Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qHy1NODbcd4WYvsh1DXgrSt24ds.roa
File:                     qHy1NODbcd4WYvsh1DXgrSt24ds.roa (raw, json)
Hash identifier:          9Yur6thjxpPoLvSi6xk1uFPkbp0L7niabZZmBcDRNzQ=
Subject key identifier:   A8:7C:B5:34:E0:DB:71:DE:16:62:FB:21:D4:35:E0:AD:2B:76:E1:DB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7B95AE0FCE6C37D9D253D439537E5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qHy1NODbcd4WYvsh1DXgrSt24ds.roa
Signing time:             Mon 02 Jan 2023 05:15:12 +0000
ROA not before:           Mon 02 Jan 2023 05:15:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204374
IP address blocks:        2a0e:b107:ba0::/48 maxlen: 48
                          2a0e:b107:ba5::/48 maxlen: 48
                          2a0e:b107:baa::/48 maxlen: 48
                          2a0e:b107:baf::/48 maxlen: 48
                          2a0e:b107:ba4::/48 maxlen: 48
                          2a0e:b107:ba9::/48 maxlen: 48
                          2a0e:b107:bae::/48 maxlen: 48
                          2a0e:b107:ba3::/48 maxlen: 48
                          2a0e:b107:ba8::/48 maxlen: 48
                          2a0e:b107:bad::/48 maxlen: 48
                          2a0e:b107:ba0::/44 maxlen: 48
                          2a0e:b107:ba2::/48 maxlen: 48
                          2a0e:b107:ba7::/48 maxlen: 48
                          2a0e:b107:bac::/48 maxlen: 48
                          2a0e:b107:ba1::/48 maxlen: 48
                          2a0e:b107:ba6::/48 maxlen: 48
                          2a0e:b107:bab::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:b9:5a:e0:fc:e6:c3:7d:9d:25:3d:43:95:37:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a87cb534e0db71de1662fb21d435e0ad2b76e1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:51:ce:99:a1:6d:6e:4f:b8:f8:3e:75:a6:45:
                    18:47:30:b0:44:b8:a8:bc:5d:4a:ef:06:86:a4:38:
                    24:6a:8d:65:a8:48:63:b8:90:eb:7b:1a:3c:1d:0e:
                    f4:0d:e3:5e:4b:d2:46:81:89:32:e1:2f:f9:d8:41:
                    79:dd:d0:9b:e0:63:fb:62:f3:1c:c8:9b:85:6c:e2:
                    d8:36:ed:af:cc:a7:75:8c:f6:e9:e4:f0:4e:13:17:
                    27:5c:57:c8:6b:ac:bb:77:35:17:95:89:e9:af:b0:
                    69:ec:8c:b2:ad:b8:82:6d:93:13:74:5a:26:e2:0a:
                    95:e9:10:e2:8c:77:12:c3:7f:7b:68:9a:40:23:7f:
                    a3:64:88:84:f9:87:91:a1:3c:a9:87:c3:9e:d2:bd:
                    d7:a1:01:bd:aa:64:ca:52:f0:4f:53:d6:4b:42:0e:
                    7a:93:47:d4:b0:c4:2b:47:5e:ed:33:c6:ae:77:39:
                    06:1d:cb:2d:d6:44:b8:dd:dd:d5:a0:69:a3:37:6e:
