Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DnspjK9uVkxRdm-Yl-CKTohUkow.roa
File:                     DnspjK9uVkxRdm-Yl-CKTohUkow.roa (raw, json)
Hash identifier:          E126oeQAQaVQzOtLpFxaBXt1HKhQygLhCxboDLXc1Yw=
Subject key identifier:   0E:7B:29:8C:AF:6E:56:4C:51:76:6F:98:97:E0:8A:4E:88:54:92:8C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D139D56A0755493928F79FB49F0E51C82
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DnspjK9uVkxRdm-Yl-CKTohUkow.roa
Signing time:             Tue 16 Jan 2024 18:51:34 +0000
ROA not before:           Tue 16 Jan 2024 18:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:97c0:aba::/48 maxlen: 48
                          2a0e:b107:19::/48 maxlen: 48
                          2a0e:b107:360::/48 maxlen: 48
                          2a0e:b107:361::/48 maxlen: 48
                          2a0e:b107:362::/48 maxlen: 48
                          2a0e:b107:363::/48 maxlen: 48
                          2a0e:b107:364::/48 maxlen: 48
                          2a0e:b107:365::/48 maxlen: 48
                          2a0e:b107:367::/48 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48
                          2a10:cc40:cc47::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 00:51:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:9d:56:a0:75:54:93:92:8f:79:fb:49:f0:e5:1c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 16 18:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e7b298caf6e564c51766f9897e08a4e8854928c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a0:34:29:cd:f5:5d:a0:60:d3:84:cf:61:c5:
                    98:e9:ae:db:27:1f:3a:e6:71:93:fc:a4:c1:d4:eb:
                    cf:4a:04:00:cd:9f:d3:85:fc:ad:3a:1a:4c:9d:25:
                    ad:cd:27:a7:53:38:3f:a1:eb:c4:87:42:bc:35:81:
                    28:0f:6e:7a:0e:3a:a0:66:1f:9a:11:39:2e:5d:72:
                    f9:bf:b3:8a:14:6b:e6:59:44:5a:69:37:be:62:69:
                    da:10:ff:b1:79:86:16:a0:56:65:f5:7c:f8:85:34:
                    f5:4a:31:a2:fb:5f:48:f8:1b:49:59:2f:4f:48:e2:
                    3b:54:f2:51:15:2b:6a:5e:52:cb:0e:fa:14:ec:23:
                    1e:cc:c2:ed:88:49:10:2d:92:c9:2b:cf:01:c3:74:
                    5e:2f:34:66:d2:d6:70:9f:4b:9c:46:dc:8a:6d:4d:
                    62:33:61:58:16:29:5d:2f:06:c4:de:a7:37:b2:57:
                    8d:d0:fc:da:5c:80:69:fe:01:da:6c:64:0b:dd:79:
                    be:6d:23:da:fc:85:c3:c0:f2:a6:38:75:7d:fb:e8:
                    ee:24:f5:b3:47:ad:64:a1:c9:5c:23:30:58:8a:a7:
                    19:82:e0:71:66:ca:58:94:0f:fa:5f:62:22:75:56:
                    60:e6:2a:84:c8:be:9b:84:32:f7:e0:1d:3e:b2:de:
                    0c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7B:29:8C:AF:6E:56:4C:51:76:6F:98:97:E0:8A:4E:88:54:92:8C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DnspjK9uVkxRdm-Yl-CKTohUkow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aba::/48
                  2a0e:b107:19::/48
                  2a0e:b107:360::-2a0e:b107:365:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:367::/48
                  2a0e:b107:f50::/44
                  2a10:cc40:cc47::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:94:e5:b1:f0:2e:58:8e:4d:96:af:f7:0a:bd:f1:bd:5c:b0:
         c3:11:44:b7:97:7d:0e:88:b7:2e:cb:9f:e8:47:b9:44:8a:75:
         46:12:7f:36:ae:a9:a2:4d:02:d4:28:52:ea:fd:22:a6:ad:64:
         67:a8:57:44:07:a0:c4:eb:74:65:a0:32:20:36:38:7a:c0:7b:
         cd:01:df:40:a3:36:80:59:61:35:e5:eb:df:ea:ad:72:9b:50:
         bf:b7:a8:6a:ae:18:ad:16:94:58:bf:62:c8:fb:fe:ae:e4:aa:
         fa:77:b3:90:ba:23:86:dd:eb:f7:c4:aa:d4:03:7c:77:eb:40:
         fc:77:1e:af:f7:0f:bf:81:fe:9c:23:83:7a:61:62:93:75:b2:
         5d:47:80:80:10:58:97:ae:e1:5e:95:6d:55:2c:d3:3d:c0:f6:
         a0:ce:be:8f:72:d0:32:16:f5:41:74:d4:6a:e0:23:c9:43:9d:
         74:b8:02:5f:6e:53:30:84:da:1c:cc:2b:72:47:10:4e:3d:6c:
         a2:a4:62:06:65:97:3c:2a:d7:56:97:43:cb:1c:f8:84:39:d6:
         3e:dd:51:88:17:f6:2b:dd:2d:8d:c1:52:fc:d3:c3:62:28:2f:
         70:86:b3:b2:05:23:ac:7e:20:24:ed:2f:db:65:b5:a9:be:44:
         0d:ae:06:fc
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY0TnVagdVSTko95+0nw5RyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTE2MTg1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTdiMjk4Y2FmNmU1NjRjNTE3NjZmOTg5N2UwOGE0ZTg4NTQ5MjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKA0Kc31XaBg04TPYcWY6a7bJx86
5nGT/KTB1OvPSgQAzZ/ThfytOhpMnSWtzSenUzg/oevEh0K8NYEoD256DjqgZh+a
ETkuXXL5v7OKFGvmWURaaTe+YmnaEP+xeYYWoFZl9Xz4hTT1SjGi+19I+BtJWS9P
SOI7VPJRFStqXlLLDvoU7CMezMLtiEkQLZLJK88Bw3ReLzRm0tZwn0ucRtyKbU1i
M2FYFildLwbE3qc3sleN0PzaXIBp/gHabGQL3Xm+bSPa/IXDwPKmOHV9++juJPWz
R61koclcIzBYiqcZguBxZspYlA/6X2IidVZg5iqEyL6bhDL34B0+st4McQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFA57KYyvblZMUXZvmJfgik6IVJKMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRG5zcGpLOXVWa3hSZG0tWWwtQ0tUb2hVa293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTBHBAIAAjBBAwcAKg6XwAq6
AwcAKg6xBwAZMBIDBwUqDrEHA2ADBwEqDrEHA2QDBwAqDrEHA2cDBwQqDrEHD1AD
BwAqEMxAzEcwDQYJKoZIhvcNAQELBQADggEBAH+U5bHwLliOTZav9wq98b1csMMR
RLeXfQ6Ity7Ln+hHuUSKdUYSfzauqaJNAtQoUur9IqatZGeoV0QHoMTrdGWgMiA2
OHrAe80B30CjNoBZYTXl69/qrXKbUL+3qGquGK0WlFi/Ysj7/q7kqvp3s5C6I4bd
6/fEqtQDfHfrQPx3Hq/3D7+B/pwjg3phYpN1sl1HgIAQWJeu4V6VbVUs0z3A9qDO
vo9y0DIW9UF01GrgI8lDnXS4Al9uUzCE2hzMK3JHEE49bKKkYgZllzwq11aXQ8sc
+IQ51j7dUYgX9ivdLY3BUvzTw2IoL3CGs7IFI6x+ICTtL9tltam+RA2uBvw=
-----END CERTIFICATE-----