Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oYQF2lprBV7OnjcJW4aFkn5Wf84.roa
File:                     oYQF2lprBV7OnjcJW4aFkn5Wf84.roa (raw, json)
Hash identifier:          U1xSA6PapiOtH1FSAytXjWwchDzJAWwG7QoSoWd05m0=
Subject key identifier:   A1:84:05:DA:5A:6B:05:5E:CE:9E:37:09:5B:86:85:92:7E:56:7F:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018678D3E46B455AF6D2B7A2DEC0056BFE79
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oYQF2lprBV7OnjcJW4aFkn5Wf84.roa
Signing time:             Wed 22 Feb 2023 11:13:17 +0000
ROA not before:           Wed 22 Feb 2023 11:13:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200160
IP address blocks:        2a0e:b107:640::/44 maxlen: 48
                          2a0e:b107:660::/44 maxlen: 48
                          2a0e:b107:1d60::/44 maxlen: 48
                          2a0e:b107:600::/44 maxlen: 48
                          2a0e:b107:1e00::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:6c0::/44 maxlen: 48
                          2a0e:b107:800::/44 maxlen: 48
                          2a0e:b107:5f0::/44 maxlen: 48
                          2a0e:b107:670::/44 maxlen: 48
                          2a0e:b107:bb0::/44 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:78:d3:e4:6b:45:5a:f6:d2:b7:a2:de:c0:05:6b:fe:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 22 11:13:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a18405da5a6b055ece9e37095b8685927e567fce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f9:cd:88:59:f8:a4:cc:ab:9f:2b:29:18:24:
                    df:af:83:ab:e8:26:13:e7:6f:98:1a:f0:5b:8e:45:
                    09:ce:c6:0c:b1:37:3d:4c:b0:0e:c3:a2:31:aa:14:
                    5c:45:c9:4e:99:e5:f0:1e:e6:4e:81:f8:a4:41:9d:
                    89:f2:fd:0b:1a:54:7b:1b:c6:44:29:5f:44:dc:32:
                    4f:cc:33:9d:4e:84:70:30:3d:e0:be:19:70:ec:1f:
                    a3:9a:1f:13:fe:19:6f:dc:31:c4:fe:c3:0b:fd:01:
                    e6:bc:50:0f:26:4b:dc:90:7c:e5:89:82:4c:d5:cf:
                    2e:aa:f9:62:9a:07:71:8b:6b:8d:9a:e1:63:b7:67:
                    2f:e6:fc:64:b8:9e:c4:7d:06:7a:98:f4:d9:23:d0:
                    c7:c0:3e:48:da:5e:30:bd:5c:33:34:b9:76:3e:83:
                    23:c5:04:7f:2e:01:52:f6:07:d2:7b:81:37:03:8e:
                    d3:ff:5e:66:31:56:78:cb:0a:b8:50:31:d2:0c:11:
                    68:4e:e8:58:ca:dc:11:f1:bb:16:c3:66:83:75:a1:
                    f2:3e:3d:fc:8a:e9:ab:b2:d8:64:67:35:9d:e5:27:
                    af:d4:4b:99:6a:64:cb:6e:5c:d0:b8:cb:af:97:2a:
                    94:e5:94:ef:01:06:98:14:68:cc:13:09:19:3c:44:
                    e6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:84:05:DA:5A:6B:05:5E:CE:9E:37:09:5B:86:85:92:7E:56:7F:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oYQF2lprBV7OnjcJW4aFkn5Wf84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5e0::-2a0e:b107:60f:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:640::/44
                  2a0e:b107:660::/43
                  2a0e:b107:6c0::/44
                  2a0e:b107:800::/44
                  2a0e:b107:900::/44
                  2a0e:b107:bb0::/44
                  2a0e:b107:1d60::/44
                  2a0e:b107:1e00::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:6b:2b:37:63:67:aa:a3:ee:c7:35:0a:d1:f4:51:59:ac:26:
         86:1b:e2:b4:00:75:47:b4:8c:2a:73:77:b2:f8:16:26:e6:2e:
         58:f2:ad:f4:f3:fa:96:2d:90:d3:51:9b:99:db:b5:5f:6e:0a:
         17:d5:2b:43:af:71:e7:82:29:3c:8e:30:f7:0f:bc:b7:92:b8:
         68:3e:c0:53:27:e9:b7:86:cf:46:36:4d:24:7f:0e:8b:45:a1:
         0d:b2:ca:eb:d5:80:b2:6e:bd:56:a8:1c:6d:1e:86:6c:ab:80:
         f0:dd:fc:3f:c1:16:be:c9:00:8a:86:e7:78:b8:83:b9:24:8e:
         82:9b:bb:28:36:4d:f6:84:2d:e9:1f:28:2f:52:a2:23:cb:70:
         a3:8f:4c:17:07:82:fb:a0:2e:7d:3f:34:28:18:23:d6:77:8d:
         41:66:fa:d6:03:12:aa:aa:87:b1:2e:44:73:37:53:d6:85:61:
         50:cf:01:f6:37:88:04:0d:29:65:62:7a:21:76:46:1a:5a:b7:
         b8:f4:3e:d2:c5:bf:ae:2d:fb:de:b2:76:53:ba:fd:46:c5:3f:
         21:2b:21:06:28:4a:54:5f:53:1d:61:15:e2:be:ec:21:7d:53:
         69:1f:fe:14:9f:9d:e0:26:86:4b:a1:3b:6a:5b:cc:34:d3:42:
         d4:69:6b:d2
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYZ40+RrRVr20rei3sAFa/55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMjIyMTExMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg0MDVkYTVhNmIwNTVlY2U5ZTM3MDk1Yjg2ODU5MjdlNTY3ZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfnNiFn4pMyrnyspGCTfr4Or6CYT
52+YGvBbjkUJzsYMsTc9TLAOw6IxqhRcRclOmeXwHuZOgfikQZ2J8v0LGlR7G8ZE
KV9E3DJPzDOdToRwMD3gvhlw7B+jmh8T/hlv3DHE/sML/QHmvFAPJkvckHzliYJM
1c8uqvlimgdxi2uNmuFjt2cv5vxkuJ7EfQZ6mPTZI9DHwD5I2l4wvVwzNLl2PoMj
xQR/LgFS9gfSe4E3A47T/15mMVZ4ywq4UDHSDBFoTuhYytwR8bsWw2aDdaHyPj38
iumrsthkZzWd5Sev1EuZamTLblzQuMuvlyqU5ZTvAQaYFGjMEwkZPETmVwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFKGEBdpaawVezp43CVuGhZJ+Vn/OMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb1lRRjJscHJCVjdPbmpjSlc0YUZrbjVXZjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAAjBcMBIDBwUqDrEH
BeADBwQqDrEHBgADBwQqDrEHBkADBwUqDrEHBmADBwQqDrEHBsADBwQqDrEHCAAD
BwQqDrEHCQADBwQqDrEHC7ADBwQqDrEHHWADBwQqDrEHHgAwDQYJKoZIhvcNAQEL
BQADggEBACprKzdjZ6qj7sc1CtH0UVmsJoYb4rQAdUe0jCpzd7L4FibmLljyrfTz
+pYtkNNRm5nbtV9uChfVK0OvceeCKTyOMPcPvLeSuGg+wFMn6beGz0Y2TSR/DotF
oQ2yyuvVgLJuvVaoHG0ehmyrgPDd/D/BFr7JAIqG53i4g7kkjoKbuyg2TfaELekf
KC9SoiPLcKOPTBcHgvugLn0/NCgYI9Z3jUFm+tYDEqqqh7EuRHM3U9aFYVDPAfY3
iAQNKWVieiF2Rhpat7j0PtLFv64t+96ydlO6/UbFPyErIQYoSlRfUx1hFeK+7CF9
U2kf/hSfneAmhkuhO2pbzDTTQtRpa9I=
-----END CERTIFICATE-----