Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oQkWOTT9JG_ITgRG61aKvcEI8fc.roa
File:                     oQkWOTT9JG_ITgRG61aKvcEI8fc.roa (raw, json)
Hash identifier:          Ia+f59Cvn8lN0mM8C3eq0aat1GANqmHiXl81Pk2S7Xw=
Subject key identifier:   A1:09:16:39:34:FD:24:6F:C8:4E:04:46:EB:56:8A:BD:C1:08:F1:F7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0185E48AF9E278D0BCC545BA114B09E78E29
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oQkWOTT9JG_ITgRG61aKvcEI8fc.roa
Signing time:             Tue 24 Jan 2023 16:09:51 +0000
ROA not before:           Tue 24 Jan 2023 16:09:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211722
IP address blocks:        2a0e:b107:12f0::/48 maxlen: 48
                          2a0e:b107:12f5::/48 maxlen: 48
                          2a0e:b107:12fa::/48 maxlen: 48
                          2a0e:b107:12f4::/48 maxlen: 48
                          2a0e:b107:12fe::/48 maxlen: 48
                          2a0e:b107:12f3::/48 maxlen: 48
                          2a0e:b107:12f8::/48 maxlen: 48
                          2a0e:b107:12fd::/48 maxlen: 48
                          2a0e:b107:12f2::/48 maxlen: 48
                          2a0e:b107:12f7::/48 maxlen: 48
                          2a0e:b107:12fc::/48 maxlen: 48
                          2a0e:b107:12f1::/48 maxlen: 48
                          2a0e:b107:12f6::/48 maxlen: 48
                          2a0e:b107:12fb::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e4:8a:f9:e2:78:d0:bc:c5:45:ba:11:4b:09:e7:8e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 24 16:09:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a109163934fd246fc84e0446eb568abdc108f1f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a6:00:bc:9a:03:30:07:dd:31:af:41:43:71:
                    5c:39:6f:e5:0e:69:86:d3:04:5a:8c:7c:9a:ae:6a:
                    5d:60:89:04:a4:e6:47:dc:30:fe:2c:7d:cb:59:23:
                    f1:34:4e:25:0c:0f:6f:7b:dc:c9:60:e5:5f:3d:3a:
                    ac:09:6f:c7:60:25:dd:24:e6:3d:19:5c:7b:25:45:
                    e3:4b:e2:22:51:35:a4:93:3c:f3:da:b4:4e:77:47:
                    42:a5:8a:01:c6:4a:90:52:25:24:c8:25:94:9f:b8:
                    ad:e7:2c:2e:6e:86:31:31:c6:45:47:67:2f:b1:20:
                    6a:44:13:53:fd:bf:cc:bf:2b:57:f0:32:af:8b:ca:
                    ad:c2:4e:a4:ce:c1:bc:de:76:a2:13:d3:b8:75:94:
                    06:1e:e2:2b:8c:10:a2:44:3a:5e:03:63:48:9b:95:
                    fe:f6:12:cf:a9:b1:f5:18:c9:ff:c8:38:0b:db:b4:
                    eb:9d:55:b8:0e:0c:09:85:9c:16:5a:16:b0:9a:82:
                    26:98:e9:33:db:33:cf:c6:86:05:f2:4a:3b:5d:b6:
                    e3:97:e0:47:57:42:0d:b6:3c:cb:b6:2d:39:8b:81:
                    78:d0:ed:b5:47:33:8b:dc:50:36:96:67:34:c6:48:
