Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7wEYggsJjAgqDde0uEXaN8EvGQE.roa
File:                     7wEYggsJjAgqDde0uEXaN8EvGQE.roa (raw, json)
Hash identifier:          KqHQwb0NrM/7D9TwldRCysZlPu/NTmIY/W8eo+NYYfM=
Subject key identifier:   EF:01:18:82:0B:09:8C:08:2A:0D:D7:B4:B8:45:DA:37:C1:2F:19:01
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7E26589C696E5BB02828AF3B73A20
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7wEYggsJjAgqDde0uEXaN8EvGQE.roa
Signing time:             Mon 02 Jan 2023 05:15:23 +0000
ROA not before:           Mon 02 Jan 2023 05:15:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210013
IP address blocks:        2a0e:97c0:6cd::/48 maxlen: 48
                          2a0e:97c0:6c0::/44 maxlen: 48
                          2a0e:97c0:6c8::/48 maxlen: 48
                          2a0e:97c0:6c3::/48 maxlen: 48
                          2a0e:97c0:6ce::/48 maxlen: 48
                          2a0e:97c0:6c1::/48 maxlen: 48
                          2a0e:97c0:6cc::/48 maxlen: 48
                          2a0e:97c0:6c7::/48 maxlen: 48
                          2a0e:97c0:6c2::/48 maxlen: 48
                          2a0e:97c0:6c5::/48 maxlen: 48
                          2a0e:97c0:6c0::/48 maxlen: 48
                          2a0e:97c0:6cb::/48 maxlen: 48
                          2a0e:97c0:6c6::/48 maxlen: 48
                          2a0e:97c0:6c9::/48 maxlen: 48
                          2a0e:97c0:6c4::/48 maxlen: 48
                          2a0e:97c0:6cf::/48 maxlen: 48
                          2a0e:97c0:6ca::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:e2:65:89:c6:96:e5:bb:02:82:8a:f3:b7:3a:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef0118820b098c082a0dd7b4b845da37c12f1901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e6:47:bc:25:e3:b8:e8:e4:d7:a3:6b:fb:0a:
                    25:49:be:6f:7e:4e:e6:a1:e6:5a:49:13:65:49:a5:
                    98:0d:20:b1:85:bd:3c:3e:7c:4f:ce:3c:50:17:84:
                    c6:5d:1e:9e:a9:98:5b:b2:cd:3e:de:01:ab:74:ee:
                    0c:4e:08:e3:26:62:4d:7a:dd:6e:4d:c3:c3:3c:bb:
                    49:b7:92:93:6d:95:5a:0d:a1:37:ee:af:cb:8a:6f:
                    cf:c1:bd:be:ec:99:5f:28:82:70:ea:96:09:00:f6:
                    44:9e:3e:5a:cb:19:7e:57:4f:5a:f9:82:08:24:42:
                    79:a0:8a:ab:fb:b1:3a:26:5a:50:2a:d3:dc:29:7c:
                    67:a0:af:65:a1:47:24:54:9d:21:cd:1d:b1:19:4a:
                    8d:4d:68:d0:63:ea:c1:d2:60:02:c6:a8:5a:6d:af:
                    f4:19:b5:8b:39:16:87:95:df:c9:49:d7:d7:a0:1d:
                    7f:77:73:40:5c:36:5f:30:7c:9a:1c:52:59:88:1d:
