Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aXzEa3s7H47j6F-UumELVcn1lGk.roa
File:                     aXzEa3s7H47j6F-UumELVcn1lGk.roa (raw, json)
Hash identifier:          zf+I0ppI0c/DhfM3Q+rP2tCqaLt/qmOGWiIrf4BJAcU=
Subject key identifier:   69:7C:C4:6B:7B:3B:1F:8E:E3:E8:5F:94:BA:61:0B:55:C9:F5:94:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E823B50B35D14A391C6E052F0A6B06
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aXzEa3s7H47j6F-UumELVcn1lGk.roa
Signing time:             Mon 02 Jan 2023 05:15:39 +0000
ROA not before:           Mon 02 Jan 2023 05:15:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213105
IP address blocks:        2a0e:b107:775::/48 maxlen: 48
                          2a0e:b107:77a::/48 maxlen: 48
                          2a0e:b107:774::/48 maxlen: 48
                          2a0e:b107:779::/48 maxlen: 48
                          2a0e:b107:77e::/48 maxlen: 48
                          2a0e:b107:773::/48 maxlen: 48
                          2a0e:b107:778::/48 maxlen: 48
                          2a0e:b107:77d::/48 maxlen: 48
                          2a0e:b107:a60::/44 maxlen: 48
                          2a0e:b107:10f0::/44 maxlen: 48
                          2a0e:b107:772::/48 maxlen: 48
                          2a0e:b107:777::/48 maxlen: 48
                          2a0e:b107:77c::/48 maxlen: 48
                          2a10:2f00:138::/48 maxlen: 48
                          2a0e:b107:771::/48 maxlen: 48
                          2a0e:b107:776::/48 maxlen: 48
                          2a0e:b107:77b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 10:50:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e8:23:b5:0b:35:d1:4a:39:1c:6e:05:2f:0a:6b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=697cc46b7b3b1f8ee3e85f94ba610b55c9f59469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1e:61:57:49:db:30:2f:4a:f6:b6:21:cc:6b:
                    5f:25:f5:67:43:e6:cc:86:44:0e:cb:b2:6b:99:dd:
                    28:57:63:e8:a6:30:ad:cd:da:32:46:78:e5:db:ae:
                    14:c0:eb:f4:0f:2e:28:20:53:3a:81:95:4f:8d:cf:
                    52:45:97:94:fd:3c:0d:4e:13:68:2d:fb:18:2e:1f:
                    b1:0e:cb:0b:19:d7:36:61:1c:14:80:69:d5:ff:ad:
                    8c:6e:8a:cc:89:2c:a0:84:b8:07:e3:36:89:57:dd:
                    32:2b:e3:a1:66:34:b4:da:13:04:42:d5:5e:4c:e0:
                    fe:63:71:66:e4:0c:bf:b7:48:57:43:b2:27:d8:a9:
                    cd:4e:a0:77:80:4c:1a:79:6f:66:72:c7:59:88:44:
                    d5:67:ff:7b:a3:8a:76:b4:1d:fe:5a:2a:95:0f:cc:
                    c9:ee:32:28:25:ef:b5:bc:41:10:b8:18:d5:19:a6:
                    f2:d5:5a:7b:33:55:e6:6a:f6:ba:b6:23:08:82:13:
                    cf:64:71:a6:61:97:2c:22:f8:36:2d:21:a4:55:57:
                    ec:62:f3:8a:a2:cc:18:d3:9f:92:6e:34:9c:b5:11:
