Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zm1f5uPHwYuukZ3STjaQGl6ZW40.roa
File:                     Zm1f5uPHwYuukZ3STjaQGl6ZW40.roa (raw, json)
Hash identifier:          ZLywomx6N6iu1qYrVaFn9u7GksW+SN7lyMrsJxTLZSs=
Subject key identifier:   66:6D:5F:E6:E3:C7:C1:8B:AE:91:9D:D2:4E:36:90:1A:5E:99:5B:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7B147953442B75F47FF7591950380
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zm1f5uPHwYuukZ3STjaQGl6ZW40.roa
Signing time:             Mon 02 Jan 2023 05:15:10 +0000
ROA not before:           Mon 02 Jan 2023 05:15:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203496
IP address blocks:        2a0e:97c0:bbd::/48 maxlen: 48
                          2a0e:97c0:bb0::/44 maxlen: 48
                          2a0e:97c0:bb8::/48 maxlen: 48
                          2a0e:97c0:bb3::/48 maxlen: 48
                          2a0e:97c0:bbe::/48 maxlen: 48
                          2a0e:97c0:bb1::/48 maxlen: 48
                          2a0e:97c0:bbc::/48 maxlen: 48
                          2a0e:97c0:bb7::/48 maxlen: 48
                          2a0e:97c0:bb2::/48 maxlen: 48
                          2a0e:97c0:bb5::/48 maxlen: 48
                          2a0e:97c0:bb0::/48 maxlen: 48
                          2a0e:97c0:bbb::/48 maxlen: 48
                          2a0e:97c0:bb6::/48 maxlen: 48
                          2a0e:97c0:bb9::/48 maxlen: 48
                          2a0e:97c0:bb4::/48 maxlen: 48
                          2a0e:97c0:bbf::/48 maxlen: 48
                          2a0e:97c0:bba::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:b1:47:95:34:42:b7:5f:47:ff:75:91:95:03:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=666d5fe6e3c7c18bae919dd24e36901a5e995b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:58:16:b8:07:41:3b:bc:3f:5b:79:f4:f6:af:
                    5d:cf:1d:d8:f0:b8:bf:0f:18:18:4b:4a:3b:3d:40:
                    49:f3:c8:db:77:42:e1:6c:1a:81:89:f5:69:9d:d1:
                    0d:10:99:ad:88:56:09:cf:95:44:40:cb:fd:1c:b9:
                    e0:f4:36:67:63:c2:5b:a3:78:5d:90:f1:29:91:e5:
                    43:9c:c6:fe:11:7e:e6:49:08:c9:62:38:a1:59:b6:
                    b7:df:96:1e:df:fe:a5:84:63:64:53:97:f2:43:da:
                    9e:05:43:38:e1:79:98:75:74:12:01:88:a4:01:c5:
                    d2:f1:1f:41:09:1e:27:ac:8c:fc:55:bb:ee:7d:88:
                    91:2c:18:51:b4:75:b9:cf:a6:11:63:b5:ab:ca:87:
                    8e:b2:6e:36:74:fe:40:89:e5:03:9a:44:92:fb:14:
                    03:0c:2b:1b:78:0b:65:de:f7:67:a1:a5:69:b1:53:
                    46:39:3c:7e:c3:1e:6e:50:54:29:3e:80:49:56:6e:
