Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GK76AzvBpzyz1bl2fNzuoULZJJc.roa
File:                     GK76AzvBpzyz1bl2fNzuoULZJJc.roa (raw, json)
Hash identifier:          jm3w1KXiBcHEmsABmipM7d6fks5li/C9YXQnpsaMh84=
Subject key identifier:   18:AE:FA:03:3B:C1:A7:3C:B3:D5:B9:76:7C:DC:EE:A1:42:D9:24:97
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC54C726564E4D90D5F239D6DD50C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GK76AzvBpzyz1bl2fNzuoULZJJc.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:b107:360::/48 maxlen: 48
                          2a10:cc40:cc47::/48 maxlen: 48
                          2a0e:b107:365::/48 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48
                          2a0e:b107:362::/48 maxlen: 48
                          2a0e:b107:367::/48 maxlen: 48
                          2a0e:b107:364::/48 maxlen: 48
                          2a0e:b107:361::/48 maxlen: 48
                          2a0e:b107:363::/48 maxlen: 48
                          2a0e:97c0:aba::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 18:51:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c5:4c:72:65:64:e4:d9:0d:5f:23:9d:6d:d5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18aefa033bc1a73cb3d5b9767cdceea142d92497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:42:1a:8f:b9:2d:77:cf:c7:64:db:1e:86:e2:
                    a5:51:4d:69:b7:09:c7:9c:63:43:59:c9:fb:93:58:
                    ea:7e:31:12:4f:de:3a:e5:87:d3:59:76:cf:44:42:
                    bc:34:9e:18:ac:73:61:9e:81:28:bc:00:11:00:10:
                    e6:0b:cd:ff:f0:23:42:8e:de:07:c9:34:12:e9:06:
                    ba:2e:77:e0:7f:ed:f2:cd:d7:9b:b4:77:4a:78:d2:
                    66:e7:af:8d:2c:f2:b0:a0:f2:46:b8:24:2f:9b:d8:
                    4c:56:0f:8f:13:81:a3:39:9c:9d:ae:1a:d3:03:41:
                    e2:37:cc:3e:75:c5:31:cd:03:09:c2:d8:cd:12:ba:
                    4e:dc:bd:fa:81:34:c7:ae:74:d2:a2:d4:98:a0:07:
                    9f:dc:27:e9:9c:40:81:cc:30:30:1b:8f:3b:99:a5:
                    1b:2e:3e:ea:4d:ed:87:15:87:da:27:27:ef:9d:b4:
                    d7:01:9d:2e:3e:ae:18:2f:d8:72:5f:2c:d0:8f:6f:
                    6b:66:6b:71:a5:79:59:7c:3a:82:b8:68:c0:52:6d:
                    ce:d6:8e:2f:f3:99:40:4f:a1:19:e0:f0:32:79:6a:
                    0b:d3:98:d8:1a:86:54:6e:ad:7f:8d:7c:cf:7b:77:
                    2c:ab:cf:1c:a2:82:a2:c7:cf:91:0e:a7:8e:5f:1d:
                    14:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:AE:FA:03:3B:C1:A7:3C:B3:D5:B9:76:7C:DC:EE:A1:42:D9:24:97
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GK76AzvBpzyz1bl2fNzuoULZJJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aba::/48
                  2a0e:b107:360::-2a0e:b107:365:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:367::/48
                  2a0e:b107:f50::/44
                  2a10:cc40:cc47::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:ab:1e:e7:97:f9:37:4b:90:a1:31:a7:78:7d:52:b3:dc:93:
         85:ec:a2:13:c4:72:bb:73:5d:41:85:d5:91:53:c0:bd:6a:c0:
         5f:71:c4:bf:75:62:d9:af:10:a8:7f:ea:af:c5:fa:d1:43:fa:
         2d:58:fd:d4:70:2c:f4:61:1b:1f:18:b7:66:7e:eb:dd:60:bd:
         56:71:dc:a7:08:7f:14:1c:6a:fc:72:39:c7:46:6a:ee:8e:9d:
         5f:75:4c:23:15:ca:af:9b:fb:2a:e8:6e:0d:e7:69:a2:f9:83:
         0d:97:00:f4:ff:27:f6:79:da:20:f6:eb:81:f6:ef:77:56:32:
         35:9c:16:49:a1:11:c5:49:36:4c:ee:74:02:42:d5:b5:8b:7f:
         33:8b:18:db:0a:cb:2a:41:3b:16:0f:47:6d:8d:5e:5c:10:04:
         04:67:0f:14:93:3d:1a:c8:a1:f6:39:d2:58:ea:32:e4:87:a6:
         6d:21:c9:30:57:03:ae:63:0b:71:41:4a:82:5a:d8:30:b9:7d:
         1e:61:40:b2:ae:1a:30:13:ce:37:10:76:9e:a5:d7:1a:e5:34:
         d4:b8:1d:1b:66:78:f2:68:63:9a:22:fd:fb:93:bd:8a:c8:78:
         39:60:64:39:21:f3:cd:7a:e0:dc:5f:27:07:8d:07:eb:d4:53:
         35:8c:e6:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzJvMVMcmVk5NkNXyOdbdUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGFlZmEwMzNiYzFhNzNjYjNkNWI5NzY3Y2RjZWVhMTQyZDkyNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEIaj7ktd8/HZNsehuKlUU1ptwnH
nGNDWcn7k1jqfjEST9465YfTWXbPREK8NJ4YrHNhnoEovAARABDmC83/8CNCjt4H
yTQS6Qa6Lnfgf+3yzdebtHdKeNJm56+NLPKwoPJGuCQvm9hMVg+PE4GjOZydrhrT
A0HiN8w+dcUxzQMJwtjNErpO3L36gTTHrnTSotSYoAef3CfpnECBzDAwG487maUb
Lj7qTe2HFYfaJyfvnbTXAZ0uPq4YL9hyXyzQj29rZmtxpXlZfDqCuGjAUm3O1o4v
85lAT6EZ4PAyeWoL05jYGoZUbq1/jXzPe3csq88cooKix8+RDqeOXx0UxQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBiu+gM7wac8s9W5dnzc7qFC2SSXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR0s3NkF6dkJwenl6MWJsMmZOenVvVUxaSkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwcAKg6XwAq6
MBIDBwUqDrEHA2ADBwEqDrEHA2QDBwAqDrEHA2cDBwQqDrEHD1ADBwAqEMxAzEcw
DQYJKoZIhvcNAQELBQADggEBADGrHueX+TdLkKExp3h9UrPck4XsohPEcrtzXUGF
1ZFTwL1qwF9xxL91YtmvEKh/6q/F+tFD+i1Y/dRwLPRhGx8Yt2Z+691gvVZx3KcI
fxQcavxyOcdGau6OnV91TCMVyq+b+yrobg3naaL5gw2XAPT/J/Z52iD264H273dW
MjWcFkmhEcVJNkzudAJC1bWLfzOLGNsKyypBOxYPR22NXlwQBARnDxSTPRrIofY5
0ljqMuSHpm0hyTBXA65jC3FBSoJa2DC5fR5hQLKuGjATzjcQdp6l1xrlNNS4HRtm
ePJoY5oi/fuTvYrIeDlgZDkh88164NxfJweNB+vUUzWM5p8=
-----END CERTIFICATE-----