Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XA_L0Hc0CkzNsu0LUCDfYjFSG3c.roa
File:                     XA_L0Hc0CkzNsu0LUCDfYjFSG3c.roa (raw, json)
Hash identifier:          gB3oUHY2fZ9gyU5LbVUP64g66Whrjf6R17H50qblWYs=
Subject key identifier:   5C:0F:CB:D0:77:34:0A:4C:CD:B2:ED:0B:50:20:DF:62:31:52:1B:77
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0188FBF7DAA97D49E2D0A5D57DA4B7435DE4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XA_L0Hc0CkzNsu0LUCDfYjFSG3c.roa
Signing time:             Tue 27 Jun 2023 08:28:24 +0000
ROA not before:           Tue 27 Jun 2023 08:28:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198016
IP address blocks:        2a0e:97c0:d0d::/48 maxlen: 48
                          2a0e:97c0:d08::/48 maxlen: 48
                          2a0e:97c0:d03::/48 maxlen: 48
                          2a0e:97c0:d0e::/48 maxlen: 48
                          2a0e:97c0:d01::/48 maxlen: 48
                          2a0e:97c0:d0c::/48 maxlen: 48
                          2a0e:97c0:d07::/48 maxlen: 48
                          2a0e:97c0:d02::/48 maxlen: 48
                          2a0e:97c0:d05::/48 maxlen: 48
                          2a0e:97c0:d00::/48 maxlen: 48
                          2a0e:97c0:d0b::/48 maxlen: 48
                          2a0e:97c0:d06::/48 maxlen: 48
                          2a0e:97c0:d09::/48 maxlen: 48
                          2a0e:97c0:d04::/48 maxlen: 48
                          2a0e:97c0:d0f::/48 maxlen: 48
                          2a0e:97c0:d0a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 27 Jun 2023 09:41:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fb:f7:da:a9:7d:49:e2:d0:a5:d5:7d:a4:b7:43:5d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 27 08:28:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c0fcbd077340a4ccdb2ed0b5020df6231521b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5c:a4:b4:01:f6:9f:26:a2:a5:ba:13:7b:fd:
                    4f:04:87:00:39:c5:3d:fc:22:f8:b4:df:53:89:81:
                    3f:a4:41:29:d0:2e:c5:20:5d:af:a3:3f:64:a1:46:
                    90:17:81:01:57:d9:fa:f1:cf:75:fc:02:7f:f2:f9:
                    91:27:85:42:d0:e5:82:a0:ce:ea:26:3c:0a:6c:f5:
                    8f:b3:f1:7c:11:5f:5d:0c:71:64:86:49:a7:59:47:
                    fe:ba:f0:7e:da:bb:46:fe:11:b7:df:37:61:cb:4d:
                    d2:8a:7f:fc:10:4f:98:03:f2:3a:55:1f:9e:82:10:
                    11:a8:7a:30:db:55:3d:56:13:d0:00:63:07:a2:fe:
                    2b:36:57:7c:e8:39:e9:cd:32:0d:52:1a:ae:33:9e:
                    ba:f4:97:05:96:d7:94:a9:57:bc:8f:29:9f:56:83:
                    96:62:b7:22:10:08:24:fd:46:45:d2:ca:bb:f2:cd:
                    98:e6:4d:b4:7f:47:e4:6f:bc:cc:f0:c1:1b:3f:90:
                    ee:9d:86:da:76:28:b0:fc:b5:a1:b6:aa:8d:91:b3:
                    3a:7f:fd:5e:be:5b:d0:ff:2d:a5:60:77:06:e9:37:
                    32:1c:3f:a9:22:02:04:19:82:6b:d4:fa:01:2f:4c:
                    31:f2:64:18:b1:a4:0e:e4:d5:82:d3:53:42:4f:22:
                    bd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0F:CB:D0:77:34:0A:4C:CD:B2:ED:0B:50:20:DF:62:31:52:1B:77
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XA_L0Hc0CkzNsu0LUCDfYjFSG3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         0c:f0:93:a3:3e:3a:e3:ec:54:21:f9:fc:d7:67:bc:f3:d0:9f:
         9a:2b:39:9a:29:a5:07:8a:21:8d:30:df:c7:ee:69:a2:43:35:
         a8:f2:09:c0:7a:29:91:00:b5:63:aa:1b:73:cb:30:83:00:00:
         9f:fc:8d:ce:e8:02:29:ed:97:04:49:2a:2b:21:ac:cc:19:79:
         f1:33:0c:95:79:35:8b:8e:3c:43:3f:9b:23:28:b2:58:64:33:
         14:4d:eb:ee:c0:e8:e1:88:88:03:4a:13:ca:bf:61:9c:f0:e1:
         17:86:53:70:58:26:98:88:c6:0b:eb:c5:75:23:fe:35:df:91:
         f8:41:c8:f2:39:de:a8:68:ec:1b:6c:8c:57:89:be:21:d5:b2:
         e0:0e:7e:54:c8:97:82:46:60:79:a3:cb:5b:ab:4a:7a:69:4d:
         d5:3a:d1:f3:e0:aa:1a:7f:7a:8e:e0:57:0d:b4:c0:cb:e8:7a:
         8d:90:7f:7e:c1:6f:53:0e:5a:0b:5f:ff:c1:d3:da:5a:a0:09:
         2e:23:01:d6:95:cb:81:7a:c1:37:df:8f:f8:40:15:06:a3:d7:
         db:c5:81:75:cb:6b:d8:3b:12:d7:66:0a:68:19:e8:c7:92:61:
         84:61:cc:51:77:12:3e:b1:fb:03:e8:2d:3c:8e:ba:89:ff:a9:
         e7:dc:44:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYj799qpfUni0KXVfaS3Q13kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNjI3MDgyODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBmY2JkMDc3MzQwYTRjY2RiMmVkMGI1MDIwZGY2MjMxNTIxYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1yktAH2nyaipboTe/1PBIcAOcU9
/CL4tN9TiYE/pEEp0C7FIF2voz9koUaQF4EBV9n68c91/AJ/8vmRJ4VC0OWCoM7q
JjwKbPWPs/F8EV9dDHFkhkmnWUf+uvB+2rtG/hG33zdhy03Sin/8EE+YA/I6VR+e
ghARqHow21U9VhPQAGMHov4rNld86DnpzTINUhquM5669JcFlteUqVe8jymfVoOW
YrciEAgk/UZF0sq78s2Y5k20f0fkb7zM8MEbP5DunYbadiiw/LWhtqqNkbM6f/1e
vlvQ/y2lYHcG6TcyHD+pIgIEGYJr1PoBL0wx8mQYsaQO5NWC01NCTyK9ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFwPy9B3NApMzbLtC1Ag32IxUht3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWEFfTDBIYzBDa3pOc3UwTFVDRGZZakZTRzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAM8JOjPjrj7FQh+fzXZ7zz0J+aKzmaKaUHiiGN
MN/H7mmiQzWo8gnAeimRALVjqhtzyzCDAACf/I3O6AIp7ZcESSorIazMGXnxMwyV
eTWLjjxDP5sjKLJYZDMUTevuwOjhiIgDShPKv2Gc8OEXhlNwWCaYiMYL68V1I/41
35H4QcjyOd6oaOwbbIxXib4h1bLgDn5UyJeCRmB5o8tbq0p6aU3VOtHz4Koaf3qO
4FcNtMDL6HqNkH9+wW9TDloLX//B09paoAkuIwHWlcuBesE334/4QBUGo9fbxYF1
y2vYOxLXZgpoGejHkmGEYcxRdxI+sfsD6C08jrqJ/6nn3EQ1
-----END CERTIFICATE-----