Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IRASgcnr7tNiMBt37ygGRwM5HVo.roa
File:                     IRASgcnr7tNiMBt37ygGRwM5HVo.roa (raw, json)
Hash identifier:          OZKEnHbVmmflU4pJmBdKBaQ26DeYuw2CoD+a2uJgflQ=
Subject key identifier:   21:10:12:81:C9:EB:EE:D3:62:30:1B:77:EF:28:06:47:03:39:1D:5A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018AB8C3DA3631DC26F1140A87B87D4E8ACA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IRASgcnr7tNiMBt37ygGRwM5HVo.roa
Signing time:             Thu 21 Sep 2023 17:22:37 +0000
ROA not before:           Thu 21 Sep 2023 17:22:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200993
IP address blocks:        2a0e:97c0:5d0::/44 maxlen: 48
                          2a0e:b107:279d::/48 maxlen: 48
                          2a0e:b107:279a::/48 maxlen: 48
                          2a0e:b107:278a::/48 maxlen: 48
                          2a0e:b107:279f::/48 maxlen: 48
                          2a0e:b107:2691::/48 maxlen: 48
                          2a0e:b107:2799::/48 maxlen: 48
                          2a0e:b107:279e::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b8:c3:da:36:31:dc:26:f1:14:0a:87:b8:7d:4e:8a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 21 17:22:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21101281c9ebeed362301b77ef28064703391d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:36:5c:94:cd:fe:84:62:d7:f0:72:2b:a1:d0:
                    cf:f2:02:e0:96:c0:69:15:6a:13:08:56:64:1e:be:
                    d8:29:a1:d3:93:ce:65:35:52:0a:6b:c6:96:c9:98:
                    2a:ce:cd:7e:eb:db:19:53:8b:21:81:15:04:78:38:
                    11:f1:72:e0:c1:cd:84:45:49:b3:a7:af:26:3e:fa:
                    39:60:0c:0b:ab:99:90:85:ab:73:83:43:26:cc:8f:
                    50:c7:e1:07:f0:ed:db:3e:c1:86:f8:a7:ab:95:6f:
                    a5:40:52:16:8b:33:d2:f4:8b:c1:3e:af:63:c3:5d:
                    ca:fb:03:f5:aa:be:fa:29:c4:22:9c:f1:ab:23:cf:
                    99:3c:a7:13:9a:29:9d:62:0c:cf:e8:ba:4e:a4:e9:
                    14:15:50:02:9b:02:2e:4b:c8:64:0f:18:bc:c6:ea:
                    92:36:50:da:ee:9f:dd:57:d8:e9:61:f6:fd:70:f1:
                    de:03:46:99:a7:fd:fa:80:88:4c:c9:59:e4:e6:bc:
                    96:0e:d7:bb:46:39:87:d6:55:d1:a8:be:4f:d7:da:
                    69:74:85:76:33:4d:cd:6a:4f:ba:16:48:a9:63:49:
                    08:27:de:4a:3d:c8:76:89:45:8f:73:b7:02:d2:e1:
                    b9:27:9d:c4:be:44:4e:c9:70:cf:bb:5a:63:a2:a0:
                    90:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:10:12:81:C9:EB:EE:D3:62:30:1B:77:EF:28:06:47:03:39:1D:5A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IRASgcnr7tNiMBt37ygGRwM5HVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:5d0::/44
                  2a0e:b107:2691::/48
                  2a0e:b107:278a::/48
                  2a0e:b107:2799::-2a0e:b107:279a:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:279d::-2a0e:b107:279f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         32:99:e0:19:ce:9b:1e:80:d6:55:ca:46:9f:bc:d1:40:44:d1:
         2e:c7:2f:2a:c6:42:3a:c2:21:4a:24:4b:59:fa:dc:1c:60:3f:
         d5:e5:a9:50:e5:32:88:33:be:49:1b:63:e7:e7:34:c8:23:b1:
         28:1f:de:af:80:ec:aa:33:e3:2e:50:91:33:42:2c:e9:d2:87:
         2a:f5:7a:85:f4:c7:16:42:5c:bb:49:f0:43:64:32:5f:bd:bf:
         da:70:83:4b:b9:5a:51:8f:2c:c3:bb:4e:b1:d5:2b:a8:7b:75:
         9a:d5:36:3c:9e:62:fb:c1:4d:90:b2:da:20:32:4d:56:10:5f:
         f0:90:14:da:f3:ed:a0:e8:c1:ab:fd:c5:3b:a5:82:30:3b:c7:
         e0:be:4a:67:77:f4:52:8e:c6:36:bb:d5:bd:0d:13:d5:9f:61:
         4e:7d:eb:ce:6c:52:5e:83:f3:9c:70:87:7d:ff:ad:4c:54:05:
         24:e6:c0:56:ca:3e:c9:81:d3:99:99:44:39:dc:f7:63:59:5a:
         64:d6:cb:58:24:4c:b9:c7:39:86:a1:d8:c7:da:dd:f5:a6:1d:
         e0:50:d7:28:4d:5e:1e:1d:37:52:77:ff:dc:51:5d:ee:fd:fe:
         3f:5c:80:ae:4c:9f:24:fe:f5:8e:95:bd:15:7e:1b:1e:c6:63:
         3d:d7:64:26
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYq4w9o2Mdwm8RQKh7h9TorKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwOTIxMTcyMjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTEwMTI4MWM5ZWJlZWQzNjIzMDFiNzdlZjI4MDY0NzAzMzkxZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDZclM3+hGLX8HIrodDP8gLglsBp
FWoTCFZkHr7YKaHTk85lNVIKa8aWyZgqzs1+69sZU4shgRUEeDgR8XLgwc2ERUmz
p68mPvo5YAwLq5mQhatzg0MmzI9Qx+EH8O3bPsGG+KerlW+lQFIWizPS9IvBPq9j
w13K+wP1qr76KcQinPGrI8+ZPKcTmimdYgzP6LpOpOkUFVACmwIuS8hkDxi8xuqS
NlDa7p/dV9jpYfb9cPHeA0aZp/36gIhMyVnk5ryWDte7RjmH1lXRqL5P19ppdIV2
M03Nak+6FkipY0kIJ95KPch2iUWPc7cC0uG5J53EvkROyXDPu1pjoqCQeQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFCEQEoHJ6+7TYjAbd+8oBkcDOR1aMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSVJBU2djbnI3dE5pTUJ0Mzd5Z0dSd001SFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAAjBDAwcEKg6XwAXQ
AwcAKg6xByaRAwcAKg6xByeKMBIDBwAqDrEHJ5kDBwAqDrEHJ5owEgMHACoOsQcn
nQMHBSoOsQcngDANBgkqhkiG9w0BAQsFAAOCAQEAMpngGc6bHoDWVcpGn7zRQETR
LscvKsZCOsIhSiRLWfrcHGA/1eWpUOUyiDO+SRtj5+c0yCOxKB/er4DsqjPjLlCR
M0Is6dKHKvV6hfTHFkJcu0nwQ2QyX72/2nCDS7laUY8sw7tOsdUrqHt1mtU2PJ5i
+8FNkLLaIDJNVhBf8JAU2vPtoOjBq/3FO6WCMDvH4L5KZ3f0Uo7GNrvVvQ0T1Z9h
Tn3rzmxSXoPznHCHff+tTFQFJObAVso+yYHTmZlEOdz3Y1laZNbLWCRMucc5hqHY
x9rd9aYd4FDXKE1eHh03Unf/3FFd7v3+P1yArkyfJP71jpW9FX4bHsZjPddkJg==
-----END CERTIFICATE-----