                    f0:44:35:61:cf:77:9b:8b:43:48:fa:fe:cc:24:e1:
                    97:5c:94:fa:3f:df:f5:1f:6e:b5:37:4d:78:09:ec:
                    92:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:7C:C4:6B:7B:3B:1F:8E:E3:E8:5F:94:BA:61:0B:55:C9:F5:94:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aXzEa3s7H47j6F-UumELVcn1lGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:771::-2a0e:b107:77e:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:a60::/44
                  2a0e:b107:10f0::/44
                  2a10:2f00:138::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:94:56:86:1e:21:41:c9:f6:19:5c:45:0b:d4:b2:7a:fb:ff:
         a7:9b:03:a6:53:e1:b0:11:e8:a9:59:11:c6:4c:14:5a:cf:37:
         97:22:75:f0:6f:49:f1:32:f3:0b:f3:89:31:d4:1d:47:35:87:
         de:28:b7:d9:dc:a3:0c:14:68:0a:78:21:04:c0:bb:a0:32:a1:
         5d:f4:1a:bc:e5:d0:db:28:d3:e9:ca:09:3c:e5:d7:1d:76:36:
         db:03:a9:eb:1d:45:b3:98:b1:22:3c:6f:2f:ca:47:9b:fb:1c:
         3c:10:86:33:5e:d5:f8:59:d0:f7:10:3b:ac:ab:d7:23:22:89:
         17:d8:96:05:85:cb:87:1e:05:fb:88:d2:cb:ac:7d:89:f9:de:
         33:0f:48:bf:20:b1:f9:8a:e1:87:bd:d9:22:2b:f8:27:32:44:
         5f:2b:27:7a:e3:cc:fe:6a:ce:6a:6a:71:6c:71:3c:12:de:76:
         36:a9:74:0a:86:0b:3a:e0:6c:11:e8:02:be:3c:fd:2a:2b:6a:
         87:c3:44:18:54:c2:b9:65:95:43:06:c7:cb:31:d1:98:89:85:
         3e:06:26:da:66:be:d3:af:f1:ef:3f:97:26:33:23:a0:db:0a:
         57:f8:64:21:6b:ae:92:16:db:54:39:f2:8b:a4:89:63:39:06:
         ab:6d:6b:75
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVw6CO1CzXRSjkcbgUvCmsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTdjYzQ2YjdiM2IxZjhlZTNlODVmOTRiYTYxMGI1NWM5ZjU5NDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR5hV0nbMC9K9rYhzGtfJfVnQ+bM
hkQOy7Jrmd0oV2PopjCtzdoyRnjl264UwOv0Dy4oIFM6gZVPjc9SRZeU/TwNThNo
LfsYLh+xDssLGdc2YRwUgGnV/62MborMiSyghLgH4zaJV90yK+OhZjS02hMEQtVe
TOD+Y3Fm5Ay/t0hXQ7In2KnNTqB3gEwaeW9mcsdZiETVZ/97o4p2tB3+WiqVD8zJ
7jIoJe+1vEEQuBjVGaby1Vp7M1Xmava6tiMIghPPZHGmYZcsIvg2LSGkVVfsYvOK
oswY05+SbjSctRHwRDVhz3ebi0NI+v7MJOGXXJT6P9/1H261N014CeySZwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFGl8xGt7Ox+O4+hflLphC1XJ9ZRpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYVh6RWEzczdINDdqNkYtVXVtRUxWY24xbEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzA1BAIAAjAvMBIDBwAqDrEH
B3EDBwAqDrEHB34DBwQqDrEHCmADBwQqDrEHEPADBwAqEC8AATgwDQYJKoZIhvcN
AQELBQADggEBALmUVoYeIUHJ9hlcRQvUsnr7/6ebA6ZT4bAR6KlZEcZMFFrPN5ci
dfBvSfEy8wvziTHUHUc1h94ot9ncowwUaAp4IQTAu6AyoV30Grzl0Nso0+nKCTzl
1x12NtsDqesdRbOYsSI8by/KR5v7HDwQhjNe1fhZ0PcQO6yr1yMiiRfYlgWFy4ce
BfuI0susfYn53jMPSL8gsfmK4Ye92SIr+CcyRF8rJ3rjzP5qzmpqcWxxPBLedjap
dAqGCzrgbBHoAr48/SoraofDRBhUwrlllUMGx8sx0ZiJhT4GJtpmvtOv8e8/lyYz
I6DbClf4ZCFrrpIW21Q58oukiWM5Bqtta3U=
-----END CERTIFICATE-----