Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ESmKSwzx2NbjfCxHl7XXnNFJCz8.roa
File:                     ESmKSwzx2NbjfCxHl7XXnNFJCz8.roa (raw, json)
Hash identifier:          80F5yjTFjghEJdnb7kg4O4KnLfMYaymWY6C1Ks7PwzQ=
Subject key identifier:   11:29:8A:4B:0C:F1:D8:D6:E3:7C:2C:47:97:B5:D7:9C:D1:49:0B:3F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E8040B7F40B3D2DE0CA8EBC145DC34
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ESmKSwzx2NbjfCxHl7XXnNFJCz8.roa
Signing time:             Mon 02 Jan 2023 05:15:31 +0000
ROA not before:           Mon 02 Jan 2023 05:15:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211484
IP address blocks:        2a0e:97c0:3b0::/44 maxlen: 48
                          2a0e:97c0:3b0::/48 maxlen: 48
                          2a0e:97c0:3b3::/48 maxlen: 48
                          2a0e:97c0:363::/48 maxlen: 48
                          2a0e:97c0:366::/48 maxlen: 48
                          2a0e:97c0:361::/48 maxlen: 48
                          2a0e:97c0:3b1::/48 maxlen: 48
                          2a0e:97c0:364::/48 maxlen: 48
                          2a0e:97c0:3b4::/48 maxlen: 48
                          2a0e:97c0:3bf::/48 maxlen: 48
                          2a0e:97c0:36f::/48 maxlen: 48
                          2a0e:97c0:3b2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 30 Jan 2023 17:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e8:04:0b:7f:40:b3:d2:de:0c:a8:eb:c1:45:dc:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11298a4b0cf1d8d6e37c2c4797b5d79cd1490b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:38:43:d3:ce:bf:c0:56:96:23:17:d0:c5:22:
                    dd:69:91:34:26:3e:0e:66:6b:50:0e:6c:aa:53:28:
                    b7:40:c0:36:94:23:78:24:35:94:8a:26:5e:0a:32:
                    ef:c2:f2:45:d1:3d:38:29:78:6c:90:b1:7e:c9:2c:
                    db:5e:ff:97:b0:2c:ef:44:24:bd:e2:06:cb:e5:a3:
                    7d:42:af:31:c3:47:90:28:60:e1:63:3e:05:3b:9c:
                    47:1b:08:b5:42:e2:90:f5:60:12:b4:a9:34:77:bc:
                    f2:b9:9e:3b:93:04:c3:9b:2a:b8:58:9d:93:7a:7c:
                    44:c1:c9:cd:57:a8:a6:13:36:57:a7:d9:b3:ee:6e:
                    b3:d6:38:22:83:36:d0:f5:f8:62:dc:a1:84:d6:68:
                    0f:8a:09:b4:12:83:ed:68:96:be:12:32:20:79:cc:
                    ca:ec:d5:df:b2:c5:ea:a6:7e:da:d2:e5:e3:f7:a8:
                    ad:dd:0e:62:f7:04:86:04:a6:cf:13:b9:ec:bb:29:
                    76:94:5e:36:f7:f9:b3:3e:d9:11:2e:f7:67:41:be:
                    df:9c:d2:84:5d:63:8f:ac:a6:19:4d:75:ed:40:d9:
                    85:2f:c8:dc:1b:d1:48:94:55:d0:7d:4f:31:cc:e0:
                    74:5e:d4:24:c6:ca:fb:f5:62:1d:34:a0:02:a9:41:
