Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/W2U4St5_HsgePIWfO_WlTQ0csQ4.roa
File:                     W2U4St5_HsgePIWfO_WlTQ0csQ4.roa (raw, json)
Hash identifier:          ZSyjooPGJmPo5TacRZgmHtXH+DbR01hTcIE+pVqz8dE=
Subject key identifier:   5B:65:38:4A:DE:7F:1E:C8:1E:3C:85:9F:3B:F5:A5:4D:0D:1C:B1:0E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0188680E916E0034D01F39164827C40DA265
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/W2U4St5_HsgePIWfO_WlTQ0csQ4.roa
Signing time:             Mon 29 May 2023 15:09:25 +0000
ROA not before:           Mon 29 May 2023 15:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210864
IP address blocks:        2a0e:b107:1a00::/48 maxlen: 48
                          2a0e:b107:1a05::/48 maxlen: 48
                          2a0e:b107:1a0a::/48 maxlen: 48
                          2a0e:b107:1a04::/48 maxlen: 48
                          2a0e:b107:1a09::/48 maxlen: 48
                          2a0e:b107:1a03::/48 maxlen: 48
                          2a0e:b107:1a08::/48 maxlen: 48
                          2a0e:b107:1a02::/48 maxlen: 48
                          2a0e:b107:1a07::/48 maxlen: 48
                          2a0e:b107:1a0c::/48 maxlen: 48
                          2a0e:b107:1a01::/48 maxlen: 48
                          2a0e:b107:1a06::/48 maxlen: 48
                          2a0e:b107:1a0b::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:68:0e:91:6e:00:34:d0:1f:39:16:48:27:c4:0d:a2:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 29 15:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b65384ade7f1ec81e3c859f3bf5a54d0d1cb10e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d9:ed:05:57:a1:3d:43:6f:1c:54:a6:14:0f:
                    6d:71:c3:90:e0:f9:fe:4a:68:73:f2:bd:a7:72:5a:
                    9c:26:02:5c:fa:66:e5:b8:16:8c:2f:bb:67:db:80:
                    c0:6a:14:82:bf:af:bf:10:f3:f1:af:3d:dd:df:75:
                    d7:82:b6:63:e6:01:1f:8c:c7:e9:a5:f4:72:8c:5f:
                    08:be:46:1b:82:0f:42:21:dd:4b:e2:1b:49:5b:93:
                    25:b3:1c:a4:0f:dd:87:82:a9:e8:96:bd:73:ad:cf:
                    7f:c2:26:b9:b8:f7:eb:d3:f1:94:d9:f4:07:4b:15:
                    38:bf:71:24:25:9b:bc:e8:55:73:e3:f9:3f:29:6f:
                    01:2c:c0:15:72:2f:51:b7:dc:34:20:0c:77:c3:92:
                    8c:3b:3b:04:f5:39:68:86:71:3e:f8:40:ab:93:48:
                    b4:f3:a7:24:46:22:60:42:99:3c:72:e3:ef:8d:04:
                    cb:21:14:5a:26:bb:46:41:ee:40:49:a0:2e:2e:51:
                    9f:4c:ac:b9:4d:9b:9f:65:0f:e1:91:1d:e6:96:10:
                    82:de:95:af:ec:7d:7e:99:4c:d0:4d:1d:35:57:73:
                    ce:5c:6d:aa:c5:45:1f:5d:a3:2a:05:f8:f3:42:c8:
                    22:6f:7f:51:f0:92:f3:ca:e3:7b:79:d0:84:e5:de:
                    2d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:65:38:4A:DE:7F:1E:C8:1E:3C:85:9F:3B:F5:A5:4D:0D:1C:B1:0E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/W2U4St5_HsgePIWfO_WlTQ0csQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1a00::-2a0e:b107:1a0c:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         04:31:fa:83:3e:3a:14:5b:e0:d7:43:ef:60:6d:06:86:18:cd:
         d9:e5:e9:88:03:16:d3:5e:24:fa:2f:1b:1b:06:76:71:72:27:
         94:b4:6a:c5:e5:f9:73:1c:95:71:f7:d9:74:96:19:ba:ec:02:
         51:f7:89:4e:12:27:de:14:9e:db:1b:7a:67:34:77:4e:ef:16:
         2d:5e:09:12:1f:2e:74:c7:35:d8:38:6a:0e:b4:86:b1:a3:8c:
         98:20:ba:ea:d5:62:5a:42:d2:c1:ec:19:ee:a8:2e:ee:df:6a:
         67:8e:ec:69:ac:26:77:dd:04:9f:80:fa:1a:f4:ae:44:11:43:
         19:1b:a0:98:09:07:f4:1a:b8:23:2d:f9:2d:89:5a:db:19:ce:
         36:45:86:61:0f:15:0f:a8:2c:e7:14:bc:0c:89:c7:d4:a1:bc:
         95:5f:e9:d4:ff:87:e6:22:db:42:28:fc:8b:6c:0b:25:38:d4:
         bf:70:14:55:8f:26:6d:f7:41:7f:55:14:4a:51:c8:0e:37:d9:
         fb:0d:03:6c:de:5c:f3:02:66:9f:31:9c:31:46:81:40:10:e4:
         6e:a6:7d:f6:c9:19:45:c6:6e:a1:6f:b1:41:68:3c:85:0a:73:
         a3:b1:74:77:d6:c8:01:d5:a2:db:b2:89:5c:fb:4a:1a:f4:ac:
         74:cd:6d:01
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYhoDpFuADTQHzkWSCfEDaJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNTI5MTUwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY1Mzg0YWRlN2YxZWM4MWUzYzg1OWYzYmY1YTU0ZDBkMWNiMTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9ntBVehPUNvHFSmFA9tccOQ4Pn+
Smhz8r2nclqcJgJc+mbluBaML7tn24DAahSCv6+/EPPxrz3d33XXgrZj5gEfjMfp
pfRyjF8IvkYbgg9CId1L4htJW5MlsxykD92Hgqnolr1zrc9/wia5uPfr0/GU2fQH
SxU4v3EkJZu86FVz4/k/KW8BLMAVci9Rt9w0IAx3w5KMOzsE9TlohnE++ECrk0i0
86ckRiJgQpk8cuPvjQTLIRRaJrtGQe5ASaAuLlGfTKy5TZufZQ/hkR3mlhCC3pWv
7H1+mUzQTR01V3POXG2qxUUfXaMqBfjzQsgib39R8JLzyuN7edCE5d4tCQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFFtlOErefx7IHjyFnzv1pU0NHLEOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVzJVNFN0NV9Ic2dlUElXZk9fV2xUUTBjc1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgEqDrEH
GgMHACoOsQcaDDANBgkqhkiG9w0BAQsFAAOCAQEABDH6gz46FFvg10PvYG0GhhjN
2eXpiAMW014k+i8bGwZ2cXInlLRqxeX5cxyVcffZdJYZuuwCUfeJThIn3hSe2xt6
ZzR3Tu8WLV4JEh8udMc12DhqDrSGsaOMmCC66tViWkLSwewZ7qgu7t9qZ47saawm
d90En4D6GvSuRBFDGRugmAkH9Bq4Iy35LYla2xnONkWGYQ8VD6gs5xS8DInH1KG8
lV/p1P+H5iLbQij8i2wLJTjUv3AUVY8mbfdBf1UUSlHIDjfZ+w0DbN5c8wJmnzGc
MUaBQBDkbqZ99skZRcZuoW+xQWg8hQpzo7F0d9bIAdWi27KJXPtKGvSsdM1tAQ==
-----END CERTIFICATE-----