Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/473Gmc5kD8nrIxXRkpl3onlT1hc.roa
File:                     473Gmc5kD8nrIxXRkpl3onlT1hc.roa (raw, json)
Hash identifier:          stTiDdhDREyxN/56WIlBpomzn+6OTMRG1ahI8hAnjQ8=
Subject key identifier:   E3:BD:C6:99:CE:64:0F:C9:EB:23:15:D1:92:99:77:A2:79:53:D6:17
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0187D2D93294334341A6C2F1ABC6879E4247
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/473Gmc5kD8nrIxXRkpl3onlT1hc.roa
Signing time:             Sun 30 Apr 2023 15:47:42 +0000
ROA not before:           Sun 30 Apr 2023 15:47:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200160
IP address blocks:        2a0e:b107:660::/44 maxlen: 48
                          2a0e:b107:5f0::/44 maxlen: 48
                          2a0e:b107:1d60::/44 maxlen: 48
                          2a0e:b107:600::/44 maxlen: 48
                          2a0e:b107:1e00::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:b107:2150::/44 maxlen: 48
                          2a0e:b107:800::/44 maxlen: 48

Validation:               Failed, certificate revoked on Sun 30 Apr 2023 16:52:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d2:d9:32:94:33:43:41:a6:c2:f1:ab:c6:87:9e:42:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 30 15:47:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3bdc699ce640fc9eb2315d1929977a27953d617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0b:a6:3c:c1:f6:65:bb:74:34:d3:b0:91:7d:
                    56:0b:01:ed:20:84:af:e6:ce:2c:19:8e:53:e9:9c:
                    49:15:17:5b:96:1c:17:15:7f:68:1b:41:25:75:e8:
                    1c:ad:02:78:30:05:f9:36:c5:40:d3:57:9d:51:c9:
                    0d:6b:4d:6a:5c:a3:75:67:c8:c1:ff:8e:f3:b3:53:
                    62:18:d2:ee:a8:61:9e:52:67:1e:d1:58:f5:60:04:
                    ae:ed:52:dd:f2:73:71:9a:04:3c:6c:23:65:f7:d7:
                    2f:e3:ae:51:62:77:72:e8:97:32:e1:81:98:fb:d9:
                    08:ed:f6:06:f8:ac:24:9f:c2:fb:1b:73:f3:5f:36:
                    97:3d:4f:77:85:01:34:82:d0:b6:6b:3e:c1:f2:60:
                    e2:61:2e:6d:1c:c3:b8:25:1c:7d:a7:36:39:7c:c9:
                    9f:b6:41:2f:6a:d4:77:9a:29:4d:f0:f6:e2:c9:2e:
                    38:b5:2a:19:24:87:bc:f5:0c:13:e7:b1:24:97:dd:
                    79:0b:e8:ba:dd:40:e6:cd:27:c1:76:24:3e:98:ea:
                    3f:3c:f2:9b:89:14:1f:c2:46:c6:54:e7:6e:f1:67:
                    1c:d2:31:50:b7:82:9a:9d:aa:92:99:fb:19:0a:24:
                    05:e6:36:3d:4f:c7:19:bf:8b:c0:e0:71:b2:ec:b7:
                    64:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BD:C6:99:CE:64:0F:C9:EB:23:15:D1:92:99:77:A2:79:53:D6:17
