Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Z_G-5nWQG3o7ArDPcNRSf0mcjc.roa
File:                     9Z_G-5nWQG3o7ArDPcNRSf0mcjc.roa (raw, json)
Hash identifier:          HVfD8Iid9ktjlQPsqhllTZmIOEVTZyNrNMb+sWPgSjo=
Subject key identifier:   F5:9F:C6:FB:99:D6:40:6D:E8:EC:0A:C3:3D:C3:51:49:FD:26:72:37
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018815ED819D4899EEDF31E293DD439299ED
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Z_G-5nWQG3o7ArDPcNRSf0mcjc.roa
Signing time:             Sat 13 May 2023 16:24:26 +0000
ROA not before:           Sat 13 May 2023 16:24:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:97c0:791::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:97c0:792::/48 maxlen: 48
                          2a0e:97c0:1000::/38 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a06:de01:400::/38 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:15:ed:81:9d:48:99:ee:df:31:e2:93:dd:43:92:99:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 13 16:24:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f59fc6fb99d6406de8ec0ac33dc35149fd267237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b2:8e:ce:3c:5d:69:b0:03:77:80:ed:8c:00:
                    28:6e:c7:7c:a5:62:f0:32:80:a8:aa:f7:1e:49:b6:
                    3c:fb:2d:8e:74:c9:95:e0:91:42:d3:03:2e:e3:af:
                    d8:1e:15:d9:c1:04:ae:eb:3a:91:1f:8b:46:6c:22:
                    46:a2:d9:60:dd:af:6f:e8:a0:4d:73:45:53:0e:74:
                    f0:fd:05:43:2f:35:2f:ce:95:7f:f0:1c:c3:ed:35:
                    69:f6:e6:14:35:28:4c:ae:58:a6:3f:b1:52:c1:9a:
                    8e:cc:c5:6e:ff:33:6c:9c:08:87:8e:e1:8c:20:80:
                    db:77:14:60:4f:b8:bb:b9:83:14:56:5f:8d:3f:52:
                    3c:24:94:c4:90:18:de:87:c6:14:5a:17:b2:06:d6:
                    58:91:9a:24:3f:00:80:c9:53:57:29:49:8f:d2:4b:
                    2b:2c:73:16:0b:31:37:aa:b3:88:0f:02:16:33:92:
                    d5:26:96:8b:84:00:3f:bc:f2:61:46:19:7b:3b:1e:
                    37:f7:0a:00:f3:7d:18:d2:1b:af:cb:26:10:ed:3f:
                    00:54:39:08:32:89:10:02:9a:31:09:39:7a:34:94:
                    bf:60:44:47:43:b0:82:7b:00:b5:4c:26:44:89:b5:
                    f6:fb:bc:82:82:5d:ae:37:dc:da:03:96:70:75:8e:
                    0c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9F:C6:FB:99:D6:40:6D:E8:EC:0A:C3:3D:C3:51:49:FD:26:72:37
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Z_G-5nWQG3o7ArDPcNRSf0mcjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:400::/38
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c0:791::-2a0e:97c0:792:ffff:ffff:ffff:ffff:ffff
                  2a0e:97c0:1000::/38
                  2a0e:b107:5d0::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:1b:2b:d0:d5:80:83:02:e4:96:f3:81:8b:9c:77:25:d0:0f:
         16:43:e2:7e:00:ad:05:41:14:a9:db:e2:9a:bb:ed:bb:16:27:
         d1:16:80:2f:93:f3:a0:40:d3:31:ac:c9:4d:b2:b0:12:53:a5:
         00:94:1e:5e:94:a2:85:72:b0:d5:5d:71:30:77:cb:e0:71:f7:
         69:48:86:cc:f3:3e:94:40:6b:4a:42:20:de:4d:3a:4d:0c:c3:
         08:aa:ea:10:59:84:50:ba:5f:a1:28:6c:77:6e:9d:c4:59:be:
         03:84:19:e4:1e:b6:7b:2f:1e:42:96:c2:12:1e:b1:f5:5e:e7:
         26:d1:5a:ab:5d:39:c6:c8:2c:25:97:1b:13:fd:57:39:dc:69:
         5d:78:9b:dc:aa:b2:f6:47:ae:93:44:8f:bf:dc:62:5a:71:7a:
         a0:80:d7:72:7c:68:29:b5:94:aa:96:d0:78:e0:8d:53:c0:b8:
         90:8d:74:66:78:5c:fe:40:31:fa:83:5c:4f:a0:f1:5a:84:19:
         f5:de:60:e5:ee:79:e7:ea:c2:ea:a5:d4:c3:56:fc:b8:49:94:
         91:5c:2a:3f:c2:6b:87:02:df:6f:b2:ce:29:20:09:33:9e:ca:
         f9:39:27:b2:6e:c9:80:68:bc:b2:98:6b:cc:a6:aa:c3:ec:ab:
         00:4a:f5:28
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYgV7YGdSJnu3zHik91DkpntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNTEzMTYyNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTlmYzZmYjk5ZDY0MDZkZThlYzBhYzMzZGMzNTE0OWZkMjY3MjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7KOzjxdabADd4DtjAAobsd8pWLw
MoCoqvceSbY8+y2OdMmV4JFC0wMu46/YHhXZwQSu6zqRH4tGbCJGotlg3a9v6KBN
c0VTDnTw/QVDLzUvzpV/8BzD7TVp9uYUNShMrlimP7FSwZqOzMVu/zNsnAiHjuGM
IIDbdxRgT7i7uYMUVl+NP1I8JJTEkBjeh8YUWheyBtZYkZokPwCAyVNXKUmP0ksr
LHMWCzE3qrOIDwIWM5LVJpaLhAA/vPJhRhl7Ox439woA830Y0huvyyYQ7T8AVDkI
MokQApoxCTl6NJS/YERHQ7CCewC1TCZEibX2+7yCgl2uN9zaA5ZwdY4MyQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPWfxvuZ1kBt6OwKwz3DUUn9JnI3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOVpfRy01bldRRzNvN0FyRFBjTlJTZjBtY2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjCBgwQCAAIwfQMGAioG
3gEEAwYAKgw7h/8DBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28wEgMHACoOl8AH
kQMHACoOl8AHkgMGAioOl8AQAwcEKg6xBwXQAwcAKg6xBwn0AwcAKg6xBwn2AwcA
Kg6xBw3yAwcAKg6xBxhwAwcAKg6xBxueMA0GCSqGSIb3DQEBCwUAA4IBAQBnGyvQ
1YCDAuSW84GLnHcl0A8WQ+J+AK0FQRSp2+Kau+27FifRFoAvk/OgQNMxrMlNsrAS
U6UAlB5elKKFcrDVXXEwd8vgcfdpSIbM8z6UQGtKQiDeTTpNDMMIquoQWYRQul+h
KGx3bp3EWb4DhBnkHrZ7Lx5ClsISHrH1Xucm0VqrXTnGyCwllxsT/Vc53GldeJvc
qrL2R66TRI+/3GJacXqggNdyfGgptZSqltB44I1TwLiQjXRmeFz+QDH6g1xPoPFa
hBn13mDl7nnn6sLqpdTDVvy4SZSRXCo/wmuHAt9vss4pIAkznsr5OSeybsmAaLyy
mGvMpqrD7KsASvUo
-----END CERTIFICATE-----