                    4d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:29:8A:4B:0C:F1:D8:D6:E3:7C:2C:47:97:B5:D7:9C:D1:49:0B:3F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ESmKSwzx2NbjfCxHl7XXnNFJCz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:361::/48
                  2a0e:97c0:363::-2a0e:97c0:364:ffff:ffff:ffff:ffff:ffff
                  2a0e:97c0:366::/48
                  2a0e:97c0:36f::/48
                  2a0e:97c0:3b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:46:3e:a8:5e:63:2f:1c:79:99:7c:4f:99:fe:5f:2b:b6:0b:
         4c:95:0b:84:b0:87:62:ce:d6:55:a2:6f:fd:f7:25:8e:c7:c0:
         35:c9:22:e5:27:07:62:dd:78:0e:ba:41:5a:90:fa:c4:6f:db:
         f2:58:00:a3:4a:71:cc:f6:4f:8a:cc:9c:40:fa:3f:c4:68:73:
         f2:f0:4e:d6:a9:08:2e:b4:99:ee:c9:88:64:1c:74:95:b7:15:
         57:a1:49:e1:a3:b0:a2:d8:47:ed:ee:4c:b7:a3:79:cb:6b:5e:
         42:0c:fd:b8:0f:7f:e8:3f:bb:84:dc:b8:0e:7c:f8:a7:a7:c1:
         12:48:a9:46:77:09:49:e8:d1:fc:7a:5e:e6:3d:8f:f3:cd:70:
         1c:c9:02:ab:72:ab:3f:7e:d3:78:0b:7e:26:7d:84:34:d9:39:
         79:95:3d:ba:b7:5b:53:38:82:cc:f4:e5:77:f8:4c:64:11:6f:
         be:e4:e4:f7:19:9c:d7:b7:bf:d9:1f:24:65:4b:bb:d9:26:76:
         af:f8:42:cf:cd:4e:d1:f3:1a:43:24:75:81:ee:63:67:17:0d:
         ac:4e:a1:b6:45:54:c1:a9:6c:1a:36:78:1c:93:2b:8a:a8:fd:
         da:36:ac:96:3e:db:4f:5c:74:b4:05:4a:16:31:bf:16:d8:fd:
         99:ec:04:47
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVw6AQLf0Cz0t4MqOvBRdw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTI5OGE0YjBjZjFkOGQ2ZTM3YzJjNDc5N2I1ZDc5Y2QxNDkwYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojhD086/wFaWIxfQxSLdaZE0Jj4O
ZmtQDmyqUyi3QMA2lCN4JDWUiiZeCjLvwvJF0T04KXhskLF+ySzbXv+XsCzvRCS9
4gbL5aN9Qq8xw0eQKGDhYz4FO5xHGwi1QuKQ9WAStKk0d7zyuZ47kwTDmyq4WJ2T
enxEwcnNV6imEzZXp9mz7m6z1jgigzbQ9fhi3KGE1mgPigm0EoPtaJa+EjIgeczK
7NXfssXqpn7a0uXj96it3Q5i9wSGBKbPE7nsuyl2lF429/mzPtkRLvdnQb7fnNKE
XWOPrKYZTXXtQNmFL8jcG9FIlFXQfU8xzOB0XtQkxsr79WIdNKACqUFNSQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBEpiksM8djW43wsR5e115zRSQs/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRVNtS1N3engyTmJqZkN4SGw3WFhuTkZKQ3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwcAKg6XwANh
MBIDBwAqDpfAA2MDBwAqDpfAA2QDBwAqDpfAA2YDBwAqDpfAA28DBwQqDpfAA7Aw
DQYJKoZIhvcNAQELBQADggEBAHRGPqheYy8ceZl8T5n+Xyu2C0yVC4Swh2LO1lWi
b/33JY7HwDXJIuUnB2LdeA66QVqQ+sRv2/JYAKNKccz2T4rMnED6P8Roc/LwTtap
CC60me7JiGQcdJW3FVehSeGjsKLYR+3uTLejectrXkIM/bgPf+g/u4TcuA58+Ken
wRJIqUZ3CUno0fx6XuY9j/PNcBzJAqtyqz9+03gLfiZ9hDTZOXmVPbq3W1M4gsz0
5Xf4TGQRb77k5PcZnNe3v9kfJGVLu9kmdq/4Qs/NTtHzGkMkdYHuY2cXDaxOobZF
VMGpbBo2eByTK4qo/do2rJY+209cdLQFShYxvxbY/ZnsBEc=
-----END CERTIFICATE-----