Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WXSmhC28zUla6gvevNlajQh_tDo.roa
File:                     WXSmhC28zUla6gvevNlajQh_tDo.roa (raw, json)
Hash identifier:          5RYuCS0k2T6qyoPA48N39pytmeH9ryDZ8DakFmqROBg=
Subject key identifier:   59:74:A6:84:2D:BC:CD:49:5A:EA:0B:DE:BC:D9:5A:8D:08:7F:B4:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018A803F172CD859E9F12F9E83BD5F9E2045
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WXSmhC28zUla6gvevNlajQh_tDo.roa
Signing time:             Sun 10 Sep 2023 17:58:52 +0000
ROA not before:           Sun 10 Sep 2023 17:58:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     151633
IP address blocks:        2a06:de00:6b::/48 maxlen: 48
                          2a06:de00:66::/48 maxlen: 48
                          2a06:de00:61::/48 maxlen: 48
                          2a06:de00:6c::/48 maxlen: 48
                          2a06:de00:6f::/48 maxlen: 48
                          2a06:de00:6a::/48 maxlen: 48
                          2a06:de00:65::/48 maxlen: 48
                          2a06:de00:60::/48 maxlen: 48
                          2a06:de00:63::/48 maxlen: 48
                          2a06:de00:6e::/48 maxlen: 48
                          2a06:de00:69::/48 maxlen: 48
                          2a06:de00:64::/48 maxlen: 48
                          2a06:de00:67::/48 maxlen: 48
                          2a06:de00:62::/48 maxlen: 48
                          2a06:de00:6d::/48 maxlen: 48
                          2a06:de00:60::/44 maxlen: 48
                          2a06:de00:68::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:80:3f:17:2c:d8:59:e9:f1:2f:9e:83:bd:5f:9e:20:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 10 17:58:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5974a6842dbccd495aea0bdebcd95a8d087fb43a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a7:8d:0b:96:ee:41:9b:24:59:22:5f:dd:e1:
                    ea:c4:38:b8:6a:fd:07:27:09:3e:47:bc:9c:b0:ca:
                    a8:c6:00:ec:74:06:e8:0c:8d:12:21:89:a3:15:0c:
                    d3:f9:e8:da:f1:ed:27:47:93:3d:f8:3e:74:02:b6:
                    dc:d1:f5:14:9d:11:56:43:85:68:33:34:14:3e:d1:
                    7c:34:27:e6:b1:f4:6a:61:aa:da:b6:86:aa:6a:13:
                    ab:0b:13:3a:3c:0b:f7:be:8d:5d:4c:90:49:8b:1c:
                    b7:ca:a9:8f:04:52:3d:14:0a:cf:63:62:34:22:f4:
                    8c:67:04:6c:51:2d:ac:b0:9b:c7:a0:74:20:fa:af:
                    95:18:ab:a5:af:f9:dd:71:fa:17:01:9c:4d:1f:33:
                    3e:47:03:9b:58:fd:16:72:9b:b6:81:9a:0d:03:b8:
                    08:d7:6c:cf:38:98:6d:b7:90:e8:57:54:c3:60:c7:
                    87:f7:b9:b7:5d:9c:4b:2c:bc:76:cf:87:e1:82:32:
                    b1:4d:f1:44:ae:56:d8:41:f6:8c:f5:f2:4e:20:bb:
                    b6:62:4d:73:8a:6c:d8:82:5a:42:5e:d7:93:1a:3b:
                    48:bd:f9:9b:cd:13:70:08:d0:ea:24:74:93:af:1b:
                    d6:db:a6:04:3f:74:1d:35:b6:83:ac:4c:32:32:e6:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:74:A6:84:2D:BC:CD:49:5A:EA:0B:DE:BC:D9:5A:8D:08:7F:B4:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WXSmhC28zUla6gvevNlajQh_tDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:af:3c:8a:a5:6b:41:a8:6f:c3:8c:89:3f:0e:5f:ce:7b:cc:
         cf:3c:24:60:f9:ed:72:b7:e5:1e:24:71:5c:9b:3f:5e:6b:55:
         a7:ac:24:4a:0a:1f:56:fe:ab:12:8a:27:f1:97:df:45:95:7b:
         6a:4e:ca:5d:ef:f3:0a:ec:40:c2:e8:2d:2d:cf:ed:99:7b:bb:
         44:07:b9:aa:e6:b8:2b:d1:3d:45:5e:58:c4:58:84:01:1f:5c:
         d9:27:f0:4c:4f:60:74:ca:19:76:d5:92:18:dd:58:4c:32:5c:
         d2:96:de:fb:99:f4:08:ff:68:bf:4c:24:56:cf:e0:f0:62:b8:
         b7:f4:2f:8c:69:7b:12:98:f3:af:cd:7c:3c:c8:ac:e9:c8:2d:
         dc:a9:7f:16:11:f2:cf:7e:62:a7:25:6e:07:d7:73:92:b1:23:
         4e:a6:f5:36:ee:cc:88:16:64:18:20:ae:d1:5c:38:3e:86:69:
         0d:04:98:46:15:ca:9e:4e:72:3a:17:0d:96:06:8a:11:b2:bd:
         6a:f9:0e:6d:e6:3f:aa:da:13:03:c0:19:11:1e:d2:fc:b9:cd:
         6f:58:bc:7b:f9:f1:49:34:91:66:16:6a:6c:3f:4e:cc:03:47:
         dd:ec:28:31:68:f3:79:4e:0b:d8:50:50:4b:9a:d0:09:90:03:
         da:1c:49:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYqAPxcs2Fnp8S+eg71fniBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwOTEwMTc1ODUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTc0YTY4NDJkYmNjZDQ5NWFlYTBiZGViY2Q5NWE4ZDA4N2ZiNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKeNC5buQZskWSJf3eHqxDi4av0H
Jwk+R7ycsMqoxgDsdAboDI0SIYmjFQzT+eja8e0nR5M9+D50Arbc0fUUnRFWQ4Vo
MzQUPtF8NCfmsfRqYaratoaqahOrCxM6PAv3vo1dTJBJixy3yqmPBFI9FArPY2I0
IvSMZwRsUS2ssJvHoHQg+q+VGKulr/ndcfoXAZxNHzM+RwObWP0Wcpu2gZoNA7gI
12zPOJhtt5DoV1TDYMeH97m3XZxLLLx2z4fhgjKxTfFErlbYQfaM9fJOILu2Yk1z
imzYglpCXteTGjtIvfmbzRNwCNDqJHSTrxvW26YEP3QdNbaDrEwyMubQiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFl0poQtvM1JWuoL3rzZWo0If7Q6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV1hTbWhDMjh6VWxhNmd2ZXZObGFqUWhfdERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAABg
MA0GCSqGSIb3DQEBCwUAA4IBAQBXrzyKpWtBqG/DjIk/Dl/Oe8zPPCRg+e1yt+Ue
JHFcmz9ea1WnrCRKCh9W/qsSiifxl99FlXtqTspd7/MK7EDC6C0tz+2Ze7tEB7mq
5rgr0T1FXljEWIQBH1zZJ/BMT2B0yhl21ZIY3VhMMlzSlt77mfQI/2i/TCRWz+Dw
Yri39C+MaXsSmPOvzXw8yKzpyC3cqX8WEfLPfmKnJW4H13OSsSNOpvU27syIFmQY
IK7RXDg+hmkNBJhGFcqeTnI6Fw2WBooRsr1q+Q5t5j+q2hMDwBkRHtL8uc1vWLx7
+fFJNJFmFmpsP07MA0fd7CgxaPN5TgvYUFBLmtAJkAPaHEmy
-----END CERTIFICATE-----