Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZSTp0yfSc0GrLHYkS7PNAkySX10.roa
File:                     ZSTp0yfSc0GrLHYkS7PNAkySX10.roa (raw, json)
Hash identifier:          gmGq1ycrZgyRapKMjCccByEFUHpzeZna1wxnIsXKrtI=
Subject key identifier:   65:24:E9:D3:27:D2:73:41:AB:2C:76:24:4B:B3:CD:02:4C:92:5F:5D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CAA3A0734E6C3B71FC216D0C7C79CEC41
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZSTp0yfSc0GrLHYkS7PNAkySX10.roa
Signing time:             Wed 27 Dec 2023 07:42:58 +0000
ROA not before:           Wed 27 Dec 2023 07:42:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:b107:360::/48 maxlen: 48
                          2a10:cc40:cc47::/48 maxlen: 48
                          2a0e:b107:365::/48 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48
                          2a0e:b107:362::/48 maxlen: 48
                          2a0e:b107:367::/48 maxlen: 48
                          2a0e:b107:364::/48 maxlen: 48
                          2a0e:b107:361::/48 maxlen: 48
                          2a0e:b107:363::/48 maxlen: 48
                          2a0e:97c0:aba::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:aa:3a:07:34:e6:c3:b7:1f:c2:16:d0:c7:c7:9c:ec:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec 27 07:42:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6524e9d327d27341ab2c76244bb3cd024c925f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:41:0f:dd:bd:23:d4:c2:85:28:32:88:45:a6:
                    46:54:38:9c:96:fe:d6:e5:d9:22:5b:54:f0:a7:b8:
                    ca:19:2c:fd:14:c9:b6:ef:da:46:25:51:2e:f6:60:
                    62:71:a6:8c:d8:7c:34:7e:f4:1e:2c:11:60:c5:23:
                    0f:88:13:a2:a1:81:bb:9a:4b:cb:9b:56:fb:c8:56:
                    ff:63:63:cd:3d:18:9b:2b:06:f6:2f:10:0e:88:10:
                    a6:cf:fa:57:24:37:96:dc:cf:e8:3a:93:b4:a7:ee:
                    17:41:fc:d3:95:ea:fb:0a:ba:68:dd:de:c9:db:96:
                    b9:a3:9a:e1:0f:fd:d7:64:6f:59:e8:54:ec:19:d7:
                    20:54:36:15:1b:28:59:93:60:31:90:af:a7:86:a0:
                    a7:bf:17:95:e7:da:62:85:18:26:53:e8:98:b4:9c:
                    e0:3e:0f:bb:e5:57:45:de:31:c7:ac:e1:f7:d5:50:
                    20:d7:3b:6c:9a:db:3b:b8:8d:16:a2:45:b8:bb:49:
                    14:46:93:7b:5c:c9:47:27:e8:ef:5c:0e:a2:d1:38:
                    d7:69:91:e1:39:fa:b0:9f:41:2c:62:fd:28:99:a2:
                    87:5a:bd:58:6b:8f:e6:ca:53:4a:a7:65:bc:a4:4e:
                    96:b3:7c:db:d8:79:35:83:1f:62:a2:06:1e:49:bb:
                    e8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:24:E9:D3:27:D2:73:41:AB:2C:76:24:4B:B3:CD:02:4C:92:5F:5D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZSTp0yfSc0GrLHYkS7PNAkySX10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aba::/48
                  2a0e:b107:360::-2a0e:b107:365:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:367::/48
                  2a0e:b107:f50::/44
                  2a10:cc40:cc47::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:46:d2:17:98:c0:a8:60:d9:8a:be:b3:0f:7a:a2:05:b5:07:
         06:53:8e:fb:0a:ad:c2:b3:17:56:0d:c1:2e:45:7a:d4:09:9f:
         a5:b9:e7:fe:ce:4c:52:a8:e2:aa:e9:bb:ee:33:93:3a:54:58:
         d6:a6:4d:74:57:4a:79:8d:cb:9c:99:ca:d2:af:de:37:ca:63:
         8a:95:44:25:0a:0b:75:63:d9:ad:4a:07:15:b8:28:7d:a2:05:
         d5:b8:c4:88:ed:fc:1e:99:4f:21:8a:86:94:ad:56:6e:b2:aa:
         01:be:ab:cf:9c:2f:cf:1a:13:13:e3:f2:f1:65:23:1e:79:59:
         b0:91:3e:b1:75:e2:a5:00:d2:7d:ef:ed:be:46:86:6f:03:18:
         8f:5f:ea:86:9a:d8:aa:6a:bc:5e:06:87:88:a1:1e:3f:83:8d:
         d3:31:a6:97:0a:0d:43:4a:72:45:3d:a0:ac:b5:dd:d9:56:a6:
         12:3b:00:1f:b5:a9:ca:df:ae:73:2e:26:2b:10:d4:09:ca:0d:
         d7:68:40:52:90:7e:09:46:a5:99:57:55:9e:77:bc:92:74:4f:
         02:8c:b1:52:c5:63:10:76:08:c3:49:a1:2a:53:93:2c:48:5c:
         39:97:35:60:03:b8:e0:c9:d4:db:75:da:90:8a:84:13:4b:e8:
         3c:bc:06:5b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYyqOgc05sO3H8IW0MfHnOxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMxMjI3MDc0MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI0ZTlkMzI3ZDI3MzQxYWIyYzc2MjQ0YmIzY2QwMjRjOTI1ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokEP3b0j1MKFKDKIRaZGVDiclv7W
5dkiW1Twp7jKGSz9FMm279pGJVEu9mBicaaM2Hw0fvQeLBFgxSMPiBOioYG7mkvL
m1b7yFb/Y2PNPRibKwb2LxAOiBCmz/pXJDeW3M/oOpO0p+4XQfzTler7Crpo3d7J
25a5o5rhD/3XZG9Z6FTsGdcgVDYVGyhZk2AxkK+nhqCnvxeV59pihRgmU+iYtJzg
Pg+75VdF3jHHrOH31VAg1ztsmts7uI0WokW4u0kURpN7XMlHJ+jvXA6i0TjXaZHh
Ofqwn0EsYv0omaKHWr1Ya4/mylNKp2W8pE6Ws3zb2Hk1gx9iogYeSbvoowIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGUk6dMn0nNBqyx2JEuzzQJMkl9dMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWlNUcDB5ZlNjMEdyTEhZa1M3UE5Ba3lTWDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwcAKg6XwAq6
MBIDBwUqDrEHA2ADBwEqDrEHA2QDBwAqDrEHA2cDBwQqDrEHD1ADBwAqEMxAzEcw
DQYJKoZIhvcNAQELBQADggEBAFJG0heYwKhg2Yq+sw96ogW1BwZTjvsKrcKzF1YN
wS5FetQJn6W55/7OTFKo4qrpu+4zkzpUWNamTXRXSnmNy5yZytKv3jfKY4qVRCUK
C3Vj2a1KBxW4KH2iBdW4xIjt/B6ZTyGKhpStVm6yqgG+q8+cL88aExPj8vFlIx55
WbCRPrF14qUA0n3v7b5Ghm8DGI9f6oaa2KpqvF4Gh4ihHj+DjdMxppcKDUNKckU9
oKy13dlWphI7AB+1qcrfrnMuJisQ1AnKDddoQFKQfglGpZlXVZ53vJJ0TwKMsVLF
YxB2CMNJoSpTkyxIXDmXNWADuODJ1Nt12pCKhBNL6Dy8Bls=
-----END CERTIFICATE-----