                    3a:5a:a5:21:9b:f6:b8:b4:53:9f:81:1a:72:f7:f8:
                    1b:aa:0d:bc:e8:a2:e6:62:80:6c:e2:29:3c:8f:b6:
                    cc:d8:0c:f9:e9:eb:5e:a3:61:0b:64:08:db:62:6f:
                    e4:31:ec:ae:58:a2:65:d6:1c:49:d8:f8:34:f1:33:
                    77:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:01:18:82:0B:09:8C:08:2A:0D:D7:B4:B8:45:DA:37:C1:2F:19:01
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7wEYggsJjAgqDde0uEXaN8EvGQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:6c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:a7:f6:6c:dd:65:ee:25:3a:c7:6f:ac:50:8c:39:c2:9f:f1:
         54:19:9e:45:3c:3b:3f:d1:00:cf:ca:87:0c:8e:ca:8b:a7:b7:
         0a:e5:91:13:f8:b1:1d:95:fb:0e:67:a8:1b:ea:01:50:8a:1b:
         29:f4:aa:c6:37:1d:39:b8:08:bb:de:15:7a:ef:d8:6b:c8:39:
         6f:7b:c8:87:ba:2d:29:4d:30:21:33:81:25:69:42:2c:95:61:
         02:6b:32:6a:6e:71:40:51:de:99:22:b7:e6:a0:93:d7:ae:de:
         6d:91:c4:25:05:de:d9:df:ac:59:bb:8e:e8:7a:3e:42:27:d7:
         a7:35:f4:c7:82:4b:ac:e1:bc:22:c2:d2:be:e6:46:b1:91:aa:
         07:5f:62:3a:07:02:53:e1:75:d6:cb:28:f6:c8:d2:60:e8:46:
         54:ad:8e:1f:38:ed:fc:7d:66:87:01:a7:7a:19:95:71:a3:36:
         da:ba:21:17:56:63:7c:14:86:25:82:21:60:89:a1:88:2c:1a:
         fd:ce:2f:19:8a:02:a3:0c:55:8f:c4:ad:69:dd:61:fd:5f:f6:
         da:60:6f:90:13:d2:17:cc:de:92:aa:4d:dc:8d:90:5c:f7:ee:
         28:a5:68:87:af:e6:1c:91:48:2a:ac:dd:99:72:9e:b6:68:f6:
         06:e7:bf:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw5+JlicaW5bsCgorztzogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjAxMTg4MjBiMDk4YzA4MmEwZGQ3YjRiODQ1ZGEzN2MxMmYxOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOZHvCXjuOjk16Nr+wolSb5vfk7m
oeZaSRNlSaWYDSCxhb08PnxPzjxQF4TGXR6eqZhbss0+3gGrdO4MTgjjJmJNet1u
TcPDPLtJt5KTbZVaDaE37q/Lim/Pwb2+7JlfKIJw6pYJAPZEnj5ayxl+V09a+YII
JEJ5oIqr+7E6JlpQKtPcKXxnoK9loUckVJ0hzR2xGUqNTWjQY+rB0mACxqhaba/0
GbWLORaHld/JSdfXoB1/d3NAXDZfMHyaHFJZiB06WqUhm/a4tFOfgRpy9/gbqg28
6KLmYoBs4ik8j7bM2Az56eteo2ELZAjbYm/kMeyuWKJl1hxJ2Pg08TN3vwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO8BGIILCYwIKg3XtLhF2jfBLxkBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN3dFWWdnc0pqQWdxRGRlMHVFWGFOOEV2R1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAbA
MA0GCSqGSIb3DQEBCwUAA4IBAQBtp/Zs3WXuJTrHb6xQjDnCn/FUGZ5FPDs/0QDP
yocMjsqLp7cK5ZET+LEdlfsOZ6gb6gFQihsp9KrGNx05uAi73hV679hryDlve8iH
ui0pTTAhM4ElaUIslWECazJqbnFAUd6ZIrfmoJPXrt5tkcQlBd7Z36xZu47oej5C
J9enNfTHgkus4bwiwtK+5kaxkaoHX2I6BwJT4XXWyyj2yNJg6EZUrY4fOO38fWaH
Aad6GZVxozbauiEXVmN8FIYlgiFgiaGILBr9zi8ZigKjDFWPxK1p3WH9X/baYG+Q
E9IXzN6Sqk3cjZBc9+4opWiHr+YckUgqrN2Zcp62aPYG578I
-----END CERTIFICATE-----