                    2f:53:3f:4c:7d:54:86:9e:52:a6:2d:1d:07:da:f1:
                    07:b9:2a:b3:39:02:55:45:55:38:c4:01:4f:20:e5:
                    18:0c:57:4a:c1:79:39:b7:ac:91:94:f8:81:48:4e:
                    39:09:29:25:78:3c:75:d9:a7:46:6c:36:35:37:63:
                    28:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6D:5F:E6:E3:C7:C1:8B:AE:91:9D:D2:4E:36:90:1A:5E:99:5B:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zm1f5uPHwYuukZ3STjaQGl6ZW40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:bb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:57:7a:ec:0d:97:0f:54:7f:e1:e7:47:42:06:97:57:fa:b7:
         f3:cf:ef:a4:a4:7d:cb:4f:95:54:d5:69:7b:d1:59:b6:39:66:
         76:16:b8:96:6b:31:e0:a9:ee:78:45:82:8b:02:3d:d7:1d:de:
         d6:58:ee:dd:46:8d:f5:bc:fe:3f:ed:6c:c9:69:03:d6:b6:a8:
         a1:ba:c1:e3:b2:a1:18:b5:b0:b2:35:19:f6:65:ed:1a:af:a2:
         8c:6c:c9:6b:f3:99:34:9f:d8:4f:0c:14:d6:8c:d6:bf:83:48:
         ca:81:09:7f:17:da:ab:9e:66:21:6a:c9:10:9d:b1:35:b9:65:
         71:e5:71:7d:bd:9b:20:56:15:2e:e8:55:8e:3e:d7:bd:78:06:
         cd:26:91:21:b4:01:85:da:38:be:a3:4e:1b:c3:6b:cc:dd:7e:
         b5:34:62:f1:92:18:12:ce:5c:06:ae:ec:51:d6:b6:a9:f3:94:
         a3:ad:26:d3:3d:ad:89:ec:f7:0d:55:dc:4c:8e:7f:7f:73:5a:
         74:e6:2b:38:a9:6d:3e:ac:e7:b1:c7:90:10:d3:05:8a:bb:ff:
         c8:70:08:4c:b1:7b:0d:08:4d:0f:27:0c:fd:42:d0:cf:dc:e4:
         09:48:1d:8a:7a:c4:d7:90:d3:d4:4a:dc:50:7d:7a:7d:97:06:
         15:37:b8:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw57FHlTRCt19H/3WRlQOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjZkNWZlNmUzYzdjMThiYWU5MTlkZDI0ZTM2OTAxYTVlOTk1YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplgWuAdBO7w/W3n09q9dzx3Y8Li/
DxgYS0o7PUBJ88jbd0LhbBqBifVpndENEJmtiFYJz5VEQMv9HLng9DZnY8Jbo3hd
kPEpkeVDnMb+EX7mSQjJYjihWba335Ye3/6lhGNkU5fyQ9qeBUM44XmYdXQSAYik
AcXS8R9BCR4nrIz8VbvufYiRLBhRtHW5z6YRY7WryoeOsm42dP5AieUDmkSS+xQD
DCsbeAtl3vdnoaVpsVNGOTx+wx5uUFQpPoBJVm4vUz9MfVSGnlKmLR0H2vEHuSqz
OQJVRVU4xAFPIOUYDFdKwXk5t6yRlPiBSE45CSkleDx12adGbDY1N2MoRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZtX+bjx8GLrpGd0k42kBpemVuNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWm0xZjV1UEh3WXV1a1ozU1RqYVFHbDZaVzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAuw
MA0GCSqGSIb3DQEBCwUAA4IBAQCLV3rsDZcPVH/h50dCBpdX+rfzz++kpH3LT5VU
1Wl70Vm2OWZ2FriWazHgqe54RYKLAj3XHd7WWO7dRo31vP4/7WzJaQPWtqihusHj
sqEYtbCyNRn2Ze0ar6KMbMlr85k0n9hPDBTWjNa/g0jKgQl/F9qrnmYhaskQnbE1
uWVx5XF9vZsgVhUu6FWOPte9eAbNJpEhtAGF2ji+o04bw2vM3X61NGLxkhgSzlwG
ruxR1rap85SjrSbTPa2J7PcNVdxMjn9/c1p05is4qW0+rOexx5AQ0wWKu//IcAhM
sXsNCE0PJwz9QtDP3OQJSB2KesTXkNPUStxQfXp9lwYVN7ia
-----END CERTIFICATE-----