                    9b:75:34:34:59:26:52:98:5a:27:74:e7:0c:e0:b1:
                    19:89:62:1e:ef:fa:8c:18:f6:6a:cf:58:0d:c6:93:
                    2a:a4:f0:f8:82:71:c2:44:25:58:51:d5:2b:ea:28:
                    81:c6:4b:93:56:5c:df:41:dd:df:fd:fb:2e:4a:74:
                    f7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7C:B5:34:E0:DB:71:DE:16:62:FB:21:D4:35:E0:AD:2B:76:E1:DB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qHy1NODbcd4WYvsh1DXgrSt24ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:08:46:37:96:9d:32:b1:e9:34:42:3c:ea:7f:df:ea:e7:aa:
         df:2c:a0:23:5c:b0:76:40:df:c7:81:e6:4d:88:7d:d6:35:5a:
         86:be:dd:30:52:d3:86:e3:01:25:58:0f:8f:88:cc:7a:c1:23:
         fb:98:85:98:7e:03:62:76:6f:fb:55:28:55:5e:35:81:7f:dc:
         5c:e1:bf:8a:d6:2e:a0:48:64:d6:43:88:83:2d:f8:0f:3e:ac:
         a3:f8:eb:e4:35:b0:e8:d8:a4:c2:94:46:1f:3d:97:cf:f1:dc:
         d9:31:fa:9d:de:d3:d9:08:86:f9:99:2d:0c:11:dc:28:34:11:
         2f:43:e2:d3:2c:52:2c:c6:ed:86:d0:81:29:67:8b:f3:9f:d4:
         da:f3:1e:27:03:93:cf:ed:50:fe:3c:9f:33:e1:2a:31:59:5d:
         fe:b0:26:94:15:4d:5e:2e:8d:58:14:25:66:86:a7:ef:ff:c7:
         56:27:40:13:1a:31:7d:1d:02:31:26:ad:b3:f3:f6:e6:9b:d8:
         63:65:98:a1:16:38:5a:e2:0e:2b:ec:79:72:db:15:55:82:fe:
         79:de:c1:4e:5a:22:75:88:30:64:89:36:c6:85:6a:63:5c:96:
         b1:f1:78:d6:b5:d8:4e:94:2d:3d:15:ed:a9:06:d1:ad:35:7a:
         89:71:d5:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw57la4Pzmw32dJT1DlTflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdjYjUzNGUwZGI3MWRlMTY2MmZiMjFkNDM1ZTBhZDJiNzZlMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11HOmaFtbk+4+D51pkUYRzCwRLio
vF1K7waGpDgkao1lqEhjuJDrexo8HQ70DeNeS9JGgYky4S/52EF53dCb4GP7YvMc
yJuFbOLYNu2vzKd1jPbp5PBOExcnXFfIa6y7dzUXlYnpr7Bp7IyyrbiCbZMTdFom
4gqV6RDijHcSw397aJpAI3+jZIiE+YeRoTyph8Oe0r3XoQG9qmTKUvBPU9ZLQg56
k0fUsMQrR17tM8audzkGHcst1kS43d3VoGmjN26bdTQ0WSZSmFondOcM4LEZiWIe
7/qMGPZqz1gNxpMqpPD4gnHCRCVYUdUr6iiBxkuTVlzfQd3f/fsuSnT3RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKh8tTTg23HeFmL7IdQ14K0rduHbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcUh5MU5PRGJjZDRXWXZzaDFEWGdyU3QyNGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwug
MA0GCSqGSIb3DQEBCwUAA4IBAQAWCEY3lp0ysek0Qjzqf9/q56rfLKAjXLB2QN/H
geZNiH3WNVqGvt0wUtOG4wElWA+PiMx6wSP7mIWYfgNidm/7VShVXjWBf9xc4b+K
1i6gSGTWQ4iDLfgPPqyj+OvkNbDo2KTClEYfPZfP8dzZMfqd3tPZCIb5mS0MEdwo
NBEvQ+LTLFIsxu2G0IEpZ4vzn9Ta8x4nA5PP7VD+PJ8z4SoxWV3+sCaUFU1eLo1Y
FCVmhqfv/8dWJ0ATGjF9HQIxJq2z8/bmm9hjZZihFjha4g4r7Hly2xVVgv553sFO
WiJ1iDBkiTbGhWpjXJax8XjWtdhOlC09Fe2pBtGtNXqJcdVS
-----END CERTIFICATE-----