                    0d:5c:75:a5:b4:e0:90:3e:bb:c7:22:ea:3f:d5:e0:
                    62:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:09:16:39:34:FD:24:6F:C8:4E:04:46:EB:56:8A:BD:C1:08:F1:F7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oQkWOTT9JG_ITgRG61aKvcEI8fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:12f0::-2a0e:b107:12f8:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:12fa::-2a0e:b107:12fe:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         79:d4:e8:24:08:8c:52:4d:c7:a6:4c:86:1e:58:2b:1a:12:33:
         cc:6d:db:eb:c3:bb:a6:8c:a2:c6:ad:7f:ea:7a:2e:f9:59:2f:
         db:a9:67:40:75:1c:00:d3:2d:e6:52:ab:1a:2b:dd:3f:11:a7:
         6e:6c:dd:55:5f:49:e6:d4:f6:45:90:ff:22:96:1a:ec:e1:77:
         c7:b4:c6:79:0c:7b:35:e9:b6:63:28:22:59:14:a5:68:8e:0a:
         8b:ad:55:6c:4e:fd:56:42:a4:92:4b:f9:fe:c4:5a:a2:fd:fe:
         58:e6:61:ac:3b:bc:42:d1:cc:b2:c2:04:ea:d2:ae:ad:3b:74:
         20:7c:92:15:1c:97:b7:6a:e1:73:bf:ea:b8:b4:61:c0:7f:da:
         d1:08:4e:d8:b8:a7:f3:d8:aa:01:8a:77:15:84:8f:b4:4b:df:
         7e:a3:48:92:96:7e:76:8a:d9:18:b7:4b:7d:19:14:ee:7d:e4:
         62:3d:df:24:93:fc:2c:40:cf:2b:5a:1e:6a:57:bc:15:74:f5:
         a8:cf:8a:ec:fa:29:40:24:bc:c6:b1:e6:28:55:c7:4a:50:37:
         41:c3:2a:b2:e0:82:e5:0c:80:d0:39:44:a3:80:b0:1a:22:3f:
         2f:eb:14:81:a0:0a:cf:12:b0:6e:e1:3f:86:4d:47:22:33:ab:
         02:55:af:6d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYXkivnieNC8xUW6EUsJ544pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTI0MTYwOTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA5MTYzOTM0ZmQyNDZmYzg0ZTA0NDZlYjU2OGFiZGMxMDhmMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqYAvJoDMAfdMa9BQ3FcOW/lDmmG
0wRajHyarmpdYIkEpOZH3DD+LH3LWSPxNE4lDA9ve9zJYOVfPTqsCW/HYCXdJOY9
GVx7JUXjS+IiUTWkkzzz2rROd0dCpYoBxkqQUiUkyCWUn7it5ywuboYxMcZFR2cv
sSBqRBNT/b/MvytX8DKvi8qtwk6kzsG83naiE9O4dZQGHuIrjBCiRDpeA2NIm5X+
9hLPqbH1GMn/yDgL27TrnVW4DgwJhZwWWhawmoImmOkz2zPPxoYF8ko7Xbbjl+BH
V0INtjzLti05i4F40O21RzOL3FA2lmc0xkgNXHWltOCQPrvHIuo/1eBimQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKEJFjk0/SRvyE4ERutWir3BCPH3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb1FrV09UVDlKR19JVGdSRzYxYUt2Y0VJOGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAAjAoMBIDBwQqDrEH
EvADBwAqDrEHEvgwEgMHASoOsQcS+gMHACoOsQcS/jANBgkqhkiG9w0BAQsFAAOC
AQEAedToJAiMUk3HpkyGHlgrGhIzzG3b68O7poyixq1/6nou+Vkv26lnQHUcANMt
5lKrGivdPxGnbmzdVV9J5tT2RZD/IpYa7OF3x7TGeQx7Nem2YygiWRSlaI4Ki61V
bE79VkKkkkv5/sRaov3+WOZhrDu8QtHMssIE6tKurTt0IHySFRyXt2rhc7/quLRh
wH/a0QhO2Lin89iqAYp3FYSPtEvffqNIkpZ+dorZGLdLfRkU7n3kYj3fJJP8LEDP
K1oeale8FXT1qM+K7PopQCS8xrHmKFXHSlA3QcMqsuCC5QyA0DlEo4CwGiI/L+sU
gaAKzxKwbuE/hk1HIjOrAlWvbQ==
-----END CERTIFICATE-----