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/473Gmc5kD8nrIxXRkpl3onlT1hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5e0::-2a0e:b107:60f:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:660::/44
                  2a0e:b107:800::/44
                  2a0e:b107:1d60::/44
                  2a0e:b107:1e00::/44
                  2a0e:b107:2150::/44

    Signature Algorithm: sha256WithRSAEncryption
         1b:d4:8c:65:db:4a:3d:49:0c:5b:30:93:b7:58:22:64:0f:70:
         ec:be:11:b1:b9:cf:cc:93:de:f4:8a:93:03:e5:ea:de:f2:db:
         ba:71:ea:1b:3c:48:43:4a:0d:aa:8f:ac:67:38:db:be:37:b1:
         d8:0e:8d:6a:e7:76:6a:8a:e1:10:62:aa:51:8c:62:51:a4:38:
         8a:e7:f5:53:d5:23:3b:1e:1b:61:e1:c6:46:d6:11:37:11:c5:
         40:74:eb:1d:d8:0b:1a:d8:ff:6c:e7:3a:e5:04:9b:dc:ed:c8:
         fa:0f:46:69:c7:47:99:d3:ea:a4:0f:b0:1a:f9:ea:07:f2:2f:
         92:c5:cb:c1:71:00:9f:9c:50:c7:a7:80:fb:66:23:fc:63:22:
         10:b3:36:e0:9f:6e:1b:43:16:96:80:27:66:e1:c9:77:7e:a5:
         3f:4c:83:34:76:cb:89:7e:b0:12:75:b6:cf:d5:93:fb:3e:f5:
         bb:4a:53:d7:83:7f:7f:e1:c5:6e:71:6b:d8:42:a8:fb:5e:67:
         00:0f:4b:7d:81:d4:b0:5a:8c:8e:97:0d:53:39:e3:84:3e:6a:
         c3:31:98:6a:e5:f7:21:17:71:50:56:b2:80:83:c0:4b:34:62:
         fc:91:59:bf:39:32:99:3a:78:2e:11:e4:c3:33:b3:72:7a:43:
         0b:57:42:e4
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYfS2TKUM0NBpsLxq8aHnkJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNDMwMTU0NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JkYzY5OWNlNjQwZmM5ZWIyMzE1ZDE5Mjk5NzdhMjc5NTNkNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgumPMH2Zbt0NNOwkX1WCwHtIISv
5s4sGY5T6ZxJFRdblhwXFX9oG0EldegcrQJ4MAX5NsVA01edUckNa01qXKN1Z8jB
/47zs1NiGNLuqGGeUmce0Vj1YASu7VLd8nNxmgQ8bCNl99cv465RYndy6Jcy4YGY
+9kI7fYG+Kwkn8L7G3PzXzaXPU93hQE0gtC2az7B8mDiYS5tHMO4JRx9pzY5fMmf
tkEvatR3milN8PbiyS44tSoZJIe89QwT57Ekl915C+i63UDmzSfBdiQ+mOo/PPKb
iRQfwkbGVOdu8Wcc0jFQt4KanaqSmfsZCiQF5jY9T8cZv4vA4HGy7Ldk0QIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFOO9xpnOZA/J6yMV0ZKZd6J5U9YXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNDczR21jNWtEOG5ySXhYUmtwbDNvbmxUMWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTBHBAIAAjBBMBIDBwUqDrEH
BeADBwQqDrEHBgADBwQqDrEHBmADBwQqDrEHCAADBwQqDrEHHWADBwQqDrEHHgAD
BwQqDrEHIVAwDQYJKoZIhvcNAQELBQADggEBABvUjGXbSj1JDFswk7dYImQPcOy+
EbG5z8yT3vSKkwPl6t7y27px6hs8SENKDaqPrGc42743sdgOjWrndmqK4RBiqlGM
YlGkOIrn9VPVIzseG2HhxkbWETcRxUB06x3YCxrY/2znOuUEm9ztyPoPRmnHR5nT
6qQPsBr56gfyL5LFy8FxAJ+cUMengPtmI/xjIhCzNuCfbhtDFpaAJ2bhyXd+pT9M
gzR2y4l+sBJ1ts/Vk/s+9btKU9eDf3/hxW5xa9hCqPteZwAPS32B1LBajI6XDVM5
44Q+asMxmGrl9yEXcVBWsoCDwEs0YvyRWb85Mpk6eC4R5MMzs3J6QwtXQuQ=
-----END CERTIFICATE-----