Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zr-oG8B3NurzGmJkatrvm20Iw9s.roa
File:                     Zr-oG8B3NurzGmJkatrvm20Iw9s.roa (raw, json)
Hash identifier:          89ZZPqYnEg3ezj8oEl7d/+2/+jLsPOOTt+pJ5k8AmGk=
Subject key identifier:   66:BF:A8:1B:C0:77:36:EA:F3:1A:62:64:6A:DA:EF:9B:6D:08:C3:DB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018BFE98644DDF31B20016A1DCD681DB9C54
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zr-oG8B3NurzGmJkatrvm20Iw9s.roa
Signing time:             Thu 23 Nov 2023 23:51:21 +0000
ROA not before:           Thu 23 Nov 2023 23:51:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209391
IP address blocks:        2a0e:b107:1c90::/48 maxlen: 48
                          2a0e:b107:1c95::/48 maxlen: 48
                          2a0e:b107:1c9a::/48 maxlen: 48
                          2a0e:b107:1c9f::/48 maxlen: 48
                          2a0e:b107:1c94::/48 maxlen: 48
                          2a0e:b107:1c99::/48 maxlen: 48
                          2a0e:b107:1c9e::/48 maxlen: 48
                          2a0e:b107:1c93::/48 maxlen: 48
                          2a0e:b107:1c98::/48 maxlen: 48
                          2a0e:b107:1c9d::/48 maxlen: 48
                          2a0e:b107:1c92::/48 maxlen: 48
                          2a0e:b107:1c97::/48 maxlen: 48
                          2a0e:b107:1c9c::/48 maxlen: 48
                          2a0e:b107:1c91::/48 maxlen: 48
                          2a0e:b107:1c96::/48 maxlen: 48
                          2a0e:b107:1c9b::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fe:98:64:4d:df:31:b2:00:16:a1:dc:d6:81:db:9c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 23 23:51:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=66bfa81bc07736eaf31a62646adaef9b6d08c3db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:40:17:d1:97:93:e5:72:16:13:e8:87:69:5f:
                    5d:6c:a3:29:a4:02:92:e5:87:2c:c8:31:c3:34:26:
                    ee:b7:a9:a9:eb:9b:e1:56:eb:f8:eb:5d:37:7c:a1:
                    33:bb:6f:f4:82:ef:b5:ef:b1:f4:7c:bf:cf:6c:8e:
                    68:6f:68:3d:1e:a2:32:0f:4a:2b:11:c3:29:3c:ef:
                    96:5e:70:5e:06:e8:3b:a8:f0:2f:f6:34:1b:07:7c:
                    9a:aa:13:0f:c0:3a:ba:50:41:57:3e:b4:06:f5:6c:
                    c6:7f:91:b1:88:2f:b2:8e:3c:64:a3:d5:03:bf:70:
                    24:54:f4:68:01:07:52:17:66:31:05:6e:a9:21:fd:
                    1d:e8:90:3b:7d:24:57:9a:bd:d6:08:9e:2c:fd:4c:
                    8f:e8:fa:f0:19:c9:fb:6c:c1:61:06:d6:72:94:67:
                    0e:aa:1c:9b:13:28:1e:62:cf:85:84:77:80:91:af:
                    3b:28:6b:9c:14:11:b2:c5:48:b9:84:2a:f4:d2:7e:
                    ae:7a:83:20:80:0d:31:62:fc:0c:ae:e3:91:3f:8c:
                    36:39:54:4a:34:22:7c:65:21:a9:46:91:38:4a:71:
                    23:26:04:f8:3c:b3:87:5d:96:c3:13:9d:bc:17:49:
                    79:30:74:5b:d5:38:dc:cb:af:ed:3b:60:cb:6f:e6:
                    37:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BF:A8:1B:C0:77:36:EA:F3:1A:62:64:6A:DA:EF:9B:6D:08:C3:DB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zr-oG8B3NurzGmJkatrvm20Iw9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:7d:5a:86:64:f2:f7:6d:34:ee:f6:7b:6d:bd:1b:7b:17:2d:
         6b:05:8d:bc:33:6f:fe:54:22:16:89:cf:7b:5d:52:0b:af:fe:
         2a:6e:69:ef:72:5d:0f:86:7c:9b:83:5b:16:a1:62:c4:51:c6:
         64:53:d4:2e:c4:27:e4:f6:79:87:fb:63:62:13:75:19:6b:4f:
         7a:b5:75:86:c5:ac:6d:34:89:eb:a4:15:18:30:17:ba:06:21:
         e0:f4:43:eb:bf:9c:d3:fa:ea:44:21:ce:12:c6:03:6b:99:33:
         82:ff:27:b0:9d:c4:09:e7:12:47:5b:64:8d:8a:e5:e9:41:ca:
         04:f2:89:1b:63:cf:7e:a9:4a:3d:59:f8:86:15:56:6d:59:f9:
         b4:78:f7:00:17:09:56:2b:0e:64:1a:20:6a:ad:61:d2:42:89:
         d5:de:56:25:9e:a3:d7:f7:35:ac:0c:9c:9e:aa:bb:80:d9:b8:
         93:cc:cb:40:44:a4:d2:65:bd:43:07:34:e5:b0:b6:c5:90:6d:
         ef:40:78:81:72:b1:4f:60:3a:a4:79:c8:6f:98:30:b8:5f:47:
         61:ed:ac:34:5c:9a:9b:9b:c4:37:42:ea:17:45:b2:d9:9a:35:
         b1:e7:41:29:a0:8a:ed:12:9c:f9:f5:2d:63:58:d1:41:0f:1f:
         58:7a:18:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYv+mGRN3zGyABah3NaB25xUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMxMTIzMjM1MTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJmYTgxYmMwNzczNmVhZjMxYTYyNjQ2YWRhZWY5YjZkMDhjM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUAX0ZeT5XIWE+iHaV9dbKMppAKS
5YcsyDHDNCbut6mp65vhVuv46103fKEzu2/0gu+177H0fL/PbI5ob2g9HqIyD0or
EcMpPO+WXnBeBug7qPAv9jQbB3yaqhMPwDq6UEFXPrQG9WzGf5GxiC+yjjxko9UD
v3AkVPRoAQdSF2YxBW6pIf0d6JA7fSRXmr3WCJ4s/UyP6PrwGcn7bMFhBtZylGcO
qhybEygeYs+FhHeAka87KGucFBGyxUi5hCr00n6ueoMggA0xYvwMruORP4w2OVRK
NCJ8ZSGpRpE4SnEjJgT4PLOHXZbDE528F0l5MHRb1Tjcy6/tO2DLb+Y3qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGa/qBvAdzbq8xpiZGra75ttCMPbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWnItb0c4QjNOdXJ6R21Ka2F0cnZtMjBJdzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxyQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBNfVqGZPL3bTTu9nttvRt7Fy1rBY28M2/+VCIW
ic97XVILr/4qbmnvcl0Phnybg1sWoWLEUcZkU9QuxCfk9nmH+2NiE3UZa096tXWG
xaxtNInrpBUYMBe6BiHg9EPrv5zT+upEIc4SxgNrmTOC/yewncQJ5xJHW2SNiuXp
QcoE8okbY89+qUo9WfiGFVZtWfm0ePcAFwlWKw5kGiBqrWHSQonV3lYlnqPX9zWs
DJyeqruA2biTzMtARKTSZb1DBzTlsLbFkG3vQHiBcrFPYDqkechvmDC4X0dh7aw0
XJqbm8Q3QuoXRbLZmjWx50EpoIrtEpz59S1jWNFBDx9YehgI
-----END CERTIFICATE-----