Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uags1ES2aT-sTErigqaeNYaNSzo.roa
File:                     Uags1ES2aT-sTErigqaeNYaNSzo.roa (raw, json)
Hash identifier:          HinEOWzuOG4a/50zHa7urRG+m31mZIyPUCcYDY7ZnOs=
Subject key identifier:   51:A8:2C:D4:44:B6:69:3F:AC:4C:4A:E2:82:A6:9E:35:86:8D:4B:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018C29ECEBEADF408EE86351B0D2C9956927
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uags1ES2aT-sTErigqaeNYaNSzo.roa
Signing time:             Sat 02 Dec 2023 09:47:21 +0000
ROA not before:           Sat 02 Dec 2023 09:47:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211293
IP address blocks:        2a0e:b107:2190::/48 maxlen: 48
                          2a0e:b107:2195::/48 maxlen: 48
                          2a0e:b107:219a::/48 maxlen: 48
                          2a0e:b107:2194::/48 maxlen: 48
                          2a0e:b107:2199::/48 maxlen: 48
                          2a0e:b107:2228::/45 maxlen: 48
                          2a0e:b107:2193::/48 maxlen: 48
                          2a0e:b107:2198::/48 maxlen: 48
                          2a0e:b107:21c0::/44 maxlen: 48
                          2a0e:b107:2192::/48 maxlen: 48
                          2a0e:b107:2197::/48 maxlen: 48
                          2a0e:b107:219c::/48 maxlen: 48
                          2a0e:b107:2191::/48 maxlen: 48
                          2a0e:b107:2220::/45 maxlen: 48
                          2a0e:b107:21c0::/45 maxlen: 48
                          2a0e:b107:2196::/48 maxlen: 48
                          2a0e:b107:219b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 02 Dec 2023 09:48:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:29:ec:eb:ea:df:40:8e:e8:63:51:b0:d2:c9:95:69:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec  2 09:47:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51a82cd444b6693fac4c4ae282a69e35868d4b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:27:48:2c:04:0e:e3:a5:94:b9:10:a5:d1:e1:
                    fb:52:9e:ce:39:54:81:ac:e6:25:6a:3c:a0:ab:a7:
                    54:f7:7e:c3:6a:42:9a:26:9e:e0:10:2e:af:ed:89:
                    41:6e:84:c4:f2:23:4e:12:19:2f:27:47:d1:36:62:
                    d9:00:b4:48:5c:d0:73:d3:9a:fb:72:0b:2a:75:e8:
                    01:fa:7f:f2:d4:2b:c6:19:c9:bd:47:d2:94:35:c3:
                    9d:47:8f:07:76:35:70:34:02:40:ff:00:83:4c:9e:
                    e7:14:84:11:51:b3:82:b3:be:66:bc:b7:24:50:d5:
                    23:e8:f7:d4:8a:bf:46:87:9b:a1:05:4c:7c:51:24:
                    b7:cf:70:a8:23:4a:66:2d:40:a5:b5:ab:ab:75:f6:
                    7f:df:c4:00:7d:3f:fb:9b:e9:e9:72:6d:ff:f4:c7:
                    27:15:c9:dd:d7:c7:1e:98:c1:71:94:61:a4:2b:4f:
                    2a:4f:0a:f9:59:28:62:8e:2f:92:19:90:71:09:1f:
                    ce:03:41:50:ac:77:bf:2a:c4:7f:fe:9b:d8:73:c1:
                    1f:58:ed:d3:9d:7b:61:a9:f4:c5:5c:5f:99:bb:10:
                    26:a3:d9:8f:1f:29:03:1d:d9:03:0a:ec:f2:ca:f0:
                    83:26:e9:d2:f2:2e:ff:74:ad:6d:5d:f3:73:bf:ef:
                    08:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A8:2C:D4:44:B6:69:3F:AC:4C:4A:E2:82:A6:9E:35:86:8D:4B:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uags1ES2aT-sTErigqaeNYaNSzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2190::-2a0e:b107:219c:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:21c0::/44
                  2a0e:b107:2220::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:b8:8b:c3:de:5c:7c:c0:cd:3f:26:37:19:25:6e:9d:dd:e6:
         2b:be:6b:e4:f4:37:02:d9:50:b6:62:0b:87:8c:7b:25:99:4d:
         e3:de:ea:cc:77:9d:4a:32:ba:f3:8d:cc:b6:cb:10:4d:7d:ec:
         e1:28:79:34:52:ad:86:2e:f9:89:48:23:3a:17:c4:6f:ef:3a:
         24:bb:05:a7:a6:43:34:b0:aa:5a:aa:f1:9e:39:34:4a:ff:95:
         4e:32:3c:0e:eb:57:e6:b0:5a:38:49:3e:d0:a8:97:c9:87:49:
         5b:2e:53:f1:bd:17:16:fa:bf:cb:60:16:1a:12:70:b7:6b:91:
         8d:07:56:f3:47:a2:56:04:36:fe:cd:d5:a2:8c:7e:51:32:76:
         c8:38:0a:c4:90:54:d2:63:bf:da:5e:28:b4:0f:4a:67:2b:8f:
         ea:68:07:58:65:e9:36:1d:be:a1:ab:df:1b:12:92:49:fb:e5:
         19:a8:bf:49:b1:7a:56:b7:36:6d:f7:13:35:ee:a0:e5:e7:3e:
         ba:a8:6b:3e:a0:d9:f4:88:14:9b:54:a6:97:89:e7:4f:af:17:
         91:1f:57:b4:d5:6d:97:39:f4:2b:f7:a5:58:f7:07:82:fb:be:
         2f:f6:73:39:3f:8d:97:4f:1e:31:fa:3c:47:d6:ff:4a:15:82:
         de:04:b2:d4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYwp7Ovq30CO6GNRsNLJlWknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMxMjAyMDk0NzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWE4MmNkNDQ0YjY2OTNmYWM0YzRhZTI4MmE2OWUzNTg2OGQ0YjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySdILAQO46WUuRCl0eH7Up7OOVSB
rOYlajygq6dU937DakKaJp7gEC6v7YlBboTE8iNOEhkvJ0fRNmLZALRIXNBz05r7
cgsqdegB+n/y1CvGGcm9R9KUNcOdR48HdjVwNAJA/wCDTJ7nFIQRUbOCs75mvLck
UNUj6PfUir9Gh5uhBUx8USS3z3CoI0pmLUCltaurdfZ/38QAfT/7m+npcm3/9Mcn
Fcnd18cemMFxlGGkK08qTwr5WShiji+SGZBxCR/OA0FQrHe/KsR//pvYc8EfWO3T
nXthqfTFXF+ZuxAmo9mPHykDHdkDCuzyyvCDJunS8i7/dK1tXfNzv+8I6wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFFGoLNREtmk/rExK4oKmnjWGjUs6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVWFnczFFUzJhVC1zVEVyaWdxYWVOWWFOU3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmMBIDBwQqDrEH
IZADBwAqDrEHIZwDBwQqDrEHIcADBwQqDrEHIiAwDQYJKoZIhvcNAQELBQADggEB
AIG4i8PeXHzAzT8mNxklbp3d5iu+a+T0NwLZULZiC4eMeyWZTePe6sx3nUoyuvON
zLbLEE197OEoeTRSrYYu+YlIIzoXxG/vOiS7BaemQzSwqlqq8Z45NEr/lU4yPA7r
V+awWjhJPtCol8mHSVsuU/G9Fxb6v8tgFhoScLdrkY0HVvNHolYENv7N1aKMflEy
dsg4CsSQVNJjv9peKLQPSmcrj+poB1hl6TYdvqGr3xsSkkn75Rmov0mxela3Nm33
EzXuoOXnPrqoaz6g2fSIFJtUppeJ50+vF5EfV7TVbZc59Cv3pVj3B4L7vi/2czk/
jZdPHjH6PEfW/0oVgt4EstQ=
-----END CERTIFICATE-----