: 48
                          2a0e:97c0:5b6::/48 maxlen: 48
                          2a0e:97c0:5b9::/48 maxlen: 48
                          2a0e:97c0:5b4::/48 maxlen: 48
                          2a0e:97c0:5bf::/48 maxlen: 48
                          2a0e:97c0:5ba::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:a9:cd:83:15:12:5a:31:bc:35:45:7b:2c:91:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db8efcba7dfe441bf83e1471a7e45148f69c9afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:13:0e:d3:a7:50:0c:c7:1c:42:ae:94:3e:5a:
                    6c:a0:cd:06:16:23:f9:01:04:50:5b:10:f0:2e:3f:
                    11:b5:39:49:fb:7e:47:2d:e8:71:6c:59:10:82:ac:
                    48:63:7f:b4:d1:77:68:12:5d:18:d3:3d:fc:98:93:
                    a3:a6:54:5d:80:22:e8:ef:39:7b:64:98:d2:c6:87:
                    93:1e:e4:ab:94:70:77:45:d9:bd:e3:d2:74:02:46:
                    b1:42:bf:d5:33:b4:68:58:5f:a2:82:54:80:9c:8e:
                    73:d3:fb:1f:a3:61:55:91:ef:6a:4c:f4:48:9c:da:
                    43:65:7c:17:d0:82:a4:12:77:a9:e6:06:0a:ac:59:
                    e5:47:59:cc:3d:bb:59:45:f1:9f:9c:6a:cd:e4:d2:
                    ac:22:9f:8c:17:71:f2:73:5f:83:d9:0a:6e:93:34:
                    93:b1:ac:eb:b7:d3:43:4f:b8:ae:47:f3:b9:66:bc:
                    ec:91:9b:44:dd:62:15:b0:2c:22:2a:d6:43:04:37:
                    0f:82:21:5b:56:d3:d0:7a:2e:45:7f:09:16:c8:2d:
                    9f:58:63:ca:90:92:07:2a:0c:00:80:f8:39:bc:e1:
                    c3:39:20:5a:bd:c1:49:89:25:04:82:75:42:15:c8:
                    3b:43:94:10:dd:9f:8d:14:8d:97:f3:59:91:e2:3a:
                    c9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8E:FC:BA:7D:FE:44:1B:F8:3E:14:71:A7:E4:51:48:F6:9C:9A:FD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2478un3-RBv4PhRxp-RRSPacmv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:5b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:f9:fc:f6:05:f5:d6:52:cf:30:70:fa:28:c7:3e:08:f4:ab:
         b2:57:d0:02:ce:4b:a0:c0:b2:9a:29:71:9a:d4:65:ee:b8:bf:
         88:be:53:4a:a3:5b:47:9a:cc:30:40:10:bc:47:9b:bd:b5:ea:
         21:aa:d7:fe:bf:4c:d5:64:42:b0:f3:66:c7:12:12:34:47:46:
         74:b9:ad:3c:bc:4b:b9:1c:f3:0d:89:98:c3:55:a9:89:35:74:
         b2:bf:4b:78:a4:ef:c7:a7:0d:19:9e:5f:66:1d:db:77:8c:79:
         a7:59:e7:53:d0:4c:2f:95:68:7b:54:89:05:ca:37:2d:19:ee:
         e9:f5:3a:ba:53:dd:43:fd:8e:09:c4:17:8c:cd:0a:c3:5e:0c:
         f6:ce:5b:70:e8:60:3f:bd:38:a4:60:eb:d8:0f:fe:da:ae:a1:
         c5:14:06:6d:7e:65:09:4c:1a:27:39:6d:1a:f3:45:f5:2f:a5:
         02:af:7a:27:c0:6c:47:93:60:cb:0d:f7:99:c9:65:35:ec:b0:
         67:23:02:d3:d8:a8:b4:2d:33:48:f3:7b:a2:ad:21:89:f7:9a:
         2d:10:90:2a:34:aa:b1:e8:1c:46:68:91:c7:31:68:29:e6:26:
         ae:ff:26:de:59:36:b7:87:d7:a0:b8:ba:99:b8:37:fa:ba:f4:
         47:c4:81:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw56nNgxUSWjG8NUV7LJH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhlZmNiYTdkZmU0NDFiZjgzZTE0NzFhN2U0NTE0OGY2OWM5YWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBMO06dQDMccQq6UPlpsoM0GFiP5
AQRQWxDwLj8RtTlJ+35HLehxbFkQgqxIY3+00XdoEl0Y0z38mJOjplRdgCLo7zl7
ZJjSxoeTHuSrlHB3Rdm949J0AkaxQr/VM7RoWF+iglSAnI5z0/sfo2FVke9qTPRI
nNpDZXwX0IKkEnep5gYKrFnlR1nMPbtZRfGfnGrN5NKsIp+MF3Hyc1+D2QpukzST
sazrt9NDT7iuR/O5ZrzskZtE3WIVsCwiKtZDBDcPgiFbVtPQei5FfwkWyC2fWGPK
kJIHKgwAgPg5vOHDOSBavcFJiSUEgnVCFcg7Q5QQ3Z+NFI2X81mR4jrJ7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuO/Lp9/kQb+D4UcafkUUj2nJr9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMjQ3OHVuMy1SQnY0UGhSeHAtUlJTUGFjbXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBk+fz2BfXWUs8wcPooxz4I9KuyV9ACzkugwLKa
KXGa1GXuuL+IvlNKo1tHmswwQBC8R5u9teohqtf+v0zVZEKw82bHEhI0R0Z0ua08
vEu5HPMNiZjDVamJNXSyv0t4pO/Hpw0Znl9mHdt3jHmnWedT0EwvlWh7VIkFyjct
Ge7p9Tq6U91D/Y4JxBeMzQrDXgz2zltw6GA/vTikYOvYD/7arqHFFAZtfmUJTBon
OW0a80X1L6UCr3onwGxHk2DLDfeZyWU17LBnIwLT2Ki0LTNI83uirSGJ95otEJAq
NKqx6BxGaJHHMWgp5iau/ybeWTa3h9eguLqZuDf6uvRHxIGU
-----END CERTIFICATE-----