Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gnXJv4pnFjhoT7SaT_ktmsDAVNw.roa
File:                     gnXJv4pnFjhoT7SaT_ktmsDAVNw.roa (raw, json)
Hash identifier:          d5lsaBWwVxdbyZj9jz0f4keZb1H8ShDaYsg2uhoQ3gA=
Subject key identifier:   82:75:C9:BF:8A:67:16:38:68:4F:B4:9A:4F:F9:2D:9A:C0:C0:54:DC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7C74EE0F5375698CCA600D30D25A1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gnXJv4pnFjhoT7SaT_ktmsDAVNw.roa
Signing time:             Mon 02 Jan 2023 05:15:16 +0000
ROA not before:           Mon 02 Jan 2023 05:15:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205977
IP address blocks:        2a0e:b107:760::/48 maxlen: 48
                          2a0e:b107:765::/48 maxlen: 48
                          2a0e:b107:76a::/48 maxlen: 48
                          2a10:2f00:120::/48 maxlen: 48
                          2a0e:b107:764::/48 maxlen: 48
                          2a0e:b107:769::/48 maxlen: 48
                          2a0e:b107:76e::/48 maxlen: 48
                          2a0e:b107:763::/48 maxlen: 48
                          2a0e:b107:768::/48 maxlen: 48
                          2a0e:b107:76d::/48 maxlen: 48
                          2a0e:b107:760::/44 maxlen: 48
                          2a0e:b107:762::/48 maxlen: 48
                          2a0e:b107:767::/48 maxlen: 48
                          2a0e:b107:76c::/48 maxlen: 48
                          2a0e:b107:761::/48 maxlen: 48
                          2a0e:b107:766::/48 maxlen: 48
                          2a0e:b107:76b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 10:50:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:c7:4e:e0:f5:37:56:98:cc:a6:00:d3:0d:25:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8275c9bf8a671638684fb49a4ff92d9ac0c054dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cb:25:6f:05:b9:52:e6:97:b5:52:da:f9:db:
                    ba:57:1d:2c:ad:cc:a3:2f:45:6a:95:00:eb:f9:c6:
                    26:89:dd:3d:7b:27:47:c2:ad:02:8b:51:e3:c4:09:
                    6a:a1:60:95:2a:a7:c8:f0:5f:11:cb:03:f2:6c:94:
                    17:f8:57:05:3f:6f:f3:59:c5:f3:34:b3:29:4f:32:
                    57:d5:2c:82:d8:9d:31:a8:bb:04:ab:be:0a:49:4c:
                    8f:6b:ce:7d:80:0b:4e:95:90:cc:ed:4d:e4:08:22:
                    ba:63:f5:59:69:82:0a:1b:04:a3:8c:6c:2b:74:a1:
                    23:8e:52:36:42:0b:f2:90:8c:e5:c6:b0:ab:16:59:
                    ef:3c:6f:31:37:3f:8e:f0:e4:9b:13:a7:df:35:50:
                    d6:48:59:a8:fb:36:f6:a5:5a:8c:26:04:d1:a8:17:
                    09:57:95:3f:55:b9:66:b5:da:84:f9:fa:1d:1f:71:
                    a4:97:97:f0:20:24:3d:cf:cd:fc:bb:d7:1e:86:fc:
                    a0:62:2e:dd:e7:ea:4c:53:6c:b2:2c:c6:5c:80:23:
                    ef:a6:1a:43:c2:aa:0a:9c:55:a9:94:c8:f7:46:51:
                    1d:ee:d6:9f:81:e6:23:e5:3d:54:d0:bf:eb:0c:33:
                    b5:d5:86:b0:a2:7d:9f:6a:81:fd:a5:44:86:ff:f5:
                    91:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:75:C9:BF:8A:67:16:38:68:4F:B4:9A:4F:F9:2D:9A:C0:C0:54:DC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gnXJv4pnFjhoT7SaT_ktmsDAVNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:760::/44
                  2a10:2f00:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:63:f7:57:2a:6d:56:36:9c:bc:d5:58:9d:2e:b0:1e:47:ae:
         5a:ec:aa:5c:77:25:a6:eb:0b:c4:b5:f5:48:3b:19:38:78:a6:
         2f:0b:81:01:63:95:79:77:a9:d2:fb:fc:13:94:25:f6:87:52:
         40:cf:d0:ff:a8:03:cb:e4:87:10:58:88:fd:3b:ae:2e:96:19:
         84:f9:d6:7b:08:51:de:b5:3c:97:c7:b9:48:62:9a:69:73:c0:
         66:9e:3d:81:86:54:16:1e:17:04:48:ba:aa:bd:9b:0a:f9:10:
         a6:b5:ad:90:17:67:dc:ee:4f:7c:ae:de:cd:34:dc:fd:65:62:
         3e:14:d0:0d:cb:a6:10:35:51:02:fb:10:91:45:f5:f0:16:dd:
         d2:f4:6a:ea:dd:29:13:29:c0:4a:f4:7a:3e:9e:e8:f1:85:c1:
         4b:76:4a:70:12:6a:48:27:54:54:a5:98:02:5d:81:2a:94:6b:
         5f:2f:b6:69:4b:51:22:5b:32:b0:7a:16:cb:c9:55:14:2f:ea:
         0c:4c:00:ff:11:fd:45:c9:bf:a3:b5:7c:5e:67:78:d5:00:c7:
         03:f2:45:be:d9:0a:04:a9:6a:ce:3e:22:d1:e8:1e:44:33:55:
         c1:a4:30:20:cb:ce:ec:7d:81:67:c2:39:0f:86:80:f5:0c:73:
         0c:5a:f1:0a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVw58dO4PU3VpjMpgDTDSWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc1YzliZjhhNjcxNjM4Njg0ZmI0OWE0ZmY5MmQ5YWMwYzA1NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8slbwW5UuaXtVLa+du6Vx0srcyj
L0VqlQDr+cYmid09eydHwq0Ci1HjxAlqoWCVKqfI8F8RywPybJQX+FcFP2/zWcXz
NLMpTzJX1SyC2J0xqLsEq74KSUyPa859gAtOlZDM7U3kCCK6Y/VZaYIKGwSjjGwr
dKEjjlI2QgvykIzlxrCrFlnvPG8xNz+O8OSbE6ffNVDWSFmo+zb2pVqMJgTRqBcJ
V5U/VblmtdqE+fodH3Gkl5fwICQ9z838u9cehvygYi7d5+pMU2yyLMZcgCPvphpD
wqoKnFWplMj3RlEd7tafgeYj5T1U0L/rDDO11Yawon2faoH9pUSG//WR7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIJ1yb+KZxY4aE+0mk/5LZrAwFTcMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ25YSnY0cG5GamhvVDdTYVRfa3Rtc0RBVk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBwdg
AwcAKhAvAAEgMA0GCSqGSIb3DQEBCwUAA4IBAQCQY/dXKm1WNpy81VidLrAeR65a
7KpcdyWm6wvEtfVIOxk4eKYvC4EBY5V5d6nS+/wTlCX2h1JAz9D/qAPL5IcQWIj9
O64ulhmE+dZ7CFHetTyXx7lIYpppc8Bmnj2BhlQWHhcESLqqvZsK+RCmta2QF2fc
7k98rt7NNNz9ZWI+FNANy6YQNVEC+xCRRfXwFt3S9Grq3SkTKcBK9Ho+nujxhcFL
dkpwEmpIJ1RUpZgCXYEqlGtfL7ZpS1EiWzKwehbLyVUUL+oMTAD/Ef1Fyb+jtXxe
Z3jVAMcD8kW+2QoEqWrOPiLR6B5EM1XBpDAgy87sfYFnwjkPhoD1DHMMWvEK
-----END CERTIFICATE-----