Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4TK1JgX3Er1LhpSEqqxLqwdnss4.roa
File:                     4TK1JgX3Er1LhpSEqqxLqwdnss4.roa (raw, json)
Hash identifier:          kdLvXzEWr7wNHWhHic+mPV1tM+8bxw0f+lniRjdREzs=
Subject key identifier:   E1:32:B5:26:05:F7:12:BD:4B:86:94:84:AA:AC:4B:AB:07:67:B2:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01868D767780D850F220E38F9DCF70D21904
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4TK1JgX3Er1LhpSEqqxLqwdnss4.roa
Signing time:             Sun 26 Feb 2023 11:23:16 +0000
ROA not before:           Sun 26 Feb 2023 11:23:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:8d:76:77:80:d8:50:f2:20:e3:8f:9d:cf:70:d2:19:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 26 11:23:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e132b52605f712bd4b869484aaac4bab0767b2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bd:9b:2c:29:20:b4:17:d0:89:8a:bc:9e:56:
                    23:af:a5:54:1c:98:66:54:19:aa:61:4c:e7:48:8a:
                    20:d9:f6:c4:92:fa:a9:9d:24:06:f6:1c:e2:10:68:
                    57:33:8b:5a:9d:62:c1:67:36:6a:1d:a5:f5:10:13:
                    16:3e:f6:f6:75:02:ae:d1:eb:b0:a1:af:cb:57:87:
                    c3:86:29:86:04:3f:45:c0:56:58:94:0d:0b:70:d6:
                    69:b6:7d:c9:9b:1a:4d:5d:9a:fb:42:26:0b:60:e2:
                    ab:c0:f2:2c:5c:00:33:81:9b:fc:86:0e:70:2b:fe:
                    4a:6e:36:0c:9d:cc:76:e2:23:a7:71:3b:91:24:b4:
                    30:42:4d:9a:85:3d:bd:24:88:cf:39:cd:1e:66:7b:
                    1c:48:d1:40:67:da:76:dd:ab:40:e0:e3:b7:fe:d6:
                    c0:18:e9:a9:e7:8a:75:19:29:80:ff:68:f1:65:78:
                    6f:12:c2:a0:5d:a1:bc:fe:9b:8e:41:e4:64:32:9e:
                    3c:94:b1:66:3f:90:e9:7c:4e:8a:5f:b1:e6:42:88:
                    6f:33:f7:df:b1:34:60:d1:40:00:74:68:e4:a4:9c:
                    57:56:24:75:05:30:4b:ce:3c:bd:1f:b0:22:fd:8b:
                    5e:80:30:ea:e7:08:3f:9a:bc:be:ff:19:47:f6:9f:
                    ff:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:32:B5:26:05:F7:12:BD:4B:86:94:84:AA:AC:4B:AB:07:67:B2:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4TK1JgX3Er1LhpSEqqxLqwdnss4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::/44
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:e1:10:d5:18:d7:59:b6:d8:2d:a6:c3:1d:33:42:6f:f5:40:
         0a:f4:cb:0a:a5:f5:4e:76:9b:54:55:04:0b:3e:e1:3d:c9:48:
         48:3e:54:2e:eb:b9:df:e2:b6:3c:ef:4b:b8:0f:ee:02:55:c2:
         b5:be:7c:f8:ac:a6:f8:55:91:1d:62:54:0b:ea:c1:c6:f0:22:
         54:fa:95:9f:d7:8b:ec:08:6e:74:c4:e2:61:fd:a4:7e:f0:8d:
         14:3a:ce:14:47:3c:66:d7:91:aa:80:1a:4e:4c:8b:0e:a9:34:
         f3:82:f7:ea:6b:60:3c:45:4a:a1:1c:b9:14:8c:a9:96:e9:c5:
         6f:d5:e0:94:bd:a6:c3:17:85:e6:97:7c:66:33:53:40:70:c7:
         d8:ca:51:09:ac:64:ab:45:98:3e:68:93:8c:56:76:5a:fb:d9:
         ff:65:54:68:11:8a:bd:fb:14:dc:72:c4:f9:ec:53:35:31:16:
         72:86:72:1c:99:45:62:27:5f:d7:55:6f:93:fa:97:52:44:20:
         dd:85:97:d4:65:bd:e9:8f:83:2f:64:90:7c:d2:4b:c5:a7:6c:
         99:d7:9c:d6:06:17:4d:c3:e4:46:38:9a:01:85:7b:9e:24:a8:
         31:db:52:56:74:9e:25:5c:65:d9:ce:02:19:40:01:fa:ec:1c:
         f4:ab:6f:eb
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYaNdneA2FDyIOOPnc9w0hkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMjI2MTEyMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTMyYjUyNjA1ZjcxMmJkNGI4Njk0ODRhYWFjNGJhYjA3NjdiMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L2bLCkgtBfQiYq8nlYjr6VUHJhm
VBmqYUznSIog2fbEkvqpnSQG9hziEGhXM4tanWLBZzZqHaX1EBMWPvb2dQKu0euw
oa/LV4fDhimGBD9FwFZYlA0LcNZptn3JmxpNXZr7QiYLYOKrwPIsXAAzgZv8hg5w
K/5KbjYMncx24iOncTuRJLQwQk2ahT29JIjPOc0eZnscSNFAZ9p23atA4OO3/tbA
GOmp54p1GSmA/2jxZXhvEsKgXaG8/puOQeRkMp48lLFmP5DpfE6KX7HmQohvM/ff
sTRg0UAAdGjkpJxXViR1BTBLzjy9H7Ai/YtegDDq5wg/mry+/xlH9p//xQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFOEytSYF9xK9S4aUhKqsS6sHZ7LOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNFRLMUpnWDNFcjFMaHBTRXFxeExxd2Ruc3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAIwdAMGACoMO4f/
AwcAKg6XwAc2AwcAKg6XwAc/AwcAKg6XwAdQAwcAKg6XwAdvAwcAKg6xAgEvAwcE
Kg6xBwXQAwcEKg6xBwkAAwcAKg6xBwn0AwcAKg6xBwn2AwcAKg6xBw3yAwcAKg6x
BxhwAwcAKg6xBxueMA0GCSqGSIb3DQEBCwUAA4IBAQCg4RDVGNdZttgtpsMdM0Jv
9UAK9MsKpfVOdptUVQQLPuE9yUhIPlQu67nf4rY870u4D+4CVcK1vnz4rKb4VZEd
YlQL6sHG8CJU+pWf14vsCG50xOJh/aR+8I0UOs4URzxm15GqgBpOTIsOqTTzgvfq
a2A8RUqhHLkUjKmW6cVv1eCUvabDF4Xml3xmM1NAcMfYylEJrGSrRZg+aJOMVnZa
+9n/ZVRoEYq9+xTccsT57FM1MRZyhnIcmUViJ1/XVW+T+pdSRCDdhZfUZb3pj4Mv
ZJB80kvFp2yZ15zWBhdNw+RGOJoBhXueJKgx21JWdJ4lXGXZzgIZQAH67Bz0q2/r
-----END CERTIFICATE-----